v0.13.3

What's Changed

• Unmarshal non-nil []any to non-nil []somethingElse by @DrJosh9000 in #52
• Unmarshal empty lists, allow for adjustment-only build matrix by @pda in #51
• Bump github.com/lestrrat-go/jwx/v2 from 2.1.1 to 2.1.2 by @dependabot in #53
• Fix typo. by @jas4711 in #54
• Bump github.com/lestrrat-go/jwx/v2 from 2.1.2 to 2.1.3 by @dependabot in #55
• Bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @dependabot in #56
• Bump github.com/buildkite/interpolate from 0.1.4 to 0.1.5 by @jordandcarter in #57

New Contributors

• @pda made their first contribution in #51
• @jas4711 made their first contribution in #54

Full Changelog: v0.13.2...v0.13.3

v0.13.2

v0.13.2 (2024-09-24)

Full Changelog

Fixed

• Bump github.com/buildkite/interpolate from 0.1.3 to 0.1.4 #50 (@dependabot[bot])
  • This fixes an issue with nested escaped interpolations.

v0.13.1

v0.13.1 (2024-09-05)

Full Changelog

Fixed

• Canonicalise empty plugin configs to nil #49 (@DrJosh9000)

Dependencies

• Bump github.com/oleiade/reflections from 1.0.1 to 1.1.0 #46 (@dependabot[bot])

v0.13.0

Added

• Add support for crypto.Signer when signing and verifying signatures by @wolfeidau in #48

Full Changelog: v0.12.0...v0.13.0

v0.12.0

Changed

• Add a checksum of to the payload debugging to detect binary differences by @wolfeidau in #47

New Contributors

• @wolfeidau made their first contribution in #47

Full Changelog: v0.11.0...v0.12.0

v0.11.0

Fixed

• Canonicalise empty env/plugins/matrix to nil for sign/verify by @DrJosh9000 in #45

Internal

• Bump github.com/lestrrat-go/jwx/v2 from 2.1.0 to 2.1.1 by @dependabot in #44
• Bump github.com/buildkite/interpolate from 0.1.2 to 0.1.3 by @dependabot in #43

Full Changelog: v0.10.0...v0.11.0

v0.10.0

v0.10.0 (2024-06-25)

Full Changelog

⚠️ This release has some breaking changes to the signature subpackage.

All the following functions now take as their first param a context.Context, as well as the following changes.

The signature of signature.Sign function has changed to no longer take env map[string]string but instead use signature.WithEnv(env) as an option.

-func Sign(key jwk.Key, env map[string]string, sf SignedFielder) (*pipeline.Signature, error)
+func Sign(_ context.Context, key jwk.Key, sf SignedFielder, opts ...Option) (*pipeline.Signature, error)

The signature of signature.Verify function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func Verify(s *pipeline.Signature, keySet jwk.Set, env map[string]string, sf SignedFielder)
+func Verify(ctx context.Context, s *pipeline.Signature, keySet jwk.Set, sf SignedFielder, opts ...Option) error

The signature of signature.SignSteps function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func SignSteps(s pipeline.Steps, key jwk.Key, env map[string]string, repoURL string)
+func SignSteps(ctx context.Context, s pipeline.Steps, key jwk.Key, repoURL string, opts ...Option) error

Added

The following were added to the signature subpackage.

func WithEnv(env map[string]string) Option
func WithLogger(logger Logger) Option
func WithDebugSigning(debugSigning bool) Option

• WithLogger enables logging public key thumbprints when signing and verifying steps
• WithDebugSigning will enable debugging for signing steps. When this is enabled, along with WithLogger, will log step payloads before they are signed to assist in debugging verification failures
  • This is intended for development purposes
  • During step upload using signing this will log step payloads to the jobs log which could leak secrets to those with access to your Buildkite build page ⚠️
  • During step verification at the start of all signed jobs this will log the step payloads to the agent log

Removed

-func SignPipeline(p *pipeline.Pipeline, key jwk.Key, repo string) error

Call SignSteps instead.

Changed

• (Described above) Log public key fingerprint in debug, log step payload in signing-debug #39 (@patrobinson)
• Bump github.com/lestrrat-go/jwx/v2 from 2.0.21 to 2.1.0 #40 (@dependabot[bot])
• Bump github.com/buildkite/interpolate from 0.0.0-20200526001904-07f35b4ae251 to 0.1.2 #38 (@dependabot[bot])

v0.9.0

v0.9.0 (2024-04-26)

Full Changelog

⚠️ This release has some breaking changes.

the signature of the pipeline.(*Pipeline).Interpolate method has changed to require an extra argument:

func (p *Pipeline) Interpolate(interpolationEnv InterpolationEnv, preferRuntimeEnv bool) error

This allows us to re-introduce the behaviour of the runtime environment taking precedence if this flag is set to true.

Added

• Add back preferred runtime env with option by @patrobinson in #36

v0.8.0

What's Changed

• Revert breaking change to precedence of variables by @patrobinson in #35

New Contributors

• @patrobinson made their first contribution in #35

Full Changelog: v0.7.0...v0.8.0

v0.7.0

What's Changed

• Add support for name and size to Cache by @jordandcarter in #34
• Add support for cache: false on a CommandStep by @jordandcarter in #34

New Contributors

• @jordandcarter made their first contribution in #34

Full Changelog: v0.6.0...v0.7.0