Skip to content

ChartMuseum v0.16.0
Compare
Choose a tag to compare
@jdolitsky jdolitsky released this 14 Jun 23:20
· 32 commits to main since this release
v0.16.0
31cd02b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

v0.16.0

ChartMuseum v0.16.0 is a feature release. This release, we focused on . Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for discussing PRs, code, bugs, or just to hang out
  • Hang out at the Helm Public Developer Call: Thursday, 9:30 Pacific via Zoom

Installation and Upgrading

Download ChartMuseum v0.16.0. The common platform binaries are here:

You can download the SBOM for this release in SPDX format here.

You can use a script to install on any system with bash.

What's Next

  • 0.16.1 will contain only bug fixes.
  • 0.17.0 is the next feature release.

Software Bill of Materials (SBOM)

You can download the SBOM for this release in SPDX format here. You can use bom to inspect the contents:

curl -sL -o sbom.spdx https://get.helm.sh/chartmuseum-v0.16.0.spdx
bom document outline sbom.spdx

The SBOM has also been uploaded to the registry alongside the image, and can be fetched using cosign:

cosign download sbom ghcr.io/helm/chartmuseum:v0.16.0 --output-file=sbom.spdx
bom document outline sbom.spdx

Digital Signatures

In this release, we have integrated with the sigstore project to produce digital signatures of container images.

To verify these signatures, you can use cosign.

Verify the container image:

cosign verify ghcr.io/helm/chartmuseum:v0.16.0 \
  --certificate-identity=https://github.com/helm/chartmuseum/.github/workflows/build.yml@refs/tags/v0.16.0 \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com | jq

Since the install script has used gpg in the past, signatures in this format have also been added (see .asc files attached to release). These were created with E97F 9DA5 AE2E 39CF 48A1 42B7 852A 7470 A39F B81D (@jdolitsky's GPG key) which can be found here and here.

Changelog

  • build(deps): bump github.com/urfave/cli from 1.22.13 to 1.22.14 (#695) 31cd02b (dependabot[bot])
  • Update various dependencies, prep for 0.16.0 release (#693) 34c66b7 (Josh Dolitsky)
  • chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#692) 6c0976f (Eng Zer Jun)
  • build(deps): bump github.com/docker/distribution (#684) dab05fc (dependabot[bot])
  • build(deps): bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#690) 95e4555 (dependabot[bot])
  • replace io/ioutil package with os package (#685) a238f4a (smoky)
  • build(deps): bump flask from 2.2.2 to 2.3.2 in /loadtesting (#681) 72bdd1e (dependabot[bot])
  • build(deps): bump helm.sh/helm/v3 from 3.11.2 to 3.11.3 (#679) 95e8f78 (dependabot[bot])
  • build(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#661) a02769a (dependabot[bot])
  • build(deps): bump github.com/urfave/cli from 1.22.10 to 1.22.12 (#662) 00017d3 (dependabot[bot])
  • build(deps): bump github.com/gin-gonic/gin from 1.8.1 to 1.9.0 (#668) 7370316 (dependabot[bot])
  • build(deps): bump helm.sh/helm/v3 from 3.10.3 to 3.11.2 (#671) b6cc2fc (dependabot[bot])
  • build(deps): bump golang.org/x/net (#669) 02aa766 (dependabot[bot])
  • fix: update URLs in k8s mirror script (#667) cff7886 (Syoc)
  • ci: pin buildx version (#664) 61fbe13 (Casey Buto)
  • feat: Remove NetEase object storage provider (#656) 5d9b509 (Casey Buto)
  • build(deps): bump helm.sh/helm/v3 from 3.10.2 to 3.10.3 (#649) f104113 (dependabot[bot])
  • build(deps): bump certifi from 2021.10.8 to 2022.12.7 in /loadtesting (#648) 7eed227 (dependabot[bot])
  • build(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 (#645) a85dc18 (dependabot[bot])
  • build(deps): bump github.com/gofrs/uuid (#637) b319ac8 (dependabot[bot])
  • build(deps): bump helm.sh/helm/v3 from 3.10.1 to 3.10.2 (#641) 0e999eb (dependabot[bot])
  • action: fix cosign invalid key 4803da2 (scbizu)
  • makefile: replace go get to go install 6363e95 (scbizu)
  • build(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#639) f1789fd (dependabot[bot])
  • build(deps): bump github.com/prometheus/client_golang (#640) 05549fc (dependabot[bot])
  • mod: bump go to 1.19 and bump helm dependency (#634) a3629ef (Nace Sc)
  • Added HEAD route for index.yaml (#630) 09dfc9c (Skiepp)
  • Feat/add-golang-lint (#623) 3b0f27a (Obinna Odirionye)
  • build(deps): bump github.com/urfave/cli from 1.22.9 to 1.22.10 (#614) 7866801 (dependabot[bot])
  • build(deps): bump github.com/gofrs/uuid (#619) 240627c (dependabot[bot])
  • build(deps): bump github.com/chartmuseum/storage from 0.12.4 to 0.12.5 (#621) ed37db2 (dependabot[bot])
  • build(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 (#616) bfe3f29 (dependabot[bot])
  • build(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#613) 830ac24 (dependabot[bot])
  • build(deps): bump helm.sh/helm/v3 from 3.9.2 to 3.9.3 (#610) 64cde31 (dependabot[bot])
  • build(deps): bump go.uber.org/zap from 1.21.0 to 1.22.0 (#609) 727e919 (dependabot[bot])
  • build(deps): bump github.com/prometheus/client_golang (#608) d0d4d53 (dependabot[bot])
  • pkg/chartmuseum,cmd: introduce the new keep-chart-always-up-to-date flag and the default cache interval when not set. (#593) 3ae6ed2 (Nace Sc)
  • build(deps): bump helm.sh/helm/v3 from 3.9.1 to 3.9.2 (#606) 1ae6981 (dependabot[bot])
  • build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#605) a6eb57e (dependabot[bot])
  • build(deps): bump helm.sh/helm/v3 from 3.9.0 to 3.9.1 (#602) ebbc7f0 (dependabot[bot])
  • build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0 (#600) a50d99d (dependabot[bot])
  • build: bump cosign to v1.9.0 (#601) 2e385ae (Casey Buto)

Contributors

jdolitsky
Assets 24