Releases: argoproj-labs/gitops-promoter
Release list
v0.32.0
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Warning
Breaking Changes
install.yaml replaced with alternatives
Starting with 0.32.0, the UI is served by a new PromotionStrategyDetails APIService. This change unblocks important UI improvements, especially improved commit status presentations.
But using an APIService comes with one downside: it requires maintaining a certificate.
The release artifacts include three options for three common cert patterns:
install-with-dashboard-cert-manager.yamlfor cert-manager usersinstall-with-dashboard-byo-cert.yamlfor users who want to create/manage their own cert (we have scripts to help with this)install-without-ui.yamlfor users who don't need the UI and would rather not bother with certs
We expect this to be a very rare breaking change. Throughout even the experimental 0.x releases, we've carefully avoided breaking changes in favor of documenting/queueing those changes for the 1.0 release. But we believe this change is worth it for the huge UI improvements it will unlock.
Instructions for using the new manifests are available in the Getting Started docs page. More details about the APIService are available in the Dashboard API Server page.
If you encounter difficulties transitioning to the new install manifests, feel free to reach out! We'd love to help you finish the upgrade.
Branch names validated
This release introduces stricter validation for branch names across all CRDs. Specifically, branch names cannot start with -, and they cannot contain .. or :. These are rules that git itself enforces, so we are just moving the failure to apply-time instead of runtime.
The branch name must also be no longer than 100 bytes. The number is arbitrary, but it helps us stay within Kubernetes' CEL rule cost budget. In practice, we expect basically no one will need such long branch names. If they do, we can relax the requirement in the future, within cost budget restrictions.
Changelog
Features
- 5555353: feat: APIService for dashboard (#1512) (@zachaller)
Bug fixes
- a0fae79: fix(api): make CRD validation rule ordering deterministic in generated manifests (#1577) (@zachaller)
- d461708: fix(apiserver): fix watch streams capping out at 64 events (#1572) (@zachaller)
- 84327d0: fix(ctp): unclean worktree after failed merge (#1543) (@crenshaw-dev)
Documentation
- 2752644: docs: Add FRAYT to USERS.md (#1573) (@ianstanton)
- 44a1876: docs: bump manifest versions to v0.32.0 (#1587) (@github-actions[bot])
- 89e688a: docs: remove dupe field and fix expression (#1575) (@crenshaw-dev)
- d859efe: docs: restructure site navigation and layout (#1569) (@crenshaw-dev)
Dependency updates
- 5cba51d: chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 (#1566) (@dependabot[bot])
- 185f777: chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.18.0 to 2.19.0 (#1582) (@dependabot[bot])
- 3878984: chore(deps): bump github.com/onsi/ginkgo/v2 from 2.29.0 to 2.30.0 (#1581) (@dependabot[bot])
- 4ffbef8: chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#1561) (@dependabot[bot])
- 95a7334: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#1568) (@dependabot[bot])
- 7c9cb26: chore(deps): bump golang.org/x/sync from 0.20.0 to 0.21.0 (#1570) (@dependabot[bot])
- a4d46dd: chore(deps): bump renovatebot/github-action from 46.1.14 to 46.1.15 (#1565) (@dependabot[bot])
- 62dabf3: chore(deps): update dependency helm/helm to v4.2.1 (#1584) (@gitops-promoter-renovate-bot[bot])
- 9bfecf9: chore(deps): update kubernetes platform to v2.0.0-20260408192533-25e2208e0dc3 (#1567) (@gitops-promoter-renovate-bot[bot])
- 672b905: chore(deps): update module golang.org/x/tools to v0.46.0 (#1585) (@gitops-promoter-renovate-bot[bot])
Other work
- ea90eca: chore!: add branch name validation (#1545) (@crenshaw-dev)
- 2344428: chore: move lint for faster CI feedback (#1574) (@zachaller)
- 10c3fce: ci: fix version bump job (#1583) (@crenshaw-dev)
Verifying this release (Sigstore / cosign)
Container image (for tag v0.32.0):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.32.0' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.32.0latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.32.0_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.32.0' \
