github robintra/perf-sentinel chart-v0.2.36
perf-sentinel chart v0.2.36

latest releases: chart-v0.9.4, v0.9.4, chart-v0.9.3...
one month ago

What's new in chart-v0.2.36

This is a metadata-only chart bump: appVersion advances from 0.7.0 to 0.7.1, the default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.7.1, and the artifacthub.io/changes annotation refreshes to surface the SLSA build provenance migration on Artifact Hub. No chart-level template diff, no values.yaml schema change, no new RBAC, no new optional ConfigMap or Secret, no .perf-sentinel.toml review needed. The chart-v0.2.35 surface is preserved byte-for-byte.

The 0.7.1 daemon image is a supply-chain maintenance release. It migrates the SLSA build provenance tooling from slsa-framework/slsa-github-generator@v2.1.0 (in de-facto maintenance since 2025-02-24, internal actions stuck on Node.js 20 while GitHub-hosted runners switch to Node 24 default on 2 June 2026) to GitHub-native actions/attest-build-provenance. Attestations now live on the GitHub attestations API instead of the previous release asset multiple.intoto.jsonl, the SLSA level claim moves from L2 to L3 (the new action produces a level-3 attestation by construction), and the verification recipe changes from slsa-verifier verify-artifact to gh attestation verify. Full release notes for the daemon at v0.7.1.

Breaking change for downstream CI pipelines verifying perf-sentinel binaries: a script that did curl ... multiple.intoto.jsonl && slsa-verifier verify-artifact --provenance-path multiple.intoto.jsonl ... no longer works on 0.7.1+ binaries. Migration recipe:

gh attestation verify perf-sentinel-linux-amd64 \
  --owner robintra \
  --repo perf-sentinel

Requires gh CLI 2.49+. The chart itself does not exercise gh attestation verify, so a chart-level helm upgrade is metadata-only on every side, but a downstream pipeline that consumes the perf-sentinel binary attestation must update its verification command before pulling the 0.7.1 image.

Changed

  • appVersion bumped from 0.7.0 to 0.7.1, default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.7.1.
  • artifacthub.io/changes annotation refreshed to surface the SLSA build provenance migration on Artifact Hub.
  • No chart-level config change. values.yaml, every template, the ServiceMonitor rendering, the NetworkPolicy rendering, the optional [daemon.ack] and [daemon.cors] plumbing, and the ack-toml-baseline mount are byte-for-byte identical to chart-v0.2.35.

Behavior

  • Daemon binary side: SLSA build provenance migrated from slsa-github-generator to actions/attest-build-provenance. Attestations stored in the GitHub attestations API, verifiable via gh attestation verify <binary> --owner robintra --repo perf-sentinel. The release no longer ships a multiple.intoto.jsonl asset.
  • Daemon binary side: SLSA level claim bumped from L2 to L3. Reflected in integrity.binary_attestation.slsa_level of any disclosure produced by the 0.7.1 binary.
  • Daemon binary side: verify-hash hint updated. The PARTIAL skip detail now suggests gh attestation verify instead of slsa-verifier verify-artifact. PARTIAL exit code (2) triggers on gh CLI absent instead of slsa-verifier absent.
  • No HTTP-shape change on the daemon side. Every /api/* route, every /metrics line, the OTLP HTTP and gRPC routes and every JSON shape are byte-for-byte identical to chart-v0.2.35 for already-clean inputs.
  • No upgrade hook required, no on-disk migration. The runtime ack store JSONL schema is unchanged. Existing acks survive the upgrade.

Install

helm install perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.36

Upgrade an existing release:

helm upgrade perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.36

The bump is metadata-only on the chart side, no .perf-sentinel.toml edit required, but a downstream pipeline that verifies perf-sentinel binaries through SLSA must replace slsa-verifier verify-artifact with gh attestation verify before the upgraded daemon image rolls out.

Full Changelog: chart-v0.2.35...chart-v0.2.36

Don't miss a new perf-sentinel release

NewReleases is sending notifications on new releases.