v0.13.0

What's Changed

• Bump slsa-framework/slsa-github-generator to 1.2.2 by @jonjohnsonjr in #1489
• Features: Allow eliding serviceaccount lookups. by @mattmoor in #1490
• Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 by @dependabot in #1491
• add source archive checksum into the checksums.txt by @developer-guy in #1492
• Fix calculating tarball size when duplicated layers exist by @tydra-wang in #1495
• Add support for zstd compression by @LFrobeen in #1487
• docs: pull latest instead of debug by @AndrewCharlesHay in #1497
• Make credential warning slightly more accurate by @jonjohnsonjr in #1499
• Make unit tests substantially faster by @jonjohnsonjr in #1498
• Use the default retry predicate in transport by @jonjohnsonjr in #1502
• Revert "docs: pull latest instead of debug (#1497)" by @jonjohnsonjr in #1504
• Update Arch Linux install instructions by @kpcyrd in #1508
• Fix various lints by @jonjohnsonjr in #1507
• Fix missing doc comment by @jonjohnsonjr in #1509
• Treat empty registry config as anonymous by @lcarva in #1512
• Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 by @dependabot in #1511
• Bump actions/stale from 6 to 7 by @dependabot in #1519
• Race http fallback ping by @jonjohnsonjr in #1521
• FIX mutate.Time not respecting history by @miguelvalerio in #1520
• test: use T.TempDir to create temporary test directory by @Juneezee in #1522
• crane: add digest --full by @imjasonh in #1524
• Hack around DockerHub plugin scope handling by @jonjohnsonjr in #1527
• crane: support --full-ref for crane ls by @imjasonh in #1525
• Revert plugin scope hack by @jonjohnsonjr in #1531
• clarify crane download readme by @dtanner in #1533

New Contributors

• @LFrobeen made their first contribution in #1487
• @AndrewCharlesHay made their first contribution in #1497
• @kpcyrd made their first contribution in #1508
• @miguelvalerio made their first contribution in #1520
• @Juneezee made their first contribution in #1522
• @dtanner made their first contribution in #1533

Full Changelog: v0.12.1...v0.13.0

v0.12.1

Changelog

• 426de7d Bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#1475)
• 6442b02 Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (#1476)
• 76ae819 Fix context.DeadlineExceeded comparison (#1488)
• 1711cef Fix missing body.Close() in bearer auth (#1482)
• 02f47e1 bump version of slsa generator (#1468)
• 353a117 crane: add catalog argument use annotation (#1473)
• a0cca8a k8schain: Log and proceed if secret or SA are not found (#1472)

Container Images

https://gcr.io/go-containerregistry/crane:v0.12.1
https://gcr.io/go-containerregistry/gcrane:v0.12.1

For example:

docker pull gcr.io/go-containerregistry/crane:v0.12.1
docker pull gcr.io/go-containerregistry/gcrane:v0.12.1

v0.12.0

Changelog

• 9b4fdd5 Bump actions/setup-go from 2 to 3 (#1463)
• 7268da0 Bump actions/stale from 5 to 6 (#1452)
• 7196cf3 Bump aws-actions/configure-aws-credentials from 1.6.1 to 1.7.0 (#1424)
• 8eae069 Bump codecov/codecov-action from 3.1.0 to 3.1.1 (#1453)
• 969699e Bump deps using ./hack/bump-deps.sh (#1467)
• c1f9836 Bump opencontainers/image-spec (#1423)
• 49cdb8b Correct usage of authn.NewKeychainFromHelper in docs (#1419)
• 3ba4c51 Fix tar PAX format handling (#1414)
• 24a1c33 Ignore docker config if it's a directory (#1420)
• a0f6687 Make ErrBadName checkable via errors.Is() (#1462)
• 19e3eff Retry ECONNRESET errors (#1415)
• 5749ee6 Support the platform specific authentication of krane in "auth get" command (#1413)
• e3b94c7 allow remote.DefaultTransport to be overridden by an http.RoundTripper (#1449)
• f981b4c deps: update goreleaser-action for bug (#1444)
• 771a9b4 e2e: pull and export stdin and stdout (#1436)
• 87b3a79 feat: Add krane to release archive (#1443)
• 2859a0d feat: generate slsa provenance on github release artifacts (#1438)
• 9a5c14a fix crane's root.go after DefaultTransport change (#1450)
• 2b54510 fix: consider base image media type when appending layers (#1437)
• d3ed408 registry: implement blob deletion (#1432)
• 3413eb6 registry: implement pagination (#1430)
• e2d575c update crane installation instructions and release verification (#1440)

