v0.96.7

Chainloop Attestation

View the attestation of this release

Changelog

• 3ba23cd fix(migrations): Update atlas base image sha (#1305)

What's Changed

• Bump Helm Chart Version => v0.96.6 by @github-actions in #1303
• docs(policies): digest integrity checks by @migmartri in #1304
• fix(migrations): Update atlas base image sha by @javirln in #1305

Full Changelog: v0.96.6...v0.96.7

v0.96.6

Chainloop Attestation

View the attestation of this release

What's Changed

• Bump Helm Chart Version => v0.96.5 by @github-actions in #1290
• docs: add policy information in reference docs by @migmartri in #1292
• feat(policies): improve attachment validations by @migmartri in #1293
• fix(policies): handle provider 404 by @migmartri in #1291
• feat(docs): document policy arguments by @jiparis in #1296
• feat(policies): digest support by @migmartri in #1297
• chore(golang): Upgrade Golang version to 1.23.1 by @javirln in #1300
• chore(policies): decouple evaluations representation by @jiparis in #1294

Full Changelog: v0.96.5...v0.96.6

v0.96.5

Chainloop Attestation

View the attestation of this release

What's Changed

• Bump Helm Chart Version => v0.96.4 by @github-actions in #1280
• feat(jsonschema): Generate jsonschema for workflowcontract proto by @javirln in #1281
• Make protocol-less references point to policy providers by @jiparis in #1282
• chore(dagger): Bump CLI version and update dependencies by @javirln in #1283
• fix(policies): allow downloading policies form http endpoint by @migmartri in #1285
• chore(deps): Bump webpack from 5.90.3 to 5.94.0 in /docs by @dependabot in #1286
• chore(deps): Bump micromatch from 4.0.5 to 4.0.8 in /docs by @dependabot in #1287
• fix(cli): load insecure option from viper by @migmartri in #1288
• refactor: support headless auth in windows by @migmartri in #1289
• feat: store FQ reference to the policy by @migmartri in #1284

Full Changelog: v0.96.4...v0.96.5

v0.96.4

Changelog

• d78aa2b feat(cli): add support for env vars (#1274)

v0.96.3

Changelog

• ebe1cdc feat(signing): docs for EJBCA integration (#1265)

v0.96.2

Changelog

• 25757a2 fix policy loader wrongly setting provider and name (#1259)

v0.96.1

Chainloop Attestation

After falling through the cracks of the day-to-day building, let's get back to the good habit of writing release notes :)

Highlights

Contract improvements

This new release allows users to preserve the contracts in the format, including comments! It also improves validation errors.

This is an example of a contract provided in json

$ chainloop wf contract describe --name bar-demo-policies -o schema

schemaVersion: v1
materials:
- type: SBOM_CYCLONEDX_JSON
  name: sbom
policies:
  # Policies that apply automatically to the pieces of evidence (materials) provided
  materials:
  # All components have licenses
  - ref: chainloop://cyclonedx-licenses
  # SBOMS should have been generated within one day
  - ref: chainloop://cyclonedx-freshness
    with: 
      limit: 1
  - ref: chainloop://cyclonedx-banned-licenses
    with:
      licenses: "AGPL-10, AGPL-3.0"
  - ref: chainloop://cyclonedx-banned-components
    with:
      components: [email protected]
  # Policies evaluated with the resulting attestation
  attestation:
  - ref: chainloop://sbom-present

and validations errors are way more descriptive now

ERR validation error: validation error: :3:9 unknown enum value "SBOM_CYCLONEDX_JSSON", expected one of [MATERIAL_TYPE_UNSPECIFIED STRING CONTAINER_IMAGE ARTIFACT SBOM_CYCLONEDX_JSON SBOM_SPDX_JSON JUNIT_XML ...]
   3 | - type: SBOM_CYCLONEDX_JSSON
   3 | ........^

:3:9 materials[0].type: value must not be in list [0] (enum.not_in)
   3 | - type: SBOM_CYCLONEDX_JSSON
   3 | ........^

Policies Improvements

Our goal is to make the best user experience with regards of authoring and evaluating policies, and although there is still a long way to go, this release takes us in that direction with the introduction of parameters, contract attachment validations, and more.

What's Changed

• Bump Helm Chart Version => v0.95.7 by @github-actions in #1223
• chore(policies): add policy providers configurable in chart by @jiparis in #1224
• fix(chart): problem rendering without providers by @migmartri in #1226
• chore(policies): add tests for policy loader by @jiparis in #1230
• feat(contract): Add missing index on contracts by @javirln in #1231
• chore(policies): store policy arguments in attestation result by @jiparis in #1234
• chore(policies): improve error message when policy is not found by @jiparis in #1232
• fix: show only grpc error by @migmartri in #1236
• chore(policies): update invalid config example by @jiparis in #1229
• chore: expose workflow_id in integration attachment by @migmartri in #1241
• refactor(integration-attachments): Map all integration attachments properties by @javirln in #1242
• feat(contracts): support multi-format by @migmartri in #1239
• chore(deps): Bump axios from 1.6.7 to 1.7.4 in /docs by @dependabot in #1243
• chore(policies): validate remote policies on contract creation by @jiparis in #1240
• chore(policies): Refactor policy Registry to pkg by @javirln in #1247

Full Changelog: v0.95.7...v0.96.1
View the attestation of this release

v0.95.7

Chainloop Attestation

View the attestation of this release

What's Changed

• Bump Helm Chart Version => v0.95.6 by @github-actions in #1217
• policies provider framework by @jiparis in #1218
• feat(policies): GetPolicy endpoint to resolve remote policies by @jiparis in #1219
• feat(policies): load and evaluate remote policies on attestation operations by @jiparis in #1220

Full Changelog: v0.95.6...v0.95.7

v0.95.6

Changelog

• cbfbae3 feat(policies): support policies with arguments (#1213)

v0.95.5

Changelog

• 3803975 fix(chart): Missing ports on network policies (#1210)