SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for melange-debugsource-0.20.0-1.1.i586.rpm :

* Thu Feb 13 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.20.0:
* bump to latest apko
* fix lint finding
* bump apko to get quieter logs
* build(deps): bump the gomod group across 1 directory with 5 updates
* move unnecessary logs from info to debug or error (#1781)
* build(deps): bump the actions group across 1 directory with 4 updates
* build(deps): bump cloud.google.com/go/storage from 1.49.0 to 1.50.0
* Mon Feb 10 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.19.5:
* Move buildUser to existing const block
* Consolidate build user/group strings
* Pass GID pointer to apko_types.GID in test_test.go
* Add build user to test pipeline environments (#1747)
* keep using /usr as prefix
* add npm and update prefix location
* Fri Feb 07 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.19.4:
* patch: expose fuzz flag value
* sbom: update copyrightText from \"/n\" to \"NOASSERTION\"
* Fix some white space issues
* Add ${{subpkg.name}} string substitution
* lint: Add linter for usrmerge
* Fix documentation update
* Update the documentation for the new linter
* Fix a linting error
* Add a linter which checks for pkgconfig files
* patch: add --verbose flag to patch pipeline
* Mon Jan 27 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.19.3:
* disallow uses: with a nested pipeline
* Mon Jan 20 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.19.2:
* move some spammy logs to debug
* docs
* fix lint, use 22.04 where needed
* try ubuntu-22.04
* remove \'melange convert gem\'
* remove \'melange convert python\'
* Fri Jan 17 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.19.1:
* Update pkg/build/build.go
* Update pkg/build/build.go
* sbom: switch SPDX namespace from SHA1 to FNV-1a
* Compress the initrd to workaround issue (#1745)
* stop generation homebrew update as melange in in homebrew core
* build(deps): bump the actions group with 2 updates
* build: Write a GCC specs file into workspace
* Sat Jan 11 2025 opensuse_buildserviceAATTojkastl.de- Update to version 0.19.0:
* feat: add support to add and drop linux capabilities (#1702)
* Update pkg/build/pipeline.go
* Update pkg/build/pipeline.go
* build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0
* build(deps): bump github.com/invopop/jsonschema from 0.12.0 to 0.13.0
* build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
* build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.1
* minor go cleanup
* minor go cleanup
* build(deps): bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0
* Fix(piepline): use correct comment systax
* fix: Move the go mod tidy after cd to modrootfeat: Check if go.mod file exiest in modroot dir to ensure modroot is set correctly
* Mon Dec 30 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.18.3:
* build(deps): bump actions/upload-artifact in the actions group
* Mon Dec 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.18.2:
* update apko to 0.22.4
* build(deps): bump cloud.google.com/go/storage from 1.48.0 to 1.49.0
* build(deps): bump google.golang.org/api from 0.211.0 to 0.214.0
* build(deps): bump the gomod group with 2 updates
* Fix numpy-test to work across python 3.12 to 3.13 transition. (#1715)
* fix(qemu): remove redundant check
* bump: double-quote bumped version strings, avoid trailing newline
* build(deps): bump actions/setup-go in the actions group
* build(deps): bump the gomod group with 2 updates
* fix linting
* respect ctx error
* fix(qemu): improve logging, make connection check less spammy
* Mon Dec 16 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.18.1:
* fix error
* also drop util.RightJoinMap
* undo whitespace change
* remove unnecessary util.Dedup method
* Sat Dec 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.18.0:
* build(deps): bump chainguard.dev/apko from 0.21.0 to 0.22.1
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump dagger.io/dagger in the gomod group
* upgrade to 3.13
* sign: switch to SHA2-256 signature by default
* feat(pipelines/cargo): add support for rustflags (#1698)
* pipelines/split/dev - grab files in /usr/share/cmake
* Thu Dec 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.7:
* Bump apko and fix the thing I broke
* Handle WalkDir errors
* build(deps): bump dagger.io/dagger from 0.14.0 to 0.15.0
* Thu Dec 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.6:
* Bump apko to v0.20.2
* Thu Dec 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.5:
* drop spammy slog attributes
* build(deps): bump cloud.google.com/go/storage from 1.47.0 to 1.48.0
* Tue Dec 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.4:
* build(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0
* build(deps): bump github.com/chainguard-dev/clog
* build(deps): bump github.com/chainguard-dev/yam in the gomod group
* melange/update block: provide config option to indicate that automated pull requests should be merged in order rather than superseding and closing previous unmerged PRs
* Sun Dec 08 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.3:
* fix(sca): Revert recent SCA changes for Ruby
* Sun Dec 08 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.2:
* fix(qemu): fix MacOS crosscompile path (#1678)
* fix(sca): Don\'t generate ruby dep when found in shebang
* fix(sca_test): Check for ruby-base
* fix(sca): Generate dependency for ruby-
*-base instead of ruby-
*
* Improve comment stripping errors
* Add package.srcdir substitution to README
* Mon Dec 02 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.1:
* test(compile): basic tests for stripComments
* fix(compile): label when compile error is for test pipeline
* Fri Nov 29 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.17.0:
* feat: add project.srcdir variable (#1666)
* Wed Nov 27 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.16.0:
* Include locked melange config in control section
* build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0
* build(deps): bump the gomod group with 2 updates
* build(deps): bump step-security/harden-runner in the actions group
* Tue Nov 26 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.14:
* fix(pipeline): validate expected commit before passing to git-checkout pipeline (#1667)
* Add git version to Summarize output
* RELEASE.md update, add statement that tags and releases will update
* Fri Nov 22 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.13:
* Consider symlinks as potential provides for so:
* drop ntia e2e test
* Wed Nov 20 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.12:
* pipelines/cargo: ability to override output-dir
* fix(pipeline): check also checksum length
* fix(pipeline): do preliminary checks for checksum invalid chars
* docs: re-add release documentation markdown file
* hack: remove release.md
* docs: update automatic release interval
* add a dependency on texinfo or man-db as appropriate
* Tue Nov 19 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.11:
* build(deps): bump cloud.google.com/go/storage from 1.46.0 to 1.47.0
* Tue Nov 19 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.10:
* release: check for both tag and release
* Tue Nov 19 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.9:
* change release frequency to weekly
* review feedback
* docs(release): update release.md based on new workflow design
* fix(releases): more reliable releases
* Bump apko to v0.20.0
* Clean up workspace dir from inside runner to avoid permission errors. (#1648)
* Fri Nov 15 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.8:
* Create sub-package directories in WorkDir before building subpackage
* Thu Nov 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.7:
* build(deps): bump golang.org/x/text from 0.19.0 to 0.20.0
* Wed Nov 13 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.6:
* build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0
* build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0
* Give a pointer to solution if bubblewrap runner cannot use user namespace.
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump dagger.io/dagger from 0.13.7 to 0.14.0
* Tue Nov 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.5:
* anotha one
* qemu: reduce logspam for qemu runner
* build(deps): bump google.golang.org/api from 0.204.0 to 0.205.0
* build(deps): bump go.opentelemetry.io/otel from 1.31.0 to 1.32.0
* build(deps): bump chainguard.dev/apko in the gomod group
* build(deps): bump goreleaser/goreleaser-action in the actions group
* cleanup: remove unnecessary utils
* chore(pipelines/fetch): Print expected and found checksums
* Tue Nov 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.4:
* fix(qemu): use proper machine type and cpu model based on host arch (#1627)
* Switch the copy to pick up hidden files. (#1624)
* Tue Nov 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.3:
* Add man-db for doc packages
* Tue Nov 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.2:
* check ReplacesPriority if it is an integer
* Tue Nov 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.1:
* build(deps): bump the gomod group with 2 updates
* build(deps): bump google.golang.org/api from 0.203.0 to 0.204.0
* build(deps): bump cloud.google.com/go/storage from 1.45.0 to 1.46.0
* Sat Nov 02 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.15.0:
* feat(qemu): fix qemu command on cross-compilation cases
* update docs
* feat(qemu): add flag to specify cpu model to use, useful for cases where /dev/kvm is not available
* fix(qemu): remove ssh ignoreHostKey, set an host-key retrieval step, then use host key verification for all successive commands
* fix linting
* fix(qemu): improve error when not finding a suitable kernel image
* fix(qemu): use net.Listen to find open port, simplify random port logic
* fix(qemu): use package go-shellquote and simplify cmd handling
* fix(qemu): use package go-shellquote and simplify cmd handling
* fix(qemu): specify KVM accelleration on linux, use only if /dev/kvm is present
* fix(qemu): fix typos
* Tue Oct 29 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.11:
* build(deps): bump github.com/chainguard-dev/yam in the gomod group
* build(deps): bump the actions group with 2 updates
* Sat Oct 26 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.10:
* build(deps): bump the gomod group across 1 directory with 2 updates
* Fri Oct 25 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.9:
* chore: unexport build pkg methods
* bump apko to get http key support
* go mod tidy
* bump apko to pick up chainguard key fix
* Thu Oct 24 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.8:
* fix(bubblewrap_runner): run as build 1000 by default (#1572)
* use --target-dir to target with cargo build
* pass --release as default opts
* allow passing more than one opts to cargo build
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.7:
* fix breakage
* go mod tidy
* bump apko dep to fix modtime issue
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.6:
* fix(build): require build config repo URL
* add build base to cargo-build pipeline
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.5 (0.14.4 was not properly released):
* fix(sbom): unique package IDs for upstream source
* test: (tdd) add failing test for dup spdx IDs
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.3:
* fix(build): use fallback values at entrypoint for git info
* fix(build): use the config file dir path for git detection
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.2:
* ci: add workflow to tag releases daily
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.1:
* Do not specify versions during \'melange test\' (Revert #1579 and [#1518])
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.14.0:
* fix(build): make git autodetection best effort
* test: use x86_64 for build int tests
* move sbom test inside build test
* test(build): favor bwrap, fallback to docker
* chore: dedup test targets in makefile
* docs: run make docs-repo
* try qemu runner
* test: remove e2e tests for SBOM external refs
* unique SPDX IDs for multiple git repo checkouts
* chore: add make target for integration tests
* test: add integration test for build and SBOMs
* chore: bump Go version
* feat(sbom): overhaul SBOM generation logic
* Wed Oct 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.7:
* Pin the package version with ~ rather than =.
