v0.6.0

What's Changed

• Bump k8s.io/apimachinery from 0.34.3 to 0.35.0 by @dependabot[bot] in #1172
• Bump google.golang.org/api from 0.257.0 to 0.258.0 by @dependabot[bot] in #1174
• Bump google.golang.org/grpc from 1.77.0 to 1.78.0 by @dependabot[bot] in #1175
• Bump google.golang.org/api from 0.258.0 to 0.259.0 by @dependabot[bot] in #1176
• Bump chainguard-dev/actions from 1.5.10 to 1.5.11 in the all group by @dependabot[bot] in #1178
• Bump chainguard.dev/sdk from 0.1.45 to 0.1.46 in the all group by @dependabot[bot] in #1177
• Bump github.com/chainguard-dev/terraform-infra-common from 0.9.7 to 0.10.0 by @dependabot[bot] in #1179
• Bump actions/setup-go from 6.1.0 to 6.2.0 in the all group by @dependabot[bot] in #1180
• bump tf-infra-common by @cpanato in #1184
• Bump google.golang.org/api from 0.259.0 to 0.260.0 by @dependabot[bot] in #1185
• Bump cloud.google.com/go/kms from 1.23.2 to 1.24.0 by @dependabot[bot] in #1187
• Bump chainguard.dev/sdk from 0.1.46 to 0.1.47 in the all group by @dependabot[bot] in #1186
• Bump chainguard-dev/actions from 1.5.11 to 1.5.12 in the all group by @dependabot[bot] in #1188
• Bump actions/checkout from 6.0.1 to 6.0.2 in the all group by @dependabot[bot] in #1191
• Bump google.golang.org/api from 0.260.0 to 0.262.0 by @dependabot[bot] in #1190
• Bump cloud.google.com/go/kms from 1.24.0 to 1.25.0 by @dependabot[bot] in #1189
• Bump chainguard.dev/sdk from 0.1.47 to 0.1.48 in the all group by @dependabot[bot] in #1192
• Bump the all group with 2 updates by @dependabot[bot] in #1193
• Bump reviewdog/action-actionlint from 1.69.1 to 1.70.0 in the all group by @dependabot[bot] in #1195
• Bump google.golang.org/api from 0.262.0 to 0.263.0 by @dependabot[bot] in #1194
• Bump docker/login-action from 3.6.0 to 3.7.0 in the all group by @dependabot[bot] in #1197
• Bump chainguard.dev/sdk from 0.1.48 to 0.1.49 in the all group by @dependabot[bot] in #1196
• Bump google.golang.org/api from 0.263.0 to 0.264.0 by @dependabot[bot] in #1198
• Bump chainguard.dev/sdk from 0.1.49 to 0.1.50 in the all group by @dependabot[bot] in #1201
• Bump google.golang.org/api from 0.264.0 to 0.265.0 by @dependabot[bot] in #1202
• Bump chainguard-dev/actions from 1.5.13 to 1.5.14 in the all group by @dependabot[bot] in #1199
• Bump chainguard-dev/actions from 1.5.14 to 1.5.15 in the all group by @dependabot[bot] in #1203
• Bump the all group with 2 updates by @dependabot[bot] in #1205
• Bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @dependabot[bot] in #1204
• Bump google.golang.org/api from 0.265.0 to 0.266.0 by @dependabot[bot] in #1206
• bq recorder: ignore unknown values by @imjasonh in #1207
• Bump the all group with 2 updates by @dependabot[bot] in #1209
• Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in the all group by @dependabot[bot] in #1210
• Bump the all group across 3 directories with 1 update by @dependabot[bot] in #1211
• Bump google.golang.org/grpc from 1.78.0 to 1.79.0 by @dependabot[bot] in #1212
• Bump chainguard-dev/actions from 1.6.0 to 1.6.1 in the all group by @dependabot[bot] in #1216
• Bump google.golang.org/grpc from 1.79.0 to 1.79.1 in the all group by @dependabot[bot] in #1215
• Return ResourceExhausted for GitHub API rate limit errors (403/429) by @mgreau in #1214
• Bump reviewdog/action-actionlint from 1.70.0 to 1.71.0 in the all group by @dependabot[bot] in #1217
• Bump google.golang.org/api from 0.266.0 to 0.267.0 by @dependabot[bot] in #1218
• Bump chainguard-dev/actions from 1.6.1 to 1.6.2 in the all group by @dependabot[bot] in #1219
• Refactor the way we look up installs. by @mattmoor in #1220
• Bump cloud.google.com/go/kms from 1.25.0 to 1.26.0 by @dependabot[bot] in #1221
• Bump the all group across 3 directories with 1 update by @dependabot[bot] in #1226
• Bump chainguard-dev/actions from 1.6.2 to 1.6.4 in the all group by @dependabot[bot] in #1225
• Bump google.golang.org/api from 0.267.0 to 0.268.0 by @dependabot[bot] in #1224
• Bump github.com/chainguard-dev/terraform-infra-common from 0.10.1 to 0.10.2 in the all group by @dependabot[bot] in #1223
• Bump step-security/harden-runner from 2.14.2 to 2.15.0 in the all group by @dependabot[bot] in #1228
• Bump google.golang.org/api from 0.268.0 to 0.269.0 by @dependabot[bot] in #1227
• Add app specific key in preparation for PR 1222 by @joedborg in #1229
• Remove manually created key by @joedborg in #1230
• Bump actions/setup-go from 6.2.0 to 6.3.0 in the all group by @dependabot[bot] in #1231
• feat: add multi-environment deployment support by @jmeridth in #1213
• chore: clean up of iac folder, no longer used by @jmeridth in #1235
• chore: put apply back in after verifying workflow respect environment by @jmeridth in #1236
• Bump chainguard-dev/actions from 1.6.4 to 1.6.5 in the all group by @dependabot[bot] in #1234
• Bump k8s.io/apimachinery from 0.35.1 to 0.35.2 in the all group by @dependabot[bot] in #1232
