v0.2.0

What's Changed

• Script and process to generate OIDC config from federation directory. by @dlorenc in #139
• Add missing code of conduct (stock sigstore one) by @lukehinds in #153
• makefile: add rule to download and set swagger and make rule to build the dist by @cpanato in #154
• Bump cloud.google.com/go from 0.88.0 to 0.89.0 by @dependabot in #156
• fulcio: add version command by @cpanato in #155
• Bump cloud.google.com/go from 0.89.0 to 0.90.0 by @dependabot in #158
• Bump golang from 1.16.6 to 1.16.7 by @dependabot in #159
• Bump go.uber.org/zap from 1.18.1 to 1.19.0 by @dependabot in #160
• Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 by @dependabot in #161
• Bump cloud.google.com/go from 0.90.0 to 0.91.1 by @dependabot in #162
• add SCT as HTTP response header by @bobcallaway in #163
• Bump cloud.google.com/go from 0.91.1 to 0.92.3 by @dependabot in #167
• Bump golang from 1.16.7 to 1.17.0 by @dependabot in #166
• Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 by @dependabot in #168
• Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 by @dependabot in #169
• Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 by @dependabot in #171
• Switch to the JSON logger in prod by @dlorenc in #175
• Generate client code with swagger in Makefile by @priyawadhwa in #176
• Fix misspellings. by @msuozzo in #177
• Bump go.uber.org/zap from 1.19.0 to 1.19.1 by @dependabot in #178
• Bump golang from 1.17.0 to 1.17.1 by @dependabot in #179
• Add support for Github OIDC by @mattmoor in #180
• Bump github.com/ThalesIgnite/crypto11 from 1.2.4 to 1.2.5 by @dependabot in #182
• Add Github to fulcioca path. by @mattmoor in #184
• Changes fulcio-server to fulcio by @jyotsna-penumaka in #186
• Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 by @dependabot in #185
• Add GitHub OIDC to Fulcio by @dlorenc in #181
• Bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 by @dependabot in #188
• Bump github.com/spf13/viper from 1.8.1 to 1.9.0 by @dependabot in #189
• add pkcs11-config-path command line parameter by @avoidik in #192
• Bump golang from 1.17.1 to 1.17.2 by @dependabot in #197
• Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 by @dependabot in #199
• Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 by @dependabot in #200
• Implement basic AWS CloudHSM support for root CA creation + rewrite "FulcioCA" to "PKCS11CA" by @mbestavros in #187
• update go.sum by @bobcallaway in #205
• Fix the Github OIDC challenge endpoint by @mattmoor in #206
• Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 by @dependabot in #198
• Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 by @dependabot in #201
• Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 by @dependabot in #202
• Bump actions/checkout from 2.3.4 to 2.3.5 by @dependabot in #207
• use request ID logger where possible by @bobcallaway in #209
• Extract the OIDC issuer URL. by @mattmoor in #211
• Reproducible builds with trimpath by @naveensrinivasan in #210
• bump go-swagger to v0.28.0 by @bobcallaway in #213
• Add issuer information to code signing certificates by @bobcallaway in #204
• Refactor the kind e2e test. by @mattmoor in #215
• use sigstore/sigstore instead of directly calling RSA/ECDSA verify calls by @bobcallaway in #221
• Fulcio e2e testing / K8s OIDC / ephemeralca by @mattmoor in #219
• Refactor the way we access Config by @mattmoor in #222
• Remove the cluster-local block by default. by @mattmoor in #224
• Add support for "meta issuers". by @mattmoor in #223
• Use MetaIssuers to simulate EKS / GKE in e2e test. by @mattmoor in #225
• Various nits trying SoftHSM by @mattmoor in #217
• Bump github.com/hashicorp/golang-lru from 0.5.3 to 0.5.4 by @dependabot in #227
• Bump github.com/go-openapi/strfmt from 0.20.3 to 0.21.0 by @dependabot in #226
• Add support for recoginizing allow.pub as an spiffe issuer by @evanphx in #228
• Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 by @dependabot in #229
• break out CA-specific implementation from common API class by @bobcallaway in #220
• Bump actions/checkout from 2.3.5 to 2.4.0 by @dependabot in #233
• Bump golang from 1.17.2 to 1.17.3 by @dependabot in #234
• Fix nil pointer, update dev docs by @vaikas in #236
• fix cutpaste error, sets cpu correctly by @vaikas in #237
