Skip to content

Releases: wardnet/inforge

v1.0.0

12 Jun 19:55
@github-actions github-actions
v1.0.0
445dfd0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0 Latest
Latest

inforge

A Go toolchain that turns declarative infrastructure definitions into real
deployments via Pulumi and GitHub Actions.

This release ships four statically-linked binaries: the inforge CLI, the
inforge-bootstrap runtime secret bootstrapper, and the pulumi-resource-neon
and pulumi-resource-infisical provider plugins.

Install / update

curl -fsSL https://github.com/wardnet/inforge/releases/latest/download/install.sh | sh

inforge plugins install pulls the provider plugins it needs from the matching
release; inforge update self-updates the CLI in place.

Changelog

  • 8f1a883 Initial commit
  • f4afb13 Tier 3 — secret-optional services, cloud-init readiness gate, broker/SOPS removal (#66)
  • 8c8a9a3 build(deps): bump actions/checkout from 4 to 6 (#12)
  • 1ee9d89 build(deps): bump actions/checkout from 6 to 6.0.2 (#69)
  • 8bbf9f9 build(deps): bump actions/deploy-pages from 4 to 5 (#67)
  • 73ff389 build(deps): bump actions/setup-go from 5 to 6 (#11)
  • af61a56 build(deps): bump actions/upload-pages-artifact from 3 to 5 (#68)
  • 63b0c48 build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#70)
  • 246249d build(deps): bump golangci/golangci-lint-action from 7 to 9 (#14)
  • 4f5abb4 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#13)
  • 7261d68 chore(ci): also run lint and tests on push to main (#26)
  • bb1ab80 chore(ci): bump setup-node v4→v6 and node 24→26 (#25)
  • 154283f chore(escrow-worker): upgrade wrangler 3 → 4 (#24)
  • 7ee394f docs(adr): 0017 — git-native age-encrypted secret store (#91)
  • 19d2347 docs+fix!: align docs with inline service secrets; remove service provider; validate secrets provider (#95)
  • b2209cb feat!: decouple the toolkit from infra-provider coupling (1.6) (#88)
  • 387cfdc feat!: folder-based resource layout + service environment sidecar (ADR-0018–0020) (#100)
  • 4e1bcfa feat!: inline service secrets — flat DSL, no separate secrets/ resource (#94)
  • b6e973c feat(compute): declarative firewall rules in resource YAML (#33)
  • e705798 feat(resource/compute): Hetzner compute provider — ComputeSpec, HetznerCompute, cloud-init, manifest wiring (#4) (#17)
  • 81d6340 feat(resource/database): Neon database provider — DatabaseSpec, pulumi-go-provider binary, database wiring (#6) (#19)
  • 17541b1 feat(resource/dns): Cloudflare DNS provider — DnsSpec, CloudflareDns, dns.json schema (#18)
  • 8823437 feat(resource/network): Hetzner network provider — NetworkSpec, HetznerNetwork, network.json schema (#3) (#16)
  • 6c26a18 feat(resource/secrets): Infisical secrets provider — SecretsSpec, pulumi-go-provider binary, manifest contributor (#20)
  • a1290c0 feat: CLI auto-update — inforge update command, install.sh, darwin/arm64 builds (#93)
  • 02e6793 feat: R2-backed release artifact store (inforge releases push/deploy/list) (#82)
  • 1fc20c0 feat: Tier 2b — deploy-side secret delivery + retire SOPS baking (#65)
  • 26a060b feat: bootstrap escrow, full CLI, service release, GHA workflows, and docs (#22)
  • 273958e feat: declarative deploy-user on compute, service user on service (#34)
  • dee049e feat: full CLI subcommands, reusable GHA workflows, and install action (#21)
  • f6a00b4 feat: git-native encrypted secret store (ADR-0017 implementation) (#92)
  • 6e75d03 feat: global resources + direction-enforced cross-reference (Slice 3) (#73)
  • 420404e feat: global.placementRegion required when global block present (ADR-0023) (#99)
  • 30fe1d2 feat: ingress + tls-termination schema layer (#61)
  • e3c0cda feat: ingress list, DNS authority asset, database owner (#76)
  • 0bfa704 feat: make Cloudflare DNS record tagging configurable (tagRecords) (#59)
