Skip to content

Releases: argoproj-labs/gitops-promoter

v0.32.0

Choose a tag to compare

@github-actions github-actions released this 15 Jun 14:03
Immutable release. Only release title and notes can be modified.
44a1876
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Warning

⚠️ This release comes with breaking changes that will almost certainly impact your setup. ⚠️

Breaking Changes

install.yaml replaced with alternatives

Starting with 0.32.0, the UI is served by a new PromotionStrategyDetails APIService. This change unblocks important UI improvements, especially improved commit status presentations.

But using an APIService comes with one downside: it requires maintaining a certificate.

The release artifacts include three options for three common cert patterns:

  • install-with-dashboard-cert-manager.yaml for cert-manager users
  • install-with-dashboard-byo-cert.yaml for users who want to create/manage their own cert (we have scripts to help with this)
  • install-without-ui.yaml for users who don't need the UI and would rather not bother with certs

We expect this to be a very rare breaking change. Throughout even the experimental 0.x releases, we've carefully avoided breaking changes in favor of documenting/queueing those changes for the 1.0 release. But we believe this change is worth it for the huge UI improvements it will unlock.

Instructions for using the new manifests are available in the Getting Started docs page. More details about the APIService are available in the Dashboard API Server page.

If you encounter difficulties transitioning to the new install manifests, feel free to reach out! We'd love to help you finish the upgrade.

Branch names validated

This release introduces stricter validation for branch names across all CRDs. Specifically, branch names cannot start with -, and they cannot contain .. or :. These are rules that git itself enforces, so we are just moving the failure to apply-time instead of runtime.

The branch name must also be no longer than 100 bytes. The number is arbitrary, but it helps us stay within Kubernetes' CEL rule cost budget. In practice, we expect basically no one will need such long branch names. If they do, we can relax the requirement in the future, within cost budget restrictions.

Changelog

Features

Bug fixes

Documentation

Dependency updates

  • 5cba51d: chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 (#1566) (@dependabot[bot])
  • 185f777: chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.18.0 to 2.19.0 (#1582) (@dependabot[bot])
  • 3878984: chore(deps): bump github.com/onsi/ginkgo/v2 from 2.29.0 to 2.30.0 (#1581) (@dependabot[bot])
  • 4ffbef8: chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#1561) (@dependabot[bot])
  • 95a7334: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#1568) (@dependabot[bot])
  • 7c9cb26: chore(deps): bump golang.org/x/sync from 0.20.0 to 0.21.0 (#1570) (@dependabot[bot])
  • a4d46dd: chore(deps): bump renovatebot/github-action from 46.1.14 to 46.1.15 (#1565) (@dependabot[bot])
  • 62dabf3: chore(deps): update dependency helm/helm to v4.2.1 (#1584) (@gitops-promoter-renovate-bot[bot])
  • 9bfecf9: chore(deps): update kubernetes platform to v2.0.0-20260408192533-25e2208e0dc3 (#1567) (@gitops-promoter-renovate-bot[bot])
  • 672b905: chore(deps): update module golang.org/x/tools to v0.46.0 (#1585) (@gitops-promoter-renovate-bot[bot])

Other work

Verifying this release (Sigstore / cosign)

Container image (for tag v0.32.0):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.32.0' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.32.0

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.32.0_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.32.0' \
  --bundle gitops-promoter_0.32.0_checksums.txt.sigstore.json \
  gitops-promoter_0.32.0_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.32.0_checksums.txt --ignore-missing

Full Changelog: v0.31.1...v0.32.0

v0.31.1

Choose a tag to compare

@github-actions github-actions released this 04 Jun 22:09
Immutable release. Only release title and notes can be modified.
372d61c
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

Bug fixes

Documentation

Dependency updates

Other work

  • 8b7d63d: chore: npm audit fix (#1550) (@github-actions[bot])

Verifying this release (Sigstore / cosign)

Container image (for tag v0.31.1):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.1' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.31.1

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.31.1_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.1' \
  --bundle gitops-promoter_0.31.1_checksums.txt.sigstore.json \
  gitops-promoter_0.31.1_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.31.1_checksums.txt --ignore-missing

Full Changelog: v0.31.0...v0.31.1

v0.31.0

Choose a tag to compare

@github-actions github-actions released this 02 Jun 20:46
Immutable release. Only release title and notes can be modified.
107049b
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

A major advantage of GitOps Promoter is that it maintains the full state of the system in git: no custom databases or risky reliance on etcd. Each environment has an “active” branch containing the fully-hydrated manifests running in that environment.