• Add commit sha and trigger to github workflow by @asraa in #232
• Bump github.com/sigstore/sigstore from 1.0.0 to 1.0.1 by @dependabot in #239
• Use CGO_ENABLED=1 via .ko.yaml. by @mattmoor in #242
• Fix street-address and postal-code descriptions to be more descriptive. by @vaikas in #245
• Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 by @dependabot in #247
• fix: go install complain missing version when dir not in module by @tuananh in #248
• Bump cloud.google.com/go/security from 0.1.0 to 1.1.0 by @dependabot in #246
• plumb through !cgo golang tags that removes pkcs11 support by @vaikas in #244
• Upgrade fulcios to use of the google privateca api at v1 by @n3wscott in #218
• Thread FulcioConfig through from main via ctx by @mattmoor in #249
• [Correction] Upgrade fulcios to use of the google privateca api at v1 by @n3wscott in #252
• Fix the k8s subject parsing. by @dlorenc in #254
• Consolidate viper usage in pkg/ca/ca.go by @mattmoor in #255
• Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 by @dependabot in #256
• Remove viper from pkg/. by @mattmoor in #257
• Drop gratuitous sync.Once in google CAs. by @mattmoor in #258
• Drop useless package. by @mattmoor in #259
• The v1 GCP CA requires this field to be set. by @dlorenc in #260
• Move the deployment to the new v1 cert. by @dlorenc in #261
• Consolidate the source-of-truth. by @mattmoor in #263
• add the ability to set the user-agent string on requests from the Client by @dekkagaijin in #264
• Bump golang from 1.17.3 to 1.17.4 by @dependabot in #265
• Drop OpenAPI from Fulcio by @mattmoor in #262
• While working on #267 noticed this, but didn't want to bake into it. by @vaikas in #268
• Wrap the server with the Prometheus so we get metrics + add an e2e te… by @vaikas in #267
• Bump github.com/prometheus/common from 0.29.0 to 0.32.1 by @dependabot in #270
• Bump golang from 1.17.4 to 1.17.5 by @dependabot in #269
• Make client request timeout configurable with WithTimeout client option by @nsmith5 in #272
• Localize flags to each subcommand by @nsmith5 in #274
• Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 by @dependabot in #278
• Bump github.com/spf13/viper from 1.10.0 to 1.10.1 by @dependabot in #283
• Do not close the PKCS11 context on startup by @rgerganov in #282
• Fail fast if private key is not found when using PKCS11 CA by @rgerganov in #285
• Update readme for V1 CA Service by @haydentherapper in #286
• Add a Root Cert method to the CA interface, and implement it. by @dlorenc in #287
• add usersnames list to the codeonwers to make it easier to check by @cpanato in #295
• Add back support for building with CGO_ENABLED=0 by @vaikas in #293
• Add RootCert method to client + tests by @vaikas in #290
• Fix the SCT header return value from the API to base64 encode it. by @dlorenc in #288
• Add documentation for testing with ephemeralca. Document RootCert method by @vaikas in #296
• Handle error when there are no roots returned by CA Service by @haydentherapper in #298
• Change ports for docker compose to avoid conflict with Rekor by @haydentherapper in #297
• Bump github.com/sigstore/sigstore from 1.0.1 to 1.1.0 by @dependabot in #299
• Add file backed certificate authority by @nsmith5 in #280
• add oid documentation by @bobcallaway in #307
• Bump go.uber.org/zap from 1.19.1 to 1.20.0 by @dependabot in #313
• Bump cloud.google.com/go/security from 1.1.0 to 1.1.1 by @dependabot in #312
• Remove hack/tools by @nsmith5 in #308
• Enable server settings via config file and env vars by @jdolitsky in #315
• Extract additional claims from github-workflow token by @ckotzbauer in #306
• Add Locust load test and README by @haydentherapper in #311
• Bump google.golang.org/api from 0.63.0 to 0.64.0 by @dependabot in #318
• Switch to use fileca in e2e tests by @jdolitsky in #309
• Bump golang from 1.17.5 to 1.17.6 by @dependabot in #317
• Bump go.step.sm/crypto from 0.13.0 to 0.14.0 by @dependabot in #319
• Fix docker-compose dexidp startup by @haydentherapper in #316
• release: add cloudbuild to run the release for fulcio by @cpanato in #322
• pin github actions by digest instead of tag by @bobcallaway in #323
• Bump golang from 8c0269d to 0fa6504 by @dependabot in #326
• add OSSF scorecard action by @bobcallaway in #328
