github AlexGustafsson/cupdate v0.17.0-beta.1
on GitHub

latest release: v0.17.0-beta.2
pre-release2 days ago

Thanks to everyone who created feature requests, bug reports and tested fixes. Your help is instrumental to continue to improve Cupdate!

Features

Tracking workflow runs

Cupdate uses a workflow to process images, the workflow runs jobs and jobs consist of steps. If you're familiar with Github Actions, Cupdate's workflows work much the same.

Being a core part of Cupdate, observability of the workflows progress is key to debugging issues. In v0.17.0, Cupdate now tracks each and every workflow run, making their durations, statuses and errors available via the API and UI as soon as they've completed.

image

The graph shows each job of the latest workflow run. If you click one of the jobs, a summary of the steps run as part of the job is shown. If you're using tracing, a tracing id is shown, enabling you to continue correlating the run using your observability platform of choice. See docs/observability for more information.

image

If a step would fail, the error causing it to fail is shown.

image

Tracking the workflows also allows Cupdate to show a summary of failed images on the dashboard and via the API, for use with services like Grafana or Homepage. If you're already using Homepage, see the updated documentation in docs/cookbook.

image

This also allows us to tag failing images, making it easy to find them.

For now, only the latest workflow run is exposed through APIs. Workflow runs are by default kept for 48h. See docs/config for details on the new environment variables CUPDATE_WORKFLOW_CLEANUP_MAX_AGE and CUPDATE_WORKFLOW_CLEANUP_INTERVAL.

Tracking data changes

Whenever Cupdate processes an image and founds new data, that data is stored to an sqlite database. Starting in v0.17.0, Cupdate now internally tracks changes made to the data stored. Although not a front-facing feature, this enables improvements in existing features and lays the foundation for future improvements. If you're using the API, you can now get events whenever an image is processed or when there's a new version available. See the API docs for more details.

One improvement made to the existing feature set is that the web app can now tell what was updated and only prompt the user once data affecting the current page changes. This ensures that you won't get the toast every time Cupdate processes the image and updates basic fields such as when the image was last processed.

image

Worker queue rewrite

In previous Cupdate versions, the internal queue used for processing references had a fixed max size and provided bad observability. At times, it made it impossible to manually schedule an image for processing via the UI or APIs.

In v0.17.0, the worker queue implementation is rewritten to be unsized, with unique items, ensuring that you're always free to schedule images for processing, even if Cupdate's busy. It also makes sure that Cupdate won't schedule an image if it's already scheduled.

The rewrite also greatly improves the observability of the queue by making sure the cupdate_worker_available_burst gauge is always up-to-date. The change also adds a new gauge, cupdate_worker_queue_length which contains the current queue length.

See the example Grafana dashboard in docs/observability.

The change also means that the CUPDATE_PROCESSING_QUEUE_SIZE no longer has any effect.

Improvements and fixes

  • Set correct cursor on image update button, graph navigation buttons
  • Only show update toast on change detection
  • Bubble errors returned by steps and jobs to the workflow, improving context in error logs
  • Color negative counters on the dashboard green when they're zeroed
  • Remove the word 'images' from the dashboard, reducing space and repetitiveness
  • Add skeleton animations to the UI when its loading for a long time (should only be shown during times of bad network connectivity)
  • Add missing cascade delete to image tags, fixing tags staying after their images have been removed
  • Fix filter not being included on pagination
  • Fix settings card not showing on Cupdate's image page
  • Fix Cupdate processing Kubernetes references before a digest is resolved by the runtime

Deprecations

  • CUPDATE_PROCESSING_QUEUE_SIZE has been removed and no longer has any meaning.

Breaking changes

  • Cupdate now stores links and vulnerabilities as blobs instead of rows. The tables images_links and images_vulnerabilities are removed when Cupdate starts. In their place, images_linksv2 and images_vulnerabilitiesv2 are created. if you're just using the UI or API, you won't notice the change after Cupdate has processed the images, again updating the links and vulnerabilities to the new tables.

Full Changelog: v0.16.0...v0.17.0-beta.1

Check out latest releases or
releases around AlexGustafsson/cupdate v0.17.0-beta.1

Don't miss a new cupdate release

NewReleases is sending notifications on new releases.

Get notifications