In monorepos containing multiple apps, having one active branch per environment/app combo can get unwieldy.

GitOps Promoter 0.31 introduces a new activePath field to the PromotionStrategy resource. By setting this field to a unique path, you can allow multiple apps/PromotionStrategies to share a single active branch. This allows your users to see the full state of every app in a given environment without tightly coupling their deployments. Each app will get its own PRs into the same shared branch, and GitOps Promoter will facilitate keeping those PRs in sync with the target branch.

apiVersion: promoter.argoproj.io/v1alpha1
kind: PromotionStrategy
metadata:
  name: payments
spec:
  gitRepositoryRef:
    name: platform-config
  activePath: apps/payments
  activeCommitStatuses:
    - key: argocd-health-payments
  environments:
    # Multiple apps can share each of these branches!
    - branch: environment/dev
    - branch: environment/test
    - branch: environment/prod

Thanks to @patjlm of Red Hat for adding this feature!

With the introduction of shared active branches, we expect more conflicts between PromotionStrategies sharing that branch. To future-proof, we've identified and fixed a couple race conditions. These bugs wouldn't cause correctness issues, but they would cause transient errors and delays. These fixes should make activePath-enabled PromotionStrategies reliable and snappy!

Features

Bug fixes

Documentation

  • 107049b: docs: bump manifest versions to v0.31.0 (#1536) (@github-actions[bot])

Dependency updates

  • 1823074: chore(deps): bump crate-ci/typos from 1.46.3 to 1.47.0 (#1494) (@dependabot[bot])
  • c58f874: chore(deps): update dependency goreleaser/goreleaser to v2.16.0 (#1503) (@gitops-promoter-renovate-bot[bot])
  • fd1d134: chore(deps): update dependency helm/helm to v3.21.0 (#1504) (@gitops-promoter-renovate-bot[bot])
  • 92fb6da: chore(deps): update dependency helm/helm to v4 (#1510) (@gitops-promoter-renovate-bot[bot])
  • 151632e: chore(deps): update dependency kubernetes-sigs/kind to v0.31.0 (#1505) (@gitops-promoter-renovate-bot[bot])
  • 21b4f0a: chore(deps): update dependency kubernetes-sigs/kubebuilder to v4.14.0 (#1516) (@gitops-promoter-renovate-bot[bot])
  • eba06a6: chore(deps): update dependency kubernetes-sigs/kustomize to v5.8.1 (#1521) (@gitops-promoter-renovate-bot[bot])
  • 4f60a02: chore(deps): update dependency vektra/mockery to v2.53.6 (#1531) (@gitops-promoter-renovate-bot[bot])
  • efdf4c8: chore(deps): update go and linter tooling to v2.12.2 (#1532) (@gitops-promoter-renovate-bot[bot])
  • b25de41: chore(deps): update kubernetes platform (#1515) (@gitops-promoter-renovate-bot[bot])
  • cd39c53: chore(deps): update node.js to v24.16.0 (#1527) (@gitops-promoter-renovate-bot[bot])
  • b883939: chore(deps): update quay.io/brancz/kube-rbac-proxy docker tag to v0.22.0 (#1528) (@gitops-promoter-renovate-bot[bot])

Other work

Verifying this release (Sigstore / cosign)

Container image (for tag v0.31.0):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.0' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.31.0

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.31.0_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.31.0' \
  --bundle gitops-promoter_0.31.0_checksums.txt.sigstore.json \
  gitops-promoter_0.31.0_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.31.0_checksums.txt --ignore-missing

Full Changelog: v0.30.1...v0.31.0

v0.30.1

Choose a tag to compare

@github-actions github-actions released this 28 May 17:17
Immutable release. Only release title and notes can be modified.
655a802
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

This release fixes a bug in the GitLab SCM provider which would allow PromotionStrategies to conflict for similarly-named branches across separate repos. Thanks to @ZeBidule for finding and fixing the bug!

