Releases: stacklok/minder
Releases · stacklok/minder
v0.0.50
What's Changed
- Remove dependency-review pipeline by @JAORMX in #3341
- Regenerate minder protobuf gateway by @JAORMX in #3343
- Remove
go generate
statement from keystore by @JAORMX in #3344 - Use JSONB for encrypted redirect URL by @dmjb in #3347
- Trusty: Refactor alternative classification, add tests by @puerco in #3336
- Reduce code duplication in provider handlers by @jhrozek in #3349
- Add provider configuration to the session store by @jhrozek in #3348
- Allow KeyStore to be configured with multiple keys by @dmjb in #3335
- Auto-generated DB schema update - 2024-05-16 15:06:39 by @github-actions in #3350
- build(deps): bump github.com/bufbuild/buf from 1.31.0 to 1.32.0 in /tools by @dependabot in #3355
- build(deps): bump bufbuild/buf-setup-action from 1.31.0 to 1.32.0 by @dependabot in #3353
- build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #3354
- Store encrypted values in new DB column. by @dmjb in #3351
- Remove salt field from EncryptedData by @dmjb in #3357
- Github provider: Add support for checks API by @puerco in #3352
- build(deps): bump github.com/golangci/golangci-lint from 1.58.1 to 1.58.2 in /tools by @dependabot in #3366
- Do not post a pr review if no homoglyphs are found by @teodor-yanev in #3364
- Implement AES-256-GCM encryption by @dmjb in #3367
- Handle package not found in package registries by @jhrozek in #3363
- Fix table formatting for found vulnerabilities by @rdimitrov in #3369
Full Changelog: v0.0.49...v0.0.50
v0.0.49
What's Changed
- Do not construct provider when validating user ID by @dmjb in #3221
- small typo fix to CONTRIBUTING.md by @staceypotter in #3264
- Refactor engine code to use specific provider traits in more places by @dmjb in #3262
- Fix crash in 3259, add test by @evankanderson in #3275
- build(deps): bump golangci/golangci-lint-action from 6.0.0 to 6.0.1 by @dependabot in #3280
- build(deps): bump aquasecurity/trivy-action from 0.19.0 to 0.20.0 by @dependabot in #3281
- build(deps): bump github.com/openfga/cli from 0.3.1 to 0.4.0 in /tools by @dependabot in #3279
- build(deps): bump styled-components from 6.1.9 to 6.1.10 in /docs by @dependabot in #3278
- Minder's "repo register" command now checks already registered repos. by @blkt in #3236
- Added utilities to implement multi-select choices by @blkt in #3237
- Remove ProviderBuilder from engine by @dmjb in #3270
- Migrate to go-viper blessed fork of mapstructure by @evankanderson in #3149
- Remove ProviderBuilder by @dmjb in #3282
- build(deps): bump coverallsapp/github-action from 2.2.3 to 2.3.0 by @dependabot in #3290
- build(deps): bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /tools by @dependabot in #3289
- build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 by @dependabot in #3285
- build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in #3291
- build(deps): bump github.com/charmbracelet/bubbletea from 0.25.0 to 0.26.2 by @dependabot in #3288
- build(deps): bump github.com/openfga/go-sdk from 0.3.6 to 0.3.7 by @dependabot in #3287
- build(deps): bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 by @dependabot in #3297
- Stored procedure responsible for Profile status transitions now covers all cases by @blkt in #3295
- Upgrade to postgres 16.2 in docker-compose file by @JAORMX in #3296
- Decouple crypto engine from encryption algorithm by @dmjb in #3293
- Add OCI providers + DockerHub and GHCR by @JAORMX in #2983
- Resolve test flake in flags_test by @evankanderson in #3305
- build(deps): bump styled-components from 6.1.10 to 6.1.11 in /docs by @dependabot in #3298
- hides CLI profile list label flag by @ChrisJBurns in #3307
- Auto-generated cli documentation update - 2024-05-11 12:35:03 by @github-actions in #3308
- build(deps): bump github.com/mikefarah/yq/v4 from 4.43.1 to 4.44.1 in /tools by @dependabot in #3313
- build(deps): bump github.com/sigstore/protobuf-specs from 0.3.1 to 0.3.2 by @dependabot in #3312