Container Images

https://gcr.io/go-containerregistry/crane:v0.12.0
https://gcr.io/go-containerregistry/gcrane:v0.12.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.12.0
docker pull gcr.io/go-containerregistry/gcrane:v0.12.0

v0.11.0

Changelog

• b7b4ead Add unit test covering .dockerconfigjson secrets (#1335)
• 31786c6 Bump deps using ./hack/bump-deps.sh (#1410)
• f79ec21 Deprecate transport.New (#1337)
• 2b1087a Do not check /v2 endpoint on registry when RoundTripper is provided (#1396)
• 59b5c06 Don't annotate refs by default, switch to OCI key (#1401)
• ddd39fb Fall back to no mount if registry misbehaves (#1406)
• d187a71 Implement crane edit (#1403)
• 4d7b65b Include builds for Go 1.18 in CI matrixes (#1319)
• 03194c5 Preserve descriptors when writing to layout (#1400)
• 53e6bea Redact sensitive information in redirected URLs (#1408)
• ae256b5 Use go-digest to validate digests (#1395)
• 86f0c4a Wrap progress updates in a mutex (#1402)
• e7a9f2b bump deps using ./hack/bump-deps.sh (#1389)

Container Images

https://gcr.io/go-containerregistry/crane:v0.11.0
https://gcr.io/go-containerregistry/gcrane:v0.11.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.11.0
docker pull gcr.io/go-containerregistry/gcrane:v0.11.0

v0.10.0

Changelog

• 9006ebf Add debug logs to google.Keychain (#1390)
• 03a77f4 Allow config files to be mounted (#1387)
• b17c48b Bump goreleaser/goreleaser-action from 2 to 3 (#1370)
• 623023e Implement cross-registry blob mounting experiment (#1388)
• 2a21d4f Set GetBody on blob uploads (#1391)
• f74686f bump deps using ./hack/bump-deps.sh (#1371)
• 7fc806e feat(cache): cacheable v1.ImageIndex (#1380)
• 0c40ec8 feat(crane): add option to allow pushing non-distributable layers (#1348)
• 12aeccc fix(crane): just need cobra.MinimumNArgs(1) instead of cobra.MaximumNArgs(1). (#1384)
• 84eb526 k8schain: prioritize imagePullSecrets over implicit auth (#1368)

Container Images

https://gcr.io/go-containerregistry/crane:v0.10.0
https://gcr.io/go-containerregistry/gcrane:v0.10.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.10.0
docker pull gcr.io/go-containerregistry/gcrane:v0.10.0

