v0.4.0

What's Changed

• Breaking change: remove release.yaml because for TUF you can not just do a simple kubectl apply. Replaced with setup-scaffolding.sh

• Increse Cloud SQL disk utilization threshold to 95% by @priyawadhwa in #193

• Add prober check for Fulcio write endpoint by @priyawadhwa in #194

• Add github action to run prober once when it's updated by @priyawadhwa in #195

• actually pass through the mysql version to the module. by @k4leung4 in #197

• test go mod tidy by @k4leung4 in #198

• bump tuf version by @k4leung4 in #200

• Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #201

• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #203

• Refactor alerts and fix prober error code alert by @priyawadhwa in #199

• Bump tfsec/tfsec-sarif-action from 0.1.0 to 0.1.3 by @dependabot in #202

• Bump github.com/sigstore/rekor from 0.7.0 to 0.8.0 by @dependabot in #207

• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #205

• Bump github.com/sigstore/fulcio from 0.4.1 to 0.5.0 by @dependabot in #208

• Allow custom URLs for Rekor/Fulcio for prober by @priyawadhwa in #209

• add data audit module. by @k4leung4 in #210

• add slack token secret by @cpanato in #212

• raise version upper limit to allow terraform 1.2.0+ by @k4leung4 in #213

• Add Rekor write endpoint to prober by @priyawadhwa in #214

• add maintenance policy, avoid work hours for google maintenance by @k4leung4 in #215

• Bump github.com/sigstore/rekor from 0.8.0 to 0.8.1 by @dependabot in #219

• Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.1 by @dependabot in #216

• raise allowed google provider version to 4.25 by @k4leung4 in #224

• Updates by @cpanato in #222

• enable managed prometheus by default. by @k4leung4 in #223

• Bump github.com/sigstore/rekor from 0.8.1 to 0.8.2 by @dependabot in #226

• Bump github/codeql-action from 2.1.12 to 2.1.14 by @dependabot in #225

• increase timeout from 5 to 15min for argocd helm release. by @k4leung4 in #227

• upgrade kubectl / helm terraform providers by @cpanato in #228

• Add Terraform resource for TUF preprod bucket by @haydentherapper in #229

• Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #230

• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #231

• Bump github.com/sigstore/rekor from 0.8.2 to 0.9.0 by @dependabot in #232

• Temporarily disable Rekor alert until we get around to fixing it by @priyawadhwa in #234

• Bump docs/test to using release v0.3.0. by @vaikas in #235

• Bump github.com/sigstore/rekor from 0.9.0 to 0.9.1 by @dependabot in #237

• Bump github.com/sigstore/fulcio from 0.5.0 to 0.5.1 by @dependabot in #236

• Update prober alert metric names to Prometheus targets by @priyawadhwa in #238

• Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #240

• Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 by @dependabot in #241

• Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #243

• Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #239

• Allow creating alerts with multiple notification channels by @priyawadhwa in #249

• Bump github.com/sigstore/cosign from 1.9.0 to 1.10.0 by @dependabot in #250

• Bump github.com/google/trillian from 1.4.1 to 1.4.2 by @dependabot in #257

• Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 by @dependabot in #254

• Bump sigs.k8s.io/release-utils from 0.7.1 to 0.7.3 by @dependabot in #258

• Bump github.com/sigstore/fulcio from 0.5.1 to 0.5.2 by @dependabot in #259

• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #256

• Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #253

• Bump github.com/sigstore/rekor from 0.9.1 to 0.10.0 by @dependabot in #255

• add support for adding read replicas. can be used for failover by @k4leung4 in #251

• use workload identity for external secret instead of service key. by @k4leung4 in #233

• bump external-secrets api to v1beta1 now we are on v0.5.x by @k4leung4 in #260

• plumb mysql replica configuration into sigstore module. by @k4leung4 in #261

• Add a tuf server as well as repo management for tuf. by @vaikas in #262

• remove token creator role for external secrets. by @k4leung4 in #264

• clean up unused module variables by @k4leung4 in #266

• Refactor the github action, test with tuf root. by @vaikas in #263

• Bump github.com/sigstore/cosign from 1.10.0 to 1.10.1 by @dependabot in #270

• Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #269

• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #271

• Add job ttls, use setup-scaffolding for e2e tests, update getting-started.md by @vaikas in #267