--bundle gitops-promoter_0.32.0_checksums.txt.sigstore.json \
gitops-promoter_0.32.0_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.32.0_checksums.txt --ignore-missingFull Changelog: v0.31.1...v0.32.0
v0.31.1
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
Bug fixes
- 8e1876b: fix(ctp): handle missing /hydrator.metadata + add concurrent shared-active-branch tests (#1535) (@crenshaw-dev)
- ae06ddf: fix(test): retry PromotionStrategy update when disabling AutoMerge (#1556) (@crenshaw-dev)
- c204543: fix: keep GitRepository until referencing PullRequests are removed (#1542) (@crenshaw-dev)
Documentation
- 0c00c01: docs: add CEL cost estimate page (#1544) (@crenshaw-dev)
- 372d61c: docs: bump manifest versions to v0.31.1 (#1560) (@github-actions[bot])
Dependency updates
- 997f193: chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1551) (@dependabot[bot])
- 1883603: chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1557) (@dependabot[bot])
- f7a4512: chore(deps): bump controller-tools to v0.21.0 and regenerate codegen (#1533) (@crenshaw-dev)
- d1a81fd: chore(deps): bump crate-ci/typos from 1.47.0 to 1.47.1 (#1552) (@dependabot[bot])
- 96dfbf7: chore(deps): bump crate-ci/typos from 1.47.1 to 1.47.2 (#1558) (@dependabot[bot])
- 1a70f9d: chore(deps): bump github.com/quic-go/quic-go from 0.59.0 to 0.59.1 (#1547) (@dependabot[bot])
- d37410b: chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1 (#1553) (@dependabot[bot])
- 611aeb8: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /hack/celcost (#1546) (@dependabot[bot])
- f0d4f7b: chore(deps): bump react-router and react-router-dom in /ui/dashboard (#1549) (@dependabot[bot])
- 9a30417: chore(deps): update dependency kubernetes-sigs/kind to v0.32.0 (#1538) (@gitops-promoter-renovate-bot[bot])
- d24189e: chore(deps): update go and linter tooling to v1.26.4 (#1537) (@gitops-promoter-renovate-bot[bot])
- e20bd52: chore(deps): update kubernetes platform (#1554) (@gitops-promoter-renovate-bot[bot])
Other work
Verifying this release (Sigstore / cosign)
Container image (for tag v0.31.1):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.1' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.31.1latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.31.1_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.1' \
--bundle gitops-promoter_0.31.1_checksums.txt.sigstore.json \
gitops-promoter_0.31.1_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.31.1_checksums.txt --ignore-missingFull Changelog: v0.31.0...v0.31.1
v0.31.0
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
A major advantage of GitOps Promoter is that it maintains the full state of the system in git: no custom databases or risky reliance on etcd. Each environment has an “active” branch containing the fully-hydrated manifests running in that environment.
In monorepos containing multiple apps, having one active branch per environment/app combo can get unwieldy.
GitOps Promoter 0.31 introduces a new activePath field to the PromotionStrategy resource. By setting this field to a unique path, you can allow multiple apps/PromotionStrategies to share a single active branch. This allows your users to see the full state of every app in a given environment without tightly coupling their deployments. Each app will get its own PRs into the same shared branch, and GitOps Promoter will facilitate keeping those PRs in sync with the target branch.
apiVersion: promoter.argoproj.io/v1alpha1
kind: PromotionStrategy
metadata:
name: payments
spec:
gitRepositoryRef:
name: platform-config
activePath: apps/payments
activeCommitStatuses:
- key: argocd-health-payments
environments:
# Multiple apps can share each of these branches!
- branch: environment/dev
- branch: environment/test
- branch: environment/prodThanks to @patjlm of Red Hat for adding this feature!
With the introduction of shared active branches, we expect more conflicts between PromotionStrategies sharing that branch. To future-proof, we've identified and fixed a couple race conditions. These bugs wouldn't cause correctness issues, but they would cause transient errors and delays. These fixes should make activePath-enabled PromotionStrategies reliable and snappy!
