CHANGELOG.md

5.10.2 (2024-05-05)

Bug Fixes

• workflow: disable MR pipeline from prod & integ branches (6460d7b)

5.10.1 (2024-04-03)

Bug Fixes

• variants: use service containers "latest" image tag (vault, GCP & AWS) (0f57cdd)

5.10.0 (2024-04-02)

Features

• trivy: enable custom Trivy Java DB repository (059fda8)

5.9.1 (2024-03-29)

Bug Fixes

• kaniko-snapshot-image-cache input no longer dependent on another input (9c51d09)

5.9.0 (2024-03-28)

Features

• trivy: add variable for setting trivy db repository path (9b2bd78)

5.8.2 (2024-03-21)

Bug Fixes

• keep default dependencies on jobs using DOCKER_SNAPSHOT_IMAGE or DOCKER_RELEASE_IMAGE (bb974c2)

5.8.1 (2024-1-28)

Bug Fixes

• sbom: fix default Syft options (4b03224)

5.8.0 (2024-1-27)

Features

• migrate to GitLab CI/CD component (60f2c3f)

5.7.1 (2024-1-18)

Bug Fixes

• Resolve "Syft packages is now deprecated" (63a9850)

5.7.0 (2023-12-8)

Features

• use centralized service images (gitlab.com) (d218fff)

5.6.1 (2023-12-7)

Bug Fixes

• sbom: syft catalogers renamed (c3555e3)

5.6.0 (2023-12-4)

Features

• build cache can be disabled (configurable; non-default) (fe52e0e)

5.5.6 (2023-12-2)

Bug Fixes

• envsubst when variable contains a '&' (f5781c8)

5.5.5 (2023-11-12)

Bug Fixes

• ECR and GCP provider image variables (49cc61c)

5.5.4 (2023-11-03)

Bug Fixes

• handle port number in docker release image uri (35e1b52)

5.5.3 (2023-10-18)

Bug Fixes

• hadolint: Hadolint report file name derives from Dockerfile's path (MD5) instead of content (e7bbdcc)
• sbom: sbom report's name derives from snapshot image (same as Trivy) (62341f4)

5.5.2 (2023-10-16)

Bug Fixes

• declare all TBC stages (cce769d)

5.5.1 (2023-10-06)

Bug Fixes

• trivy: fail when scanning an image that has reached EOL (b89f06e)

5.5.0 (2023-09-30)

Features

• ecr: add Amazon ECR variant (7b0b1d9)

5.4.1 (2023-09-27)

Bug Fixes

• cache-repo: switch back to kaniko default behavior (6e15c06)

5.4.0 (2023-09-22)

Features

• publish: support extra tags (b78c4e6)

5.3.1 (2023-09-19)

Bug Fixes

• dind: wait for Docker daemon to be ready with a timeout (1 min) (ea965f6)

5.3.0 (2023-08-28)

Features

• oidc: OIDC authentication support now requires explicit configuration(see doc) (521f918)

5.2.2 (2023-07-25)

Bug Fixes

• kaniko: Allow repositories with port numbers to be used for caching (d17e215)

5.2.1 (2023-07-12)

Bug Fixes

• doc: update typo on documentation [skip ci] (95245ba)
• kaniko: force '--cache-repo' option (strip tag) (7d4a194)

5.2.0 (2023-06-16)

Features

• gcp: add OIDC authentication support for GCP Artifact Registry (ecac4a6)

5.1.0 (2023-05-27)

Features

• workflow: extend (skip ci) feature (43ab7e7)

5.0.3 (2023-05-17)

Bug Fixes

• derive buildah cache from snapshot image (63016e6)

5.0.2 (2023-05-16)

Bug Fixes

• kaniko: fix $HOME variable (e213a9e)

5.0.1 (2023-05-15)

Bug Fixes

• use $HOME for skopeo credentials for rootless use (e8b89fd)

5.0.0 (2023-05-11)