• Break release into smaller chunks. by @vaikas in #268

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

• Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 by @dependabot in #137
• Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in #139
• Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #135
• Bump hashicorp/setup-terraform from 1.4.0 to 2 by @dependabot in #134
• Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in #132
• Bump k8s.io/code-generator from 0.23.5 to 0.23.6 by @dependabot in #133
• Update setup-kind.sh by @loosebazooka in #142
• have always 1 pod running to avoid scale to 0 in ci by @cpanato in #143
• Bump github.com/sigstore/sigstore from 1.1.0 to 1.2.0 by @dependabot in #136
• fix: actions/cache by @embano1 in #141
• Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #146
• Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #144
• Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #145
• Add Job for updating tree for sharding by @priyawadhwa in #147
• Bump docker/login-action from 1.14.1 to 2 by @dependabot in #148
• Make mysql instance name, and keys configurable in Terraform by @k4leung4 in #156
• allow configuring of mysql db name. by @k4leung4 in #157
• Add in a read-only prober across Rekor and Fulcio API endpoints by @priyawadhwa in #158
• Add alerts for sigstore prober to monitoring tf module by @priyawadhwa in #160
• make storage class and location configurable. by @k4leung4 in #159
• Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #161
• Bump github.com/google/certificate-transparency-go from 1.1.2 to 1.1.3 by @dependabot in #165
• Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #162
• pass correct var for tuf region. by @k4leung4 in #166
• Bind sigstore-prober KSA to GCP prometheus service account by @priyawadhwa in #167
• Set keyring iam to depend on service account to avoid error. by @k4leung4 in #168
• Add vars for mysql to allow matching prod migration instance. by @k4leung4 in #170
• More uptime alerts for rekor endpoints by @priyawadhwa in #155
• Fix alert documentation and set alignment period to 5m by @priyawadhwa in #172
• set service account to correct prometheus namespace by @k4leung4 in #173
• Add necessary permissions to prometheus SA to export to GCP monitoring by @priyawadhwa in #174
• allow specifying mysql dbname. by @k4leung4 in #175
• Alignment period for latency alerts should be 60 seconds by @priyawadhwa in #176
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #179
• Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #178
• Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #177
• Bump google.golang.org/grpc from 1.45.0 to 1.46.2 by @dependabot in #164
• sync go mod by @cpanato in #184
• add flag to run one time and exit. by @k4leung4 in #181
• change default mysql version from 8.0 to 5.7 by @k4leung4 in #180
• update to go1.18 by @cpanato in #185
• Bump github.com/sigstore/rekor from 0.6.0 to 0.7.0 by @dependabot in #189
• Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #186
• add pathremove cache, not needed by @cpanato in #192

New Contributors

• @embano1 made their first contribution in #141

Full Changelog: v0.2.9...v0.3.0

Thanks to all contributors!

v0.2.9

What's Changed

• bump kind node versions. by @k4leung4 in #126
• Add firewall to allow ingress webhook by @k4leung4 in #123
• Updated ctlog config to include CodeSigning usage. by @k4leung4 in #125
• Add checks in setup-kind for existing steps by @eddiezane in #122
• Bump instructions to use latest release (v0.2.8) and test with it. by @vaikas in #130
• Do not scale fulcio/rekor down to zero to prevent flakes when waiting for things to come up.

New Contributors

• @eddiezane made their first contribution in #122

Full Changelog: v0.2.8...v0.2.9

v0.2.8

What's Changed

• sync go module by @cpanato in #124
• Fetch only root certificate from cert chain by @haydentherapper in #111
• Add KMS key for Fulcio by @haydentherapper in #112
• fix missing variables for kms rekor/fulcio by @cpanato in #114
• Add presubmit test for "terraform validate" to the sigstore module by @priyawadhwa in #116
• use chainguard set of actions to avoid duplication by @cpanato in #113
• Split up KMS module keys into rekor and fulcio modules by @priyawadhwa in #117
• Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #118
• Bump github.com/sigstore/rekor from 0.5.0 to 0.6.0 by @dependabot in #121
• Bump github/codeql-action from 1 to 2.1.8 by @dependabot in #120
• Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #119