* build(deps): bump google.golang.org/api from 0.200.0 to 0.201.0
* build(deps): bump cloud.google.com/go/storage from 1.44.0 to 1.45.0
* bublewrap_runner: add /sys mount
* fix lint finding
* pipe it through cli
* cleanup glow up
* fix(qemu): fix missing pty allocation for debug shell in qemu runners
* Do not add a cmd:awk dependency as nothing will ever provide cmd:awk
* fix formatting lint
* fix(test): update tests to reflect new struct
* fix(qemu): fix failing test pipeline when using qemu runner
* fix test
* Pin the package version used during tests
* Wed Oct 16 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.6:
* run `make generate`
* rename exported GetTagFilterPrefix and GetTagFilterContains functions to be normalized GetFilterPrefix and GetFilterPrefix
* update config: add version filter prefix and contains to release monitor config block so implementations can perform the same behaviour as git and github configs
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump google.golang.org/api from 0.199.0 to 0.200.0
* build(deps): bump the actions group with 2 updates
* build(deps): bump go.opentelemetry.io/otel/sdk from 1.30.0 to 1.31.0
* build(deps): bump the gomod group with 4 updates
* pipelines: fix split/debug
* Sun Oct 13 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.5:
* Enable pc file dependencies
* generateRuntimePkgConfigDeps: only do so for public .pc, not vendored
* Improve some config parsing errors
* Fri Oct 11 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.4:
* Revert \"sca: Properly detect .so files as deps\"
* Revert \"sca: check if runtime dependencies are vendored\"
* Fri Oct 11 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.3:
* cmake: switch from MinSizeRel to Release
* Fri Oct 11 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.2:
* fix: pc provides
* build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0
* Fri Oct 11 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.1:
* tidy
* build(deps): bump cloud.google.com/go/storage from 1.43.0 to 1.44.0
* build(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0
* build(deps): bump github.com/chainguard-dev/yam in the gomod group
* build(deps): bump the actions group with 2 updates
* sca: check if runtime dependencies are vendored
* Sun Oct 06 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.13.0:
* Fix typo in README
* test: Fix typo
* Added additional documentation for package version selection
* sca: Properly detect .so files as deps
* Adjust an e2e-test that made a bad assumption.
* update the docs
* add --cleanup flag (default true)
* build(deps): bump github.com/chainguard-dev/yam from 0.1.1 to 0.2.0
* build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0
* build(deps): bump actions/checkout in the actions group
* Support string replacement in ImageContents
* build(deps): bump the gomod group with 5 updates
* git-checkout: support scheduled updates
* sca: never emit libcuda.so.1 runtime dep
* Add table of contents
* Add pipeline markdown reference markdown generator.
* feat(melange): Add sub for output directory
* Sat Sep 21 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.12.1:
* build(deps): bump github.com/docker/cli
* build(deps): bump github.com/docker/docker
* build(deps): bump the gomod group with 2 updates
* build(deps): bump chainguard.dev/apko from 0.18.1 to 0.19.1
* sca: remove set but never used variable
* update_config: expose function to get valid schedule messages
* Add uses and name to slog values
* Include subpackage name in slog values
* Only read the first line for shbang.
* pombump: add flag to display the dependency tree
* build(deps): bump dagger.io/dagger from 0.12.7 to 0.13.0
* build(deps): bump step-security/harden-runner in the actions group
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump the gomod group with 2 updates
* keygen: reject bit size < 4096
* cleanup: remove some direct imports of charm log
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.12.0:
* Upgrade to new hash-agnostic APIs for sign and verify
* Upgrade to apko v0.18.0
* index: stop writing APKINDEX.json
* update to go1.23.1
* build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0
* build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0
* build(deps): bump the gomod group with 2 updates
* pipelines/ruby: remove signing_key by default
* config: Whack more moles for string replacement
* install go
* lint
* upgrade to golang 1.23
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.11.6:
* adds git checkout fetch,update,test and yams the melange apkbuild yamls
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.11.5:
* fix(split pipelines): Don\'t split lib64 libraries
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.11.4:
* fix(split pipelines): Check package was defined, not package directory
* fix(split/dev): Support for /usr/local
* fix(split pipelines): Add support for lib64
* fix(split pipelines): Use package name instead of package dir, use exact paths
* Update dev.yaml
* feat(pipelines/split): Support overriding source package directory
* build(deps): bump dagger.io/dagger in the gomod group
* build(deps): bump actions/upload-artifact in the actions group
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.11.3: (0.11.2 is the same commit hash as 0.11.1):
* fix(sca): Correctly check for existing Ruby runtime dependency by AATTEyeCantCU in #1387
* build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in the actions group by AATTdependabot in #1378
* build(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 by AATTdependabot in #1382
* build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.1 by AATTdependabot in #1392
* build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 in the actions group by AATTdependabot in #1391
* build(deps): bump the gomod group across 1 directory with 2 updates by AATTdependabot in #1390
* build(deps): bump dagger.io/dagger from 0.11.9 to 0.12.1 by AATTdependabot in #1389
* build(deps): bump github.com/docker/cli from 27.0.3+incompatible to 27.1.0+incompatible by AATTdependabot in [#1397]
* Expose ignoreSignatures functionality by AATTKevin-Molina in #1375
* build(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.0+incompatible by AATTdependabot in [#1396]
* build(deps): bump docker/login-action from 3.2.0 to 3.3.0 in the actions group by AATTdependabot in #1398
* build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 by AATTdependabot in #1401
* fix: ignore resource requests for the docker runner by AATTimjasonh in #1403
* build(deps): bump dagger.io/dagger from 0.12.1 to 0.12.2 in the gomod group by AATTdependabot in #1400
* Bump apko dependency by AATTmattmoor in #1404
* fix ruby sca by AATTxnox in #1410
* Add HOME=/root to default test environment. by AATTsmoser in #1408
* build(deps): bump the gomod group with 4 updates by AATTdependabot in #1405
* update config: provide configuration to describe polling and schedules by AATTrawlingsj in #1412
* build(deps): bump the gomod group with 2 updates by AATTdependabot in #1416
* build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 by AATTdependabot in #1419
* build(deps): bump the actions group with 2 updates by AATTdependabot in #1415
* build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by AATTdependabot in #1418
* build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 by AATTdependabot in #1417
* build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 by AATTdependabot in #1420
* update config: replace recently added polling with git struct by AATTrawlingsj in #1421
* build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 in the gomod group by AATTdependabot in #1423
* build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 by AATTdependabot in #1424
* build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 by AATTdependabot in #1426
* build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 by AATTdependabot in #1428
* move \'adding package %q for pipeline %q\' to debug logging by AATTimjasonh in #1429
* don\'t depend on apko\'s custom log package by AATTimjasonh in #1430
* build(deps): bump github.com/chainguard-dev/yam from 0.0.13 to 0.1.0 by AATTdependabot in #1431
* Feat/qemu runners by AATT89luca89 in #1386
* Attempt to fix qemu ci by AATTjonjohnsonjr in #1434
* build(deps): bump the actions group with 3 updates by AATTdependabot in #1432
* Centralize sca options handling by AATTjonjohnsonjr in #1433
* Add test to catch duplicate package names by AATTjonjohnsonjr in [#1439]
* build(deps): bump the gomod group with 4 updates by AATTdependabot in #1437
* build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 by AATTdependabot in #1438
* move \'found pipeline\' log message to debug by AATTimjasonh in [#1440]
* melange convert python: use normalized names by AATTpnasrat in [#1441]
* Bump apko to get chainctl auth error log by AATTjonjohnsonjr in [#1442]
* Replace \"needs\" in range pipelines by AATTjonjohnsonjr in #1445
* docs: Add information on the repository used with the git update configuration option by AATTphilroche in #1447
* Refactor parts of the ParseConfiguration by AATTjonjohnsonjr in [#1446]
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.28.0 to 1.29.0 by AATTdependabot in #1455
* build(deps): bump google.golang.org/api from 0.192.0 to 0.194.0 by AATTdependabot in #1452
* config: Replace pipelines at top level by AATTjonjohnsonjr in [#1456]
* refactor(sbom): cleanup, simplify, and document code by AATTluhring in #1458
* More SBOM logic improvements by AATTluhring in #1459
* build(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.2.0+incompatible by AATTdependabot in [#1461]
* build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 by AATTdependabot in #1463
* build(deps): bump github.com/docker/docker from 27.1.2+incompatible to 27.2.0+incompatible by AATTdependabot in [#1462]
* build(deps): bump dagger.io/dagger from 0.12.5 to 0.12.6 in the gomod group by AATTdependabot in #1465
* chore(cargo/build): Allow changing install dir, add busybox by AATTEyeCantCU in #1466
* sca: add support for more go fips toolchains by AATTxnox in #1471
* sca: make pc: provides/vendored use full package version by AATTxnox in #1467
* Fri Jul 19 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.11.1:
* feat(sca): Generate dependency on Ruby when building gems
* Tue Jul 16 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.11.0:
* Apply variables to workdir within a range
* Add update.exclude-reason field.