• Bump google.golang.org/api from 0.64.0 to 0.65.0 by @dependabot in #321
• pin one additional set of actions by @bobcallaway in #329
• Bump ossf/scorecard-action from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1 by @dependabot in #331
• Remove root CA whitespaces on README.md by @ereslibre in #325
• Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4 by @dependabot in #332
• Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 by @dependabot in #334
• Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 by @dependabot in #333
• Set max request size to 4MiB by @nsmith5 in #338
• Support intermediate CA with fileca backend by @nsmith5 in #320
• Add some reasonable timeouts to API server by @nsmith5 in #337
• Add chain in response for all CAs, fix newlines in response by @haydentherapper in #341
• fix link for SECURITY.md by @k4leung4 in #340
• Generate subject key ID correctly for non-GCP certs by @haydentherapper in #345
• update to v1.0.29 of codeql-action (including comments) by @bobcallaway in #344
• Bump ossf/scorecard-action from 1.0.1 to 1.0.2 by @dependabot in #347
• Remove Google CA v1beta1 API and associated config by @znewman01 in #349
• Bump github/codeql-action from 1.0.28 to 1.0.30 by @dependabot in #346
• createca: Address panic when no private key pair matches by @tstromberg in #351
• Bump golang from 0fa6504 to d7f2f6f by @dependabot in #352
• Initialize CT log client once by @nsmith5 in #350
• Make the the invalid CA error message actionable by @tstromberg in #356
• Bump go.step.sm/crypto from 0.14.0 to 0.15.0 by @dependabot in #359
• Bump golang from d7f2f6f to 301609e by @dependabot in #358
• Update README for V1 Fulcio cert by @haydentherapper in #355
• Improve error message when an invalid OIDC issuer is provided by @tstromberg in #357
• Make CA explicit dependency of API handler by @nsmith5 in #354
• Include instructions to download verify the fulcio root certificate with TUF by @asraa in #361
• Bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 by @dependabot in #362
• Bump google.golang.org/api from 0.65.0 to 0.66.0 by @dependabot in #363
• Bump go.step.sm/crypto from 0.15.0 to 0.15.1 by @dependabot in #377
• Address signingCert panic with the last-byte calculation of finalChainPEM by @tstromberg in #370
• Upgrade miekg/pkcs11 library from v1.0.3 to v1.1.1 by @tstromberg in #376
• Move OID information to docs directory and reformat by @nsmith5 in #378
• Bump ossf/scorecard-action from 1.0.2 to 1.0.3 by @dependabot in #367
• Move sec model out of readme by @nsmith5 in #382
• Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in #366
• Add Logo to README by @nsmith5 in #381
• Bump google.golang.org/api from 0.66.0 to 0.67.0 by @dependabot in #385
• Move CTL logging logic over to CTL package by @nsmith5 in #353
• Document the certificate issuing process by @nsmith5 in #383
• Add AKS as a meta issuer by @tcnghia in #384
• Allow parameterized application/json content types by @loosebazooka in #386
• Improve error messages returned by SigningCert by @tstromberg in #388
• Update warning text. by @dlorenc in #389
• Remove organization from subject for GCP CAS issuer by @haydentherapper in #391
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #392
• Bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #393
• Count HTTP request error codes with prometheus by @priyawadhwa in #396
• Bump google.golang.org/api from 0.67.0 to 0.68.0 by @dependabot in #399
• Add feature stability and deprecation docs by @priyawadhwa in #400
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #402
• Bump golang from 301609e to fff998d by @dependabot in #401
• Bump golang from 1.17.6 to 1.17.7 by @dependabot in #403
• update cross-build to use go 1.17.7 by @cpanato in #404
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #406
• Bump cloud.google.com/go/security from 1.1.1 to 1.2.0 by @dependabot in #408
• Fixing link to external resources by @endorama in #411
• Bump google.golang.org/api from 0.68.0 to 0.69.0 by @dependabot in #412
• add securityContext to deployment by @k4leung4 in #420
• Extract CA/KMS support from README by @endorama in #409
• Add unit tests for oidc-EmailFromIDToken method by @elizabetht in #413
• Return an error if we fail get get the Root cert. by @vaikas in #416
