Skip to content

v0.2.0

Compare
Choose a tag to compare
@cpanato cpanato released this 22 Jul 13:12
· 2216 commits to main since this release
a547abe

What's Changed

  • Fixes numerous validating and defaulting. Improve tests by @vaikas in #93
  • Bump github.com/google/go-containerregistry from 0.10.0 to 0.11.0 by @dependabot in #95
  • Bump github.com/hashicorp/vault/sdk from 0.5.1 to 0.5.3 by @dependabot in #94
  • update go builder and cosign by @cpanato in #96
  • fix path in cloudbuild by @cpanato in #97
  • another fix :( in cloudbuild by @cpanato in #99

Enhancements

  • Refactor entire policy validation into ValidatePolicy.
  • Set reinvocationPolicy to 'IfNeeded' for the tag resolver webhook
  • Add policy-tester CLI for testing ClusterImagePolicies
  • (tester) Validate CIP before using it.
  • (tester) call SetDefaults on cip before conversion
  • remove v1.21 k8s which is deprecated and add v1.24
  • chore: do not fail to verify signed images if the secret-name flag is not set

Bug fixes

  • Fix issue #38. Do not block status updates.
  • Avoid test race condition.
  • Fix sigstore/cosign#1653
  • Allow for @ symbol on globs to support image refs with digest
  • Validate globs at admission time.
  • fix: add missing conversion to CRD
  • fix: solve vuln from our opa version
  • Fix issue #24
  • Bump some vulnerable dependencies; base on distroless/static

Others

  • Bump mikefarah/yq from 4.25.3 to 4.26.1
  • Bump actions/dependency-review-action from 2.0.2 to 2.0.4
  • Bump google.golang.org/grpc from 1.47.0 to 1.48.0
  • Bump github/codeql-action from 2.1.15 to 2.1.16
  • Bump actions/cache from 3.0.4 to 3.0.5
  • Bump actions/setup-go from 3.2.0 to 3.2.1
  • update knative to use v1.5.0 release
  • update scafolding to use release v0.3.0
  • Bump github.com/aws/aws-sdk-go-v2 from 1.16.6 to 1.16.7
  • Bump sigstore/cosign-installer from 2.4.0 to 2.4.1
  • Bump github.com/aws/aws-sdk-go-v2 from 1.16.5 to 1.16.6
  • increase timeout for golangci-lint
  • Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
  • Bump github/codeql-action from 2.1.14 to 2.1.15
  • Switch to direct returns
  • Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0
  • Bump ossf/scorecard-action from 1.1.1 to 1.1.2
  • chore: skip secret not found
  • Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
  • Bump mikefarah/yq from 4.25.2 to 4.25.3
  • Bump github/codeql-action from 2.1.13 to 2.1.14
  • Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0
  • Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
  • Bump github/codeql-action from 2.1.12 to 2.1.13
  • Bump actions/dependency-review-action from 2.0.1 to 2.0.2
  • Bump actions/dependency-review-action from 1.0.2 to 2.0.1
  • Update tests for OR behaviour wrt authorities.
  • remove unused struct from imports
  • Add policy to make sure signature and attestation is there.
  • Return authoritymatches before errors.
  • remove third_party stuff due to mismatch in go version.
  • Use fulcioroots from sigstore/sigstore
  • Even if some authority returns err, return any other matching authority results.
  • Use public fulcio/rekor to make sure things are not there.
  • hack/update-deps.sh

Contributors

  • Carlos Tadeu Panato Junior
  • Hector Fernandez
  • Jason Hall
  • Josh Dolitsky
  • Matt Moore
  • Ville Aikas
  • Vladimir Nachev
  • cpanato
  • dependabot[bot]
  • dlorenc
  • hectorj2f

Full Changelog: v0.1.0...v0.2.0

Images:

  • policy-controller: gcr.io/projectsigstore/policy-controller:v0.2.0 or ghcr.io/sigstore/policy-controller/policy-controller:v0.2.0
  • policy-webhook: gcr.io/projectsigstore/policy-webhook:v0.2.0 or ghcr.io/sigstore/policy-controller/policy-webhook:v0.2.0