Skip to content

Releases: stremovskyy/orionis

Orionis v0.3.1

Choose a tag to compare

@stremovskyy stremovskyy released this 07 Jul 15:30
3f1a8d8

Patch release for wildcard request expansion.

  • Treat wildcard scopes in token requests as selectors over concrete allowed_scopes.
  • Issue token responses and JWT scope claims with concrete scopes only after expansion.
  • Keep wildcard allowed_scopes as policy shortcuts for concrete requests, without issuing wildcard token scopes.
  • Update Docker/GHCR, release compose, ECS, GitHub Pages, and wiki examples to 0.3.1.

Orionis v0.3.0

Choose a tag to compare

@stremovskyy stremovskyy released this 07 Jul 14:43
8903523

Highlights

  • Adds recursive wildcard scopes with suffix patterns: prefix.* for one segment and prefix.** for recursive matching.
  • Allows client credentials token requests to include multiple wildcard scopes in the OAuth space-separated scope field.
  • Makes orionis.Claims and ginorion.Require(...) wildcard-aware so resource services can keep route checks concrete.
  • Keeps default_scopes concrete-only and validates malformed wildcard patterns in config/build paths.

Verification

  • go test ./...
  • go test -race ./...
  • go vet ./...
  • staticcheck ./...
  • govulncheck ./...
  • docker build --build-arg TARGET=./cmd/orionis-auth -t stremovskyy/orionis:ci .
  • scripts/smoke-release-image.sh stremovskyy/orionis:ci
  • docker compose build
  • git diff --check

Orionis v0.2.0

Choose a tag to compare

@stremovskyy stremovskyy released this 04 Jul 12:37
f3f9a57

Highlights

  • Added JSON key rotation for cmd/orionis-auth with keys and active_kid while preserving legacy single-key config.
  • Added /readyz beside /healthz for readiness checks.
  • Added endpoint-specific rate limiting and structured audit logs for /oauth/token and /readyz.
  • Kept cmd/orionis-auth thin by moving runtime/config/security wiring into internal auth runtime code.
  • Added release image smoke testing that validates /healthz, /readyz, JWKS rotation, token issuance, and active JWT kid.

Docker and Deploy

  • Docker Hub and GHCR release images are pinned to 0.2.0 in docs and ECS examples.
  • ECS config and task definition now support active and previous signing-key PEM secrets for rotation.
  • CI and Docker publish workflows build and smoke-test the auth image before publish.

Verification

  • go test -count=1 ./...
  • go test -race -count=1 ./...
  • go vet ./...
  • staticcheck ./...
  • govulncheck ./...
  • JSON and Docker Compose config validation
  • scripts/smoke-release-image.sh stremovskyy/orionis:ci

Orionis v0.1.3

Choose a tag to compare

@stremovskyy stremovskyy released this 04 Jul 09:15
121585e

Highlights

  • Add provider-agnostic private_key_pem_env signing-key mode for orionis-auth, so production keys can be injected from Secrets Manager, Vault, Kubernetes secrets, or another runtime without provider SDKs in Orionis.
  • Keep the existing file-backed private_key_path mode for local Docker/demo deployments.
  • Update AWS ECS/Fargate templates to inject ORIONIS_CONFIG_JSON and ORIONIS_SIGNING_KEY_PEM as task secrets, removing the EFS volume/access-point requirement from the default template.
  • Update pinned Docker/ECS documentation and templates from 0.1.2 to 0.1.3.

Included since v0.1.2

  • docs: remove wiki publish helper
  • docs: add AWS ECS Fargate deployment assets
  • feat: load signing key from secret environment

Validation

  • go mod tidy -diff
  • git diff --check
  • go test ./...
  • go test -race ./...
  • go vet ./...
  • staticcheck ./...
  • govulncheck ./...
  • jq empty deploy/aws/ecs/task-definition.template.json deploy/aws/ecs/orionis-config.example.json
  • docker build --build-arg TARGET=./cmd/orionis-auth -t orionis-auth:local .
  • docker compose build

Orionis v0.1.2

Choose a tag to compare

@stremovskyy stremovskyy released this 04 Jul 07:20
d4509b0

Full Changelog: v0.1.1...v0.1.2

v0.1.1

Choose a tag to compare

@stremovskyy stremovskyy released this 04 Jul 06:57
7dcd5b4

What's Changed

New Contributors

Full Changelog: v0.1.0...v0.1.1

v0.1.0

Choose a tag to compare

@stremovskyy stremovskyy released this 03 Jul 05:16
3d36564

First public release of Orionis, a compact Go toolkit and Gin authorization server for service-to-service OAuth 2.0 client_credentials flows with signed JWT access tokens.

Highlights:

  • OAuth2 token server with Ed25519 JWT signing and JWKS validation.
  • Client token provider, caching HTTP transport, verifier, and Gin middleware.
  • Dockerfile and Docker Compose demo for auth, billing, and orders services.
  • Runtime hardening, CI coverage, and quieter non-debug server logging.
  • README coverage for local runs, Docker runs, and production-style service-to-service configuration.

Verified before release:

  • go test ./...
  • docker build --build-arg TARGET=./cmd/orionis-auth -t orionis-auth:release-check .