* fix(pipelines): Use contextdir instead of destdir in a few places
* remove defunct reference to k8s runner
* drop extra generate
* update Makefile
* drop make generate from verify.yaml
* drop allowedPrefixes
* don\'t SCA-generate so: provides for libs not directly in lib dirs
* drop lima runner
* fix bug, test passes
* short circuit analyze on no-provides (demonstrate bug?)
* fail on diff
* go generate in e2e testS
* better SCA e2e tests
* try this
* try this
* another fix
* default key name
* unexport more
* drop example
* refactor Keygen opts to a struct
* fix(cargo/build): test for non-zero length
* Wed Jul 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.10.4:
* expose keygen options
* build(deps): bump google.golang.org/grpc in the go_modules group
* Fix env overrides for interactive builds
* python/pipelines - resolve symlink to full path.
* python/import pipeline - find python3.7, python3.8, python3.9
* python/import - fix a bug in \'imports\', do not require specifying python
* var-transforms: support var transform substitions across runtimes and provides and tests
* build(deps): bump the gomod group with 2 updates
* build(deps): bump the actions group with 2 updates
* build(deps): bump cloud.google.com/go/storage from 1.42.0 to 1.43.0
* build(deps): bump chainguard.dev/apko
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0
* build(deps): bump google.golang.org/api from 0.186.0 to 0.187.0
* Wed Jul 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.10.3:
* group dependabot updates
* bump golangci-lint to v1.59.x
* bump to go1.22.5
* Wed Jul 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.10.2:
* goreleaser: make skip value configurable
* goreleaser pipeline: --skip flag refactor
* build(deps): bump github.com/chainguard-dev/yam from 0.0.9 to 0.0.10
* build(deps): bump google.golang.org/api from 0.185.0 to 0.186.0
* Wed Jul 03 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.10.1:
* update unit test
* support var-transforms in subpackage names
* go mod tidy
* no typo
* use apko Authenticator
* Revert \"Use current user\'s ID when building via Docker\"
* build(deps): bump github.com/docker/docker
* build(deps): bump dagger.io/dagger from 0.11.6 to 0.11.9
* build(deps): bump github.com/docker/cli
* Update import.yaml
* add tests, fix up script
* add tests, fix up script
* wolfictl bump : handled mangled vars in updateGitCheckout tags
* Fix ${{host.triplet.rust}} default value
* Add opts to make-install pipeline
* Fail on invalid pipeline inputs
* python/import pipeline allow setting python binary
* Wed Jul 03 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.10.0:
* debug: Populate history file via mounts
* Add git-cherry-pick pipeline (#1278)
* convert some Infofs to Warnfs
* log it real good
* log the world-writeable file
* update docs
* enforce some more lint checks
* fix stupid bug in linter logging
* Restore signalcontext
* feat - add flag to go/build to run go mod tidy (#1303)
* prevent nil pointer
* update schema.json
* stable sorted defaults
* fix lint findings
* prevent nil pointer
* fix test
* fix tests
* review feedback
* some small improvements
* rewrite linting
* build(deps): bump github.com/chainguard-dev/yam from 0.0.8 to 0.0.9
* build(deps): bump ko-build/setup-ko from 0.6 to 0.7
* fix tempdir linter
* git-checkout - do not allow both branch and tag to be specified.
* build(deps): bump google.golang.org/api from 0.184.0 to 0.185.0
* build(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1
* build(deps): bump github.com/chainguard-dev/clog from 1.3.1 to 1.4.0
* lint: support linting existence of info dirs
* Make melange-test-pipelines call make test-e2e
* Make running the git-checkout via melange not emit WARN messages.
* Clean up git-checkout-build-test.yaml, fix depth test.
* create-git-repo more standalone config, do not write to stderr
* Rename test-git-checkout and put create-git-repo in test-fixtures.
* Add test-e2e target to Makefile
* Run make docs-repo
* compile: Fix miscompilation of subpkg tests
* Pipelines should inherit workdir from parents
* git-checkout: fix recurse=\'true\' does nothing
* Use current user\'s ID when building via Docker
* Add test for PreserveBaseURI
* Add flag to preserve original PyPi URIs
* Wed Jun 19 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.9.0:
* Quote issues when evaluating the depth condition by AATTdakaneye in #1268
* build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.11 to 2.5.14 in the go_modules group by AATTdependabot in #1271
* test: Drop seemingly useless mkdir -p by AATTjonjohnsonjr in #1276
* Remove dead tarfilter code by AATTjonjohnsonjr in #1279
* Add build flag to override host libc flavor by AATTjonjohnsonjr in [#1270]
* Separate compilation from execution by AATTjonjohnsonjr in #1267
* Remove build.PipelineBuild as a concept by AATTjonjohnsonjr in [#1280]
* Remove ability to set logging policy by AATTkrishjainx in #1274
* unbreak build at head from log policy removal by AATTk4leung4 in [#1288]
* build(deps): bump chainguard.dev/apko from 0.14.8 to 0.14.9 by AATTdependabot in #1282
* build(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 by AATTdependabot in #1286
* build(deps): bump k8s.io/apimachinery from 0.30.1 to 0.30.2 by AATTdependabot in #1287
* build(deps): bump google.golang.org/api from 0.183.0 to 0.184.0 by AATTdependabot in #1285
* build(deps): bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 by AATTdependabot in #1284
* Populate history for --interactive builds by AATTjonjohnsonjr in [#1289]
* chore(autoconf/configure): Generate configuration with autoreconf when configuration doesn\'t exist by AATTEyeCantCU in [#1290]
* Check for nil everywhere in Compile by AATTjonjohnsonjr in #1292
* stop using deprecated flags for goreleaser by AATTk4leung4 in [#1269]
* git-checkout - try harder if getting hash from tag fails. by AATTsmoser in #1277
* build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by AATTdependabot in #1293
* build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by AATTdependabot in #1294
* build(deps): bump github.com/chainguard-dev/yam from 0.0.7 to 0.0.8 by AATTdependabot in #1295
* build(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by AATTdependabot in #1296
* Fix missing commit in ranged subpackages by AATTjonjohnsonjr in [#1304]
* melange numpy test include python-3.12 by AATTpnasrat in #1308
* add go/bump as a default pipeline by AATTwillswire in #1058
* Bump apko to v0.15.0 by AATTjonjohnsonjr in #1309
* Tue Jun 11 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.6:
* build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1
* Add ${{build.goarch}} substitution
* fix: error out when pipeline contains with but no uses
* Remove depth option from git clone if inputs.depth is set to -1
* Fri Jun 07 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.5:
* Add a new property that defaults to pom.xml and allows an override so we can call multiple uses: maven/pombump and pass in the somewhere-else/pom.xml
* go/build: remove subpackage input
* Fri Jun 07 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.4:
* build(deps): bump chainguard.dev/apko
* Drop go-apk to pull in faster pkginfo access
* build(deps): bump google.golang.org/api from 0.182.0 to 0.183.0
* build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0
* build(deps): bump golang.org/x/text from 0.15.0 to 0.16.0
* update schema
* support HTTP auth
* order
* fix
* doc
* ordering
* bump go and lint
* build(deps): bump chainguard.dev/apko from 0.14.3 to 0.14.7
* build(deps): bump dagger.io/dagger from 0.11.4 to 0.11.6
* build(deps): bump google.golang.org/api from 0.181.0 to 0.182.0
* build(deps): bump docker/login-action from 3.1.0 to 3.2.0
* Drop version from .PKGINFO
* Speed up presubmit
* Add --env-file to melange test
* Thu May 30 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.3:
* Disallow duplicate subpackage names
* Thu May 30 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.2:
* build(deps): bump chainguard.dev/apko
* build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.10.0 to 0.10.1
* tests: add range priority replacement tests
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump actions/checkout from 4.1.4 to 4.1.6
* build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0
* schmea: validate priority integer strings, and update schema comment
* Add ReplacesPriroity like ProviderPriority, and allow substitutions
* Wed May 22 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.1:
* Avoid panic if no external config file ref
* Verify wolfictl scan works
* githuib: Fixup melange configfile test case
* sbom: add support for generic git-checkout urls
* github: add SBOM external ref checks
* sbom: add external ref ConfigFile itself
* lint
