Skip to content

kollect 0.9.0

Latest

Choose a tag to compare

@github-actions github-actions released this 14 Jul 13:53

0.9.0 - 2026-07-14

Bug Fixes

  • docs: Correct OpenSSF Scorecard badge repo-name casing 4984cc7

Features

  • branding: Add favicon and social preview assets (#74)930a82b

  • pipeline: Sink credentials from env vars via ${env:VAR} secret placeholders 53b3d48

  • api: Per-sink-binding maxExportBytes override (merge feat/export-partitioning, AR-01/EC-P0-01 Option B) 37596e9

  • api: Per-sink-binding maxExportBytes override (AR-01/EC-P0-01 Phase C, Option B) 1d26bfc

Refactoring

  • sink: Extract event-sink secret->auth helper into secretkv 4f14450

Container image (operator)

ghcr.io/platformrelay/kollect:0.9.0

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/PlatformRelay/Kollect/.+' \
  ghcr.io/platformrelay/kollect@sha256:99f33015dede4e6be4e4d8b122021e204d5181ac4c282f8f6a6e0e28b26845c5

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/platformrelay/kollect-ui:0.9.0

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/PlatformRelay/Kollect/.+' \
  ghcr.io/platformrelay/kollect-ui@sha256:56b2cfa81bd3667c8dbb657f3f592504f855fc14d2b46763efb47cb859f9ad68

Container image (kollect-pipeline)

One-shot CI/CD collection CLI (ADR-0801) — collect inventory from a kubeconfig without installing
the operator. See the pipeline CLI guide.

ghcr.io/platformrelay/kollect-pipeline:0.9.0

Multi-arch (linux/amd64, linux/arm64), distroless static nonroot base. The git snapshot sink
uses the pure-Go go-git engine over HTTPS; git.engine: cli and file:// remotes are not supported
in this minimal image.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/PlatformRelay/Kollect/.+' \
  ghcr.io/platformrelay/kollect-pipeline@sha256:fe7799600540ca849b68d67fe5b7e0acb19823d55f83cfc6e61842488ffc4825

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/platformrelay/kollect \
  --version 0.9.0 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/platformrelay/kollect \
  --set image.tag=0.9.0 \
  --set ui.image.tag=0.9.0

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.9.0.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/platformrelay/kollect \
  --set image.tag=0.9.0 \
  --set ui.image.tag=0.9.0

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.