Changelog
New Features
- e02c00f: feat(tests): add a testcase for
soft man(@aymanbagabas) - fc81914: feat: add ssh lfs-transfer tests (@aymanbagabas)
- c3915b2: feat: run test coverage against postgres (@aymanbagabas)
- a985ccd: feat: test ssh ui output (@aymanbagabas)
- 40d76a1: feat: update integration tests (#434) (@aymanbagabas)
Bug fixes
- 81ee0ec: fix(git): hang on git i/o error (@aymanbagabas)
- f801b96: fix(meta): use "chore" prefix for dependabot (@aymanbagabas)
- 43f087f: fix(mirror): add user missing from context (@nilium)
- b15f874: fix(mirror): don't need git gc (@aymanbagabas)
- 07076f8: fix(mirror): skip LFS instead of failing to mirror a repo (@nilium)
- 0e77ee9: fix(ssh): allocate pty and use the latest tea middleware (@aymanbagabas)
- 621d920: fix(ssh): check of empty pk and tidy context mw (@aymanbagabas)
- d54c6de: fix(ssh): emulate pty on windows (@aymanbagabas)
- 6c917ac: fix(test): path separator on windows (@aymanbagabas)
- 8c9777d: fix(test): tidy testscript and skip ssh-lfs test (@aymanbagabas)
- 6e9db8e: fix(web): superfluous write (@aymanbagabas)
- 8c181bc: fix(web): write http prefix before references (@aymanbagabas)
- abd5580: fix(webhook): we don't care about the default branch if it's missing (@aymanbagabas)
- b06b555: fix: disable soft-browse test (@aymanbagabas)
- 143918b: fix: executable path in hooks (#459) (@wahjava)
- 047b6a7: fix: invalid error on empty repo collabs (#466) (@aymanbagabas)
- 0191234: fix: lint (@aymanbagabas)
- 194455d: fix: lint issues (@aymanbagabas)
- d119d53: fix: only use glamour for mk files (#467) (@aymanbagabas)
- aa15af5: fix: tidy notify os interrupt signals (@aymanbagabas)
- 7b97817: fix: unquote git quoted filenames (@aymanbagabas)
- 920e4a7: fix: use lipgloss renderers (@aymanbagabas)
- bb59bee: fix: use the latest git-lfs-transfer and update implementation (@aymanbagabas)
Dependency updates
- cd964a6: feat(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (@dependabot[bot])
- 45ce909: feat(deps): bump github.com/golang-jwt/jwt/v5 from 5.1.0 to 5.2.0 (#437) (@dependabot[bot])
- e064c39: feat(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (@dependabot[bot])
- dbe42e3: feat(deps): bump github.com/prometheus/client_golang (@dependabot[bot])
- 3e75d86: feat(deps): bump github.com/rogpeppe/go-internal (@dependabot[bot])
- 538de6a: feat(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (@dependabot[bot])
- 3d02df4: feat(deps): bump golang.org/x/crypto from 0.17.0 to 0.18.0 (@dependabot[bot])
- d1d7d7f: feat(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 (@dependabot[bot])
- afeae6c: feat(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (@dependabot[bot])
Documentation updates
- 87d61a3: docs(README): add Windows install instruction for Winget (#304) (@kbdharun)
- 83495e2: docs: add CLI instructions for mirrors to README (#543) (@rubenhoenle)
- 876db8d: docs: correct spelling of read-only (@mkirl)
- 11c0bc5: docs: update readme root.go to main.go (#478) (@pratikkuikel)
Other work
- bba9b26: Correct make repo private command in README.md (#515) (@troylusty)
- 15d661f: Create CODEOWNERS (@maaslalani)
- 6ddae64: Simplify installation with brew (#534) (@skatkov)
- b5f5721: build: fix golanci-lint configs (@caarlos0)
- b4da757: ci: sign & notarize macos binaries (#537) (@caarlos0)
- ca7c2bb: docs(docker README): Update docker file with SOFT_SERVE_INITIAL_ADMIN_KEYS env variable for both docker and compose examples (@CRBroughton)
- 4daebdd: sec: do not append session envs to git run (#544) (@caarlos0)
Verifying the artifacts
First, download the checksums.txt file, for example, with wget:
wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.5/checksums.txt'Then, verify it using cosign:
cosign verify-blob \
--certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--cert 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.5/checksums.txt.pem' \
--signature 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.5/checksums.txt.sig' \
./checksums.txtIf the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:
sha256sum --ignore-missing -c checksums.txtDone! You artifacts are now verified!
Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.