* externalRefs: implement github git-checkout
* Generate fully qualified and normalized PURLs straight away
* Style review comments
* sbom: include external refs for fetched tarballs in SPDX
* Wed May 22 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.8.0:
* Fix typo in README
* build(deps): bump actions/checkout from 4.1.4 to 4.1.6
* generate
* gofmt
* upgrade to new apko
* Fix camel-case after review
* kill k8s e2e test
* delete k8s runner impl
* copyright: allow custom license texts
* go.mod: upgrade everything
* build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0
* build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
* Tue May 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.7.0:
* Find shbangs to generate depends by AATTsmoser in #1110
* presubmit: remove gdk-pixbuf by AATTimjasonh in #1143
* Revert \"presubmit: remove gdk-pixbuf\" by AATTimjasonh in #1147
* verify SPDX SBOMs using spdx-tools-java by AATTimjasonh in #1146
* Fix sca detection case for env with multiple arguments. by AATTdlorenc in #1148
* Update shbang collection to ignore \'python\' and support simple \'env -S\'. by AATTsmoser in #1159
* ensure shbang check only checks valid shbangs by AATTjoshrwolf in [#1160]
* config: allow scriplets in subpackages with range replacements by AATTxnox in #1165
* Drop -release from pc versions by AATTjonjohnsonjr in #1173
* fix(cargo): Install all built binaries if output isn\'t defined by AATTEyeCantCU in #1174
* sbom: set supplier in addition to originator by AATTimjasonh in [#1184]
* Add melange scan by AATTjonjohnsonjr in #1175
* Bump go-apk by AATTjonjohnsonjr in #1185
* add global --gcplog flag to emit GCP-compatible JSON logs by AATTimjasonh in #1186
* pipelines/go: add back symbols tables by AATTxnox in #1142
* Only consider that are in a PATH dir from generateCmdProviders by AATTsmoser in #1164
* Allow symlinks to provide cmd: by AATTsmoser in #1188
* Extract melange sign to a library by AATTtcnghia in #1198
* Revert \"Allow symlinks to provide cmd:\" by AATTjoshrwolf in #1200
* Bump apko by AATTjonjohnsonjr in #1201
* Make unit tests faster by AATTjonjohnsonjr in #1202
* Add buildmode to go/build by AATTjonjohnsonjr in #1210
* lots of updates for build dependencies
* Tue Apr 09 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.11:
* build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0
* build(deps): bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.25.0
* build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1
* build(deps): bump github.com/chainguard-dev/yam from 0.0.2 to 0.0.3
* bump docker
* build(deps): bump dagger.io/dagger from 0.10.2 to 0.11.0
* build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0
* Ensure configuration file is closed
* sca: add go-fips-bin runtime deps
* sca: add go-fips-bin test case
* build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0
* build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0
* Sat Mar 30 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.10:
* chore: CRAN -> R
* docs(cran): Add build pipeline
* fix(cran): Support passing source dir as package
* chore(cran): Remove (now known) redundant fetch/install pipelines
* feat(pipelines): Add support for fetching, building, and installing R packages from CRAN
* Change dependency for python to be python-Maj.Min-base.
* build(deps): bump google.golang.org/api from 0.170.0 to 0.171.0
* build(deps): bump github.com/docker/cli
* build(deps): bump github.com/charmbracelet/log
* skip mounting resolv.conf for the docker runner
* build(deps): bump github.com/docker/docker
* Propagate user from image configuration
* build(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1
* build(deps): bump github.com/google/go-containerregistry
* build(deps): bump docker/login-action from 3.0.0 to 3.1.0
* build(deps): bump actions/checkout from 4.1.1 to 4.1.2
* build(deps): bump github.com/kubescape/go-git-url from 0.0.28 to 0.0.30
* build(deps): bump google.golang.org/api from 0.169.0 to 0.170.0
* build(deps): bump dagger.io/dagger from 0.10.1 to 0.10.2
* Switch to new octo-sts action (#1088)
* Move \"executing:\" logging to debug
* Keep symbols tables for fips builds
* Fix quotes
* pipelines/go: prefer to use netgo and osusergo by default
* pipelines/go/install: also trimpath like build
* pipelines/go: Strip by default
* pipelines/go: bump GOAMD64 to v2
* pipelines/go: allow setting microarchitecture level settings
* Update pkg/build/pipeline.go
* open debug session in the specific workdir
* Add Harden Runner audit configs
* appease linter
* build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.9.0 to 0.10.0
* build(deps): bump google.golang.org/api from 0.168.0 to 0.169.0
* build(deps): bump github.com/kubescape/go-git-url from 0.0.27 to 0.0.28
* feat(pipelines): Add cargo build for rust packages
* WIP: remove files from SBOM
* Bump apko
* document builtin substitutions
* build(deps): bump gitlab.alpinelinux.org/alpine/go
* fix test.environment jsonschema struct tag
* Sun Mar 17 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.9:
* build(deps): bump google.golang.org/api from 0.166.0 to 0.168.0
* build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
* build(deps): bump dagger.io/dagger from 0.9.10 to 0.10.1
* Fix the bug in dropping the suffix.
* Drop WaitDelay from bubblewrap
* build(deps): bump actions/download-artifact from 4.1.2 to 4.1.4
* build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0
* build(deps): bump cloud.google.com/go/storage from 1.38.0 to 1.39.0
* Sun Mar 17 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.8:
* Update pombump.yaml
* Sun Mar 17 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.7:
* Rename the default bump file name.
* Sun Mar 17 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.6:
* Add ${{cross.triplet.rust.[glibc,musl]}}
* Add pombump pipeline.
* Sun Mar 17 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.5:
* Fix resource usage in melange
* Fix job control with interactive bubblewrap
* build(deps): bump github.com/chainguard-dev/yam from 0.0.1 to 0.0.2
* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
* build(deps): bump go.opentelemetry.io/otel/sdk from 1.23.1 to 1.24.0
* build(deps): bump cloud.google.com/go/storage from 1.37.0 to 1.38.0
* Bump apko
* Fix typo in error message
* build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
* build(deps): bump actions/download-artifact from 4.1.1 to 4.1.2
* build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
* Sat Feb 24 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.4:
* Fix the yaml file so that it actually gets parsed properly.
* Propagate SourceDateEpoch from Build
* Sat Feb 24 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.3:
* Don\'t write APK to temp file during signing
* Tue Feb 20 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.2:
* Add --package-append flag to build
* apply package substitutions in test.emvironment.contents.packages
* change docker runner labels
* label containers created by docker runner for easier external management
* Add a --trace flag to melange build
* Add dagger runner
* Thu Feb 15 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.1:
* omit arch log key when building one arch
* Remove breakpoint labels
* Clean up apko-temp dirs
* Remove images even with cancelled ctx
* Fix context.Background use
* Allow substitutions in dependencies.replaces
* doc: add diff pr
* docs: add version-transform doc and other example to var-transform
* Sat Feb 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.6.0:
* Split pkg/container up into smaller packages
* Mostly fix interactive interrupt signal handling
* Do more cleanup with --rm
* Continue interactive execution on exit 0
* go fmt
* update dario/mergo
* move runner determination to pkg/cli
* Make debugging melange builds less terrible
* fix go-build example
* Make it easier to find docs-repo on ci failure
* Thu Feb 08 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.5.10:
* Add --die-with-parent to bwrap flags
* fix bug with needs
* move some logs to debug
* Update build.yaml
* Update install.yaml
* Add GOEXPERIMENT to go/build
* Wed Feb 07 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.5.9:
* use apkoAATTmain
* WIP: use charm logger
* Add WaitDelay to bubblewrap cmd
* Split options into separate files
* Cancel context on interrupt signal
* build(deps): bump github.com/docker/docker
* build(deps): bump cloud.google.com/go/storage from 1.36.0 to 1.37.0
* build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0
* Tue Feb 06 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.5.8:
* Add --rm flag (and options) to Build
* Respond to cancelled context while streaming logs
* Don\'t use goroutines for monitoring logs
* If arch is not specified, test all.