  • ca8aeb7 feat: nginx per-listener ingress (resource-less) + deployment env vars (#77)
  • 73c9743 feat: per-SNI TLS termination vs passthrough (layer4) (#74)
  • b1b15a3 feat: project-level provider defaults in inforge.yaml (ADR-0021) (#97)
  • b3fe177 feat: provision service unit + folder in inforge deploy (#63)
  • 6acb524 feat: realize tls-termination via Hetzner/Caddy over SSH (#62)
  • 22ebfec feat: repo bootstrap — go.mod, goreleaser, CI skeleton (#10)
  • a8dcc84 feat: runtime secret bootstrapper (inforge-bootstrap) (#64)
  • ae24fa0 feat: static literal values in the secrets source DSL (static:/value:) (#79)
  • 5c61a23 feat: walking skeleton — toolkit foundation, validate CLI, bootstrap/service machinery (#2) (#15)
  • 87c22da fix(ci): add yarn.lock and .yarnrc.yml for escrow-worker and website (#23)
  • 0c6da9e fix(ci): generic secrets for reusable workflows; validate without credentials (#38)
  • 2680886 fix(ci): quote descriptions containing colon-space in service-release.yml (#40)
  • c0e51d8 fix(ci): remove environment from preview job (#42)
  • b4640e7 fix(ci): restrict release trigger to semver tags only (#39)
  • d937aa2 fix(cli)!: optional stack config + environment as a positional arg (#89)
  • 850d77d fix(docs): align docs with service-release, remove deploy-raw (#28)
  • 4eddbc3 fix(docs): fix broken links in intro page (#27)
  • c1c2d75 fix(docs): repair MDX build (stray tags + unsupported heading id) (#78)
  • 420cbb8 fix(docs): repair links to the removed service-release workflow page (#90)
  • 965207b fix(infisical): resolve gha: secret sources to real values (#86)
  • 9ad8951 fix(infisical): send required type discriminator on read-privilege grant (#84)
  • bd15635 fix(loader): substitute ${ENV_VAR} in regions.yaml (provider credentials) (#80)
  • 4b6f0a3 fix: Infisical API v1/v4 migration + SSH key adopt-on-conflict (#54)
  • 3487cb1 fix: SSH key adopt-on-conflict via direct hcloud API (not Pulumi invoke) (#55)
  • 3f8ba99 fix: add region=auto to R2 backend URL; tee stderr in preview/deploy (#41)
  • 526965e fix: compute name alias in DNS/Service validation + fix provider container naming (#52)
  • 33add1f fix: configurable Infisical organizationId for identity provisioning (#81)
  • 9d789df fix: derive environment from the stack name, not a required config key (#87)
  • dbd54ca fix: discrete resource labels and structured event streaming output (#43)
  • 59ce475 fix: harden folder-layout loader and validator (post-#100 review) (#101)
  • a87597d fix: include environment in DNS record FQDN (#60)
  • ed96fc7 fix: infisical org ID from JWT + neon 423 retry (#50)
  • 1c08ec1 fix: infisical v2 identity endpoint, credential-free validate, and a clean failure-aware deploy log (#83)
  • e756a95 fix: make ingress.hostname optional for a catch-all (#75)
  • 282dc58 fix: manifest probe with empty recipient must not attempt encryption (#46)
  • 5dcc407 fix: pass full naming-convention name to Infisical and Neon APIs (#56)
  • 949fb5a fix: update sidebar entry from bootstrap-escrow to bootstrap-key-broker (#48)
  • cb3728d fix: update wrangler.toml worker name to inforge-key-broker (#45)
  • be6298e fix: use env not region when naming Infisical workspace (#57)
  • 3872c0c fix: use key-broker.inforge.wardnet.network as the key broker domain (#47)
  • ff763a1 fix: use manifest.Secret for Infisical credential in VM manifest (#44)
  • b74cb3d fix: validate DNS compute reference exists before creating record (#53)
  • 72001fb gate release on build & test passing (#37)
  • 5ac6527 print errors to stderr on any command failure (#36)
  • 100685d refactor+test(infisical): extract REST client, live integration harness, re-grant idempotency fix (#85)
  • 75c64c6 refa...
Read more
Assets 20