• drop -dev suffix for namespace and service account. by @k4leung4 in #418
• Extract development documentation from README by @endorama in #410
• Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #424
• Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #425
• Bump golang from 1a35cc2 to 2c92978 by @dependabot in #423
• create namespace as part of config yaml by @k4leung4 in #422
• Bump golang from 2c92978 to e06c834 by @dependabot in #426
• Take advantage of Chainguard maintained versions of various actions. by @mattmoor in #427
• Automate release by @k4leung4 in #407
• Add missing testing dependency by @nsmith5 in #429
• Bump google.golang.org/api from 0.69.0 to 0.70.0 by @dependabot in #432
• explicitly set permissions for github workflows by @k4leung4 in #433
• Bump cloud.google.com/go/security from 1.2.0 to 1.2.1 by @dependabot in #431
• add indent to fix yaml error by @bobcallaway in #434
• Bump github.com/magiconair/properties from 1.8.5 to 1.8.6 by @dependabot in #436
• Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #435
• Bump golangci/golangci-lint-action from 2.5.2 to 3 by @dependabot in #438
• Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 by @dependabot in #439
• Bump actions/setup-go from 2.2.0 to 3.0.0 by @dependabot in #440
• Bump golang from e06c834 to c2ca472 by @dependabot in #442
• Bump actions/checkout from 2 to 3 by @dependabot in #443
• Mirror signed release images from GCR to GHCR as part of release with Cloud Build. by @k4leung4 in #441
• Move CI private-ca YAML to subdir by @k4leung4 in #446
• Bump golang from c2ca472 to b983574 by @dependabot in #447
• Bump cloud.google.com/go/security from 1.2.1 to 1.3.0 by @dependabot in #448
• add missing target name for cosign copy by @k4leung4 in #450
• Go update to 1.17.8 and cosign to 1.6.0 by @cpanato in #453
• Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #452
• Add codecov as github action. by @k4leung4 in #449
• add changelog for release 0.2.0 by @cpanato in #454
• Generate release yaml for non-CI builds. by @k4leung4 in #445
• update action to use git hash by @cpanato in #456
• release: dont upload local directory by @cpanato in #459
• Bump go.step.sm/crypto from 0.15.1 to 0.15.2 by @dependabot in #458
• Bump golang from 0168c35 to ca70980 by @dependabot in #457
• grant cloud build permissions to github action sa by @k4leung4 in #460
• Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #461
• update dir name after endpoint update. by @k4leung4 in #462
• Bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 by @dependabot in #464
• Bump google.golang.org/api from 0.70.0 to 0.71.0 by @dependabot in #465
• release: fix sed to update the manifests by @cpanato in #466
• Bump golang from ca70980 to c7c9458 by @dependabot in #468
• Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #469
• Add documentation for OIDC configuration and tokens by @haydentherapper in #467
• Add URI OIDC type to support URI subjects by @haydentherapper in #455
• fix sed and update job by @cpanato in #470
• Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #471

New Contributors

• @msuozzo made their first contribution in #177
• @mattmoor made their first contribution in #180
• @jyotsna-penumaka made their first contribution in #186
• @avoidik made their first contribution in #192
• @mbestavros made their first contribution in #187
• @naveensrinivasan made their first contribution in #210
• @evanphx made their first contribution in #228
• @vaikas made their first contribution in #236
• @asraa made their first contribution in #232
• @tuananh made their first contribution in #248
• @n3wscott made their first contribution in #218
• @nsmith5 made their first contribution in #272
• @rgerganov made their first contribution in #282
• @haydentherapper made their first contribution in #286
• @jdolitsky made their first contribution in #315
• @ckotzbauer made their first contribution in #306
• @ereslibre made their first contribution in #325
• @k4leung4 made their first contribution in #340
• @znewman01 made their first contribution in #349
• @tstromberg made their first contribution in #351
• @tcnghia made their first contribution in #384
• @elizabetht made their first contribution in #413

Full Changelog: v0.1.1...v0.2.0

Thanks for all contributors!