- build(deps): bump github.com/fergusstrange/embedded-postgres from 1.26.0 to 1.27.0 by @dependabot in #3311
- build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #3310
- Multi select list is now ordered. by @blkt in #3306
- Implement EncryptedData struct by @dmjb in #3302
- verifier: Get local authenticator struct to return a usable authenticator by @JAORMX in #3318
- Support dockerhub in
mindev ruletype test
sub-command by @JAORMX in #3319 - verifier: Move registry to authenticator by @JAORMX in #3320
- Add dependency review by @therealnb in #3314
- Replace unpinned actions with pinned action by @stacklokbot in #3321
- build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #3328
- build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in #3327
- Make artifacts ingester work with both GitHub and OCI providers by @JAORMX in #3309
- Add new column for new encyrption format by @dmjb in #3331
- Initial KeyStore implementation by @dmjb in #3329
- build(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 by @dependabot in #3333
- Auto-generated DB schema update - 2024-05-14 21:46:14 by @github-actions in #3332
- Improve Trusty integration by @puerco in #3277
- build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.1 to 2.20.0 in /tools by @dependabot in #3337
- build(deps): bump k8s.io/client-go from 0.30.0 to 0.30.1 by @dependabot in #3338
- build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.1 to 2.20.0 by @dependabot in #3340
New Contributors
- @staceypotter made their first contribution in #3264
- @ChrisJBurns made their first contribution in #3307
Full Changelog: v0.0.48...v0.0.49
v0.0.48
What's Changed
- Update index.md by @eryn-muetzel in #3117
- Update README.md by @eryn-muetzel in #3118
- Allow setting log level for mindev ruletype test by @jhrozek in #3119
- build(deps): bump github.com/openfga/openfga from 1.5.1 to 1.5.3 by @dependabot in #3122
- build(deps): bump k8s.io/client-go from 0.29.3 to 0.29.4 by @dependabot in #3121
- Return 500 if Github AppName is empty when enrolling provider by @dmjb in #3124
- build(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 by @dependabot in #3127
- build(deps): bump github/codeql-action from 3.25.0 to 3.25.1 by @dependabot in #3128
- build(deps): bump k8s.io/apimachinery from 0.29.4 to 0.30.0 by @dependabot in #3126
- Remove GitHub discussions from README by @eleftherias in #3129
- build(deps): bump k8s.io/client-go from 0.29.4 to 0.30.0 by @dependabot in #3125
- Implement
CanImplement
method for providers by @dmjb in #3115 - Don't use SELECT * when joining profile tables by @jhrozek in #3130
- Make provider class mandatory in DB by @dmjb in #3132
- build(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.2+incompatible in /tools by @dependabot in #3133
- build(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #3134
- build(deps): bump github.com/golang-migrate/migrate/v4 from 4.17.0 to 4.17.1 by @dependabot in #3136
- Skip or error when trying to register an archived repository by @rdimitrov in #3135
- Address review comments for labels filtering by @jhrozek in #3137
- Implement ProviderFactory and ProviderClassFactory by @dmjb in #3131
- Use provider ID instead of name when sending events by @dmjb in #3093
- Fix repo deletion by @jhrozek in #3140
- build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #3141
- Remove provider name from event wrapper by @dmjb in #3139
- Allow full profile updates through the PATCH handler by @jhrozek in #2990
- build(deps): bump github/codeql-action from 3.25.1 to 3.25.2 by @dependabot in #3147
- build(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by @dependabot in #3146
- build(deps): bump clsx from 2.1.0 to 2.1.1 in /docs by @dependabot in #3144
- Add
reminder
service with empty sendReminders logic by @Vyom-Yadav in #2638 - build(deps): bump bufbuild/buf-setup-action from 1.30.1 to 1.31.0 by @dependabot in #3156
- build(deps): bump github.com/styrainc/regal from 0.20.1 to 0.21.0 by @dependabot in #3157
- build(deps): bump github.com/bufbuild/buf from 1.30.1 to 1.31.0 in /tools by @dependabot in #3158