Features
Bug fixes
- 55df545: fix(ctp): avoid git operation races between CTPs (#1495) (#1498) (@crenshaw-dev)
- 15dccdc: fix(ctp): update PR merge sha after conflict (#1496) (#1497) (@crenshaw-dev)
- 21067d7: fix: incorrect error message (#1500) (@crenshaw-dev)
- 49152f5: fix: typos (#1499) (@Copilot)
Documentation
Dependency updates
- 1823074: chore(deps): bump crate-ci/typos from 1.46.3 to 1.47.0 (#1494) (@dependabot[bot])
- c58f874: chore(deps): update dependency goreleaser/goreleaser to v2.16.0 (#1503) (@gitops-promoter-renovate-bot[bot])
- fd1d134: chore(deps): update dependency helm/helm to v3.21.0 (#1504) (@gitops-promoter-renovate-bot[bot])
- 92fb6da: chore(deps): update dependency helm/helm to v4 (#1510) (@gitops-promoter-renovate-bot[bot])
- 151632e: chore(deps): update dependency kubernetes-sigs/kind to v0.31.0 (#1505) (@gitops-promoter-renovate-bot[bot])
- 21b4f0a: chore(deps): update dependency kubernetes-sigs/kubebuilder to v4.14.0 (#1516) (@gitops-promoter-renovate-bot[bot])
- eba06a6: chore(deps): update dependency kubernetes-sigs/kustomize to v5.8.1 (#1521) (@gitops-promoter-renovate-bot[bot])
- 4f60a02: chore(deps): update dependency vektra/mockery to v2.53.6 (#1531) (@gitops-promoter-renovate-bot[bot])
- efdf4c8: chore(deps): update go and linter tooling to v2.12.2 (#1532) (@gitops-promoter-renovate-bot[bot])
- b25de41: chore(deps): update kubernetes platform (#1515) (@gitops-promoter-renovate-bot[bot])
- cd39c53: chore(deps): update node.js to v24.16.0 (#1527) (@gitops-promoter-renovate-bot[bot])
- b883939: chore(deps): update quay.io/brancz/kube-rbac-proxy docker tag to v0.22.0 (#1528) (@gitops-promoter-renovate-bot[bot])
Other work
- 97a3816: chore: Improve renovate (#1502) (@crenshaw-dev)
- 24ebb34: chore: don't set hourly limit on Renovate (#1522) (@crenshaw-dev)
- ce21080: chore: fix renovate author (#1518) (@crenshaw-dev)
- b5c8ecc: chore: fix renovate for mockgen (#1529) (@crenshaw-dev)
- ba3f359: chore: fix renovate mockery (#1523) (@crenshaw-dev)
- e911f18: chore: improve renovate config (#1514) (@crenshaw-dev)
- e1f4e61: chore: use renovate built in go support (#1524) (@crenshaw-dev)
- 22fd47e: chore: use ssa for gitcommitstatus controller cs updates (#1492) (@zachaller)
- 918fbd7: ci: check mockery gen (#1534) (@crenshaw-dev)
Verifying this release (Sigstore / cosign)
Container image (for tag v0.31.0):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.0' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.31.0latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.31.0_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.0' \
--bundle gitops-promoter_0.31.0_checksums.txt.sigstore.json \
gitops-promoter_0.31.0_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.31.0_checksums.txt --ignore-missingFull Changelog: v0.30.1...v0.31.0
v0.30.1
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
This release fixes a bug in the GitLab SCM provider which would allow PromotionStrategies to conflict for similarly-named branches across separate repos. Thanks to @ZeBidule for finding and fixing the bug!
Bug fixes
Documentation
Dependency updates
- 19a2ba6: chore(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#1487) (@dependabot[bot])
Other work
- 8b5a210: chore: fix release trigger on revert (#1484) (@zachaller)
- fd0eddd: chore: remove dead code and add CI check (#1489) (@crenshaw-dev)
Verifying this release (Sigstore / cosign)
Container image (for tag v0.30.1):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.1' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.30.1latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.30.1_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.1' \
--bundle gitops-promoter_0.30.1_checksums.txt.sigstore.json \
gitops-promoter_0.30.1_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.30.1_checksums.txt --ignore-missingFull Changelog: v0.30.0...v0.30.1
v0.30.0
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
This release continues to solidify the WebRequestCommitStatus feature by further reducing the likelihood of unwanted duplicate requests.
Adding a spec.key field to the ArgoCDCommitStatus and TimedCommitStatus resources allows custom names beyond the default argocd-health and timer. It also clears the way for an upcoming feature to support multiple PromotionStrategies sharing the same active branch, a big improvement for monorepos.
Aside from these features, 0.30.0 comes with some small bugfixes and many depencency bumps. Give it a try and let us know how it goes!
