v2.3.2

Changelog

• 0ee76ab feat: add hashed token to responses for correlation with GitHub audit logs (#163)

v2.3.1

Changelog

• 25ed084 Bump toolchain and dependencies
• 5ce15ec fix: client timeouts with >250 repositories (#161)

v2.3.0

What's Changed

• fix: Use a case-insensitive organization name lookup by @dekimsey in #156
• CVE fixes by @pkossyfas in #159

New Contributors

• @dekimsey made their first contribution in #156
• @pkossyfas made their first contribution in #159

Full Changelog: v2.2.2...v2.3.0

v2.2.2

Small fix to how the plugin version is represented inside Vault.

Full Changelog: v2.2.1...v2.2.2

v2.2.1

What's Changed

• fix: #145 and #148 caused by recent Go bump
• feat: initializes proxy for Transport if needed by @mpailloncy in #146

New Contributors

• @mpailloncy made their first contribution in #146

Full Changelog: v2.2.0...v2.2.1

v2.2.0

What's Changed

• Adds endpoint to list installations, support org_name lookup with more than 30 installations by @ajvpot in #141
• Disable CGO and passthrough plugin version by @arnecls in #135
• Updated Go toolchain and dependencies
• Removal of gomod2nix

v2.1.0

Summary

A release focused on optimizations for using the plugin at significant scale based on feedback from large enterprise deployments.

New features

• The config endpoint gets a option for significantly reducing the memory footprint of the plugin with exclude_repository_metadata.
• The plugin is now multiplexed to avoid spawning multiple plugin processes for mounts of the same type.

Hygiene

• Go 1.22 and codebase modernized.
• All dependencies upgraded.
• Project infrastructure simplified (Nix; no more Make and Docker) and modernized (goreleaser).
• SBOMs added to the release collateral.

Changelog

• b27482c Disable proxy
• 06444ef Fix CI
• 4704d2b Fix new hide metadata contribution
• 9adcf63 Handle Prom/OpenMetrics upgrade
• 4f09214 Support existence checks
• db002ca Support multiplexed plugins
• 537597d Ditch Docker and Make for pure Nix
• ef9e7ba Run github.com/martinbaillie/copiedloopvarfixer over code
• 03f158b Replace dated usage of interface{} with any
• 52200f6 Fix disable metadata feature
• 9bfbd38 feat: added a configuration key [hide_repository_metadata] that, if set to true, will minimize the [token.data.repositories] to [token.data.repositories.names] to avoid high memory consumption (#114)
• 8fd5e5a Update the releases link (#108)
• 072ee83 Update documentation for v2.0.0

v2.0.0

With this release, the plugin is moving to a model where it can support multiple GitHub App installations from the one mount. It does this in v2 by moving the configuration of GitHub App installation IDs (installation_id) to request time rather than configuration time.

Users can provide the installation_id as part of ad-hoc requests to the /token endpoint but are encouraged instead to utilise the powerful Permission Sets feature to persist and abstract away the installation_id parameter from the user entirely. By creating a permission set you only need to enter the installation_id once.

For convenience and to support another use case, the token and permission set endpoints can alternatively take an org_name value instead of an installation_id. In this case, the plugin will perform an additional lookup (roundtrip to your GitHub instance) against org_name to discover the current installation_id first during token creation flows. Note that there is no caching of the discovered installation_id so this extra lookup occurs every time. For high traffic mounts or permission sets you may wish to continue setting installation_id instead of org_name.

Breaking Changes:

• Installation ID configuration is moved to request time. Permission Sets strongly encouraged.

Release v2.0.0-rc.1

v2.0.0-rc.1

The plugin is moving to a model where it can support multiple GitHub App installations from the one mount. It does this in v2 by moving the configuration of GitHub App installation IDs (ins_id) to request time rather than configuration time.

Users can provide the ins_id as part of ad-hoc requests to the /token endpoint but are encouraged instead to utilise the powerful Permission Sets feature to abstract away the ins_id parameter entirely.

Breaking Changes:

• Installation ID configuration is moved to request time. Permission Sets strongly encouraged.
• Installation ID lookup using Organisation name. This may be reintroduced in some form before v2.0.0.

Release v1.3.0

v1.3.0

New features:

• A new org_name config value that can be used to discover the GitHub App installation ID from the organisation instead of providing it explicitly.