* Add Close() method to container runners
* use slogtest
* eliminate some more logger invocations
* Fix race condition in log monitoring
* Exclude \"com.docker.grpcfuse.ownership\" xattr
* Sat Feb 03 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.5.7:
* Pass the correct env.env to the container.
* test: skip when executing on an unsupported arch
* melamge bump: only update expected commit shas for the main git-checkout
* stop logging tons of \"detected git commit for build configuration\" when parsing melage config
* Embed melange version in .PKGINFO
* Fix missing no-depends check
* build(deps): bump google.golang.org/api from 0.154.0 to 0.161.0
* build(deps): bump github.com/kubescape/go-git-url from 0.0.26 to 0.0.27
* build(deps): bump github.com/chainguard-dev/yam
* Bump apko to v0.14.0
* Update CODE_OF_CONDUCT.md
* Update CODE_OF_CONDUCT.md
* Switch to octo-sts-action (#968)
* build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
* warn on invalid license, log SCA findings
* unexport some methods in pkg/sbom
* Fix aws-c-s3 SCA
* Don\'t include libexec directories in SCA includes
* tidy
* drop the lima runner
* Take advantage of Octo STS to publish homebrew updates. (#956)
* Pin to digest for setup-go in melange
* build(deps): bump actions/download-artifact from 4.1.0 to 4.1.1
* Tue Jan 23 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.5.6:
* sort with key/values
* Fail if unknown variable is used in substitution
* revert simple-hello, keep it alpine
* fix simple-hello again
* fix simple-hello
* fix wolfi e2e test
* also test wolfi built packages
* update examples
* migrate examples to wolfi
* add e2e test that packages can be installed with apk
* Audit the permissions of workflows.
* Add test for vendored pkgconfig
* Make \"unable to detect git commit\" a debug message
* Allow vendored pkgconfig deps
* make docs-repo
* update
* use apkoAATTmain
* drop pkg/logger and use slog
* Allow execable shared objects if name has \".so.\"
* Fix sbom loopvar issue
* Make BuildGuest more similar for Build and Test
* Use errgroup over github.com/korovkin/limiter
* Replace packages in APKINDEX with same version
* Remove some more struct mutating and shadowing
* Drop mutable imgRef from build.Build
* Move more mutations into parameters
* Take an fs as an argument to RetrieveWorkspace
* Add a test
* Convert some sca code to early return style
* build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7
* move test pipelines to where others are. Remove unnecessary test packages.
* Add python/import test pipeline, as well as e2e tests for python test pipelines.
* how many ways can I really screw this one up...
* Try James suggestion.
* Fix the filenames.
* try with explicit false.
* maybe missing a space?
* Add --test-package-append that you can specify extra test packages for each test.
* move the comment
* meson/configure: don\'t download subprojects by default
* Add a python/test pipeline.
* Bypass warning about detached head
* add `
*_config` pattern to split/dev pipeline
* Sun Jan 07 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.5.5:
* build(deps): bump github.com/google/go-containerregistry
* bump upload/download github actions
* build(deps): bump google.golang.org/api from 0.152.0 to 0.154.0
* build(deps): bump github.com/lima-vm/lima from 0.18.0 to 0.19.1
* build(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11
* build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0
* build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0
* build(deps): bump cloud.google.com/go/storage from 1.35.1 to 1.36.0
* convert: sort packages alphabetically
* build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0
* build(deps): bump actions/setup-go from 4 to 5
* build(deps): bump github.com/kubescape/go-git-url from 0.0.25 to 0.0.26
* Set a default env var for GOMODCACHE.
* Pull in `go-apk` with `provider_priority` `ini` fix.
* Mark update.manual as an optional field.
* update release to add some clarification regarding the homebrew
* Tue Dec 05 2023 kastlAATTb1-systems.de- Update to version 0.5.4:
* build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0
* build(deps): bump chainguard.dev/apko
* build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4
* schema: update for new test pipeline configuration
* build(deps): bump github.com/klauspost/compress from 1.17.2 to 1.17.4
* build(deps): bump google.golang.org/api from 0.150.0 to 0.152.0
* fix issue
* cleanup: don\'t use pkg/errors
* fix bad merge.
* Default to package.name, but allow overrides, add example docs for specifying which package, and version to test.
* argh, fix typo.
* Add tests, simplify code.
* e2e tests for `test` command.
* checkpoint.
* Add test command / implementation.
* alphabetize commands, add test.
* Refactor so can be used with test and build.
* config struct changes for test.
* Add autogenerated \'test\' docs.
* make docs-repo
* remove unnecessary wait for testing
* support resource requests and timeouts
* UTC-ify source date epoch when set
* Fix capitalization of SBOM originators
* Fix the lint warnings in pkg/linter
* Fix lints, or ignore safe ones. No functional changes.
* prefix should be /usr
* Ensure jsonschema is kept up to date.
* Add jsonschema generation binary.
* build(deps): bump go.opentelemetry.io/otel from 1.20.0 to 1.21.0
* build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.28.4
* build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7
* fix and continuously validate SBOMs
* make docs-repo
* default --use-github=true
* fix docs
* convert python: don\'t overwrite existing files
* format manifests with yam
* fix docs for --runner
* improve \'melange convert python\' to remove manual steps
* Thu Nov 16 2023 kastlAATTb1-systems.de- Update to version 0.5.3:
* Update release.md
* build(deps): bump golang.org/x/time from 0.3.0 to 0.4.0
* pipelines: go/build: add support for go.mod overlay files
* build(deps): bump cloud.google.com/go/storage from 1.33.0 to 1.35.1
* go mod tidy
* update go-apk dependency
* build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0
* build(deps): bump go.opentelemetry.io/otel from 1.19.0 to 1.20.0
* apply substitutions to .environment.contents.packages
* test runtime replacements
* build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1
* build(deps): bump google.golang.org/api from 0.149.0 to 0.150.0
* go mod tidy
* use merged PR
* update dep
* use pushed PRs
* WIP: use forked alpine-go in go-apk
* move spammy logs to debugf
* Thu Nov 09 2023 kastlAATTb1-systems.de- Update to version 0.5.2:
* Update pkg/config/config.go
* GithubReleaseMonitor: add tagprefix and tagcontains to be used in github tags filtering
* Plumb check configs through to linters
* Delete no-op sbom code
* remove unimplemented references to fulcio support
* fail if \'with\' is used with \'runs\'
* Error early if uses and runs are both present
* Get rid of PackageContext and SubpackageContext
* Remove impossible errors
* Make loadUse test actually test something
* Remove impossible errors
* build: use util.Dedup instead of slices.Compact
* util: bring back Dedup, slices.Collapse requires sorting
* Bump go-apk
* Filter out noise opening non-ELF files
* Bump go-apk and use faster tarfs implementation
* Add a test to ensure that ranges are handled properly.
* Add linters for #805 and #804.
* Refactor linting logic and clean things up
* Add SBOM linter
* build(deps): bump github.com/docker/docker
* build(deps): bump chainguard.dev/apko
* build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6
* Add GID/UID remapping to improve permissions. Fix permission issues resulting from running with the build user.
* Separate out package and build lints
* Add json tags to melange Configuration.
* Add python/test linter
* util: drop Dedup in favor of golang.org/x/exp/slices.Compact
* sca: fix compile by moving a few things around
* sca: move analyzer invocation into Analyze() function
* sca: implement abstract interface between build engine and sca engine
* sca: pass FS into dependency generators rather than creating it on demand
* sca: move out of package.go into sca.go as a first pass
* Rename Python linters to python/
*
* readlinkfs: ignore security.selinux xattrs
* Add Python docs linter
* SCA: add python dependency generator
* linter: refactor check block generation in tests
* Improve linter diagnostic output
* Add GID/UID remapping to improve permissions. Fix permission issues resulting from running with the build user.
* build(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0
* Fixups
* Handle .so files a little smarter
* Ignore all packages starting with _
* build(deps): bump google.golang.org/api from 0.147.0 to 0.148.0
* build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3
* build(deps): bump github.com/klauspost/compress from 1.17.1 to 1.17.2
* build(deps): bump chainguard.dev/apko
* build(deps): bump actions/checkout from 4.1.0 to 4.1.1
* Centralize SOURCE_DATE_EPOCH parsing.
* Run go fmt
* Exclude docs
* Exclude tests
* drop sync-issues-to-project-board.yaml not used anymore
* Exclude more files from Python multiple package linter
* Improve filtering and diagnostics
* Use the correct path for Python.
* Add multiple Python packages post-linter
* pipelines: add npm-install pipeline
* replace the fetch python url to more friendly URI
* Silence the linter
* Make empty linter work by disregarding directories and SBOM in package linting
* Really shut up docs linter
* Docs changes/consistency fixes
* Document melange lint
* Module updates
* Resolve circular import
* Small fix
* Update go-apk dep
* Remove redundant package
* Update pkg/config/config.go
* Add basic test for APK linting
* Document the release steps.