• Enable multi-app support by @joedborg in #1222
• fix(ci): remove tflint step from style workflow by @jmeridth in #1237
• parametrize ProberIdentity as we have two envs now stg and prod by @cpanato in #1238
• chore: temp removal of apply when deploying to confirm plan by @jmeridth in #1239
• fix: slack channel name with environment prefix by @jmeridth in #1240
• Keep legacy key during migration by @joedborg in #1241
• Fix missing key->keys by @joedborg in #1242
• fix(deploy): separate terraform init from plan/apply and restore apply step by @jmeridth in #1243
• feat(deploy): auto-deploy to staging on merge to main by @jmeridth in #1244
• Fix staging plural keys by @joedborg in #1245
• Add application 2 to the pool in staging by @joedborg in #1246
• Add application 2 to the pool in prod by @joedborg in #1247
• chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #1249
• chore(deps): bump the all group across 1 directory with 2 updates by @dependabot[bot] in #1256
• chore(deps): bump chainguard-dev/common/infra from 0.10.2 to 1.0.0 in /modules/app by @dependabot[bot] in #1257
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 in the all group across 1 directory by @dependabot[bot] in #1255
• chore(deps): bump the all group with 2 updates by @dependabot[bot] in #1262
• chore(deps): bump the all group with 3 updates by @dependabot[bot] in #1259
• chore(deps): bump google.golang.org/api from 0.271.0 to 0.272.0 by @dependabot[bot] in #1263
• chore(deps): bump github.com/chainguard-dev/terraform-infra-common from 0.10.2 to 1.0.0 by @dependabot[bot] in #1260
• bump tf-common by @cpanato in #1264
• [StepSecurity] Apply security best practices by @stepsecurity-app[bot] in #1267
• chore(deps): bump the all group with 2 updates by @dependabot[bot] in #1265
• chore(deps): bump chainguard-dev/common/infra from 1.0.0 to 1.0.1 in /modules/app in the all group across 1 directory by @dependabot[bot] in #1266
• chore(deps): bump k8s.io/apimachinery from 0.35.2 to 0.35.3 in the all group by @dependabot[bot] in #1269
• chore(deps): bump chainguard-dev/common/infra from 1.0.1 to 1.0.2 in /modules/app in the all group across 1 directory by @dependabot[bot] in #1273
• chore(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in the all group by @dependabot[bot] in #1275
• chore(deps): bump chainguard-dev/actions from 1.6.9 to 1.6.10 in the all group by @dependabot[bot] in #1276
• feat(harden-runner): move to inline block policies by @egibs in #1279
• chore(harden-runner): add more Go endpoints by @egibs in #1280
• Updates for go and tf by @cpanato in #1281
• chore(deps): bump the all group across 1 directory with 2 updates by @dependabot[bot] in #1282
• docs: Mention Chainguard Academy page by @pavelzw in #1274
• chore(deps): bump google.golang.org/api from 0.272.0 to 0.273.0 by @dependabot[bot] in #1285
• fix(ghinstall): replace round-robin with consistent hashing on (scope, identity) by @jmeridth in #1284
• Add precommit hooks by @joedborg in #1288
• chore(deps): bump the all group across 1 directory with 4 updates by @dependabot[bot] in #1293
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the all group across 1 directory by @dependabot[bot] in #1292
• chore(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 by @dependabot[bot] in #1291
• chore(workflows): add actionlint and zizmor action linters [SECINT-75] by @stevebeattie in #1294
• chore(deps): bump cloud.google.com/go/kms from 1.26.0 to 1.27.0 by @dependabot[bot] in #1299
• chore(deps): bump actions/setup-python from 5.6.0 to 6.2.0 by @dependabot[bot] in #1298
• chore(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 in the all group by @dependabot[bot] in #1297
• chore(deps): bump cloud.google.com/go/secretmanager from 1.16.0 to 1.17.0 by @dependabot[bot] in #1296
• chore(deps): bump google.golang.org/api from 0.273.1 to 0.275.0 by @dependabot[bot] in #1295
• chore(deps): bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 by @dependabot[bot] in #1301
• chore(deps): bump cloud.google.com/go/secretmanager from 1.17.0 to 1.18.0 by @dependabot[bot] in #1300
• chore(deps): bump the all group with 2 updates by @dependabot[bot] in #1302
• chore: add 3 more octo-sts apps by @jmeridth in #1268
• add new octo-sts apps 6-10 by @cpanato in #1305
• chore(README): add API Insights Read-only update by @egibs in #1304
• chore(deps): bump cloud.google.com/go/kms from 1.27.0 to 1.28.0 by @dependabot[bot] in #1307
• feat(ghinstall): route by checks:write permission to reduce rate-limit skew by @jmeridth in #1306
• feat(octosts): round-robin policy reads with rate-limit retry by @jmeridth in #1308

New Contributors

• @joedborg made their first contribution in #1229
• @jmeridth made their first contribution in #1213
• @stepsecurity-app[bot] made their first contribution in #1267
• @pavelzw made their first contribution in #1274
• @stevebeattie made their first contribution in #1294

Full Changelog: v0.5.4...v0.6.0