v0.2.11

What's Changed

• chore(deps): bump github.com/klauspost/compress from 1.15.0 to 1.15.1 by @dependabot in #153
• chore(deps): bump github.com/open-policy-agent/opa from 0.38.0 to 0.38.1 by @dependabot in #154
• chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #155
• chore(deps): bump go.step.sm/crypto from 0.15.3 to 0.16.0 by @dependabot in #157
• chore(deps): bump github.com/magefile/mage from 1.12.1 to 1.13.0 by @dependabot in #156
• chore(deps): bump github/codeql-action from 1 to 2 by @dependabot in #177
• [chore] Repo Maintenance by @fin09pcap in #191
• chore(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #161
• chore(deps): bump docker/build-push-action from 2 to 3 by @dependabot in #184
• chore(deps): bump docker/metadata-action from 3 to 4 by @dependabot in #183
• chore(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4 by @dependabot in #176
• chore(deps): bump github.com/cloudflare/tableflip from 1.2.2 to 1.2.3 by @dependabot in #166
• chore(deps): bump goreleaser/goreleaser-action from 2 to 3 by @dependabot in #192
• chore(deps): bump docker/setup-buildx-action from 1 to 2 by @dependabot in #195
• fix(config): loader was not working with subcommands. by @Zenithar in #188
• chore(deps): bump oras.land/oras-go from 1.1.0 to 1.1.1 by @dependabot in #171
• chore(deps): bump github.com/pelletier/go-toml from 1.9.4 to 1.9.5 by @dependabot in #175
• fix: update validator to use human names for IBM regions by @fin09pcap in #178
• chore(deps): bump sigstore/cosign-installer from 2.1.0 to 2.3.0 by @dependabot in #179
• chore(deps): bump github.com/google/cel-go from 0.10.1 to 0.11.4 by @dependabot in #185
• chore(deps): bump docker/login-action from 1 to 2 by @dependabot in #199
• chore(deps): bump docker/setup-qemu-action from 1 to 2 by @dependabot in #198
• chore(deps): bump actions/cache from 2.1.7 to 3.0.3 by @dependabot in #193
• chore(deps): bump go.step.sm/crypto from 0.16.0 to 0.16.2 by @dependabot in #187
• chore(deps): bump github.com/sethvargo/go-diceware from 0.2.1 to 0.3.0 by @dependabot in #194
• Fix yaml serialization from pb by @Zenithar in #221
• fix: add regions for google cloud provider by @fin09pcap in #268
• fix: update cmdutil.Reader to use os.Openfile by @fin09pcap in #277
• [RuleSet] add support for annotations and labels by @fin09pcap in #271

Full Changelog: v0.2.10...v0.2.11

v0.2.10

Harp v0.2.10

v0.2.9

0.2.9

2022-03-13

BREAKING-CHANGES:

• FIPS artifacts are disabled by default on GitHub Actions CI but still can be
  built locally.
• harp-artifacts containing all harp binaries will not be produced anymore.

FEATURES:

• cli/lint:

  • Provide command to Lint YAML/JSON content for Bundle, BundleTemplate, RuleSet and BundlePatch. #138

• cli/render:

  • Generate a configuration file system from an archive. #149

• cli/template:

  • Support archive as file loader.

• sdk/api:

  • Bundle, BundleTemplate, RuleSet and BundlePatch JSON schema are published. #138
  • JSON Schema for all configuration files. #145

• sdk/crate:

  • A crate is an OCI Compatible image which can be pushed to OCI compliant
    registries.
  • crate push is used to prepare a crate with a sealed container and
    optionally an archive - OCI Push #138
  • This is used to publish the sealed container and the templates used to
    render the final configuration.
  • crate copy is used to retrieve a remote crate from a registry. #147

DIST:

• docker:
  • Multi-architecture docker images are produced.

What's Changed

• chore(deps): bump actions/cache from 1 to 2.1.7 by @dependabot in #136
• chore(deps): bump github.com/hashicorp/vault/api from 1.3.1 to 1.4.1 by @dependabot in #135
• Chore go maintenance by @Zenithar in #137
• chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #139
• chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.38.0 by @dependabot in #140
• chore(deps): bump sigstore/cosign-installer from 2.0.1 to 2.1.0 by @dependabot in #143
• chore(deps): bump go.step.sm/crypto from 0.15.1 to 0.15.2 by @dependabot in #142
• chore(deps): bump github.com/klauspost/compress from 1.14.4 to 1.15.0 by @dependabot in #141
• feat(crate): introduce crate concept. by @Zenithar in #138
• Feat config jsonschema by @Zenithar in #145
• chore(deps): bump github.com/google/cel-go from 0.9.0 to 0.10.0 by @dependabot in #144
• feat(lint): schema autodetection from content. by @Zenithar in #146
• feat(create): copy command. by @Zenithar in #147
• chore(deps): bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #148
• chore(deps): bump go.step.sm/crypto from 0.15.2 to 0.15.3 by @dependabot in #152
• chore(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #150
• chore(deps): bump github.com/google/cel-go from 0.10.0 to 0.10.1 by @dependabot in #151
• feat(archive): make in-memory fs walkable. by @Zenithar in #149