Features
- 1ed15e0: feat(security): add sbom in releases (#1413) (@emirot)
- c21b3ad: feat: don't reconcile on stale state (#1472) (@zachaller)
- 68a2758: feat(acdcs/tcs): add optional spec.key field (#1446) (@crenshaw-dev)
Bug fixes
- 34108cb: fix(ui): NaN days ago (#1467) (#1468) (@crenshaw-dev)
- c3b0f57: fix: image digest (#1480) (@crenshaw-dev)
Documentation
- 7312dbe: Revert "docs: bump manifest versions to v0.30.0" (#1481) (@zachaller)
- 5d13449: docs: bump manifest versions to v0.30.0 (#1479) (@github-actions[bot])
- daad38a: docs: bump manifest versions to v0.30.0 (#1483) (@github-actions[bot])
- eab53dd: docs: harden custom hydrator git-notes example against concurrent notes-ref updates (#1471) (@Copilot)
- 4ad93b1: docs: more CRD fields (#1473) (@crenshaw-dev)
Dependency updates
- d631c34: chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#1442) (@dependabot[bot])
- 3438543: chore(deps): bump crate-ci/typos from 1.46.1 to 1.46.2 (#1435) (@dependabot[bot])
- 015f5b7: chore(deps): bump crate-ci/typos from 1.46.2 to 1.46.3 (#1477) (@dependabot[bot])
- 51fe291: chore(deps): bump docker/login-action from 4.1.0 to 4.2.0 (#1475) (@dependabot[bot])
- 9c09605: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.100 to 0.10.0 (#1476) (@dependabot[bot])
- 15868f8: chore(deps): bump github.com/onsi/ginkgo/v2 from 2.28.3 to 2.29.0 (#1436) (@dependabot[bot])
- be5c36b: chore(deps): bump github.com/onsi/gomega from 1.40.0 to 1.41.0 (#1437) (@dependabot[bot])
- a2aa9d3: chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#1438) (@dependabot[bot])
- a90637f: chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 (#1478) (@dependabot[bot])
- 1b34f7a: chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#1463) (@dependabot[bot])
- 0ad9a41: chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#1441) (@dependabot[bot])
- 977f32c: chore(deps): bump idna from 3.11 to 3.15 in /docs (#1443) (@dependabot[bot])
- 2acdf6a: chore(deps): bump pymdown-extensions from 10.21.2 to 10.21.3 in /docs (#1444) (@dependabot[bot])
- 6f55951: chore(deps): bump sigs.k8s.io/multicluster-runtime from 0.23.3 to 0.24.1 (#1469) (@crenshaw-dev)
- 37dbfb7: chore(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#1439) (@dependabot[bot])
- b798558: chore(deps-dev): bump fast-uri from 3.0.6 to 3.1.2 in /ui/extension (#1411) (@dependabot[bot])
Other work
- 0b8a495: refactor: extract EnqueueChangeTransferPolicies into shared utils (#1454) (@Copilot)
- 4ae309e: refactor: extract GetApplicableEnvironments to utils package (#1461) (@Copilot)
- c14d6ab: refactor: remove
ctxparam fromKubeSafeUniqueName(#1451) (@Copilot)
Verifying this release (Sigstore / cosign)
Container image (for tag v0.30.0):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.0' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.30.0latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.30.0_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.0' \
--bundle gitops-promoter_0.30.0_checksums.txt.sigstore.json \
gitops-promoter_0.30.0_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.30.0_checksums.txt --ignore-missingFull Changelog: v0.29.2...v0.30.0
v0.29.2
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
Bug fixes
- bf727e5: fix: cache github client / transports (#1432) (@seanl-circle)
Documentation
Other work
- 20e3237: chore: switch to errors.AsType (#1429) (@crenshaw-dev)
Verifying this release (Sigstore / cosign)
Container image (for tag v0.29.2):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.2' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.29.2latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.29.2_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.2' \
--bundle gitops-promoter_0.29.2_checksums.txt.sigstore.json \
gitops-promoter_0.29.2_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.29.2_checksums.txt --ignore-missingFull Changelog: v0.29.1...v0.29.2
v0.29.1
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
Bug fixes
- 4e2fc5d: fix: fix out of order promotion (#1428) (@zachaller)
Documentation
Verifying this release (Sigstore / cosign)
Container image (for tag v0.29.1):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.1' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.29.1latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.29.1_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.1' \
--bundle gitops-promoter_0.29.1_checksums.txt.sigstore.json \
gitops-promoter_0.29.1_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.29.1_checksums.txt --ignore-missingFull Changelog: v0.29.0...v0.29.1
v0.29.0
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
This release continues the trend of improving the WebRequestCommitStatus API. We have added a methodTemplate field so that you can dynamically choose between GET, POST, etc. based on various inputs. We have also added a variables.expression field to easily calculate variables using expr for use in go templates.
Warning
With the introduction of methodTemplate, we have deprecated the method field. If you currently use method, just change the field name to methodTemplate. It will continue to work exactly as it did before.
