Release v0.6.0

What's Changed

• fix go-build example by @imjasonh in #999
• Make debugging melange builds less terrible by @jonjohnsonjr in #996
• move runner determination to pkg/cli by @imjasonh in #1000
• Continue interactive execution on exit 0 by @jonjohnsonjr in #1005
• update dario/mergo by @imjasonh in #1001
• Make it easier to find docs-repo on ci failure by @jonjohnsonjr in #998
• Do more cleanup with --rm by @jonjohnsonjr in #1006
• Mostly fix interactive interrupt signal handling by @jonjohnsonjr in #1008
• Split pkg/container up into smaller packages by @jonjohnsonjr in #1009

Full Changelog: v0.5.10...v0.6.0

Release v0.5.10

What's Changed

• move some logs to debug by @imjasonh in #995
• Add --die-with-parent to bwrap flags by @jonjohnsonjr in #997
• feat: GOEXPERIMENT support to go/build and go/install pipelines by @lyoung-confluent in #991

New Contributors

• @lyoung-confluent made their first contribution in #991

Full Changelog: v0.5.9...v0.5.10

Release v0.5.9

What's Changed

• build(deps): bump github.com/docker/docker from 25.0.1+incompatible to 25.0.2+incompatible by @dependabot in #980
• build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #978
• build(deps): bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 by @dependabot in #979
• Cancel context on interrupt signal by @jonjohnsonjr in #992
• Split options into separate files by @jonjohnsonjr in #993
• use charm logger by @imjasonh in #988
• Add WaitDelay to bubblewrap cmd by @jonjohnsonjr in #994

Full Changelog: v0.5.8...v0.5.9

Release v0.5.8

What's Changed

• Exclude "com.docker.grpcfuse.ownership" xattr by @jonjohnsonjr in #981
• Fix race condition in log monitoring by @jonjohnsonjr in #982
• eliminate some more logger invocations by @imjasonh in #983
• Add Close() method to container runners by @jonjohnsonjr in #984
• If arch is not specified, test all. by @vaikas in #985
• Don't use goroutines for monitoring logs by @jonjohnsonjr in #986
• Respond to cancelled context while streaming logs by @jonjohnsonjr in #989
• Add --rm flag (and options) to Build by @jonjohnsonjr in #990

Full Changelog: v0.5.7...v0.5.8

Release v0.5.7

What's Changed

• Take advantage of Octo STS to publish homebrew updates. by @mattmoor in #956
• Pin to digest for setup-go in melange by @jedsalazar in #940
• drop the lima runner by @imjasonh in #958
• Don't include libexec directories in SCA includes by @jonjohnsonjr in #959
• Fix aws-c-s3 SCA by @jonjohnsonjr in #960
• unexport some methods in pkg/sbom by @imjasonh in #961
• warn on invalid license, log SCA findings by @imjasonh in #962
• Switch to octo-sts-action by @mattmoor in #968
• Bump apko to v0.14.0 by @jonjohnsonjr in #969
• Fix missing no-depends check by @jonjohnsonjr in #971
• Embed melange version in .PKGINFO by @jonjohnsonjr in #972
• build(deps): bump google.golang.org/api from 0.154.0 to 0.161.0 by @dependabot in #970
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 by @dependabot in #967
• build(deps): bump github.com/chainguard-dev/yam from 0.0.0-20230807153807-4de7c531f3e1 to 0.0.1 by @dependabot in #947
• build(deps): bump actions/download-artifact from 4.1.0 to 4.1.1 by @dependabot in #923
• build(deps): bump github.com/kubescape/go-git-url from 0.0.26 to 0.0.27 by @dependabot in #917
• stop logging tons of "detected git commit for build configuration" wh… by @rawlingsj in #974
• melange bump: only update expected commit shas for the main git-checkout by @rawlingsj in #975
• test: skip when executing on an unsupported arch by @imjasonh in #976
• Pass the correct env.env to the container. by @vaikas in #977