v0.9.0

What's Changed

• pkg/v1/mutate: fill in mediaType for OCI by @maisem in #1236
• Start testing ECR authentication. by @mattmoor in #1237
• Pin the version of AWS actions we use by @mattmoor in #1238
• Add pkg/authn/kubernetes by @imjasonh in #1234
• Use Temp File For layout.{Write,Append,Replace} Image/Index Methods by @ben-krieger in #1226
• Update README.md by @bobychaudhary in #1239
• fix k8schain go.mod by @dprotaso in #1242
• fix cmd/krane/go.mod and include it in hack/presubmit.sh by @imjasonh in #1240
• return transport errors that support errors.Is by @dprotaso in #1244
• Bump ecr-login to v0.6.0 by @imjasonh in #1243
• pkg/authn: return Anonymous on podman auth.json errors by @vdemeester in #1248
• Bump acr cred helper dep by @imjasonh in #1247
• krane: drop k8schain, use cred helper directly w/o k8s by @imjasonh in #1250
• Ensure that layer is closed before renaming file in layout by @ben-krieger in #1254
• Bump aws-actions/configure-aws-credentials from 1.6.0 to 1.6.1 by @dependabot in #1259
• Fix krane:debug image to include shell by @imjasonh in #1264
• Fix NewKeychainFromHelper by @imjasonh in #1265
• Fix issue templates by @imjasonh in #1266
• Update k8schain README -- don't recommend modifting authn.DefaultKeyc… by @imjasonh in #1267
• Add EOF to remote default retry predicate by @jonjohnsonjr in #1268
• Bump containerd by @imjasonh in #1271
• Implement Platform.String and v1.ParsePlatform by @imjasonh in #1270
• Eagerly fetch image ID in daemon.Image by @jonjohnsonjr in #1272
• Add pkg/authn/github.Keychain to authenticate with ghcr.io by @imjasonh in #1252
• Fallback to anonymous if env or gcloud are not configured by @imjasonh in #1279
• Add one-time workflow to push an image to ghcr.io by @imjasonh in #1281
• remove push-image workflow by @imjasonh in #1282
• Pass gcloud stderr to logs.Warn by @imjasonh in #1284
• Add tarball.WithMediaType to specify layer media type by @imjasonh in #1286
• LayerFromReader: buffer contents to a temp file instead of in memory by @imjasonh in #1285
• Check docker config auths for repo and registry by @imjasonh in #1280
• Bump deps, add script to make it easier by @imjasonh in #1260
• Fix Windows e2e test by @imjasonh in #1292
• Update ecr-login dep to fix logspam issue by @imjasonh in #1294
• authn/kubernetes - fix auth config lookup by @dprotaso in #1299
• authn/kubernetes - fix index.docker.io case by @dprotaso in #1300
• Take advantage of Chainguard maintained versions of various actions. by @mattmoor in #1301
• Cover a couple special paths in keychain unit tests. by @mattmoor in #1302
• Add output option to mutate to save to a tar file and not push to a registry (same as append) by @ehmm in #1257
• Add GitHub Action to automatically bump deps by @imjasonh in #1291
• Include blob existence checks in retries by @jonjohnsonjr in #1307
• Bump golangci/golangci-lint-action from 2 to 3.1.0 by @dependabot in #1308
• Add rebase_test.sh to hack/presubmit.sh by @imjasonh in #1304
• crane export: Support reading tarball from a stream by @abitrolly in #1274
• Don't parse challenge's scopes, put them first by @jonjohnsonjr in #1312
• Bump actions/checkout from 2 to 3 by @dependabot in #1315
• Fix isolation of presubmit tools by @abitrolly in #1306
• Bump deps, fix ecr-login API change by @imjasonh in #1310
• Add --user flag to crane mutate by @matthewrobertson in #1316
• Bump peter-evans/create-pull-request from 3 to 4 by @dependabot in #1327
• Bump actions/setup-go from 2 to 3 by @dependabot in #1340
• Bump actions/stale from 4 to 5 by @dependabot in #1342
• Bump codecov/codecov-action from 2.1.0 to 3.0.0 by @dependabot in #1341
• use k8s keychain first by @dprotaso in #1346
• fix(v1/random): set MediaType in randomIndex.manifest by @estroz in #1343
• fix(v1/remote): return an error if both auth and keychain are set by @estroz in #1334
• AuthConfig now supports json (un)marshalling by @dprotaso in #1350
• authn.kubernetes.Resolve now behaves exactly like Kubernetes by @dprotaso in #1349
• bump require blocks to point to latest main (892d7a8) by @dprotaso in #1351
• update go action to always get the latest available and other updates by @cpanato in #1352
• Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #1353
• Bump github/codeql-action from 1 to 2 by @dependabot in #1357
• transport: Don't pass default service if unset by @imjasonh in #1360
• fix(ConfigFile): Add Variant by @lippertmarkus in #1362
• Bump deps, fix issues by @imjasonh in #1317
• feat(crane): allow setting the repository to push by digest by @lippertmarkus in #1323
• Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #1365
• Bump deps using ./hack/bump-deps.sh by @imjasonh in #1366

New Contributors

• @ben-krieger made their first contribution in #1226
• @bobychaudhary made their first contribution in #1239
• @abitrolly made their first contribution in #1274
• @matthewrobertson made their first contribution in #1316
• @estroz made their first contribution in #1343
• @lippertmarkus made their first contribution in #1362