New Contributors

• @haydentherapper made their first contribution in #111

Full Changelog: v0.2.6...v0.2.8

v0.2.6

What's Changed

• Test with v0.2.5, update docs. by @vaikas in #89
• Add sigstore terraform for GCP by @priyawadhwa in #93
• Add in github action for terraform fmt and tfsec by @priyawadhwa in #98
• sigstore module depends on bastion module by @priyawadhwa in #97
• Add examples for signing and verifying an image, as well as by @vaikas in #94
• Mention there are TF templates, add pointer. by @vaikas in #96
• Resurrect trillian createdb by @k4leung4 in #92
• fix secret keys to match helm chart expectation. by @k4leung4 in #99
• Allow specifying the password to use for creating and encrypting keys and pems by @k4leung4 in #103
• change default cert registration info. by @k4leung4 in #104
• Make enabling CA service with Fulcio optional by @priyawadhwa in #101
• Bump actions/upload-artifact from 2 to 3 by @dependabot in #109
• Bump hashicorp/setup-terraform from 1.3.2 to 1.4.0 by @dependabot in #108
• pin versions using git commit instead of tags by @cpanato in #110

New Contributors

• @priyawadhwa made their first contribution in #93
• @k4leung4 made their first contribution in #92

Full Changelog: v0.2.5...v0.2.6

Thanks to all contributors!

v0.2.5

What's Changed

• Use the go mod tidy -compat=1.17 in goreleaser hook by @vaikas in #90
• sync modules by @cpanato in #91

Full Changelog: v0.2.4...v0.2.5

Thanks to all contributors!

v0.2.4

What's Changed

******* @vaikas screwed up this release :) Do not use, there are no artifacts *******

• more detailed log for fulcio root cert fetch error by @tsl0922 in #84
• Start of an action to install kind,knative and sigstore pieces + tests. by @vaikas in #85
• rename inputs to be more consistent with others. by @vaikas in #86
• Test release with v0.2.3. by @vaikas in #87
• Use apko as base image and add version information by @cpanato in #88

New Contributors

• @tsl0922 made their first contribution in #84

Full Changelog: v0.2.3...v0.2.4

v0.2.3

What's Changed

• Bump docs release version to v0.2.2 and test with it. by @vaikas in #74
• Bump k8s.io/client-go from 0.23.4 to 0.23.5 by @dependabot in #76
• Bump k8s.io/code-generator from 0.23.4 to 0.23.5 by @dependabot in #79
• Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 by @dependabot in #77
• Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #83
• Bump actions/cache from 2 to 3 by @dependabot in #82
• Starting to play with URLs in e2e tests. by @vaikas in #75

Full Changelog: v0.2.2...v0.2.3

Thanks to all contributors!

v0.2.2

What's Changed

• update license headers and add job to check the boilerplate by @cpanato in #69
• Bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #71
• add shellcheck action job by @cpanato in #72
• Change job check-oidc name to sign-job. by @vaikas in #73

Full Changelog: v0.2.1...v0.2.2

Thanks to all contributors!

v0.2.1

What's Changed

• Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 by @dependabot in #55
• Bump google.golang.org/grpc from 1.43.0 to 1.44.0 by @dependabot in #59
• Bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 by @dependabot in #63
• Bump github.com/go-openapi/runtime from 0.21.0 to 0.23.2 by @dependabot in #62
• Bump github.com/sigstore/rekor from 0.4.0 to 0.5.0 by @dependabot in #61
• Bump k8s.io/apimachinery from 0.23.1 to 0.23.4 by @dependabot in #56
• Bump k8s.io/api from 0.23.1 to 0.23.4 by @dependabot in #60
• Bump k8s.io/client-go from 0.23.1 to 0.23.4 by @dependabot in #58
• Bump k8s.io/code-generator from 0.22.5 to 0.23.4 by @dependabot in #57
• Fix issue #65 by renaming ctlog/createcerts to createctconfig by @vaikas in #67
• fix ko config by @cpanato in #68

Full Changelog: v0.2.0...v0.2.1

Thanks to all contributors!