- Use
go generate
directives for mock generation by @dmjb in #3159 - Bump sigstore-go to v0.3.0 and add local registry for tests by @puerco in #3154
- Bump go base images to go 1.22.2 by @dmjb in #3161
- build(deps): bump go.opentelemetry.io/otel/trace from 1.25.0 to 1.26.0 by @dependabot in #3170
- build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #3172
- build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 by @dependabot in #3166
- build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #3171
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.50.0 to 0.51.0 by @dependabot in #3169
- Add ProviderManager, make provider deletion generic by @dmjb in #3162
- Read the webhook secret from a file by @jhrozek in #3175
- More descriptive error message when validating secrets with any of the fallback webhooks fails by @jhrozek in #3176
- build(deps): bump react from 18.2.0 to 18.3.0 in /docs by @dependabot in #3179
- build(deps): bump github/codeql-action from 3.25.2 to 3.25.3 by @dependabot in #3185
- build(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 by @dependabot in #3186
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.50.0 to 0.51.0 by @dependabot in #3184
- build(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.25.0 to 1.26.0 by @dependabot in #3182
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.25.0 to 1.26.0 by @dependabot in #3183
- build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from 0.47.0 to 0.48.0 by @dependabot in #3181
- Initial implementation of IDP interface and Keycloak implementation by @evankanderson in #3155
- Add Helm configuration for feature flags by @evankanderson in #3188
- build(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 by @dependabot in #3197
- build(deps): bump react from 18.3.0 to 18.3.1 in /docs by @dependabot in #3195
- build(deps): bump github.com/open-feature/go-sdk-contrib/providers/go-feature-flag from 0.1.35 to 0.1.36 by @dependabot in #3192
- build(deps): bump github.com/styrainc/regal from 0.21.0 to 0.21.3 by @dependabot in #3193
- build(deps): bump github.com/signalfx/splunk-otel-go/instrumentation/github.com/lib/pq/splunkpq from 1.15.0 to 1.16.0 by @dependabot in #3190
- build(deps): bump react-dom from 18.2.0 to 18.3.1 in /docs by @dependabot in #3198
- build(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.64.1 by @dependabot in #3191
- Add docs for using feature flags when developing Minder by @evankanderson in #3189
- Use webhook secrets from files by @jhrozek in #3177
- Fix webhook secret file names by @jhrozek in #3201
- Delete docs/docs/how-to/using-minder-with-ghas.md by @meganbruce in #3204
- build(deps): bump github.com/go-playground/validator/v10 from 10.19.0 to 10.20.0 by @dependabot in #3205
- build(deps): bump github.com/openfga/cli from 0.3.0 to 0.3.1 in /tools by @dependabot in #3207
- build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #3206
- Refactor repo deletion to move db/provider logic behind interface by @dmjb in #3200
- Warn about empty secret and skip the update in the webhook updater tool by @jhrozek in #3208
- Use ProviderManager in webhook handler by @dmjb in #3202
- Implement GitHubClientFactory by @dmjb in #3203
- build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 in /tools by @dependabot in #3216
- build(deps): bump styled-components from 6.1.8 to 6.1.9 in /docs by @dependabot in #3215
- build(deps): bump github.com/openfga/go-sdk from 0.3.5 to 0.3.6 by @dependabot in #3218
- build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 by @dependabot in #3217
- Return verified attestation in verification results by @puerco in #3212
- Fix bug handling images with slashes in ref by @puerco in #3211
- Bug: Remove impossible condition by @puerco in #3213
- Don't trim path from builder URI by @puerco in #3214
- Pass RestClientCache as constructor param by @dmjb in #3222
- Remove use of ProviderBuilder by repo handler by @dmjb in #3224
- Make Project Create/Delete a service...
