Skip to content

Releases: zarf-dev/zarf

v0.49.0

20 Feb 17:28
v0.49.0
14f090a
Compare
Choose a tag to compare

This release includes a number of project adjustments as well as fixes.

Breaking Changes

  • Configuration file formats other than yaml and toml are being deprecated
    • See Proposed ZEP-0015 for background on limitations driving this decision
  • zarf connect default execution has a UX change
    • The --cli-only flag has been removed - this behavior is now the default
    • Browsers can be automatically opened with the command using the --open flag

The update to zarf connect is with consideration of zarf behaviors defaulting to fully-encapsulated execution. As a general principle we want zarf to have minimal dependency on external/system tooling by default.

What's Changed

🚀 Updates

📦 Dependencies

  • chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.9.0 to 1.10.0 by @dependabot in #3458
  • chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in #3484
  • chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 in the golang group across 1 directory by @dependabot in #3485
  • chore(deps): bump golangci/golangci-lint-action from 6.3.0 to 6.3.1 by @dependabot in #3483
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.17 to 1.15.19 by @dependabot in #3486
  • chore(deps): bump aws-actions/configure-aws-credentials from 4.0.3 to 4.1.0 by @dependabot in #3488
  • chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.3.2 by @dependabot in #3489
  • chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 by @dependabot in #3490
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.19 to 1.15.20 by @dependabot in #3492
  • chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0-rc.3 by @dependabot in #3491
  • chore(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.1 by @dependabot in #3498
  • chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3503
  • chore(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.4.0 by @dependabot in #3506
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.20 to 1.15.22 by @dependabot in #3497
  • chore(deps): bump github.com/fluxcd/source-controller/api from 1.4.1 to 1.5.0 by @dependabot in #3505
  • chore(deps): bump the cosign-providers group across 1 directory with 3 updates by @dependabot in #3504
  • chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in #3512
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.1 to 0.20.2 by @dependabot in #3509
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23 by @dependabot in #3510
  • chore(deps): bump github.com/derailed/k9s from 0.32.7 to 0.40.3 by @dependabot in #3513
  • chore(deps): bump actions/create-github-app-token from 1.11.3 to 1.11.5 by @dependabot in #3507
  • chore(deps): bump golangci/golangci-lint-action from 6.4.0 to 6.5.0 by @dependabot in #3508

Full Changelog: v0.48.1...v0.49.0

v0.48.1

06 Feb 18:00
v0.48.1
c552d62
Compare
Choose a tag to compare

What's Changed

🚀 Updates

  • feat: error when building a package with zero components by @AustinAbro321 in #3403
  • chore(deps): group golang dependencies in dependabot by @AustinAbro321 in #3471
  • test: delete e2e test for examples/package-flavors by @AustinAbro321 in #3463
  • fix: avoid error when building package importing skeleton with remote components by @AustinAbro321 in #3470
  • fix: avoid incorrect cyclic error when two packages import each other on separate component chains by @AustinAbro321 in #3460

📦 Dependencies

  • chore(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 by @dependabot in #3450
  • chore(deps): bump github/codeql-action from 3.28.6 to 3.28.8 by @dependabot in #3451
  • chore(deps): bump actions/create-github-app-token from 1.11.1 to 1.11.2 by @dependabot in #3456
  • chore(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 by @dependabot in #3465
  • chore(deps): bump actions/create-github-app-token from 1.11.2 to 1.11.3 by @dependabot in #3467
  • chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot in #3466
  • chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 by @dependabot in #3468
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.15 to 1.15.17 by @dependabot in #3462

Full Changelog: v0.48.0...v0.48.1

v0.48.0

30 Jan 22:19
v0.48.0
345abaa
Compare
Choose a tag to compare

What's Changed

🚀 Updates

📦 Dependencies

  • chore(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 by @dependabot in #3431
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.0 to 0.20.1 by @dependabot in #3429
  • chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 by @dependabot in #3430
  • chore(deps): bump codecov/codecov-action from 5.3.0 to 5.3.1 by @dependabot in #3437
  • chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 by @dependabot in #3438
  • chore(deps): bump actions/setup-node from 4.1.0 to 4.2.0 by @dependabot in #3441
  • chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6 by @dependabot in #3442
  • chore(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.0.3 by @dependabot in #3443
  • chore(deps): bump github.com/agnivade/levenshtein from 1.2.0 to 1.2.1 by @dependabot in #3447

Full Changelog: v0.47.0...v0.48.0

v0.47.0

23 Jan 22:26
v0.47.0
2cbd0f1
Compare
Choose a tag to compare

Highlights:

Breaking

  • Zarf's Commands have been unexported in favor of cmd.NewZarfCommand() for users embedding Zarf in their CLI applications.

