Skip to content

v0.96.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Aug 10:44
· 1066 commits to main since this release
v0.96.1
2237a9d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Chainloop Attestation

After falling through the cracks of the day-to-day building, let's get back to the good habit of writing release notes :)

Highlights

Contract improvements

This new release allows users to preserve the contracts in the format, including comments! It also improves validation errors.

This is an example of a contract provided in json

$ chainloop wf contract describe --name bar-demo-policies -o schema

schemaVersion: v1
materials:
- type: SBOM_CYCLONEDX_JSON
  name: sbom
policies:
  # Policies that apply automatically to the pieces of evidence (materials) provided
  materials:
  # All components have licenses
  - ref: chainloop://cyclonedx-licenses
  # SBOMS should have been generated within one day
  - ref: chainloop://cyclonedx-freshness
    with: 
      limit: 1
  - ref: chainloop://cyclonedx-banned-licenses
    with:
      licenses: "AGPL-10, AGPL-3.0"
  - ref: chainloop://cyclonedx-banned-components
    with:
      components: [email protected]
  # Policies evaluated with the resulting attestation
  attestation:
  - ref: chainloop://sbom-present

and validations errors are way more descriptive now

ERR validation error: validation error: :3:9 unknown enum value "SBOM_CYCLONEDX_JSSON", expected one of [MATERIAL_TYPE_UNSPECIFIED STRING CONTAINER_IMAGE ARTIFACT SBOM_CYCLONEDX_JSON SBOM_SPDX_JSON JUNIT_XML ...]
   3 | - type: SBOM_CYCLONEDX_JSSON
   3 | ........^

:3:9 materials[0].type: value must not be in list [0] (enum.not_in)
   3 | - type: SBOM_CYCLONEDX_JSSON
   3 | ........^

Policies Improvements

Our goal is to make the best user experience with regards of authoring and evaluating policies, and although there is still a long way to go, this release takes us in that direction with the introduction of parameters, contract attachment validations, and more.

What's Changed

  • Bump Helm Chart Version => v0.95.7 by @github-actions in #1223
  • chore(policies): add policy providers configurable in chart by @jiparis in #1224
  • fix(chart): problem rendering without providers by @migmartri in #1226
  • chore(policies): add tests for policy loader by @jiparis in #1230
  • feat(contract): Add missing index on contracts by @javirln in #1231
  • chore(policies): store policy arguments in attestation result by @jiparis in #1234
  • chore(policies): improve error message when policy is not found by @jiparis in #1232
  • fix: show only grpc error by @migmartri in #1236
  • chore(policies): update invalid config example by @jiparis in #1229
  • chore: expose workflow_id in integration attachment by @migmartri in #1241
  • refactor(integration-attachments): Map all integration attachments properties by @javirln in #1242
  • feat(contracts): support multi-format by @migmartri in #1239
  • chore(deps): Bump axios from 1.6.7 to 1.7.4 in /docs by @dependabot in #1243
  • chore(policies): validate remote policies on contract creation by @jiparis in #1240
  • chore(policies): Refactor policy Registry to pkg by @javirln in #1247

Full Changelog: v0.95.7...v0.96.1
View the attestation of this release

Contributors

migmartri, jiparis, and 2 other contributors
Assets 15
Loading