Bug fixes

Documentation

  • 655a802: docs: bump manifest versions to v0.30.1 (#1490) (@github-actions[bot])

Dependency updates

Other work

Verifying this release (Sigstore / cosign)

Container image (for tag v0.30.1):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.1' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.30.1

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.30.1_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.1' \
  --bundle gitops-promoter_0.30.1_checksums.txt.sigstore.json \
  gitops-promoter_0.30.1_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.30.1_checksums.txt --ignore-missing

Full Changelog: v0.30.0...v0.30.1

v0.30.0

Choose a tag to compare

@github-actions github-actions released this 26 May 19:46
Immutable release. Only release title and notes can be modified.
daad38a
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

This release continues to solidify the WebRequestCommitStatus feature by further reducing the likelihood of unwanted duplicate requests.

Adding a spec.key field to the ArgoCDCommitStatus and TimedCommitStatus resources allows custom names beyond the default argocd-health and timer. It also clears the way for an upcoming feature to support multiple PromotionStrategies sharing the same active branch, a big improvement for monorepos.

Aside from these features, 0.30.0 comes with some small bugfixes and many depencency bumps. Give it a try and let us know how it goes!

Features

Bug fixes

Documentation

Dependency updates

Other work

  • 0b8a495: refactor: extract EnqueueChangeTransferPolicies into shared utils (#1454) (@Copilot)
  • 4ae309e: refactor: extract GetApplicableEnvironments to utils package (#1461) (@Copilot)
  • c14d6ab: refactor: remove ctx param from KubeSafeUniqueName (#1451) (@Copilot)

Verifying this release (Sigstore / cosign)

Container image (for tag v0.30.0):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.0' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.30.0

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.30.0_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.30.0' \
  --bundle gitops-promoter_0.30.0_checksums.txt.sigstore.json \
  gitops-promoter_0.30.0_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.30.0_checksums.txt --ignore-missing

Full Changelog: v0.29.2...v0.30.0

v0.29.2

Choose a tag to compare

@github-actions github-actions released this 16 May 01:04
Immutable release. Only release title and notes can be modified.
fc6b401
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

Bug fixes

Documentation

  • fc6b401: docs: bump manifest versions to v0.29.2 (#1433) (@github-actions[bot])

Other work

Verifying this release (Sigstore / cosign)

Container image (for tag v0.29.2):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.2' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.29.2

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.29.2_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.2' \
  --bundle gitops-promoter_0.29.2_checksums.txt.sigstore.json \
  gitops-promoter_0.29.2_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.29.2_checksums.txt --ignore-missing

Full Changelog: v0.29.1...v0.29.2

v0.29.1

Choose a tag to compare

@github-actions github-actions released this 14 May 20:28
Immutable release. Only release title and notes can be modified.
771c6b4
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

Bug fixes

Documentation

  • 771c6b4: docs: bump manifest versions to v0.29.1 (#1431) (@github-actions[bot])

Verifying this release (Sigstore / cosign)

Container image (for tag v0.29.1):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.1' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.29.1

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.29.1_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.1' \
  --bundle gitops-promoter_0.29.1_checksums.txt.sigstore.json \
  gitops-promoter_0.29.1_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.29.1_checksums.txt --ignore-missing

Full Changelog: v0.29.0...v0.29.1

v0.29.0

Choose a tag to compare

@github-actions github-actions released this 14 May 15:28
Immutable release. Only release title and notes can be modified.
6d531cf
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

This release continues the trend of improving the WebRequestCommitStatus API. We have added a methodTemplate field so that you can dynamically choose between GET, POST, etc. based on various inputs. We have also added a variables.expression field to easily calculate variables using expr for use in go templates.

