Soft Serve 0.8.0 puts you in control

This release contains new features and important bug fixes to different Soft Serve components. You now can services that you don't need as well as use a custom config path different from the data directory.

Toggle Server Componenets

Soft Serve runs 4 different services that listen to various ports to serve Git repositories and metadata over the network. It has an SSH server, HTTP server, Git TCP server, and a Prometheus stats server. They all start when you run soft serve! Now, you can disable unwanted components in your config file or via environment variables.

git:
  # Disable Git daemon TCP server
  enabled: false
stats:
  # Disable Promethues stats server
  enabled: false

Custom Config Path

Soft Serve defaults to reading your config.yaml from $SOFT_SERVE_DATA/config.yaml. Now, you can have a custom path for the config file using $SOFT_SERVE_CONFIG_LOCATION.

export SOFT_SERVE_CONFIG_LOCATION=$HOME/.soft-serve.yaml
soft serve

Changelog

New Features

c354d5f: feat: optionally pull config from a custom file (envvar), default to data path. (#557) (@fire833)
069db27: feat: support toggling servers on/off in configuration (#594) (#612) (@jaw)
0540b4d: feat: test framework supports turning off -race flag (#605) (@jaw)
446ec63: feat: update go.mod to use go 1.22 and toolchain go1.23.2 (@aymanbagabas)

Bug fixes

c78da07: fix(config): add SOFT_SERVE_CONFIG_LOCATION to Environ (@aymanbagabas)
00be796: fix(config): add default values for the enabled fields (@aymanbagabas)
7c45a99: fix(daemon): close listener only once (#615) (@aymanbagabas)
85b4625: fix: add missing arg length check to fix runtime panic (#568) (@christophershirk)
3aa71e0: fix: git daemon listens only when starting it (#607) (@jaw)
1de446f: fix: prevent enumeration of private repo (#614) (@kyokugirl)
a2cf786: fix: respect anon-access on ssh (@aymanbagabas)
5d5c55e: fix: test framework supports ensuring specific port is open (#606) (@jaw)
6658cf1: fix: update position constant in JoinHorizontal (#552) (@aditipatelpro)

Other work

950ef0c: Fix tui_session_seconds_total metric description (#602) (@jest)

Verifying the artifacts

First, download the checksums.txt file, for example, with wget:

wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.8.0/checksums.txt'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --cert 'https://github.com/charmbracelet/soft-serve/releases/download/v0.8.0/checksums.txt.pem' \
  --signature 'https://github.com/charmbracelet/soft-serve/releases/download/v0.8.0/checksums.txt.sig' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

charmbracelet/soft-serve v0.8.0 on GitHub