v0.55.0
Like clockwork, we are dropping a new release 🎁 for you right in time for Christmas!
Highlights
API-tokens support
Operators can now create long-lasting, but revocable, API tokens #453 associated with their organizations that can be used in their unattended automation.
Its management is under the chainloop organization api-token CLI namespace and includes creation, listing, and revocation.
$ chainloop organization api-token
Manage API tokens to authenticate with the Chainloop API.
Available Commands:
create Create an API token
list List API tokens in this organization
revoke revoke API token
Once you have a token, you can use it in the CLI by providing it via the --token flag or the $CHAINLOOP_API_TOKEN. For HTTP requests such as /download/[sha256], this token can also be set in the Authorization Bearer header.
We are very excited about this feature because it enables best practices, such as GitOps approach for updating workflow contracts 💪🏼 🎉
Improved discovery endpoint
The discovery index now includes, at first glance, information about the attestations, saving you from the need to download and process them. See with your own eyes in this example discover/sha256:64d99214c867476c96dc00a6cac70a2ec9726a6736bca407cd8fb92792aa1925.
What's Changed
- Bump Helm Chart Version => v0.50.0 by @github-actions in #454
- feat(org): prevent from leaving current organization by @buccarel in #457
- fix: enable JWT audience verification by @migmartri in #459
- Api tokens reference persistence by @migmartri in #455
- fix(referrer): remove sha256 requirement by @migmartri in #460
- API tokens API support by @migmartri in #461
- chore: simplify membership check by @migmartri in #465
- feat: allow upload/downloads using API token by @migmartri in #464
- feat: add attestation info to index by @migmartri in #467
- fix(controlplane): bump revision only during workflow contract update by @fgallina in #468
New Contributors
Full Changelog: v0.50.0...v0.55.0
