zarf-dev/zarf v0.77.0-rc1

on GitHub

What's Changed

🚀 Updates

• chore(ci): bump action dependencies and pin versions by @brandtkeller in #4904
• chore(deps): limit dependencies in favor of built-ins or core libs by @soltysh in #4901
• chore(deps): bump golang.org/x/(crypto|net|sys) by @soltysh in #4924
• chore: remove [ALPHA] from features by @AustinAbro321 in #4916
• feat(sign): support for keyless signing and offline verification by @brandtkeller in #4891
• feat(find-images): 4509 include archives in find image by @chaospuppy in #4551
• ci(signing): add nightly check for trusted root updates by @brandtkeller in #4933
• feat(release): signed init packages by @brandtkeller in #4934
• feat!: allow pulling images by index sha by @AustinAbro321 in #4879
• fix(signing)!: resolve auth flow for CI environments by @brandtkeller in #4939
• feat(init): prefer injector image without imagePullSecrets by @AustinAbro321 in #4935

📦 Dependencies

• chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @dependabot[bot] in #4911
• chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 in the actions-organization group across 1 directory by @dependabot[bot] in #4910
• chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by @dependabot[bot] in #4930
• chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 by @dependabot[bot] in #4929
• chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in #4928
• chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in #4927
• chore(deps): bump docker/login-action from 4.1.0 to 4.2.0 by @dependabot[bot] in #4926

Full Changelog: v0.76.0...v0.77.0-rc1

Verifying Init Packages

The init packages in this release are signed with keyless Sigstore signing. Verify with:

amd64:

zarf package verify zarf-init-amd64-v0.77.0-rc1.tar.zst \
  --certificate-identity "https://github.com/zarf-dev/zarf/.github/workflows/release.yml@refs/tags/v0.77.0-rc1" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

arm64:

zarf package verify zarf-init-arm64-v0.77.0-rc1.tar.zst \
  --certificate-identity "https://github.com/zarf-dev/zarf/.github/workflows/release.yml@refs/tags/v0.77.0-rc1" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

See RELEASES.md for details.