Full Changelog: v0.8.0...v0.9.0

v0.8.0

What's Changed

• spelling: entrypoing->entrypoint by @vsoch in #1176
• update crane mutate annotation/label args to allow commas in label values by @vsoch in #1178
• Check for Podman's auth.json in DefaultKeychain by @imjasonh in #1181
• Enable gosec, exempt tests, ignore others by @imjasonh in #1169
• Revert "Check for Podman's auth.json in DefaultKeychain (#1181)" by @imjasonh in #1184
• Attempt 2: Check for Podman's auth in DefaultKeychain by @imjasonh in #1185
• Update deps by @dekkagaijin in #1188
• Include 1.17 in build and test matrix by @imjasonh in #1190
• Add issue templates by @imjasonh in #1192
• Add depcheck test that pkg/registry has light dependencies by @imjasonh in #1187
• Windowsify layers when crane appending by @imjasonh in #1179
• Accept multiple entrypoint values in crane mutate by @imjasonh in #1194
• Added env vars and optional layers to mutate cmd by @ehmm in #1199
• Make crane export more ergonomic by @jonjohnsonjr in #1203
• Don't use the term 'runes' in error messages by @imjasonh in #1204
• Always use basic for anonymous pings by @jonjohnsonjr in #1207
• Support specifying osversion in the --platform flag by @imjasonh in #1206
• Bump golang.org/x/tools by @imjasonh in #1201
• crane push: Support OCI layout by @jonjohnsonjr in #1208
• Bump deps by @imjasonh in #1214
• Pluggable blob storage for pkg/registry by @imjasonh in #1209
• Add --image-refs to crane push. by @mattmoor in #1217
• Add a krane tool. by @mattmoor in #1218
• Fix krane build by @mattmoor in #1223
• Add UnavailableErrorCode by @jonjohnsonjr in #1230
• Add docker cred helper adapter in pkg/authn by @imjasonh in #1227
• crane pull: support pulling index to OCI Layout by @jonjohnsonjr in #1215

New Contributors

• @vsoch made their first contribution in #1176
• @ehmm made their first contribution in #1199

Full Changelog: v0.7.0...v0.8.0

v0.6.1

Changelog

• 99fe0b0 Propagate crane options through gcrane cp -r (#1127) (#1222)

Container Images

https://gcr.io/go-containerregistry/crane:v0.6.1
https://gcr.io/go-containerregistry/gcrane:v0.6.1

For example:

docker pull gcr.io/go-containerregistry/crane:v0.6.1
docker pull gcr.io/go-containerregistry/gcrane:v0.6.1

v0.7.0

Changelog

1830951 Add --set-base-image-annotations flag to crane append (#1098)
bea59b9 Add crane flatten (#1104)
5c9c442 Add pkg/registry/README.md documenting expectations (#1167)
dd86162 Add s390x arch to goreleaser (#1149)
8388fde Add temp codes when determining if an error is 'Temporary' (#1115)
6cb23fb Adding OS version to Crane for better Windows support. (#1173)
9ae11fe Allow image layers to use any custom media type (#1136)
d6bc6d5 Bump actions/stale from 3 to 4 (#1096)
a65a0a6 Bump codecov/codecov-action from 1 to 2.0.2 (#1095)
7e0ed51 Bump codecov/codecov-action from 2.0.2 to 2.0.3 (#1112)
40ba044 Bump codecov/codecov-action from 2.0.3 to 2.1.0 (#1125)
542cd56 Bump dependencies (#1175)
4580921 Bump docker/docker dependency to v20.10.10 (#1171)
c5dea0c Bump github.com/containerd/stargz-snapshotter/estargz (#1118)
230ff8e Bump github.com/containerd/stargz-snapshotter/estargz (#1138)
54c3445 Bump github.com/docker/cli (#1101)
d43a5ce Bump github.com/docker/cli (#1141)
be17d0a Bump github.com/docker/docker (#1100)
35e3541 Bump github.com/docker/docker (#1140)
f9a1886 Clean filepaths in mutate.Extract (#1106)
7a6ee45 Define a new remote.DefaultTransport. (#1165)
3cd0cb5 Do not forget CreatedBy in mutate.Canonical (#978)
5f2509c Document setup-crane in cmd/crane/README.md (#1152)
c71ca9b Don't reuse errgroups, propagate contexts better (#1128)
dd49079 Enable golangci-lint (#1162)
a0c4bd2 Enable some more golangci-lint checks, fix findings (#1164)
0dfbb56 Fix presubmit (#1161)
b0e827a Fix small typo in partial README for UncompressedImageCore (#1156)
080751a Give the ping context a timeout. (#1163)
de8aff8 Implement annotation-based rebase hints (#960)
0e8b581 Make mutate constructs immutable. (#1124)
e92a648 Make crane flatten work with indexes (#1105)
34b7f00 Make retrying transport and http errors configurable (#1122)
f337ecf Pass Options when recursively calling writeIndex (#1172)
b5cf9c4 Propagate crane options through gcrane cp -r (#1127)
2459de3 Re-enable codeql analysis (#1135)
e7cd6af Refactor the control flow for manifests and blobs. (#1157)
1781b9f Update dependabot.yml (#1084)
72ae53c Update go mod deps to latest releases, run go mod tidy and go mod vendor (#1139)
486e71f feat(daemon): avoid multiple initialization (#1126)
f0983da feat(daemon): lazy image saving (#1121)
bcbf8d3 feat: ability to set page size for tags list and catalog calls (#1102)
308547a pkg/authn/k8schain: run go mod tidy (#1131)
0de2b1e recipe: Document diffing filesystem contents (#1155)