* melange bump: move the reset / bump epoch logic up and inline version
* melange bump: only reset the epoch if version changes, else increment it
* Add APK linting.
* document full-version, add pointer to docs.
* Fix Typo
* Thu Oct 19 2023 kastlAATTb1-systems.de- Update to version 0.5.1:
* build(deps): bump github.com/klauspost/compress from 1.17.0 to 1.17.1
* build(deps): bump google.golang.org/api from 0.146.0 to 0.147.0
* build(deps): bump github.com/lima-vm/lima from 0.17.2 to 0.18.0
* build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
* Fix a bug where substitutions were not done for runtime.
* linter: fix a typo in package linting function
* build(deps): bump google.golang.org/api from 0.143.0 to 0.146.0
* go mod tidy to shut up linter
* Small cleanup
* Add function to lint APK files.
* build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0
* build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0
* Extricate config stuff from linter.
* build(deps): bump sigs.k8s.io/release-utils
* fix release url path
* update deprecated fields
* update with 0.5.0 changes
* Track vendored deps for .PKGINFO
* Sat Oct 14 2023 kastlAATTb1-systems.de- Update to version 0.5.0:
* Enable linters to warn (via callback) instead of just failing.
* build(deps): bump github.com/package-url/packageurl-go
* build(deps): bump go.opentelemetry.io/otel from 1.18.0 to 1.19.0
* Add a PR checklist to melange.
* Fix yaml typo in linter docs
* nit: fix mistake in function docs
* Apply suggestions from code review
* Document disabling lints and when to do so.
* Update linter docs
* strip linter: properly close file
* Make improvements/suggestions
* Add stripped file linter
* update alpine-go to latest git to fix indexing
* pipelines: strip: use -g by default when stripping
* build(deps): bump google.golang.org/api from 0.142.0 to 0.143.0
* do not delete extensions and plugins with ruby/clean
* build(deps): bump k8s.io/api from 0.28.1 to 0.28.2
* build(deps): bump google.golang.org/api from 0.138.0 to 0.142.0
* build(deps): bump k8s.io/client-go from 0.28.1 to 0.28.2
* build(deps): bump github.com/opencontainers/image-spec
* build(deps): bump github.com/docker/docker
* build(deps): bump cloud.google.com/go/storage from 1.32.0 to 1.33.0
* build(deps): bump github.com/klauspost/compress from 1.16.7 to 1.17.0
* build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
* build(deps): bump actions/checkout from 4.0.0 to 4.1.0
* add docs for -compat packages
* Disable empty check on git-checkout
* build: refactor package linter invocation
* Refactor the linter into a submodule.
* Remove no provides check per AATTkaniini
* Respect subpackage no-provides
* Add post-file walk linting and empty package linting
* exa is dead, use mdbook as a rust CI test instead.
* bump apko to e9722fc
* build: do not run linters on skipped subpackages
* linter: when subpackages are linted use the subpackage name as the package config name
* Only run worldwrite linter on regular files
* Add worldwrite linter
* Add dev, opt, and srv linters
* fix the arch
* Use Warnf over WARNING
* log and continue when .pc file can\'t be loaded
* fix the dir name as we already expect dir to be set explicit
* Disable linters on -compat packages
* Update build.yaml
* add goreleaser pipeline
* Unexport linter struct and linterFunc
* Don\'t export the linter map
* Add tests
* build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2
* Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0
* Bump docker/login-action from 2.2.0 to 3.0.0
* chore: remove CODEOWNERS file
* Add more linters
* Appease golint
* Fix tests
* Remove debugging print statement
* Implement subpackage linting
* Add package (but not subpackage) linting
* build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
* Update golangci-lint to 1.54
* git-checkout: Allow tags to matched annotated tag SHAs, don\'t allow fuzzy matching of refs.
* build(deps): bump actions/checkout from 3.5.3 to 4.0.0
* Bump k8s test workflows to Go 1.21
* Bump go to 1.21
* pipeline: fix downward propagation to referenced external pipeline nodes
* config: tests: add workdir propagation test
* remove cmake. Signed-off-by: Ville Aikas
* forgot to remove one -dev
* Remove specifying the php-dev version.
* Add pecl pipelines for phpize & install. Signed-off-by: Ville Aikas
* package: only constrain library search paths for provides entries
* Fix some python generation issues:
* Refactor application of pipeline variables to config and add tests
* Pipeline: make env overrides work recursively
* Add environment var overriding to the pipeline.
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.6.0
* Bump actions/upload-artifact from 3.1.2 to 3.1.3
* package: constrain library SCA to library search paths only
* Replace the elements of the subpackage
* construct the package.full-version in higher context than just pipeline.
* docs: fix link in pkg/build/pipelines/README.md
* docs: add documentation for built-in pipelines
* document / examples for ${{package.full-version}} Signed-off-by: Ville Aikas
* add ${{package.full-version}} = ${{package.version}}-r${{package.epoch}} Signed-off-by: Ville Aikas
* Changes from code review.
* config: copy all subpackage variables when doing a range expansion
* feat: add output logs for the apkbuild converter
* Fix issue: #658 Signed-off-by: Ville Aikas
* feat: add new Perl pipelines for install and clean
* package: just skip symlinks for now
* workflows: add ncurses to the presubmit test matrix
* package: dereference symlinks for aliased pkg-config modules
* Fix syntax in maven pipeline (and add test).
* more debug crap. Signed-off-by: Ville Aikas
* remove debug crap. Signed-off-by: Ville Aikas
* Environment is required, adjust the tests.
* Change GeneratedMelangeConfig to embed pkg/config/config instead of redefining it.
* Change default python-version from 3.11 to 3.
* remove extra backtick.
* let\'s try again.
* update docs
* Bunch of lint fixes. No functional changes.
* Add a maven/configure-mirror pipeline to redirect to GCP.
* yikes, only 2 fatal lints... nice...
* update docs.
* Add flags for resolving git tags, release-monitoring
* Update pkg/build/pipelines/python/build-wheel.yaml
* Update pkg/build/pipelines/python/build-wheel.yaml
* add builtin pipelines for python
* update generated docs. Signed-off-by: Ville Aikas
* remove unused vars. They do not have short form, so can use this variant. Signed-off-by: Ville Aikas
* Add --wolfi-defaults flag, clean up flag handling.
* readlinkfs: ignore some security-module specific xattrs
* feat: support --recurse-submodules in git clone
* Print the path to generated melange config.
* build(deps): bump go.opentelemetry.io/otel from 1.16.0 to 1.17.0
* build(deps): bump cloud.google.com/go/storage from 1.31.0 to 1.32.0
* build(deps): bump google.golang.org/api from 0.136.0 to 0.138.0
* build(deps): bump k8s.io/api from 0.28.0 to 0.28.1
* build(deps): bump github.com/lima-vm/lima from 0.17.0 to 0.17.2
* build(deps): bump k8s.io/client-go from 0.28.0 to 0.28.1
* Bump apko and fix everything I broke
* docs: typo in go-build example
* run make docs
* cli: index: add --signing-key, --source and --merge options
* default for github actions is bubblewwrap.
* update lint rule.
* Fix the links to commands, fix the URLs generated.
* sign: do not rename across device boundaries
* add --force option to recreate apk indexes with given signatures
* pipelines: use ${{targets.contextdir}} where it makes sense
* pipeline: add ${{targets.package.foo}} expansions
* pipeline: add ${{targets.contextdir}}, representing the current target dir
* Bump pkg-config again to actually pick up the openblas fix.
* Bump pkgconfig to pick up the openblas fix.
* feedback + verbiage from Erika.
* Set reasonable concurrency levels for pgzip
* appease linter
* support substitutions in provides lists
* Start of exhaustively documenting the build filele.
* plumb through SDE to EmitSignature
* add melange sign command, slightly refactor and make public the signing methods
* add test for substituting needs.packages
* allow override go version for uses: go/build and go/install
* Support for setting context in .melange.k8s.yaml
* Add docs about custom pipelines, defining and using.
* build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
* Teach melange about the forthcoming version-transform block
* doc and lint revisions (#598)
* build(deps): bump google.golang.org/api from 0.134.0 to 0.136.0
* container: bubblewrap: do not defer closing files
* build(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0
* build(deps): bump github.com/lima-vm/lima from 0.16.0 to 0.17.0
* build(deps): bump github.com/google/go-containerregistry
* build: package: add pkgconf-based SCA to catalog SDKs which use it
* Docstring typo fixes
* Docstring fixes
* Appease the go fmt Gods
* Test two var transforms at once
* Test var transforms on a basic level
* Add ${{build.arch}} as a possible variable in bump
* Make var transforms work in bump
* remove paralell test for TestKubernetesRunnerConfig
* add fail-fast to false
* update code running goimports
* add goimports
* publish brew formula during release
* update actions to use git hashes
* update golangci-lint to v1.53 series
* Adjust the var substitution stuff a bit
* Move var substitution stuff into config
* config: Change root to a pointer in the config struct, and add an accessor
* renovate: update to use new config infrastructure
* build: Add root node to the config
* Appease the golangci-lint Gods
* build_test: fix tests in a better way
* Make all tests pass
* build: add parameter where one was missing
* build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.1
* pipelines: meson/configure: explicitly invoke meson setup action
* build(deps): bump github.com/docker/docker
* Refactor the config/logging stuff out of build
* build(deps): bump google.golang.org/api from 0.133.0 to 0.134.0
* build(deps): bump github.com/docker/docker
* Several fixes to k8s runner.