v0.0.47
What's Changed
- Provide a default configuration for the Trusty evaluator by @jhrozek in #3078
- Auto-generated cli documentation update - 2024-04-12 17:35:16 by @github-actions in #3077
- Log requests using Debug() by @puerco in #3081
- build(deps): bump github.com/signalfx/splunk-otel-go/instrumentation/github.com/lib/pq/splunkpq from 1.14.0 to 1.15.0 by @dependabot in #3061
- build(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 by @dependabot in #3084
- Frizbee: Cache GitHub action entries by @JAORMX in #3083
- Upgrade to frizbee v0.0.15 by @JAORMX in #3086
- Restructure docs pages by @eleftherias in #3085
- Reorder documentation headers by @eleftherias in #3089
- Restructure docs for how Minder works by @eleftherias in #3090
- Add ProviderID field to EntityInfoWrapper by @dmjb in #3072
- Ignore description and defaults when validing ruletype updates by @jhrozek in #3092
- Handle
bad_verification_code
error when doing OAuth2 flow by @JAORMX in #3094 - Using capital case for how-to docs by @eleftherias in #3095
- Do not delete user from OpenFGA in a DB transaction to avoid issues with minder auth delete by @jhrozek in #3082
- Delete (only) root projects if they have no admins (rather than any users) by @evankanderson in #3098
- Docs updates by @ethomson in #3091
- Update docs "understand" section by @ethomson in #3101
- build(deps): bump azure/setup-helm from 4.1.0 to 4.2.0 by @dependabot in #3105
- build(deps): bump github/codeql-action from 3.24.10 to 3.25.0 by @dependabot in #3106
- Add docs for user roles by @eleftherias in #3099
- Add tutorial about writing rule types using rego by @JAORMX in #3103
- Add tutorial on using mindev by @JAORMX in #3104
- Remove a link that is overlayed in downstream docs by @jhrozek in #3108
- Use relative link to CLI docs, not localhost by @jhrozek in #3109
- Update Minder roadmap by @ethomson in #3110
- Fix
make gen
by @dmjb in #3111 - Add
minder auth token
command by @JAORMX in #3107 - Auto-generated cli documentation update - 2024-04-16 12:56:05 by @github-actions in #3112
- Remove managed profiles for OSS docs by @eleftherias in #3114
- Fix endless remediation loop caused by PR create conflict by @rdimitrov in #3113
Full Changelog: v0.0.46...v0.0.47
v0.0.46
v0.0.45
What's Changed
- Hide deprecated flag from help by @dmjb in #3046
- Add docs for setting up GitHub App by @eleftherias in #3047
- Auto-generated cli documentation update - 2024-04-11 15:49:20 by @github-actions in #3048
- zerolog: Don't reuse event in
Eval
call by @JAORMX in #3049 - Fix CLI doc generation bug by @dmjb in #3050
- Support Logging GitHub requests by @puerco in #3054
- Add sensible defaults to the OSV evaluator to allow running without any configuration by @jhrozek in #3053
- New documentation by @JAORMX in #3058
- Add no-op handler for GitHub Marketplace events by @eleftherias in #3064
- Fix documentation sidebar titles by @eleftherias in #3065
- skip remote repo listing if name(s) are given by @JAORMX in #3059
- Update docs label for CLI commands by @eleftherias in #3067
- Don't advertise the owner flag for enroll and upate screenshots by @jhrozek in #3051
- Log webhook token type by @rdimitrov in #3068
- Auto-generated cli documentation update - 2024-04-12 11:41:32 by @github-actions in #3066
- Revert "Log webhook token type" by @rdimitrov in #3069
- Log the token type while creating the installation token and during the ping received event by @rdimitrov in #3070
Full Changelog: v0.0.44...v0.0.45
v0.0.44
v0.0.43
What's Changed
- CLI: Get rule type by name by @JAORMX in #3009
- Add remediation URL to all evaluation responses by @puerco in #2972
- CLI: Print applicable entity when getting rule type info by @JAORMX in #3013
- Issue a bespoke profile update message on patching a profile by @jhrozek in #3012