Warning

With the introduction of methodTemplate, we have deprecated the method field. If you currently use method, just change the field name to methodTemplate. It will continue to work exactly as it did before.

0.27.0 switched controllers to Server Side Apply, which significantly improved performance and reduced noise errors due to conflicting resource updates. But it also introduced some bugs. This release fixes the most important bug by working around a quirk of how SSA patches are constructed.

Finally, thanks to @patjlm for finding and fixing a bug where the PullRequest controller could mistake a PR for a different PR on a fork.

Features

Bug fixes

Documentation

Dependency updates

Verifying this release (Sigstore / cosign)

Container image (for tag v0.29.0):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.0' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.29.0

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.29.0_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.29.0' \
  --bundle gitops-promoter_0.29.0_checksums.txt.sigstore.json \
  gitops-promoter_0.29.0_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.29.0_checksums.txt --ignore-missing

Full Changelog: v0.28.0...v0.29.0

v0.28.0

Choose a tag to compare

@github-actions github-actions released this 06 May 14:47
Immutable release. Only release title and notes can be modified.
346f0e2
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


This release comes with some major improvements to the WebRequestCommitStatus feature as well as some quality-of-life improvements in the UI and in monitoring.

The WebRequestCommitStatus now allows generating template variables with expr expressions, avoiding messy duplicate code and unwieldy go text templates. It also supports unit- and CLI-based tests to verify WebRequestCommitStatus behavior before shipping it to production.

The UI now displays the timestamp for merged PRs, and the Argo CD extension remembers your selection when multiple PromotionStrategies are hosted in the same Application.

Finally, the resource count metric now exposes a readiness label so you can quickly see if a GitOps Promoter upgrade impacts existing resources. It will also help find resources that are in a problematic state so that they can be fixed or cleaned up.

There are also a few minor bugfixes in the UI and in responsiveness on initial setup.

Give the release a try and let us know how it goes!

Changelog

Features

Bug fixes

Documentation

Dependency updates

Other work

Verifying this release (Sigstore / cosign)

Container image (for tag v0.28.0):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.28.0' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.28.0

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.28.0_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.28.0' \
  --bundle gitops-promoter_0.28.0_checksums.txt.sigstore.json \
  gitops-promoter_0.28.0_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.28.0_checksums.txt --ignore-missing

Full Changelog: v0.27.1...v0.28.0

v0.27.1

Choose a tag to compare

@github-actions github-actions released this 20 Apr 15:29
Immutable release. Only release title and notes can be modified.
b054f1e
GitOps Promoter

If you're using GitOps Promoter, please add yourself to USERS.md!

If you're evaluating GitOps Promoter, we'd love to hear from you — please open a discussion to share your feedback.


Changelog

Bug fixes

Documentation

  • b054f1e: docs: bump manifest versions to v0.27.1 (#1347) (@github-actions[bot])

Dependency updates

Verifying this release (Sigstore / cosign)

Container image (for tag v0.27.1):

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.27.1' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:v0.27.1

latest images on Quay are signed from release-latest.yaml on main:

cosign verify \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release-latest.yaml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  quay.io/argoprojlabs/gitops-promoter:latest

Checksums file: The checksums file is signed with Sigstore. Download gitops-promoter_0.27.1_checksums.txt and its .sigstore.json bundle, then verify:

cosign verify-blob \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate-identity 'https://github.com/argoproj-labs/gitops-promoter/.github/workflows/release.yaml@refs/tags/v0.27.1' \
  --bundle gitops-promoter_0.27.1_checksums.txt.sigstore.json \
  gitops-promoter_0.27.1_checksums.txt

Then verify any downloaded artifact against the checksums file:

sha256sum -c gitops-promoter_0.27.1_checksums.txt --ignore-missing

Full Changelog: v0.27.0...v0.27.1