notaryproject/ratify v1.0.0-rc.5

on GitHub

New Features

• Introducing support for TLS Certificate Management
  • Adds a custom configuration fetcher for TLS config so that every new TLS connection reads the cert files from disk. You can learn more here and here.
  • Adopt the cert-controller used in Gatekeeper which checks the validation of certificates every 12 hours and generates a new certificate.
  • Design doc is here.
• Update Go to 1.20 to use coverage profiling for integration tests.
  • Helps to report coverage for integration tests. You can find more here.
• Improved error messages from Certificate Store CRD
  • Shortens out the error message to Certificate Store Status. You can learn more here.
• Introduce ability to build external plugins conditionally
  • Updates the dockerfile and tests to be able to select which external plugins to be built. You can find out more here.

Documentation

• docs: update CRD version to v1beta1 by @binbin-li in #844

Tests

CLI

• Verifier Scenarios
  • Notation v2
  • Cosign
    • Keyed
    • Keyless
  • SBOM
  • License Checker
  • JSON Schema Validation
  • All verifier types in one
• Dynamic OCI Plugins
  • Verifier Plugin
  • Store Plugin
• OCI 1.0 spec compatability test

Kubernetes

• Verifier Scenarios
  • Notation v2
  • Cosign
  • SBOM
  • License Checker
  • JSON Schema Validation
  • All verifier types in one
• ORAS Store Authentication Providers
  • Docker
  • Kubernetes Secrets
  • Azure Workload Identity
  • Azure Managed Identity
• Certificate Store Providers
  • Inline Certificate
  • Azure Key Vault Certificate
• Mutation Provider
• Dynamic OCI Plugins
  • Verifier Plugin
• CertifacteProvider CRD Status
• TLS Certificate
  • TLS Certificate Watcher
  • TLS Certificate Rotation

Bug Fixes

• fix: fix go version in build-pr.yml by @binbin-li in #842
• fix: switch to working version of sbom-tool by @binbin-li in #873
• fix: update Azure build steps by @akashsinghal in #882
• fix: update go releaser to use quoted go version by @akashsinghal in #891

Changelog

• chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.13.22 to 1.13.24 by @dependabot in #826
• chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.18.23 to 1.18.25 by @dependabot in #828
• chore: Bump github.com/docker/cli from 23.0.5+incompatible to 23.0.6+incompatible by @dependabot in #827
• chore: Bump codecov/codecov-action from 3.1.3 to 3.1.4 by @dependabot in #830
• chore: Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #829
• chore: bump rekor to 1.1, cosign to 2.0, msal-go to 1.0 by @dependabot in #812
• chore: bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #832
• feat: upgrade go to 1.20 to use coverage profiling for integration tests. by @binbin-li in #833
• chore: bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #841
• chore: bump k8s.io/apimachinery from 0.26.1 to 0.26.5 by @dependabot in #840
• chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by @dependabot in #839
• chore: bump google.golang.org/grpc from 1.54.0 to 1.54.1 by @dependabot in #838
• chore: bump codecov/codecov-action from 3.1.3 to 3.1.4 by @dependabot in #837
• fix: fix go version in build-pr.yml by @binbin-li in #842
• docs: update CRD version to v1beta1 by @binbin-li in #844
• chore: bump github/codeql-action from 2.3.3 to 2.3.4 by @dependabot in #847
• chore: bump github/codeql-action from 2.3.4 to 2.3.5 by @dependabot in #849
• feat: support tls cert rotation by @akashsinghal in #831
• feat: add brief err to CertificateStore CRD by @binbin-li in #846
• chore: bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 by @dependabot in #850
• chore: bump github.com/notaryproject/notation-core-go from 1.0.0-rc.3 to 1.0.0-rc.4 by @dependabot in #853
• chore: bump k8s.io/client-go from 0.25.4 to 0.25.10 by @dependabot in #852
• chore: bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 by @dependabot in #854
• chore: bump k8s.io/api from 0.26.1 to 0.26.5 by @dependabot in #851
• test: testscript change echo file to printf by @fseldow in #859
• chore: bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in #862
• chore: bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #867
• chore: bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #866
• build: build external plugins conditionally by @binbin-li in #860
• chore: bump github.com/notaryproject/notation-go from 1.0.0-rc.4 to 1.0.0-rc.6 by @dependabot in #864
• chore: bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #868
• test: switch to splitted bats test by @binbin-li in #870
• fix: switch to working version of sbom-tool by @binbin-li in #873
• chore: bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #879
• chore: bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in #878
• chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.6.0 to 1.6.1 by @dependabot in #877
• chore: bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 by @dependabot in #876
• chore: bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #872
• chore: bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #880
• chore: bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #881
• fix: update Azure build steps by @akashsinghal in #882
• feat: add cert rotator by @binbin-li in #869
• fix: Azure workload identity fails to refresh token by @susanshi in #883
• test: move cert rotator to plugin test since it will deploy image with plugins by @fseldow in #888
• chore: update chart for v1.0.0-rc.5 by @akashsinghal in #890
• fix: update go releaser to use quoted go version by @akashsinghal in #891

Full Changelog: v1.0.0-rc.4...v1.0.0-rc.5