UX

  • The logging overhaul is out of beta and now fully released. --log-format="legacy" will be available for at least the next two minor releases for a smooth upgrade path.
  • zarf package create's build scroll has been simplified and Yaml inspection has been migrated to a first class command zarf dev inspect {definition} (dev inspect feature requests welcome!).

What's Changed

  • chore(deps): bump the cosign-providers group across 1 directory with 4 updates by @dependabot in #3390
  • chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #3391
  • chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot in #3395
  • chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by @dependabot in #3394
  • chore(deps): bump github.com/mikefarah/yq/v4 from 4.44.6 to 4.45.1 by @dependabot in #3393
  • refactor: normal creator by @phillebaba in #3114
  • fix: remove empty directory in package tars by @AustinAbro321 in #3396
  • chore(deps): bump sigs.k8s.io/kustomize/api from 0.18.0 to 0.19.0 by @dependabot in #3405
  • chore(deps): bump helm.sh/helm/v3 from 3.16.4 to 3.17.0 by @dependabot in #3407
  • chore(deps): bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3 by @dependabot in #3406
  • chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3409
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.13 to 1.15.14 by @dependabot in #3410
  • chore(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by @dependabot in #3412
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.0 by @dependabot in #3411
  • feat: respect user's docker context endpoint during image pull by @AustinAbro321 in #3401
  • chore(deps): bump github.com/moby/moby from 27.4.1+incompatible to 27.5.0+incompatible by @dependabot in #3402
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.14 to 1.15.15 by @dependabot in #3414
  • chore(deps): bump github.com/anchore/stereoscope from 0.0.12 to 0.0.13 by @dependabot in #3419
  • chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot in #3418
  • chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2 by @dependabot in #3417
  • feat: default to new logging format by @AustinAbro321 in #3397
  • chore: unexport cmd functions besides NewZarfCommand by @AustinAbro321 in #3421
  • chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3 by @dependabot in #3427
  • chore(deps): bump github.com/docker/cli from 27.5.0+incompatible to 27.5.1+incompatible by @dependabot in #3425
  • chore(deps): bump codecov/codecov-action from 5.1.2 to 5.2.0 by @dependabot in #3426
  • chore(deps): bump github.com/anchore/syft from 1.18.1 to 1.19.0 by @dependabot in #3424
  • feat: dev inspect definition by @AustinAbro321 in #3413
  • chore(deps): bump github.com/moby/moby from 27.5.0+incompatible to 27.5.1+incompatible by @dependabot in #3423
  • chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 by @dependabot in #3422
  • fix: transform set variables to uppercase in dev inspect definition by @AustinAbro321 in #3428