New Contributors

• @jedsalazar made their first contribution in #940

Full Changelog: v0.5.6...v0.5.7

Release v0.5.6

What's Changed

• Bypass warning about detached head by @imjasonh in #906
• Add a python/test pipeline. by @vaikas in #907
• meson/configure: don't download subprojects by default by @imjasonh in #909
• add *_config pattern to split/dev pipeline by @joemiller in #879
• Add --test-package-append that you can specify extra test packages for each test. by @vaikas in #910
• Add python/import test pipeline, as well as e2e tests for python test pipelines. by @vaikas in #911
• Tiny cleanup: Move test pipelines to where others are. Remove unnecessary test packages. by @vaikas in #912
• build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #918
• Convert some sca code to early return style by @jonjohnsonjr in #921
• Take an fs as an argument to RetrieveWorkspace by @jonjohnsonjr in #926
• Move more mutations into parameters by @jonjohnsonjr in #927
• Drop mutable imgRef from build.Build by @jonjohnsonjr in #928
• Remove some more struct mutating and shadowing by @jonjohnsonjr in #929
• Replace packages in APKINDEX with same version by @jonjohnsonjr in #930
• Use errgroup over github.com/korovkin/limiter by @jonjohnsonjr in #931
• Fix sbom loopvar issue by @jonjohnsonjr in #933
• Make BuildGuest more similar for Build and Test by @jonjohnsonjr in #932
• Allow execable shared objects if name has ".so." by @jonjohnsonjr in #934
• drop pkg/logger and use slog by @imjasonh in #919
• Make "unable to detect git commit" a debug message by @imjasonh in #936
• Allow vendored pkgconfig deps by @jonjohnsonjr in #935
• Audit the permissions of workflows. by @mattmoor in #937
• add e2e test that packages can be installed with apk by @imjasonh in #939
• Fail if unknown variable is used in substitution by @jonjohnsonjr in #942
• sort with key/values by @imjasonh in #943

Full Changelog: v0.5.5...v0.5.6

Release v0.5.5

What's Changed

• update release to add some clarification regarding the homebrew by @cpanato in #876
• Pull in go-apk with provider_priority ini fix. by @mattmoor in #878
• Set a default env var for GOMODCACHE. by @dlorenc in #880
• convert: sort packages alphabetically by @imjasonh in #889
• Mark update.manual as an optional field. by @wlynch in #877
• build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #897
• build(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 by @dependabot in #898
• build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #886
• build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 by @dependabot in #881
• build(deps): bump github.com/kubescape/go-git-url from 0.0.25 to 0.0.26 by @dependabot in #884
• build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #887
• build(deps): bump cloud.google.com/go/storage from 1.35.1 to 1.36.0 by @dependabot in #893
• bump upload/download github actions by @cpanato in #900
• build(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 by @dependabot in #883
• build(deps): bump google.golang.org/api from 0.152.0 to 0.154.0 by @dependabot in #892
• build(deps): bump github.com/lima-vm/lima from 0.18.0 to 0.19.1 by @dependabot in #895

Full Changelog: v0.5.4...v0.5.5

Release v0.5.4

What's Changed

• improve 'melange convert python' to remove manual steps by @imjasonh in #846
• fix docs for --runner by @imjasonh in #848
• format manifests with yam by @imjasonh in #849
• convert python: don't overwrite existing files by @imjasonh in #850
• default --use-github=true by @imjasonh in #847
• fix and continuously validate SBOMs by @imjasonh in #851
• Add jsonschema generation binary. by @wlynch in #861
• Fix lints, or ignore safe ones. No functional changes. by @vaikas in #865
• Fix the lint warnings in pkg/linter by @vaikas in #866
• UTC-ify source date epoch when set by @imjasonh in #868
• support resource requests and timeouts by @imjasonh in #869
• Fix capitalization of SBOM originators by @imjasonh in #867
• Add Test pipelines by @vaikas in #864
• cleanup: don't use pkg/errors by @imjasonh in #870
• Ensure jsonschema is kept up to date. by @wlynch in #862
• build(deps): bump github.com/klauspost/compress from 1.17.2 to 1.17.4 by @dependabot in #874
• build(deps): bump google.golang.org/api from 0.150.0 to 0.152.0 by @dependabot in #873
• build(deps): bump go.opentelemetry.io/otel from 1.20.0 to 1.21.0 by @dependabot in #857
• build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.28.4 by @dependabot in #853
• build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7 by @dependabot in #852
• prefix should be /usr by @lpcalisi in #863
• schema: update for new test pipeline configuration by @kaniini in #875
• build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4 by @dependabot in #855
• build(deps): bump chainguard.dev/apko from 0.11.3-0.20231103184130-c376bfafbda0 to 0.12.0 by @dependabot in #872
• build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0 by @dependabot in #871

