v1.3.1

What's Changed

• chore(backport release-1.3): docs: update docs to use official kargo-helm example repo by @akuitybot in #3567
• chore(backport release-1.3): docs: add v1.3.0 release notes by @akuitybot in #3571
• chore(backport release-1.3): fix: improve construction of HTTP transports by @akuitybot in #3574
• chore(backport release-1.3): fix: require tag or digest for kustomize-set-image by @akuitybot in #3580
• chore(backport release-1.3): docs: note kustomize-set-image tag/digest requirement by @akuitybot in #3583
• chore(backport release-1.3): fix(controller): remove mustClone method from gitCloner by @akuitybot in #3601
• chore(backport release-1.3): fix(ui): invalid verification duration by @akuitybot in #3605
• chore(backport release-1.3): fix(controller): replace missing credential lookup in git-clone step by @akuitybot in #3611
• chore(backport release-1.3): fix(ui): graph edge glitch by @akuitybot in #3615

Full Changelog: v1.3.0...v1.3.1

v1.3.0

⚠️ Breaking Changes

As announced in our v1.1.0 release notes, several deprecated features from before we introduced support for Expression Language have been removed in this release.

• The fromOrigin and fromFreight fields in the argocd-update, git-clone, helm-update-chart, and kustomize-set-image steps have been removed in favor of the expression functions.
• The kustomize-set-image step no longer implicitly sets the tag from the Freight image and users must specify either the tag or digest they wish to set (e.g. using imageFrom function).
• The <thing>FromStep fields in the argocd-update, git-open-pr, and git-wait-for-pr steps have been removed in favor of using step outputs.
• The helm-update-image step has been removed in favor of the more generic yaml-update step which supports the same functionalities.

To discover the new way of providing the configuration for these steps, please refer to the updated documentation examples for each step linked above.

⚠️ New Deprecations

Consistent with the changes noted above, the messageFromSteps field of the git-commit promotion step is newly deprecated in favor of using the message field with expressions instead.

messageFromSteps is scheduled for removal in the v1.5.0 release.

✨ New Features

🔀 Conditional Step Execution

Promotion steps now allow the definition of an if expression that evaluates to a boolean value. When this expression evaluates to false, the step is skipped and the next step in the sequence is executed.

apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
  name: test
  namespace: kargo-demo
spec:
  # ...
  promotionTemplate:
    spec:
      steps:
      - uses: fake-step
        if: ${{ outputs.step1.someOutput == 'value' }}

While the current use cases for this within Promotion templates may seem limited, it does allow you to conditionally execute a task step based on provided task variables in PromotionTasks.

In a future release, Kargo will be adding support for improved failure and error handling, which will supercharge this feature based on the outcome of previous steps. Follow this issue for more information and updates.

🎛️ Control of Semantics for Freight Requests

Previously, any requested Freight for a Stage was automatically available to it as soon as one of the listed upstream Stages had successfully verified it. Starting with this release, and thanks to the efforts of @aidan-canva, it is now possible to define an "availability strategy" that requires it to have been verified in all upstream Stages.

apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
   name: uat
   namespace: kargo-demo
spec:
  requestedFreight:
  - origin:
      kind: Warehouse
      name: my-warehouse
    sources:
      stages:
      - test
      - uat
    availabilityStrategy: All

Refer to the updated documentation for more information.

🛡️ Stage Verification Improvements

Expression Language in Arguments

The values specified in args do now support expressions (including functions) to dynamically set values based on the context of the Freight being verified.

For example, the following defines an argument commit with a value set to the commit hash that is being verified using the commitFrom expression function:

apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
  name: test
  namespace: kargo-demo
spec:
  # ...
  verification:
    analysisTemplates:
      - name: kargo-demo
    args:
      - name: commit
        value: ${{ commitFrom("https://github.com/example/repo.git").ID }}

Support for ClusterAnalysisTemplates

It is now allowed to reference a ClusterAnalysisTemplate within the verification configuration of a Stage. This enables you as a Kargo operator to define verification checks once and use them across multiple Projects:

apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
  name: dev
  namespace: guestbook
spec:
  # ...
  verification:
    analysisTemplates:
    - name: integration-test
      kind: ClusterAnalysisTemplate

Additionally, the ClusterAnalysisTemplates can now be managed through the Kargo UI. Thanks to @BenHesketh21 for this contribution!

🪜 New and Updated Promotion Steps

• The new json-parse and yaml-parse steps allow for parsing JSON and YAML files to extract values from them.
• Thanks to @Tchoupinax, the git-open-pr and git-wait-for-pr promotion steps do now support Gitea.

