v0.15.1-rc1

Changelog

• 1eae92f fix: correct build summary counts for packages built after verification failure

v0.15.0

What's Changed

• feat!: store in-toto provenance outside tar.gz by @leodido in #283
• feat: export SOURCE_DATE_EPOCH for build commands by @leodido in #284
• fix: pass SOURCE_DATE_EPOCH as build arg (+ fix timestamp in export metadata) for deterministic docker images by @leodido in #285
• build(deps): Bump golang.org/x/crypto from 0.42.0 to 0.45.0 by @dependabot[bot] in #287
• feat(docker): use OCI layout for deterministic image caching by @leodido in #286
• fix: extract digest from OCI layout for SLSA provenance by @leodido in #289
• fix: support container extraction with OCI layout export by @leodido in #290
• fix: support SBOM generation with OCI layout export by @leodido in #291
• fix: upload and download provenance bundles in S3 cache by @leodido in #292
• fix: move test coverage collection before packaging phase by @leodido in #294

Full Changelog: v0.14.0...v0.15.0

v0.15.0-rc7

Changelog

• ba0d150 fix: add backward compatibility for missing provenance bundles
• c103fb2 fix: add git initialization to TestDockerPackage_ExportToCache_Integration
• 61f08fe fix: extract digest from OCI layout for SLSA provenance
• d5d6983 fix: move test coverage collection before packaging phase
• f98b2e8 fix: support SBOM generation with OCI layout export
• d0c01ae fix: support container extraction with OCI layout export
• c875b21 fix: upload and download provenance bundles in S3 cache
• fa7e0fe refactor: add dedicated helpers for provenance bundle operations

v0.15.0-rc6

Changelog

Full Changelog: v0.15.0-rc5...v0.15.0-rc6

v0.15.0-rc5

Changelog

• 72c405f fix: add backward compatibility for missing provenance bundles
• c103fb2 fix: add git initialization to TestDockerPackage_ExportToCache_Integration
• 61f08fe fix: extract digest from OCI layout for SLSA provenance
• f98b2e8 fix: support SBOM generation with OCI layout export
• d0c01ae fix: support container extraction with OCI layout export
• 3bf7c45 fix: upload and download provenance bundles in S3 cache
• 3a42cb4 refactor: add dedicated helpers for provenance bundle operations

v0.15.0-rc3

Changelog

• b12cf22 fix: support container extraction with OCI layout export

v0.15.0-rc2

Changelog

• c4e9408 fix: extract digest from OCI layout for SLSA provenance

v0.15.0-rc1

Changelog

• c856dab build(deps): Bump golang.org/x/crypto from 0.42.0 to 0.45.0
• c9c3898 feat!: bump provenance version and remove tar.gz fallback
• 4dbea33 feat(ci): add integration tests workflow
• d153ac3 feat(docker): pass SOURCE_DATE_EPOCH as build arg for deterministic images
• 942eb06 feat(docker): use OCI layout for deterministic image caching
• 5d71f0e feat: export SOURCE_DATE_EPOCH for build commands
• a2e0218 fix(ci): add -v flag to show determinism verification output
• 2667fac fix(docker): use deterministic timestamp in docker-export-metadata.json
• 6bc7552 fix(test): update dummyDocker mock to handle OCI layout export
• d68c06b fix: bump DockerPackage buildProcessVersion for OCI layout format change
• a45d5b0 fix: correct git timestamp retrieval and integration test issues
• cdb2518 fix: move provenance handling after packaging phase
• 809bc88 fix: update integration tests for OCI layout compatibility
• 162be1f refactor: remove provenance from tar.gz packaging
• 474d783 refactor: use ProvenanceBundleFilename constant

v0.14.0

What's Changed

• fix(signing): skip attestation upload when artifact exists by @leodido in #280
• feat(sbom): normalize SBOMs for deterministic builds by @leodido in #281
• feat(tar): add deterministic mtime for tar archives by @leodido in #282

Full Changelog: v0.13.2...v0.14.0