Full Changelog: v0.46.0...v0.47.0

v0.46.0

09 Jan 21:58
v0.46.0
2d5d063
Compare
Choose a tag to compare

What's Changed

  • feat: print warnings before confirm with slogger by @AustinAbro321 in #3325
  • chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9 by @dependabot in #3326
  • chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.8.0 to 1.9.0 by @dependabot in #3328
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.8 to 1.15.9 by @dependabot in #3329
  • chore(deps): bump the k8s group across 1 directory with 3 updates by @dependabot in #3330
  • test: change e2e tests to use new log format by @AustinAbro321 in #3318
  • chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.10 to 1.8.11 by @dependabot in #3331
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.9 to 1.15.10 by @dependabot in #3332
  • test: move lint e2e test to unit test by @AustinAbro321 in #3334
  • refactor: Create structs for each command to better isolate commands by @soltysh in #3322
  • chore(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by @dependabot in #3336
  • chore(deps): bump github.com/anchore/syft from 1.18.0 to 1.18.1 by @dependabot in #3337
  • chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.10 to 1.8.11 by @dependabot in #3333
  • chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.10 to 1.8.11 by @dependabot in #3344
  • refactor: Create structs for each tools command to better isolate commands - cont'd by @soltysh in #3340
  • chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #3343
  • fix: check public key for signed packages during zarf package pull by @AustinAbro321 in #3347
  • fix: allow non-interactive package publish with signing key by @AustinAbro321 in #3348
  • chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.10 to 1.8.11 by @dependabot in #3345
  • chore(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 by @dependabot in #3350
  • chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.2 by @dependabot in #3353
  • fix: include key in nightly e2e pull from ecr test by @AustinAbro321 in #3351
  • chore(deps): bump github.com/moby/moby from 27.4.0+incompatible to 27.4.1+incompatible by @dependabot in #3355
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.10 to 1.15.11 by @dependabot in #3354
  • refactor: Create structs for each tools command to better isolate commands - cont'd by @soltysh in #3357
  • chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #3360
  • chore(deps): bump actions/create-github-app-token from 1.11.0 to 1.11.1 by @dependabot in #3359
  • chore: group cosign providers dependabot updates by @AustinAbro321 in #3352
  • chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 by @dependabot in #3363
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.11 to 1.15.13 by @dependabot in #3361
  • chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.20.3 to 5.21.1 by @dependabot in #3369
  • chore(deps): bump golang.org/x/term from 0.27.0 to 0.28.0 by @dependabot in #3370
  • docs: remove order and post hook templating by @AustinAbro321 in #3338
  • chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.1 by @dependabot in #3368
  • chore(deps): bump astro from 4.16.10 to 4.16.18 in /site by @dependabot in #3371
  • chore: update hack/schema go mod and add ci check by @AustinAbro321 in #3372
  • chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /site by @dependabot in #3373
  • chore: add stalebot by @schristoff in #3375
  • chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0 by @dependabot in #3379
  • chore(deps): bump github.com/otiai10/copy from 1.14.0 to 1.14.1 by @dependabot in #3377
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4 by @dependabot in #3385
  • Add support for import chains in packager2 by @phillebaba in #3381
  • fix: print image list without package yaml when using --image-list flag with inspect by @AustinAbro321 in #3384
  • chore: multi directory gomod dependabot by @AustinAbro321 in #3386
  • Revert "chore: add stalebot" by @schristoff in #3383
  • fix: properly delete invalid layers during image pull by @AustinAbro321 in #3358
  • chore(deps): bump github.com/invopop/jsonschema from 0.12.0 to 0.13.0 by @dependabot in #3378
  • chore(deps): bump github.com/anchore/stereoscope from 0.0.11 to 0.0.12 by @dependabot in #3388
  • fix: avoid erroring when $HOME is not defined by @AustinAbro321 in #3389

Full Changelog: v0.45.0...v0.46.0

v0.45.0

12 Dec 21:05
v0.45.0
7af3336
Compare
Choose a tag to compare

What's Changed

  • docs: image crc32 hash mutation by @AustinAbro321 in #3295
  • chore(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 by @dependabot in #3298
  • chore(deps): bump github.com/mikefarah/yq/v4 from 4.44.5 to 4.44.6 by @dependabot in #3300
  • chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.6.1 to 1.7.0 by @dependabot in #3299
  • Fix API Version for Flux resource in docs by @phillebaba in #3301
  • chore(deps): bump github.com/goccy/go-yaml from 1.15.6 to 1.15.8 by @dependabot in #3302
  • fix: passing context into packager by @AustinAbro321 in #3303
  • chore(deps): bump github.com/anchore/syft from 1.17.0 to 1.18.0 by @dependabot in #3308
  • chore(deps): bump github.com/moby/moby from 27.3.1+incompatible to 27.4.0+incompatible by @dependabot in #3309
  • feat: apply --no-color to dev and console logging option, remove console-no-color by @AustinAbro321 in #3312
  • chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7 by @dependabot in #3316
  • chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.7.0 to 1.8.0 by @dependabot in #3315
  • fix: truncate agent pod annotation so scheduler doesn't fail when annoation limit is exceeded by @AustinAbro321 in #3314
  • chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #3320
  • chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 by @dependabot in #3323
  • feat: add metadata.annotations to package schema by @AustinAbro321 in #3319

Full Changelog: v0.44.0...v0.45.0

v0.44.0

05 Dec 21:56
v0.44.0
c979349
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.43.1...v0.44.0

v0.43.1

18 Nov 20:35
v0.43.1
86c49d1
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.43.0...v0.43.1

v0.43.0

14 Nov 20:02
5943cea
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.42.2...v0.43.0

What's Changed

Full Changelog: v0.42.2...v0.43.0

v0.42.2

07 Nov 17:38
v0.42.2
4a2ef14
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.42.1...v0.42.2