🖥️ UI Improvements

• Scaling issues in the Stage pipeline view have been addressed.
• As noted in another section, ClusterAnalysisTemplates can now be managed through the UI.

🛠️ Other Notable Changes

• You can now opt-in to allow credential lookups for HTTP URLs, refer to controller.allowCredentialsOverHTTP in the chart documentation for more information.
• "Superstar" (i.e. **) glob patterns are now allowed in the include and exclude paths of a Warehouse's Git subscription, making it easier to include or exclude all files and/or directories in nested paths.
• The Healthy Condition of a Stage will now be Unknown instead of False when the last Promotion failed.
• Long Stage names will no longer result in AnalysisRun creation failures. (Thanks again @aidan-canva!)

🙏 New Contributors

Kargo would be nothing without its users. An extra special thank you goes out to community members who made their first contribution to Kargo in this release:

• @aarontams
• @nixphix
• @mimartin12
• @joelddiaz
• @abelhoula

Full Changelog: v1.2.3...v1.3.0

v1.3.0-rc.1

chore(backport release-1.3): fix: Long Stage names result in Analysis…

v1.2.3

What's Changed

• chore(backport release-1.2): fix(api): fix list ops in authorizing client by @akuitybot in #3397
• chore(backport release-1.2): fix(ui): show raw stage manifest by @akuitybot in #3406
• chore(backport release-1.2): fix: vertical view for secrets and filter credentials by label by @akuitybot in #3405
• chore(backport release-1.2): feat(chart): add NOTES.txt by @akuitybot in #3443
• chore(backport release-1.2): fix(chart): set divisor for resourceFieldRefs by @akuitybot in #3446
• chore(backport release-1.2): feat: surface likely oidc misconfiguration through ui by @akuitybot in #3457
• chore(backport release-1.2): fix: short term fix for deep copy failing on http status code by @akuitybot in #3467
• chore(backport release-1.2): fix(ui): empty freight value in column by @akuitybot in #3492
• chore(backport release-1.2): fix: set region on default config for AWS creds by @akuitybot in #3494
• chore(backport release-1.2): fix: improve debug information http step by @akuitybot in #3501
• chore(backport release-1.2): feat!: make delete directive non-strict by default by @akuitybot in #3502
• chore(backport release-1.2): fix: invalid type conversion for the git-wait-for-pr step by @akuitybot in #3518
• chore(backport release-1.2): fix(ui): warehouse error in details page instead of tooltip by @akuitybot in #3521
• chore(backport release-1.2): chore(deps): bump Go and Node versions by @hiddeco in #3522
• chore(backport release-1.2): chore(deps): bump gRPC health probe to v0.4.37 by @akuitybot in #3524

Full Changelog: v1.2.2...v1.2.3

v1.2.2

What's Changed

• chore(backport release-1.2): fix(ui): tolerate entra id RFC8414 deviation by @akuitybot in #3362
• chore(backport release-1.2): chore(cli): fix update command example by @akuitybot in #3375
• chore(backport release-1.2): fix: fix faulty logic for handling possible double-encoding of github app private key by @akuitybot in #3379

Full Changelog: v1.2.1...v1.2.2

v1.1.3

What's Changed

• chore(backport release-1.1): fix: warehouse branch regex that was to limiting by @akuitybot in #3241
• chore(backport release-1.1): fix: fix faulty logic for handling possible double-encoding of github app private key by @akuitybot in #3378

Full Changelog: v1.1.2...v1.1.3

v1.2.1

What's Changed

• chore(backport release-1.2): fix(directives): HTTP repo cache helm-chart-update by @akuitybot in #3330
• chore(backport release-1.2): fix(cmd): improve Argo integration checks by @akuitybot in #3349
• chore(backport release-1.2): refactor: change generic secret label by @akuitybot in #3350

Full Changelog: v1.2.0...v1.2.1

v1.2.0

🆕 What's New?

💪 Promotion Tasks

When support for expressions in promotion steps debuted in Kargo v1.1.0, we had a vision of eventually leveraging that capability to define reusable sequences of steps, where the particulars of each Stage utilizing them in their Promotions could be provided, essentially, as arguments. v1.2.0 makes that vision a reality with the introduction of PromotionTasks (and ClusterPromotionTasks).

We've observed the majority of our users housing their application configurations in monorepos, so with little difficulty, we can imagine such a repository housing configuration for dozens or even hundreds of applications, with each of those configurations also having a number of variations for each of several environments. Among these applications, many are likely to employ the same directory structure and configuration management tools. Prior to Kargo v1.2.0, each and every Stage representing an application/environment pair would have had to individually define a promotion process that would have been remarkably similar from one to the next.