* build(deps): bump github.com/klauspost/pgzip from 1.2.5 to 1.2.6
* build(deps): bump google.golang.org/api from 0.129.0 to 0.133.0
* Remove `wget -q` from `fetch`
* add k8s runner config loading from envvars
* Log errors bundling, enable GGCR Warn/Progress logs
* Tweak the strip pipeline so that it never fails for deleted files
* convert/python: check if release is found
* Make sure we log errors.
* Fix subpackage SBOM generation
* define constants for runners destination mount paths
* skip the cache mount for kubernetes runner builds
* Add more otel spans to k8s runner
* build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0
* build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4
* Avoid using pargzip for compression
* add a retryable (tgz) fetcher for the k8s runner
* Pod names must be RFC1123 compliant
* Correct the variable name in the patch pipeline
* pipelines: git-checkout: harden variable expansions
* pipelines: patch: refactor series/patches handling
* pipelines: fetch: harden variable expansions
* add retries to a subset of k8s runner exec failures
* delete builder pod post build by default
* properly pass workspace env/volumes to k8s builder pods
* use go-apk.FullFS for retrieving builder workspaces
* Finally fix python convert tests.
* Comment python test.
* add dir option to ruby pipelines as not all gemspecs live in the root folder
* fix containerID for lima when tarring up
* lima startup issues fixed
* pull in apko with fix for blank SOURCE_DATE_EPOCH
* Change git-checkout depth default to 1
* workflows: wolfi-presubmit: use package/ instead of packages/ for package names
* build: package: forcibly treat libc as a shared library
* docs: explain how build cache works practically
* Bump apko dep to pick up otel spans
* Fix failing test for env var wipeout
* Add failing test for env var wipeout
* add otel spans
* build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1
* Remove use of deprecated WaitImmediate
* Add ! char to ignore.
* Add missing context propagation
* Rename index.Context to index.Index
* Rename Contexts to Builds
* Sat Oct 14 2023 kastlAATTb1-systems.de- Update to version 0.4.0:
* build(deps): bump github.com/opencontainers/image-spec
* add release notes for Melange 0.4.0
* build(deps): bump cloud.google.com/go/storage from 1.30.1 to 1.31.0
* build(deps): bump google.golang.org/api from 0.128.0 to 0.129.0
* appease linter for now
* update apko to 0.9.0
* build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0
* some small UX improvements for k8s runner
* build(deps): bump github.com/package-url/packageurl-go
* update apko and go-apk to use pinned deps correctly
* build: scan subpackage pipelines for dependencies
* add a split/debug pipeline
* ensure bundles are rooted correctly
* build(deps): bump google.golang.org/api from 0.125.0 to 0.127.0
* build(deps): bump actions/checkout from 3.5.2 to 3.5.3
* add a kubernetes pod runner
* build(deps): bump docker/login-action from 2.1.0 to 2.2.0
* build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.6.0
* build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
* add strip prefix and suffix update config for release monitor
* import apko and go-apk with better debug logging
* Switch from calling Glob to two Stats
* workflows: add wolfi-presubmit
* cli: build: fix destination variable for --apk-cache-dir
* build: PopulateCache: do not populate the cache dir when it is empty
* fix apk caching directory
* import apko and go-apk with package caching
* Change the default for delete to false.
* pipeline: fetch: optionally delete fetched artifacts after unpacking
* cond: allow underscores and capitalization in variable expressions
* run tests with race detector
* warn and fallback to SOURCE_DATE_EPOCH=0 when specified but empty
* index: use deep copy when loading pre-existing index data
* build(deps): bump github.com/lima-vm/lima from 0.14.2 to 0.16.0
* build(deps): bump actions/setup-go from 4.0.0 to 4.0.1
* index: appease linter by moving the deferred close to after the error check
* build(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18
* build: generate APKINDEX.json when writing packages index
* index: add WriteJSONIndex function
* index: split out the indexing logic itself to UpdateIndex
* index: WriteArchiveIndex: use destination file path as primary input
* index: use SourceIndexFile for loading index data rather than IndexFile
* index: factor out loading of pre-existent indices and index state management
* index: factor out index writing into WriteArchiveIndex
* Bump apko and fix what that breaks
* add wolfictl
* upgrade alpine-lima to 3.18
* Allow uppercase and plus, allow numbers as first char
* Validate configuration at the end of parsing
* Remove secfixes and advisories altogether
* include filename when parsing fails
* Require that build config YAML has only known fields
* Refactor tests for configuration load method
* build(deps): bump google.golang.org/api from 0.119.0 to 0.123.0
* readlinkfs: implement go-apk fs.XattrFS interfaces
* Pull in the latest go-apk for xattrs support
* build(deps): bump github.com/docker/docker
* Pull in index builddate support.
* Install should first build melange binary...
* Make makefile work on Mac and Linux.
* build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.5
* add a boolean so built in melange pipelines can be used in subpackages as they need to write to a different target folder
* ensure range data replaces `with` options during a pipeline
* Update README.md
* Update distroless references
* default for mac is docker, not bwrap
* add extra logging when runner fails to TestUsability
* Add go vendor support to the go build pipeline.
* add multiple runner options
* use latest version of melange in lima configuration file
* Set `builddate` in our `.PKGINFO` control data.
* add field docs
* build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0
* pipelines: patch: add support for quilt patch-series files
* Add an optional \"deps\" paramter to the go/build pipeline.
* chore: signing issues
* chore: corrections in mac instructions
* chore: corrections in mac instructions
* build: package: skip SONAME analysis when ELF interpreter setting is present
* Add trimpath to the go pipeline.
* update docs
* build: add support for configurable logging policies
* Add name method to build config
* build(deps): bump gitlab.alpinelinux.org/alpine/go
* move signing funcs to rely on external go-apk library
* use go-apk library instead of apko
* update alpine-go to include replaces hotfix
* simplify DataItems to use the builtin marshallable map type
* add `ignore-regex-patterns` update config to indicate you want to ignore string patterns that match an upstream version
* add a strip-suffix: key to melange update struct to indicate stripping a suffix from an upstream GitHub version
* bump to latest apko which handles file overwrites
* cli: build: warn when no work to do instead of throwing an error
* build(deps): bump github.com/docker/docker
* upgrade apko to 20230421 snapshot
* build(deps): bump google.golang.org/api from 0.116.0 to 0.119.0
* build: update tests to use apko log.Logger
* build: use apko_log.Logger everywhere
* build: logger: conform to apko_log.Logger shape
* adapt to new apko logging framework
* update apko dependency to 20230420 snapshot
* update apko dependency to 20230419 snapshot
* config parsing: fix handling of filesystems
* bump test: fix panic by requiring no error
* Stop repeating errors on build command
* build(deps): bump actions/checkout from 3.5.0 to 3.5.2
* fix 403 error when melange bumping some packages, https://www.netfilter.org for example needs it
* update apko to 20230413 snapshot
* Print full uri to debug file download errors
* Do not depend on concrete logger
* pipelines: autoconf/make-install: delete all GNU libtool metadata files
* remove flawed test
* build: package: append subpackages to build log
* Use formatted YAML encoder from yam
* build: readlinkfs: chase apko ReadlinkFS API break
* upgrade apko snapshot to 20230411
* build(deps): bump google.golang.org/api from 0.114.0 to 0.116.0
* build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2
* go mod tidy again
* index: convert to using logrus
* build: package: use logrus.Entry for logging
* update apko for formatting fixes
* build: remove actualArchs variable, no longer used
* fix tests
* container: use warning level for stderr output
* pipeline: downgrade dumpWith() to use debug level
* switch to using logrus
* update to apko git
* feat: send useragent in HTTP requests
* export mutate functions as these are very useful to be called outside of the build package
* warn if target-architecture:[\'all\'], remove from examples
* feat: respect target-architecture to filter archs
* index: rework architecture filtering
* update docs
* build(deps): bump actions/add-to-project from 0.4.1 to 0.5.0
* cli: index: add --arch flag
* index: print warning and skip packages which do not match the expected architecture
* index: add ExpectedArch to index.Context
* add a `update.manual:` key to indicate a package should be manually updated
* fix: log package new names+versions when regenerating index
* make original test commit sha different from the new expected sha to ensure test works
* melange bump: optional flag to modify git-checkout pipeline expected-commit value
* Bump apko to pick up busybox detection fix.
