Highlights
This release fixes Docker Compose job naming so it actually works as documented, adds a real end-to-end test harness that runs the compiled binary, and ships a Go 1.26.2 build with stdlib security patches.
🚨 Breaking: Docker Compose job naming
If you reference jobs across containers in a Compose stack, the documented Cross-Container Job References (Docker Compose) feature is now functional for the first time. Ofelia previously stripped the com.docker.compose.service label before it reached the naming code, so jobs ended up with their fallback names instead of the documented Compose service names.
After upgrading, jobs in Compose setups may appear under different names — those documented in docs/CONFIGURATION.md. Configurations that worked around the bug by referencing the old (incorrect) names need to be updated. (#597)
End-to-end testing
The test suite gains a subprocess-based harness that runs the actual compiled ofelia binary and exercises real schedules, real Alpine containers via Docker, the validate command, and graceful shutdown on SIGTERM/SIGINT. This catches integration regressions that unit tests miss. (#581)
Security
- Go bumped to 1.26.2 for stdlib security fixes (#557)
Other improvements
log-level=...errors now list every accepted level instead of a generic "invalid value" message (#599)make lintworks again —golangci-lintis now installed via the v2 module path (#600).envrchooks detection works correctly inside git worktrees (#598).gitignore/ofeliapattern is anchored so it cannot shadow source files (#574)- Stabilized flaky tests for scheduler shutdown, retry backoff, and rate limiter (#582, #601)
Build & supply chain
The release pipeline migrated to the unified netresearch/.github reusable workflow (#566, #587), with auto-merge moved to an org-level reusable workflow (#567) and the standalone integration.yml retired in favor of go-check (#579). Checksum signing now uses cosign --bundle (#547).
Dependencies
Routine dependency bumps: github.com/netresearch/go-cron 0.13.1 → 0.14.0, github.com/docker/cli 29.3.0 → 29.4.0, github.com/docker/go-connections 0.6.0 → 0.7.0, github.com/go-viper/mapstructure/v2 2.4.0 → 2.5.0, golang.org/x/{crypto,term,text} updates, OpenTelemetry exporter 1.42 → 1.43, Alpine base image refresh, GitHub Actions group bumps.
Thanks
Special thanks to @smitsyn for diagnosing and fixing the Compose label filtering issue (#597) — a long-standing gap between the documentation and the actual behavior.
Container image
ghcr.io/netresearch/ofelia:0.24.0
ghcr.io/netresearch/ofelia:0.24
ghcr.io/netresearch/ofelia:0
Verify your download
Per-asset signatures are bundled. Verify any single file:
cosign verify-blob \
--bundle ofelia-linux-amd64.bundle \
--certificate-identity-regexp "https://github.com/netresearch/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ofelia-linux-amd64Verify checksums against the signed manifest:
cosign verify-blob \
--bundle checksums.txt.bundle \
--certificate-identity-regexp "https://github.com/netresearch/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
checksums.txt
sha256sum -c checksums.txt --ignore-missingVerify build provenance:
gh attestation verify <artifact> --repo netresearch/ofeliaVerify container image:
cosign verify ghcr.io/netresearch/ofelia:0.24.0 \
--certificate-identity-regexp "https://github.com/netresearch/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
gh attestation verify oci://ghcr.io/netresearch/ofelia:0.24.0 --repo netresearch/ofeliaFull changelog: v0.23.1...v0.24.0