Full Changelog: v0.2.8...v0.2.9

v0.2.8

FEATURES:

• cli:
  • darwin-amd64 and darwin-arm64 are code signed and notarized using an Apple Developer ID certificate to allow harp execution on Silicon M1 based computers. #134
• cli/transform:
  • compress/decompress commands for various algorithms. #117
  • hash/multihash command for various hashing algorithms. #117
  • encode/decode command for various encoding strategies #117
• bundle/ruleset:
  • enable rego language for RuleSet constraint engine. #134
• sdk/api:
  • support user_data for Bundle, Package, SecretChain to store custom arbitrary data during pipeline execution. #134
• sdk/value:
  • encoding reader / writer factory. #117
  • compression reader/writer factory. #117
  • hash writer factory. #117

CHANGES:

• go:
  • FIPS artifact build process is disabled.
• git:
  • the tag cmd/harp/vX.XX will never be produced.
• ci:
  • dependabot setup to monitor and automate dependency updates.
  • the release pipeline has been completely redesigned to use goreleaser.
  • SLSA provenance is temporary disabled due to a lack of the multiplatform support for the used action.

DIST:

• build/ci:
  • SHA256 fingerprint is provided per artifact.
  • SBOM is embedded in the artifact archive.
• build/gha:
  • zntrio/harp-installer github action could be used to set up harp during your github action pipelines.

Full Changelog: v0.2.7...v0.2.8

v0.2.7

FEATURES:

• bundle/from:
  • read a HCL bundle descriptor to generate the binary bundle. #114
• bundle/patch:
  • support --stop-at-rule-index=<int> and --stop-at-rule-id=<string> flags for bundle patch to stop patch evaluation before requested rule identifier or index. #112
  • --ignore-rule-id and --ignore-rule-index flags to ignore matching rules during bundle patch evaluation. #112
• bundle/selector:
  • support regoFile to load a Rego filter policy from a file. #111
  • cel query language #111
    • p.match_label(globstring, globstring) can be used to match label key and value
    • p.match_annotation(globstring, globstring) can be used to match annotation key and value

DIST:

• go: Build with Golang 1.17.7.
• go-boring: Build with Golang 1.17.7b7.

cmd/harp/v0.2.7

What's Changed

• feat(bundle): rego file selector. by @Zenithar in #111
• feat(patch): rule evaluation stopper flags. by @Zenithar in #112
• chore(go): update go to 1.17.7 by @Zenithar in #113
• feat(bundle): HCL bundle descriptor. by @Zenithar in #114
• chore(ci): update goboring to 1.17.7. by @Zenithar in #115
• fix(test): disable golden tests due to map order stability. by @Zenithar in #116

Full Changelog: v0.2.6...cmd/harp/v0.2.7

v0.2.6

What's Changed

• Doc general onboarding by @Zenithar in #101
• feat(transformer): support AGE encryption. by @Zenithar in #102
• feat(value): deterministic authenticated encryption. by @Zenithar in #103
• feat(value): additional data support for AEAD/DAE transformers. by @Zenithar in #104
• feat(pipeline): allow reader/writer customization. by @Zenithar in #105
• Feat bundle rego filter by @Zenithar in #106
• doc(bundle): add sample rego based patch. by @Zenithar in #107
• feat(patch): reverse bundle iteration logic. by @Zenithar in #108
• Feat package cel matcher by @Zenithar in #109
• Feat bundle matcher languages harmonization by @Zenithar in #110

Full Changelog: v0.2.5...v0.2.6

cmd/harp/v0.2.6

2022-02-07

FEATURES:

• template/engine:
  • isodate time formatter to RFC3389 date format.
• bundle/pipeline:
  • Support custom input reader and output writer. #105
• bundle/selector:
  • support glob for package path and secret key matcher. #110
  • support rego policy for bunde filter command and BundlePatch selector. #106
  • support cel expressions used in BundleRuleSet for package matchers in bundle filter command and BundlePatch selector. #109
• sdk/value:
  • support age encryption as value transformer. #102
  • support deterministic authenticated encryption value transformers. #103
  • support additional data for AEAD/DAE transformers. #104
  • DAE transformers can be initialized using an optional salt to derive different keys from the transformer key. #104

DIST

• go: Build with Golang 1.17.6.
• build/ci
  • Add SLSA Level 1 - Provenance generation step for binaries.
  • Add Snyk as code / dependencies scanner via SARIF.
  • Add Trivy dependencies scanner via SARIF.

Full Changelog: v0.2.5...cmd/harp/v0.2.6

v0.2.5

What's Changed

• feat(template): JWT parser/verifier. by @Zenithar in #95
• chore(go): fix possible dependency spoofing. by @Zenithar in #96
• Feat template crypto tls dane compute by @Zenithar in #97
• Feat gha secret provisioner by @Zenithar in #98
• fix(vault): custom metadata could be nil. by @Zenithar in #99
• chore(repository): v0.2.5 maintenance by @Zenithar in #100

Full Changelog: v0.2.4...v0.2.5

cmd/harp/v0.2.5

PEM manipulation functions + GHA Publisher