* Fix goreleaser cosign flags
* package: allow any library which has a SONAME to be a provider
* build: fix SBOM language gathering for subpackage pipelines
* package: ensure the package output directories always exist for scanning
* build: introduce Context.IsBuildLess and skip a lot of setup/teardown for buildless packages
* build: allow a package to be defined without a pipeline
* Add darwin goreleaser target (macOS)
* fix build
* release image after the binary
* update makefile
* cleanup goreleaser and ko config
* clean up, update version comments for ci jobs
* upgrade to use go1.20
* upgrade alpine pkgs lima
* Mon Apr 03 2023 kastlAATTb1-systems.de- Update to version 0.3.2:
* Fix goreleaser cosign flags, add NEWS for melange 0.3.2
* add NEWS for melange 0.3.1
* package: allow any library which has a SONAME to be a provider
* Add darwin goreleaser target (macOS)
* update NEWS for melange 0.3.0.
* update to apko 0.7.3 release
* pipelines: fetch: use wget quiet mode
* build: check for signing key existence before using it
* build: package: do not add interpreter dependency when no-depends option is enabled
* docs: fix baseurl for melange reference in generated docs
* directly parse configuration for query
* add query and package-version commands
* build: use realpath to determine cache dir bindmount source
* refresh docs for --cache-source
* cli: add --cache-source option
* build: use CacheSource to define the bucket to pull cached sources from
* build: change default cache directory to ./melange-cache
* build: add CacheSource option to context
* Hookup user and accounts in the environment.
* build(deps): bump cloud.google.com/go/storage from 1.30.0 to 1.30.1
* build(deps): bump google.golang.org/api from 0.113.0 to 0.114.0
* build(deps): bump actions/checkout from 3.3.0 to 3.5.0
* refresh docs
* cli: build: add --debug flag
* build: pipeline: if Context.Debug is enabled, add set -x to all pipelines
* build: add Debug option to Context
* build: use cond.Subst instead of replacers
* cond: subst: variable names can have dashes
* cond: subst: add goparsify-based variable substitution implementation
* cond: parser: test: add variable lookup with whitespace test
* parser: use newer fork of goparsify
* add codeowners
* add Update struct for identifying how a melange package can be updated
* add `var-transforms` for manipulation of variables using regular expressions
* pipelines: git-checkout: use tempdir for doing the initial clone
* pipelines: git-checkout: mark clone directory as a safe directory for git
* update ruby pipelines with usability features
* add an optional flag to generate a packages.log containing list of packages + subpackages that were actuall built by `melange build`
* Try to fix a strange index generation bug.
* build(deps): bump actions/setup-go from 3.5.0 to 4.0.0
* container: fixes to handle /sbin/ldconfig not being present, e.g. on musl
* container: run ldconfig when bringing up a build environment
* update to latest apko git
* build(deps): bump google.golang.org/api from 0.111.0 to 0.113.0
* build(deps): bump cloud.google.com/go/storage from 1.29.0 to 1.30.0
* update apko to latest git
* pipeline: only run mkdir -p if absolutely needed
* build(deps): bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1
* update docs
* run go mod tidy
* pkg: convert: fix tests to use upstream ImageContents type
* build: package: use internal readlinkFS, old apko fs package was deprecated
* build: add minimal internal readlinkfs implementation
* convert: use upstream ImageContents type, added in apko 0.7.0
* build: use normal os.DirFS for filesystem walking
* upgrade to apko 0.7.2 git
* build: remove --use-proot option
* lint
* move convert related packages under convert as subpackages
* container: bubblewrap runner: use --new-session to mitigate CVE-2017-5226
* autoconf: always define the GNU host and build triplets in configure step
* update docs
* add more context for the experimental commands
* add shell completion and move common flags to top level
* move wolfios to its own package
* add same convert options to higher leve
* fix lint and tests
* fix tests
* add convert subcommand
* docs: ensure docs are up to date in CI
* add melange docs
* change --out-dir to not depend on cwd
* accept dependabot\'s GPG key for commit signing CI check
* package: only use base soname when generating runtime dependencies across symlinks
* build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2
* add omitempty to some fields
* build(deps): bump google.golang.org/api from 0.110.0 to 0.111.0
* build(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0
* build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1
* remove self-provided dependencies from the runtime dependency set
* build(deps): bump github.com/openvex/go-vex
* build: package: dereference symlinks across packages and read the real DT_SONAME instead of guessing
* build: configuration: add support for variable substitution in more places
* apply refactoring suggestions from go linter
* build: also apply if-conditionals when generating the package index
* build: also apply subpkg if-conditionals when emitting packages and SBOMs
* examples: add example outlining the new option-related features
* build: implement if-conditionals for subpackages
* build: pipeline: add option enabled variables
* build: build option: patch the variables and environment configuration
* build: use BuildOption.Apply to apply configuration patches from build options
* build: build_option: add Apply stub
* cli: build: add --build-option to configure the enabled build options
* build: add WithEnabledBuildOptions context option
* build: add BuildOptions map to Configuration
* build: add BuildOption types
* package: ensure we are operating only on a basename when generating symlink deps
* package: detect shared library dependencies for .so symlinks
* build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
* build(deps): bump google.golang.org/api from 0.109.0 to 0.110.0
* Add ruby pipelines for gem install, build and clean
* build: package: add support for defining \"replaces\" relationships
* package: findInterpreter: chop trailing nul from interpBuf
* package: deal with musl interpreter being a symlink back to itself
* package: ensure PT_INTERP is always added as an explicit dependency
* build(deps): bump github.com/docker/docker
* build(deps): bump github.com/joho/godotenv from 1.4.0 to 1.5.1
* build(deps): bump google.golang.org/api from 0.108.0 to 0.109.0
* build(deps): bump github.com/docker/docker
* git-checkout: fix tags
* use merge option to speed up apkindex generation when build
* just warn if no branch or tag specified
* build(deps): bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0
* build(deps): bump github.com/google/go-containerregistry
* Revert \"Generate build environment SBOM\"
* add expected-commit to git-checkout
* Update README to mention wolfi.
* cli: add --vars-file option to support loading build variables from an external source
* build: add WithVarsFile and WithVarsFileForParsing options
* examples: add variable substitution example
* pipeline: handle ${{vars}} block as expected
* build: add variables block to build configuration struct
* build(deps): bump cloud.google.com/go/storage from 1.28.1 to 1.29.0
* examples: add working-directory example
* pipeline: ensure the working-directory is created before using it
* pipeline: propagate WorkDir to subpipelines
* pipeline: set working directory when evaluating pipeline \"runs\" entries
* build: add Pipeline.WorkDir definition
* build(deps): bump google.golang.org/api from 0.107.0 to 0.108.0
* build(deps): bump github.com/docker/docker
* build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0
* go mod tidy to drop chainguard/vex
* Switch VEX dependency to openvex
* allow provider priority to be configured
* build(deps): bump google.golang.org/api from 0.106.0 to 0.107.0
* Wire logger from SBOM generator to impl
* Escape invalid identifier chars
* Fix build sbom name in subpackages
* Fix bug where package verification was wrong
* build sbom: Add relationships to produced SBOMs
* Update protobom to support dl location
* Build SBOM: Generate package with apks
* Trigger build SBOM generation, reuse write
* Passs guest directory to sbom spec
* Refactor SBOM spec for reuse
* Add ReadPackageIndex to gen implementation
* Add GenerateBuildEnvSBOM fn to SBOM generator
* Update Lima link
* update apko dependency to latest
* bump apko dependency
* pipelines: autoconf/configure: fix sysconfdir
* upgrade apko dependency to latest git
* build(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2
* build(deps): bump google.golang.org/api from 0.105.0 to 0.106.0
* build(deps): bump actions/checkout from 3.2.0 to 3.3.0
* bump apko to latest git again for keyring fix
* fix typo
* index gen: Add loop throttle, mutex
* close lingering file descriptor
* sbom: handle spdxPkg.VerificationCode being a pointer in apko git
* chase PublishImageFromLayer API change in apko
* update apko dependency to latest git for armv6/armv7 triplet fixes
* go/install: also require git (#239)
* use lima to use melange on mac
* Advisories: Require pkg version for fixed status (#237)
* Parallel processing of packages.
* Make packageurl-go import direct
* add --namespace option to build subcommand
* SBOM: Generate purls for built packages
* Add namespace and arch fields to SBOM spec
* Drop distro qualifier from purls
* Add Go pipelines documentation
* Revamp go examples to use both pipleines
* New go/install pipeline
* go/build: Support changing module root
* Bump vex (#231)
* Remove extra field
* Add advisories and purls
* Export functionality for config parsing (#229)
* Apko devenv README
* Melange development environment
* Sun Mar 19 2023 Johannes Kastl - new package melange: Build APKs from source code
  
ICM