New Features
- Support
notation login - Sign images with remote key stores that securely store the signing keys
- Verify signatures using Trust Store configured in Notation clients
- Sign images and verify signatures with locally stored test keys/certificates for demonstration use only
- Setup Trust Store with the new directory-based structure
- Configure Trust Policy as a JSON document. Support for registry scope and signature verification levels to customize the behavior during verification
- Store signatures in registries compliant with the ORAS Artifacts Specification v1.0.0-RC.2
Bug Fixes
- Fix #189: wrong download URL
- Fix #264: hello-signing workflow with a self-generated certificate chain
- Fix #286: allow empty credentials to store config
Removed
- Remove docker-generate and docker-notation
Other Changes
- Migrate to codecov.io
- Add unit tests
- Add CodeQL security scanning
- Refactor: delete pkg/registry directory
Detail Commits
- Update readme for 0.9.0 release by @dtzar in #187
- bump to go 1.18 by @dtzar in #188
- fix mistaken download URL by @FeynmanZhou in #189
- use notation-core-go crypto utils by @rgnote in #180
- Add issues to project action by @dtzar in #195
- Directory Structure Spec by @shizhMSFT in #175
- Run unit tests in Github workflow by @Wwwsylvia in #199
- Add CodeQL Security Scanning by @Wwwsylvia in #198
- Registry Authentication Spec by @shizhMSFT in #192
- refactor: delete pkg/registry directory by @binbin-li in #207
- Update workflow by @Wwwsylvia in #212
- Bump github.com/urfave/cli/v2 from 2.8.1 to 2.10.3 by @dependabot in #209
- Bump github.com/docker/cli from 20.10.14+incompatible to 20.10.17+incompatible by @dependabot in #200
- Baseline CLI reference for subsequent PRs on changes by @SteveLasker in #171
- Sorting commands for clarity #221 by @SteveLasker in #222
- notation login CLI by @SteveLasker in #223
- feat: bump up notation-go to the latest version by @binbin-li in #248
- Use cobra CLI for docker-generate command by @chloeyin in #250
- [Feature] support notation login by @binbin-li in #218
- test: Add unit tests for notation login by @binbin-li in #256
- use cobra for notation CLI by @chloeyin in #255
- Migrate to codecov.io by @junczhuMSFT in #266
- chore: bump up oras-go and notation-go by @binbin-li in #270
- remove docker-generate and docker-notation code by @chloeyin in #269
- Doc update README for codecov badge by @junczhuMSFT in #271
- Remove credential file from spec by @shizhMSFT in #262
- fixed the hello-signing workflow with self-generated certificate chain by @patrickzheng200 in #264
- Directory Structure Implementation by @JeyJeyGao in #265
- fix: allow empty credentials store config by @JeyJeyGao in #286
- add unit test for Notation CLI by @chloeyin in #274
- doc: add missing username/password options to commands by @binbin-li in #293
- bump up version to v0.10.0-alpha.3 by @yizha1 in #301
- fix: update notation-go by @JeyJeyGao in #294
- Build: Bump dependencies by @yizha1 in #306
New Contributors
- @FeynmanZhou made their first contribution in #189
- @rgnote made their first contribution in #180
- @binbin-li made their first contribution in #207
- @junczhuMSFT made their first contribution in #266
- @patrickzheng200 made their first contribution in #264
- @JeyJeyGao made their first contribution in #265
- @yizha1 made their first contribution in #301
Full Changelog: v0.9.0-alpha.1...v0.10.0-alpha.3