0.27.0 switched controllers to Server Side Apply, which significantly improved performance and reduced noise errors due to conflicting resource updates. But it also introduced some bugs. This release fixes the most important bug by working around a quirk of how SSA patches are constructed.
Finally, thanks to @patjlm for finding and fixing a bug where the PullRequest controller could mistake a PR for a different PR on a fork.
Features
- ca3d572: feat: add webrequestcommitstatus methodTemplate support (#1424) (@zachaller)
- 473ac3d: feat: expr variables in http go templates (#1399) (@zachaller)
- 4db8d49: feat: log delivery id in findChangeTransferPolicy (#1425) (@crenshaw-dev)
Bug fixes
- 899bb41: fix(ctp): avoid SSA empty-object null (#1406) (@crenshaw-dev)
- ad3ed31: fix(github): prefix owner in FindOpen head filter (#1417) (@patjlm)
Documentation
- 78abde8: docs: PullRequest commit.message field (#1409) (@crenshaw-dev)
- 6d531cf: docs: bump manifest versions to v0.29.0 (#1427) (@github-actions[bot])
- 8887c2c: docs: use tabs for SCMs in Getting Started (#1398) (@crenshaw-dev)
Dependency updates
- b05b6b6: chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#1422) (@dependabot[bot])
- f94583d: chore(deps): bump code.gitea.io/sdk/gitea from 0.25.0 to 0.25.1 (#1420) (@dependabot[bot])
- 2eb6d48: chore(deps): bump crate-ci/typos from 1.46.0 to 1.46.1 (#1416) (@dependabot[bot])
- ea4424e: chore(deps): bump github.com/tidwall/gjson from 1.18.0 to 1.19.0 (#1414) (@dependabot[bot])
- a584406: chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#1410) (@dependabot[bot])
- 98b2e49: chore(deps): bump renovatebot/github-action from 46.1.13 to 46.1.14 (#1415) (@dependabot[bot])
- 4cc4e1a: chore(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2 (#1407) (@dependabot[bot])
- 7d01261: chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /docs (#1418) (@dependabot[bot])
Verifying this release (Sigstore / cosign)
Container image (for tag v0.29.0):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.0' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.29.0latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.29.0_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.0' \
--bundle gitops-promoter_0.29.0_checksums.txt.sigstore.json \
gitops-promoter_0.29.0_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.29.0_checksums.txt --ignore-missingFull Changelog: v0.28.0...v0.29.0
v0.28.0
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
This release comes with some major improvements to the WebRequestCommitStatus feature as well as some quality-of-life improvements in the UI and in monitoring.
The WebRequestCommitStatus now allows generating template variables with expr expressions, avoiding messy duplicate code and unwieldy go text templates. It also supports unit- and CLI-based tests to verify WebRequestCommitStatus behavior before shipping it to production.
The UI now displays the timestamp for merged PRs, and the Argo CD extension remembers your selection when multiple PromotionStrategies are hosted in the same Application.
Finally, the resource count metric now exposes a readiness label so you can quickly see if a GitOps Promoter upgrade impacts existing resources. It will also help find resources that are in a problematic state so that they can be fixed or cleaned up.
There are also a few minor bugfixes in the UI and in responsiveness on initial setup.
Give the release a try and let us know how it goes!
