v0.12.0
What's Changed
- Bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible by @dependabot in #673
- Add purls to SPDX sbom by @puerco in #677
- Bump actions/setup-go from 2 to 3 by @dependabot in #680
- Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 by @dependabot in #683
- Bump codecov/codecov-action from 2.1.0 to 3.0.0 by @dependabot in #682
- Bump actions/upload-artifact from 2 to 3 by @dependabot in #681
- Bump ecr-login dep and update WithLogger callsite by @imjasonh in #658
- check and use the latest go available for the defined version by @cpanato in #690
- Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 by @dependabot in #691
- Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #692
- Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #686
- Bump github.com/containerd/stargz-snapshotter/estargz from 0.11.3 to 0.11.4 by @dependabot in #685
- Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #695
- Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #697
- Bump github/codeql-action from 1 to 2 by @dependabot in #696
- Fix texts regarding SBOM by @otms61 in #698
- Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 by @dependabot in #701
- Bump github.com/docker/docker from 20.10.14+incompatible to 20.10.15+incompatible by @dependabot in #700
- Bump sigs.k8s.io/kind from 0.12.0 to 0.13.0 by @dependabot in #703
- Bump github.com/docker/docker from 20.10.15+incompatible to 20.10.16+incompatible by @dependabot in #704
- Bump sigs.k8s.io/kind from 0.13.0 to 0.14.0 by @dependabot in #708
- Bump goreleaser/goreleaser-action from 2.9.1 to 3.0.0 by @dependabot in #709
- Use sync.Map to cache base image lookups by @imjasonh in #712
- Bump k8s.io/apimachinery from 0.24.0 to 0.24.1 by @dependabot in #714
- Bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #715
- add warning when using both --local and KO_DOCKER_REPO to ko.local by @cpanato in #629
- Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 by @dependabot in #719
- Bump deps to silence security alerts by @imjasonh in #667
- check if have all and other platforms set in the --platform flag by @cpanato in #630
- Bump github.com/sigstore/cosign from 1.8.0 to 1.9.0 by @dependabot in #721
- docs(readme): add sbom section by @developer-guy in #710
- allow refs-file to be read by other users by @seankhliao in #723
- Bump golang.org/x/tools from 0.1.10 to 0.1.11 by @dependabot in #724
- Bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible by @dependabot in #725
- Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #726
- build: Imply current import path by @imjasonh in #717
- Allow KO_CONFIG_PATH to be a file by @benmoss in #731
- Bump k8s.io/apimachinery from 0.24.1 to 0.24.2 by @dependabot in #732
- Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0 by @dependabot in #735
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #734
- Update base image to ghcr.io/distroless/static:latest by @imjasonh in #737
- Convert our SPDX SBOMs to spdx+json. by @mattmoor in #740
- Fix off-by-one error by @mattmoor in #742
- Add externalDocumentRefs to SPDX doc type by @puerco in #741
- Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #746
- Unconditionally set the base image annotation. by @mattmoor in #745
- Start emitting multi-arch SBOMs for
SPDXwithkoby @mattmoor in #743 - Add base image information to SPDX SBOMs by @mattmoor in #744
- don't fail if LDFLAGS env isn't set by @imjasonh in #758
- Several SPDX SBOM adjustments. by @mattmoor in #760
- Decorate per-architecture images with base image annotations. by @mattmoor in #759
- Have
--image-refslist all images for multi-arch builds. by @mattmoor in #761 - remove deprecated k8s flags support by @imjasonh in #750
- Reject the -toolexec flag by @imjasonh in #752
- Add installation instructions for Alpine by @imjasonh in #754
- ko run: remove --generator flag by @imjasonh in #751
- exercise symlink chasing without .git by @imjasonh in #763
- Chore: bumped base image to go 1.18 by @ellistarn in #764
- Add a delimiter before digest in the SPDX namespace by @mattmoor in #765
- Bump k8s.io/apimachinery from 0.24.2 to 0.24.3 by @dependabot in #767
- Bump github.com/containerd/stargz-snapshotter/estargz from 0.11.4 to 0.12.0 by @dependabot in #768
- Use chainguard-dev/actions/setup-registry by @imjasonh in #772
- bump go-containerregistry dependency by @imjasonh in #773
- Remove redundant return path by @jonjohnsonjr in #774
- fix GitHub Actions workflows by @imjasonh in #777
- Deprecate ko deps by @imjasonh in #770
- Set layer media types consistently by @imjasonh in #776
- Add kind e2e test for ko run by @imjasonh in #779
- Add tests that ko can push to quay.io and Dockerhub by @imjasonh in #778
- Fix e2e push tests, these registries need --bare by @imjasonh in #780
- Bump github.com/sigstore/cosign from 1.9.0 to 1.10.0 by @dependabot in #781
- Bump golang.org/x/tools from 0.1.11 to 0.1.12 by @dependabot in #783
- Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 by @dependabot in #784
- Bump github.com/sigstore/cosign from 1.10.0 to 1.10.1 by @dependabot in #786
- expose commands.ResolveFilesToWriter() method by @joshrwolf in #787
- feat: generate SLSA provenance for release binaries by @laurentsimon in #730
- adds org move message by @mchmarny in #789
- update default base image to distroless.dev/static by @imjasonh in #790
- Error if image platform does not match desired by @benmoss in #785
- Bump k8s.io/apimachinery from 0.24.3 to 0.24.4 by @dependabot in #792
- Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 by @dependabot in #793
- Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in #794
- Extend ko.local and kind.local detection to include sub-repos by @imjasonh in #796
- Support --tag and --tag-only with nop publisher by @imjasonh in #797
New Contributors
- @puerco made their first contribution in #677
- @otms61 made their first contribution in #698
- @seankhliao made their first contribution in #723
- @ellistarn made their first contribution in #764
- @joshrwolf made their first contribution in #787
- @laurentsimon made their first contribution in #730
- @mchmarny made their first contribution in #789
Full Changelog: v0.11.2...v0.12.0
Contributors
mchmarny, imjasonh, and 12 other contributors