Features

• add buildah support for building images (f8de563)

BREAKING CHANGES

• $DOCKER_DIND_BUILD no longer supported (replaced by $DOCKER_BUILD_TOOL)

4.0.0 (2023-04-05)

Features

• publish: redesign publish on prod strategy (524ccc1)

BREAKING CHANGES

• publish: $PUBLISH_ON_PROD no longer supported (replaced by $DOCKER_PROD_PUBLISH_STRATEGY - see doc)

3.5.3 (2023-03-28)

Bug Fixes

• sbom: add CycloneDX report (76c6727)

3.5.2 (2023-01-27)

Bug Fixes

• "Add registry name in all Docker images" (b45e6a2)

3.5.1 (2023-01-04)

Bug Fixes

• wrong $docker_image_digest if GitLab registry host has a port (c121756)

3.5.0 (2022-12-13)

Features

• vault: configurable Vault Secrets Provider images (96e2c5d)

3.4.0 (2022-12-12)

Features

• semantic release integration (fabf9b9)

3.3.0 (2022-11-29)

Features

• add a job generating software bill of materials (ea8ca4e)

3.2.2 (2022-10-06)

Bug Fixes

• Error when generating Trivy report (2b5ec6e)

3.2.1 (2022-10-04)

Bug Fixes

• hadolint: fix shell syntax error (88de431)

3.2.0 (2022-10-04)

Features

• normalize reports (e8d505f)

3.1.1 (2022-09-28)

Bug Fixes

• support DOCKER_XX_IMAGE with registry port (54e9e05)

3.1.0 (2022-09-20)

Features

• add custom DOCKER_CONFIG_FILE var (3201240)

3.0.0 (2022-08-05)

Bug Fixes

• trigger new major release (580d3e3)

BREAKING CHANGES

• change default workflow from Branch pipeline to MR pipeline

2.7.1 (2022-06-20)

Bug Fixes

• skopeo: authenticate with skopeo inspect (53cf10d)
• Trivy: prefix Trivy report name (4cec06b)

2.7.0 (2022-05-20)

Features

• Trivy: allow Trivy to be run in standalone mode (88348c8)

2.6.0 (2022-05-19)

Features

• Make the --vuln-type Trivy argument configurable (15457c6)

2.5.0 (2022-05-01)

Features

• configurable tracking image (b91e936)

2.4.0 (2022-04-27)

Features

• add image digest support (57998b2)

2.3.3 (2022-04-12)

Bug Fixes

• Trivy: restore default Git strategy to allow .trivyignore (b2fc514)

2.3.2 (2022-02-24)

Bug Fixes

• vault: revert Vault JWT authentication not working (b7ac60a)

2.3.1 (2022-02-23)

Bug Fixes

• vault: Vault JWT authentication not working (4949a87)

2.3.0 (2022-01-10)

Features

• Vault variant + non-blocking warning in case failed decoding @url@ variable (f1bbac3)

2.2.0 (2021-11-24)

Features

• add configurable metadata variable with OCI recommended labels (d3630f9)

2.1.2 (2021-10-19)

Bug Fixes

• trivy: ignore unfixed security issues by default (f9a1602)

2.1.1 (2021-10-07)

Bug Fixes

• use master or main for production env (5596daf)

2.0.0 (2021-09-02)

Features

• Change boolean variable behaviour (f74d9ef)

BREAKING CHANGES

• boolean variable now triggered on explicit 'true' value

1.2.3 (2021-07-21)

Bug Fixes

• variable name (1aed76f)

1.2.2 (2021-07-05)

Bug Fixes

• update skopeo credentials (559961f)

1.2.1 (2021-06-25)

Bug Fixes

• permission on reports directory (2d2f360)

1.2.0 (2021-06-10)

Features

• move group (405fdcc)

1.1.0 (2021-05-18)

Features

• add scoped variables support (fc9a1ad)

1.0.0 (2021-05-06)

Features

• initial release (0b00fba)