- Notifications
You must be signed in to change notification settings - Fork165
Saas september release notes#1076
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
7 commits Select commitHold shift + click to select a range
d64d114 Create 2024-09-30-sept-release-notes.md
NimRegeveeeb17a Update 2024-09-30-sept-release-notes.md
NimRegevb714fee Update 2024-09-30-sept-release-notes.md
NimRegeve586b3a Sept saas release notes
NimRegev62e3fae Update 2024-09-20-sept-release-notes.md
NimRegev9fe071c Update 2024-09-20-sept-release-notes.md
NimRegev4d26f83 Update 2024-09-20-sept-release-notes.md
NimRegevFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,112 @@ | ||
| --- | ||
| title: "Release Notes: September 2024" | ||
| description: "Release Notes for Codefresh Pipelines and GitOps" | ||
| --- | ||
| ## Features & enhancements | ||
| ### Pipelines: Sigstore for signing container images | ||
| We are excited to announce that Codefresh is at the forefront of the latest developments in container image authenticity and verification! | ||
| By integrating with modern security standards like Sigstore, a trusted authority for signing container images, we provide you with a secure and streamlined solution for signing and verifying container images. | ||
| Sigstore offers two signing methods to secure container images: **key-based signing**, the traditional method, and **keyless signing**, which leverages the OpenID Connect (OIDC) protocol. | ||
| Codefresh fully supports both approaches for images generated by Codefresh pipelines. | ||
| ##### What’s unique about our implementation? | ||
| Codefresh removes the complexity by integrating both key-based and keyless signing directly into your pipeline’s build step. This means you can sign container images with minimal configuration, making the entire process seamless and automated. | ||
| To initiate the signing process, simply add this attribute in your pipeline’s build step: | ||
| ```yaml | ||
| cosign: | ||
| sign: true | ||
| ``` | ||
| ##### Key-based signing | ||
| Our key-based signing mechanism includes an option for password-based signing, adding an extra layer of security by unlocking the private key with a passphrase. | ||
| ##### Keyless signing | ||
| Keyless signing eliminates the need for long-term private key management by utilizing the OIDC protocol. | ||
| Read all about it in our [blog](https://codefresh.io/blog/securing-containers-oidc/){:target="\_blank"}. | ||
| Codefresh is an official OIDC provider, and using Codefresh for keyless signing offers significant benefits: | ||
| * Secure authentication | ||
| Codefresh securely authenticates the pipeline at runtime, ensuring that only authorized pipelines can sign artifacts. | ||
| * Unique build identification | ||
| The Codefresh OIDC provider generates claims that uniquely identify both the pipeline and the build in the issued token, ensuring that each image’s signature is tied to a specific pipeline and build. | ||
| * Robust verification | ||
| External systems can use these embedded claims to confirm the origin and authenticity of the artifact, ensuring the image was signed by a trusted pipeline. | ||
| For details, see [Signing container images with Sigstore]({{site.baseurl}}/docs/pipelines/steps/build/#signing-container-images-with-sigstore). | ||
| ### Pipelines: Enhancements for step-member variables & Boolean properties | ||
| We just rolled out two key updates to give you more control and flexibility in your pipelines. | ||
| ##### Seamless access to step-member variables across parallel steps | ||
| You can now reference step member variables between steps in the same parallel block. No extra work needed to pass information between steps. This update makes it easier to manage complex workflows and share context between parallel steps. | ||
| Here’s an example: | ||
| ```yaml | ||
| main_step: | ||
| type: parallel | ||
| steps: | ||
| first: | ||
| image: alpine | ||
| commands: | ||
| - echo steps.second.name=${{steps.second.name}} | ||
| second: | ||
| image: alpine | ||
| commands: | ||
| - echo steps.first.name=${{steps.first.name}} | ||
| ``` | ||
| ##### Boolean properties as variables | ||
| We also updated properties with Boolean values to fully support variables. This means you can dynamically change the behavior of your pipeline using variables, with properties like `fail_fast`, for example. | ||
| Here’s how it works: | ||
| ```yaml | ||
| fail_fast: $VAR | ||
| ``` | ||
| ### GitOps: Argo CD v2.12 | ||
| We have upgraded the Argo CD version in our platform to v2.12. For detailed information, see the [official docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.11-2.12/){:target="\_blank"}. | ||
| ##### GitOps Runtime version | ||
| You need GitOps Runtime v0.12.0 which includes the latest version of the Helm chart from Argo CD, v7.x.x. | ||
| ##### Breaking change for cluster credentials value type | ||
| Version 7.x.x of the chart includes the breaking change in the _value type for cluster credentials_. | ||
| Previously, the `clusterCredentials` value type was `list`. In the latest version, the type has been changed to `map (object)`. | ||
| As GitOps Runtimes do not use these values directly, runtimes with the default configuration are _not affected_. | ||
| ## Bug fixes | ||
| ##### Pipelines | ||
| * For Bitbucket, build fails as `CF_PULL_REQUEST_ACTION` variable is not populated with correct value. | ||
| * `Error: Failed to run Pipeline` for Azure DevOps SSO (Single Sign-On) provider. | ||
| * Permission and missing scope error when running `codefresh validate yaml` command. | ||
| * Conditions with `workflow.result`” incorrectly evaluated in terminated builds. | ||
| * Some repositories not displayed in **Repository** list when creating trigger for Bitbucket server. | ||
| * `CF_COMMIT_MESSAGE` and `CF_COMMIT_MESSAGE_ESCAPED` variables show text in Pull Request titles instead of commit messages. | ||
| * Variables not supported as values for Boolean properties in pipelines. | ||
| ##### GitOps | ||
| * Unable to connect to a Git provider using the Hosted GitOps Runtime. | ||
| * Command failure for `argo-platform-analytics-reporter`. | ||
| * GitOps permissions do not function correctly when attributes are applied. |
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.