Skip to content

v1.0.0

Latest

Choose a tag to compare

@github-actions github-actions released this 30 Jun 19:26
v1.0.0
b63b8be

1.0 — first stable release. Promotes 0.10.0-rc.1 to GA with no
functional changes
— the same bits, validated across a wide range of AWS
tests, re-tagged 1.0.0.

Highlights since the beta line. AWS passwordless onboarding validated
end-to-end across all four credential methodspassword,
secret_store (AWS Secrets Manager), secret_store (AWS SSM Parameter
Store), and aws_rds_iam; runnable AWS / Azure / GCP onboarding templates;
least-privilege owner-only collector degradation (pg_statistic_ext_data
collectors skip rather than fail under a pg_monitor role); CI-validated
Terraform modules; and a live-validated AWS aws_rds_iam deploy path
(operator-gated smoke).

Scope. GA support is the AWS deploy paths. The Azure (azure_entra)
and GCP (gcp_cloudsql_iam) templates are runnable and unit/integration-
tested; end-to-end live validation is in progress and tracked for 1.1.

Upgrade. No config or behavior changes from 0.10.0-rc.1. Pin the
1.0.0 image / chart.


Supply chain

  • Images (same manifest digest in both registries):
    • GHCR: ghcr.io/elevarq/signals:1.0.0
    • Docker Hub: elevarq/signals:1.0.0 (when configured)
  • Digest: sha256:a918ff8fa4ca24828d6807659fdf62ead3b077deb2cb1d5efcce5598082f5e5d
  • Architectures: linux/amd64, linux/arm64
  • Cosign-signed in both registries (keyless, GitHub OIDC)
  • SBOM attached as OCI attestation and as sbom.spdx.json release asset
  • SLSA build provenance attestation (mode=max)

Quick signature verification (GHCR):

cosign verify ghcr.io/elevarq/signals:1.0.0   --certificate-identity-regexp='github.com/Elevarq/(Signals|signals)/.github/workflows/release.yml@'   --certificate-oidc-issuer='https://token.actions.githubusercontent.com'

Same command works against elevarq/signals:1.0.0 — the certificate identity is bound to the workflow, not the registry.

Full verification checklist (manifest, SBOM, provenance, Trivy):
docs/release-verification.md