- Handle entity delete events, i.e. when a repo is deleted by @rdimitrov in #2940
- build(deps): bump github.com/stacklok/frizbee from 0.0.13 to 0.0.14 by @dependabot in #3020
- build(deps): bump github.com/styrainc/regal from 0.20.0 to 0.20.1 by @dependabot in #3018
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.49.0 to 0.50.0 by @dependabot in #3019
- Remove hardcoded dependency between artifacts and projects by @JAORMX in #2991
- Artifact index for repos was not meant to be unique by @JAORMX in #3022
- Auto-generated DB schema update - 2024-04-10 11:50:40 by @github-actions in #3023
- Proceed with provider delete if repo delete fails by @eleftherias in #3025
- Use ProviderID in telemetry data by @dmjb in #3026
- Uninstall GitHub Apps when a user account is deleted by @eleftherias in #3024
- Disable linter rules for pre-Go 1.22 loop var issue by @dmjb in #3029
- Avoid deleting GH App installation if already deleted by @eleftherias in #3031
- git ingester: Handle empty repository by skipping it by @JAORMX in #3033
- Skip branch protection remediations for repos with no branches by @jhrozek in #3035
- build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #3037
- Only run deletion reconciler on repo deleted events by @JAORMX in #3036
- Don't crash if there's no package list client by @jhrozek in #3034
- Default to github-app in provider enroll by @dmjb in #3032
- Allow reading secrets from file for GH App config by @eleftherias in #3040
- A nicer error message when listing remote repos without an enrolled provider by @jhrozek in #2976
- Use output.formats.format in golangci.yaml by @jhrozek in #3041
Full Changelog: v0.0.42...v0.0.43
v0.0.42
What's Changed
- Use fallback token for listing artifacts with GH App by @eleftherias in #2992
- build(deps): bump google.golang.org/grpc from 1.63.0 to 1.63.2 by @dependabot in #2999
- build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from 0.46.0 to 0.47.0 by @dependabot in #2998
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.49.0 to 0.50.0 by @dependabot in #2996
- build(deps): bump github.com/styrainc/regal from 0.19.0 to 0.20.0 by @dependabot in #2997
- build(deps): bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in #3000
- build(deps): bump peaceiris/actions-gh-pages from 3.9.3 to 4.0.0 by @dependabot in #3001
- Handle when the user declines T&C in minder auth login by @jhrozek in #2995
- Use TEXT as type of license instead of VARCHAR(255) by @dmjb in #2994
- Remove duplicate clause in profile status query by @dmjb in #2993
- Upgrade go-github to go-github/v61 by @JAORMX in #3003
- Validate query parameters in GitHub App callback by @eleftherias in #3007
- Return a nicer error message when a ruletype can't be found by @jhrozek in #3005
Full Changelog: v0.0.41...v0.0.42
v0.0.41
What's Changed
- Track whether GitHub App is installed on org by @eleftherias in #2947
- Auto-generated DB schema update - 2024-04-05 11:33:16 by @github-actions in #2960
- Bump google.golang.org/grpc to v1.63.0 by @jhrozek in #2961
- Add label flag to profile list command by @dmjb in #2964
- Modify GRPCClientWrapRunE to pass positional arguments by @dmjb in #2967
- Allow profile/ruletype URLs to accept slashes by @dmjb in #2970
- Actions: Complete version tags in workflow comments by @puerco in #2974
- Add a unit test for switch of a profile state to pending by @jhrozek in #2977
- build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #2989
- build(deps): bump github.com/go-critic/go-critic from 0.11.2 to 0.11.3 in /tools by @dependabot in #2984
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.24.0 to 1.25.0 by @dependabot in #2987
- build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 by @dependabot in #2988
- build(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.24.0 to 1.25.0 by @dependabot in #2985
Full Changelog: v0.0.40...v0.0.41