Skip to content

v0.17.1
Compare
Choose a tag to compare
@github-actions github-actions released this 05 Sep 21:36
· 296 commits to main since this release
v0.17.1
11de56b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Highlights

Federated downloads for attestations / pieces of evidence

cas-overview

As noted in this issue #326, downloading attestations or pieces of evidences from our Content Addressable Storage (CAS) had some limitations. A user could only download assets from their current organization and their default CAS backend.

This release fixes this issue by enabling storage federation across backends. In practice, this means that the system is smart enough to route download processes to the right backend (from any of your organizations), while still being addressed by their content digest.

Downloading any item stored in CAS is as simple as providing its content digest to the cp.chainloop.dev/download endpoint. For example, by clicking https://cp.chainloop.dev/download/sha256:f2c578be0f73ed18ca2d52ac38089dac12cdb43dfe20490c8ced1e39c6ddd937 Chainloop will dynamically find the right path to the stored attestation transparently 🪄

Public attestations / pieces of evidence (preview)

This release also includes a preview of our public sharing mechanism for attestations and pieces of evidence
#331. This allows operators to share links to attestations, SBOMs, binaries, VEX files, anything that has been collected as part of an attestation process for enhanced transparency.

The visibility property change is applied to the parent Workflow, which means that if a Workflow is public, any attestations and pieces of evidences associated to it will be public.

During this preview, changing the visibility can only be performed through the API (CLI changes to come)

grpcurl -H "authorization: Bearer $TOKEN" -d '{"id": "[WORKFLOW_ID]", "public": true }' cp.chainloop.dev:443 controlplane.v1.WorkflowService.ChangeVisibility

image

As an example, you can download the attestation of this actual release here

What's Changed

  • Bump Helm Chart Version => v0.16.2 by @github-actions in #324
  • feat(deployment): allow to configure TLS certificate for gRPC servers by @zaibon in #319
  • feat(controlplane) generate mapping for items in CAS by @migmartri in #327
  • feat(controlplane): store and show the digest in CAS of the attestation by @migmartri in #329
  • feat(controlplane): dynamic CAS backend selection during download by @migmartri in #328
  • feat(controlplane): public attestations/materials by @migmartri in #331
  • feat: show attestation digest in notifications by @migmartri in #332
  • feat: show digest during attestation by @migmartri in #333
  • Bump Helm Chart Version => v0.17.0 by @github-actions in #335
  • chore: bump Chainloop CLI version by @migmartri in #334
  • fix: show downloading message during redirect by @migmartri in #336
  • Revert "chore: bump Chainloop CLI version (#334)" by @migmartri in #337

See the attestation here

Full Changelog: v0.16.2...v0.17.1

Contributors

migmartri and zaibon
Assets 15