With PromotionTasks, a sequence of common steps can be defined like so:

apiVersion: kargo.akuity.io/v1alpha1
kind: PromotionTask
metadata:
  name: standard-process
  namespace: guestbook
spec:
  vars:
  - name: app
  - name: imageRepo
  steps:
  - uses: git-clone
    config:
      repoURL: https://github.com/example/monorepo.git
      checkout:
      - path: ./configs
  - uses: yaml-update
    config:
      path: ./configs/${{ vars.app }}/chart/envs/${{ ctx.stage }}/values.yaml
      updates:
      - key: image.tag
        value: ${{ imageFrom(vars.imageRepo).Tag }}
  - uses: git-commit
    config:
      path: ./configs
  - uses: git-push
    config:
      path: ./configs
  - uses: argocd-update
    config:
      apps:
      - name: ${{ vars.app }}-${{ ctx.stage }}

This PromotionTask can then be referenced by any number of Stages within the same project:

apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
  name: uat
  namespace: guestbook
spec:
  requestedFreight:
  - origin:
      kind: Warehouse
      name: guestbook
    sources:
      stages:
      - test
  promotionTemplate:
    spec:
      vars:
      - name: app
        value: guestbook
      - name: imageRepo
        value: company/guestbook
      steps:
      - task:
          name: standard-process

To use a common sequence of steps across multiple projects, use a cluster-scoped ClusterPromotionTask resource instead.

To learn more about this exciting feature, refer to our PromotionTasks reference doc.

🌊 Soak Time

A frequent request from users has been to support an option whereby a Stage may require any Freight promoted to it to have first "soaked" (remained in) an upstream Stage for a certain period of time, and this is now possible in v1.2.0.

apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
  name: uat
  namespace: guestbook
spec:
  requestedFreight:
  - origin:
      kind: Warehouse
      name: guestbook
    sources:
      stages:
      - test
      requiredSoakTime: 1h
  promotionTemplate:
    # Omitted for brevity...

Note that requiredSoakTime, if specified, is in addition to the usual criteria that Freight must have been verified upstream before becoming available for promotion.

🪜 New and Updated Promotion Steps

• A new json-update allows for performing updates to JSON files in the same manner that has been possible for YAML files using the yaml-update step.

• A new delete promotion step can be used to delete files or directories.

• Thanks to the diligent efforts of @diegocaspi, the git-open-pr and git-wait-for-pr promotion steps now support Azure DevOps repositories.

• @muenchdo generously contributed two new options for the git-open-pr promotion step to specify a user-defined title and user-defined labels for the PRs it opens.

Refer to the Promotion Steps reference doc for more details.

🖥️ UI Improvements

The two most notable UI improvements in v1.2.0 are:

• When viewing a Stages verification history, it is now possible to filter out "implicit" verification records that are created when a Stage lacking any user-defined verification process simply becomes healthy with any new Freight that has been promoted to it.

• Project-scoped Kubernetes Secrets can now be managed in the UI.

⚙️ Chart Improvements

We've, several times now, encountered users who are terminating TLS somewhere "upstream" from the Kargo API server (for instance at a reverse proxy or load balance). This has tended to impose some difficulty as the API server, itself not being configured to terminate TLS, would be unaware that any URLs it generates should begin with https:// regardless.

To address this, we've introduced a new api.tls.terminatedUpstream that can be set to true at install time.

For further information, please refer directly to the Kargo Helm chart's README, which describes all configuration options in detail.

🙏 New Contributors

Kargo would be nothing without its users. An extra special thank you goes out to community members who made their first contribution to Kargo in this release:

• @diegocaspi
• @ggogel
• @magisystem0408
• @RohanMishra315
• @Sebast1aan
• @Sobuno

Full Changelog: v1.1.2...v1.2.0

v1.2.0-rc.1

feat: allow project scoped generic kubernetes secrets (#2975)

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>
Signed-off-by: Kent Rancourt <kent.rancourt@gmail.com>
Co-authored-by: Kent Rancourt <kent.rancourt@gmail.com>

v1.1.2

What's Changed

• chore(backport release-1.1): fix(controller): do not normalize urls when searching for image creds by @akuitybot in #3114
• chore(backport release-1.1): fix(controller): expressions: fix quote() of a json object by @akuitybot in #3116
• chore(backport release-1.1): fix(controller): git-push step: pull --rebase before push by @akuitybot in #3153
• chore(backport release-1.1): fix(controller): fix tricky expr evaluation cases dealing with quotes and newlines by @akuitybot in #3186

Full Changelog: v1.1.1...v1.1.2