Container Images

https://gcr.io/go-containerregistry/crane:v0.7.0
https://gcr.io/go-containerregistry/gcrane:v0.7.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.7.0
docker pull gcr.io/go-containerregistry/gcrane:v0.7.0

v0.6.0

Changelog

9b2cec9 Add SECURITY.md (#1031)
a27f4a4 Add WithTransport to gcrane (#1022)
8b535fa Add auth options to gcrane (#1021)
b448aba Add crane recipe for listing files, add note about symlinks (#1072)
b69114f Add google.com host suffix to gcrane keychain (#1039)
4759a5d Add recipe to calculate image size (#1088)
6118d45 Add retry when commiting a manifest (#1041)
092caf0 Add static.NewLayer (#1093)
2f6fbf7 Allow mutate.Annotations to annotate an Image or ImageIndex (#1082)
68edb3a Avoid race in progress_test.go (#1081)
9e56ddd Avoid trying https for insecure registries (#1002)
a0b9468 Bump github.com/containerd/stargz-snapshotter/estargz (#1083)
2b9ddcd Bump github.com/spf13/cobra from 1.1.3 to 1.2.1 (#1070)
ce35c99 Create a k8schain directly from pull secrets (#1049)
628a2ff Document released images in release notes (#1069)
03f1bf4 Don't overwrite WithTransport option (#1077)
acad0ed Drop error return for mutate.Annotations (#1058)
e2daef5 Enable dependabot (#1052)
8395cdf Fix install instructions for crane (#1020)
0233fcd Fix typo in state GitHub Action (#1023)
596751a Handle multiple www-authenticate headers (#1075)
5f53e4e Implement crane.Head (#1057)
0ffa4a5 Include a commit with K8s 1.20 libs (#1027)
13e1a6b Only verify size if we can (#1080)
426caf7 Plumb context through crane and gcrane (#995)
eca1cd8 Reduce default catalog page size (#1092)
d9ecc49 Remove report card (#1035)
11f8769 Revert "Avoid trying https for insecure registries (#1002)" (#1048)
5455b5b Revert "export manifest for tar file (#1033)" (#1043)
5ea3569 Set Content-Type to application/octet-stream (#1079)
a3a06bb Straighten out remote.List{WithContext} (#1090)
162d96e Update dependencies (#1036)
45aaa6c Use Data field when fetching in remote (#1076)
de6223d Verify size in verify.ReadCloser (#1044)
fbb5e78 bump ggcr in gccr/k8schain what! (#1030)
529b437 ci: test/build with go 1.14/1.15/1.16 (#1051)
3bfd0b5 crane: ignore TLS certificate validation when using --insecure flag (#1054)
f0ce227 export manifest for tar file (#1033)
764823a export manifest from tar file (#1046)
92e9e85 feat(mutate): added support for overriding manifest annotations (#1056)
3bfab55 update to add that crane retains the digest (#1037)
c086c7f use K8s 1.20 libs
14e26bf use K8s 1.21 libs
100e16a use go1.16's module aware install vs tools.go (#1028)

Container Images

https://gcr.io/go-containerregistry/crane:v0.6.0
https://gcr.io/go-containerregistry/gcrane:v0.6.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.6.0
docker pull gcr.io/go-containerregistry/gcrane:v0.6.0