New Contributors

• @lpcalisi made their first contribution in #863

Full Changelog: v0.5.3...v0.5.4

Release v0.5.3

What's Changed

• use forked alpine-go in go-apk by @imjasonh in #815
• test runtime replacements by @imjasonh in #837
• apply substitutions to .environment.contents.packages by @imjasonh in #838
• update go-apk dependency by @imjasonh in #842
• build(deps): bump cloud.google.com/go/storage from 1.33.0 to 1.35.1 by @dependabot in #840
• build(deps): bump google.golang.org/api from 0.149.0 to 0.150.0 by @dependabot in #835
• move spammy logs to debugf by @imjasonh in #807
• pipelines: go/build: add support for go.mod overlay files by @kaniini in #843
• build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #841
• build(deps): bump go.opentelemetry.io/otel from 1.19.0 to 1.20.0 by @dependabot in #839
• build(deps): bump golang.org/x/time from 0.3.0 to 0.4.0 by @dependabot in #825
• build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1 by @dependabot in #836
• Update release.md by @imjasonh in #844

Full Changelog: v0.5.2...v0.5.3

Release v0.5.2

What's Changed

• Document the release steps. by @vaikas in #759
• Add APK linting to Melange by @Elizafox in #760
• replace the fetch python url to more friendly URI by @cpanato in #761
• document full-version, add pointer to docs. by @vaikas in #753
• Centralize SOURCE_DATE_EPOCH parsing. by @wlynch in #767
• Add multiple Python packages post-linter by @Elizafox in #764
• build(deps): bump google.golang.org/api from 0.147.0 to 0.148.0 by @dependabot in #774
• build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3 by @dependabot in #773
• build(deps): bump github.com/klauspost/compress from 1.17.1 to 1.17.2 by @dependabot in #771
• build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #768
• build(deps): bump chainguard.dev/apko from 0.10.1-0.20230918194837-e9722fcc3e50 to 0.11.0 by @dependabot in #770
• build(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 by @dependabot in #782
• Improve linter diagnostic output by @Elizafox in #783
• Fix ownership not being preserved by @epsilon-phase in #781
• linter: refactor check block generation in tests by @Elizafox in #786
• melange bump: only reset the epoch if version changes, else increment it by @rawlingsj in #733
• Add Python docs linter by @Elizafox in #789
• readlinkfs: ignore security.selinux xattrs by @joemiller in #790
• Rename Python linters to python/* by @Elizafox in #791
• drop sync-issues-to-project-board.yaml not used anymore by @cpanato in #765
• SCA: add python dependency generator by @kaniini in #788
• Add python/test linter by @Elizafox in #795
• SCA refactoring, part 1 by @kaniini in #793
• Add json tags to melange Configuration. by @wlynch in #796
• Separate out package and build lints by @Elizafox in #797
• Fix ownership issue by @epsilon-phase in #784
• Add SBOM linter by @Elizafox in #801
• pipelines: add npm-install pipeline by @julienv3 in #763
• build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6 by @dependabot in #798
• build(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in #800
• build(deps): bump chainguard.dev/apko from 0.11.1-0.20231026220613-a2b17f6490d2 to 0.11.1 by @dependabot in #799
• Fix Typo in the ./hack/make-devenv.sh by @debasishbsws in #727
• Add linters for documentation and object files by @epsilon-phase in #806
• Add a test to ensure that ranges are handled properly. by @epsilon-phase in #809
• Bump go-apk and use faster tarfs implementation by @jonjohnsonjr in #810
• Filter out noise opening non-ELF files by @jonjohnsonjr in #811
• Bump go-apk by @jonjohnsonjr in #812
• Fix deduplication of strings because slices.Compact doesn't sort the input by @kaniini in #814
• Remove impossible errors by @jonjohnsonjr in #816
• Make loadUse test actually test something by @jonjohnsonjr in #817
• Remove impossible errors by @jonjohnsonjr in #818
• Get rid of PackageContext and SubpackageContext by @jonjohnsonjr in #819
• Error early if uses and runs are both present by @jonjohnsonjr in #820
• remove unimplemented references to fulcio support by @imjasonh in #830
• fail if 'with' is used with 'runs' by @imjasonh in #829
• Delete no-op sbom code by @jonjohnsonjr in #832
• Plumb check configs through to linters by @jonjohnsonjr in #833
• GithubReleaseMonitor: add tagprefix and tagcontains to be used in git… by @ajayk in #834

New Contributors

• @epsilon-phase made their first contribution in #781
• @joemiller made their first contribution in #790
• @julienv3 made their first contribution in #763
• @debasishbsws made their first contribution in #727
• @ajayk made their first contribution in #834

Full Changelog: v0.5.1...v0.5.2