Changelog
Features
- 9c623b2: feat(ui): persist strategy dropdown selection (#1393) (@jwinters01)
- f1b5f8a: feat(ui): show PR merge time on live card active badge (#1343) (@jwinters01)
- 8903193: feat(wrcs): expr vars in go templates (#1389) (@zachaller)
- 76515e8: feat: Simulator for WebRequestCommitStatus (#1365) (@zachaller)
- aaf6650: feat: WebRequestCommitStatus Variables (#1342) (@zachaller)
- 0ff4d11: feat: add readiness label to promoter_kubernetes_resources metric (#1358) (@Copilot)
- 02dec39: feat: log when /metrics is called (#1359) (@crenshaw-dev)
Bug fixes
- b5d40b5: fix(acdcs): reconcile on PromotionStrategy create (#1313) (@crenshaw-dev)
- 1c0cc67: fix(test): wait for all envs before snapshotting WRCS HTTP request count (#1377) (@crenshaw-dev)
- e43ee43: fix: remove git@ from GitHub HTTPS repo URLs (#1353) (@jwinters01)
Documentation
- 1e47645: docs(wrcs): document at-least-once HTTP delivery and make tests tolerant (#1382) (@crenshaw-dev)
- 346f0e2: docs: bump manifest versions to v0.28.0 (#1397) (@github-actions[bot])
- 607d9f2: docs: grammar fix (#1360) (@crenshaw-dev)
Dependency updates
- b997a82: chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#1350) (@dependabot[bot])
- 414581b: chore(deps): bump code.gitea.io/sdk/gitea from 0.24.1 to 0.25.0 (#1395) (@dependabot[bot])
- 0adce13: chore(deps): bump crate-ci/typos from 1.45.1 to 1.45.2 (#1376) (@dependabot[bot])
- f7a7ced: chore(deps): bump crate-ci/typos from 1.45.2 to 1.46.0 (#1388) (@dependabot[bot])
- 94308fb: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.0 to 1.21.1 (#1344) (@dependabot[bot])
- c470100: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.95 to 0.9.96 (#1367) (@dependabot[bot])
- e8eeda6: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.96 to 0.9.98 (#1384) (@dependabot[bot])
- 0c29b40: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.98 to 0.9.100 (#1387) (@dependabot[bot])
- 7d0f153: chore(deps): bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 (#1366) (@dependabot[bot])
- 0c518b8: chore(deps): bump github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3 (#1380) (@dependabot[bot])
- b557b28: chore(deps): bump github.com/onsi/gomega from 1.39.1 to 1.40.0 (#1379) (@dependabot[bot])
- 781d078: chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#1391) (@dependabot[bot])
- aa4a704: chore(deps): bump go.uber.org/zap from 1.27.1 to 1.28.0 (#1375) (@dependabot[bot])
- a314958: chore(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.1.0 (#1351) (@dependabot[bot])
- 53cc0de: chore(deps): bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 (#1369) (@dependabot[bot])
- 61eb63b: chore(deps): bump postcss from 8.5.8 to 8.5.12 in /ui/dashboard (#1370) (@dependabot[bot])
- 42f4d0e: chore(deps): bump renovatebot/github-action from 46.1.10 to 46.1.11 (#1368) (@dependabot[bot])
- cf55128: chore(deps): bump renovatebot/github-action from 46.1.11 to 46.1.12 (#1381) (@dependabot[bot])
- 80c1a7d: chore(deps): bump renovatebot/github-action from 46.1.12 to 46.1.13 (#1390) (@dependabot[bot])
- 1430257: chore(deps): bump renovatebot/github-action from 46.1.9 to 46.1.10 (#1349) (@dependabot[bot])
Other work
- 0a94536: chore: npm audit fix (#1394) (@github-actions[bot])
- ec3fb8a: chore: refactor webrequest helper functions to new package (#1362) (@zachaller)
Verifying this release (Sigstore / cosign)
Container image (for tag v0.28.0):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.28.0' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.28.0latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.28.0_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.28.0' \
--bundle gitops-promoter_0.28.0_checksums.txt.sigstore.json \
gitops-promoter_0.28.0_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.28.0_checksums.txt --ignore-missingFull Changelog: v0.27.1...v0.28.0
v0.27.1
If you're using GitOps Promoter, please add yourself to USERS.md!
If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.
Changelog
Bug fixes
- b82b5b7: fix: use SSA to update status to avoid conflicts (#1345) (@zachaller)
Documentation
Dependency updates
- 91cf269: chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#1340) (@dependabot[bot])
- 042650a: chore(deps): bump k8s.io/apiextensions-apiserver from 0.35.3 to 0.35.4 (#1341) (@dependabot[bot])
- 3e8a6a7: chore(deps): bump sigs.k8s.io/structured-merge-diff/v6 from 6.3.2 to 6.4.0 (#1339) (@dependabot[bot])
Verifying this release (Sigstore / cosign)
Container image (for tag v0.27.1):
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.27.1' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:v0.27.1latest images on Quay are signed from release-latest.yaml on main:
cosign verify \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
quay.io/argoprojlabs/gitops-promoter:latestChecksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.27.1_checksums.txt and its .sigstore.json bundle, then verify:
cosign verify-blob \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.27.1' \
--bundle gitops-promoter_0.27.1_checksums.txt.sigstore.json \
gitops-promoter_0.27.1_checksums.txtThen verify any downloaded artifact against the checksums file:
sha256sum -c gitops-promoter_0.27.1_checksums.txt --ignore-missingFull Changelog: v0.27.0...v0.27.1