Skip to content

v0.3.0

Choose a tag to compare

View all tags
@miki725 miki725 released this 18 Jan 13:32
· 369 commits to main since this release
v0.3.0
bbe9915
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Download binaries at https://crashoverride.com/downloads

Breaking Changes

  • _OP_CLOUD_METADATA is now a JSON object vs a string containing JSON data. In addition cloud metadata is now
    nested to allow to include more metadata about running cloud instances (#112).

  • The signing key backup service has been completely overhauled and no longer uses the OIDC Device Code Flow to authenticate to the API. Instead a pre-generated API access token is passed in chalk profile and that value is used as the bearer token. The setup command still generates keys for signing but will no longer prompt with a QR code to authenticate to the API.

  • As a result of the above the login and logout commands have been removed.

  • A number of signing key backup related configuration values and variables have had their names changed to be more descriptive:

    • CHALK_API_KEY -> CHALK_DATA_API_KEY
    • use_secret_manager -> use_signing_key_backup_service
    • secret_manager_url -> signing_key_backup_service_url
    • secret_manager_timeout -> signing_key_backup_service_timeout

New Features

  • Added support for git context for docker build commands (#86).

  • Added new git metadata fields about:

    • authored commit
    • committer
    • tag

    See #86 and #89.

  • Improved pretty printing for various commands (#99).

  • Added github_json_group for printing chalk marks in GitHub Actions (#86).

  • Added presign sink to allow uploads to S3 without hard-coded credentials in the chalk configuration (#103).

  • Added JWT/Basic auth authentication options to sinks (#111).

  • Added docker.wrap_cmd to allow to customize whether CMD should be wrapped when ENTRYPOINT is missing
    in Dockerfile (#112).

  • Added minimal AWS lambda metadata collection. It includes only basic information about lambda function
    such as its ARN and its runtime environment (#112).

  • Added experimental support for detection of technologies used at chalk and runtime (programming languages, databases, servers, etc.) (#128).

Fixes

  • Fixed docker version comparison checks; as a result buildx is correctly detected now for >=0.10 (#86).
  • Subprocess command output was not reliable being captured (#93).
  • Fixed automatic installation of semgrep when SAST is enabled (#94).
  • Ensured chalk executable has correct permissions. Otherwise reading embedded configuration would fail in some cases (#104).
  • Pushing all tags during docker build --push -t one -t two ... (#110).
  • Sending _ACTION_ID during push command (#116).
  • All component parameters are saved in the chalk mark (#126).
  • Gracefully handling permission issues when chalk is running as non-existing user. This is most common in lambda
    which runs as user 993 (#112).
  • CMD wrapping supports wrapping shell scripts, for example CMD set -x && echo hello (#132).

Known Issues

  • If a docker base image has ENTRYPOINT defined, docker.wrap_cmd will break it as it overwrites its own ENTRYPOINT. A future release will correctly inspect all base images and wrap ENTRYPOINT correctly.

  • This release does not support:

    • macOS x86_64
    • Linux arm64

    We will add back support for these platforms in the future.

Commits since previous tag: v0.2.2...v0.3.0

Assets 2
Loading