v3.60.1

v3.60.1 (2023-12-06)

Full Changelog

Security

• Bump docker/library/golang from 1.21.4 to 1.21.5 in /.buildkite #2542 (@dependabot[bot])

Fixed

• Fix typo in environment variable name for allowed-plugins #2526 (@moskyb)
• Fix environment variable interpolation into command step labels #2540 (@triarius)

Internal

• Refactor hook wrapper writing #2505 (@triarius)
• Use os.RemoveAll in cleanup #2538 (@DrJosh9000)
• Dependencies #2537 #2536 #2500 #2528 #2529 #2533 #2532 #2534 #2535 (@dependabot[bot])

v3.60.0

v3.60.0 (2023-11-29)

Full Changelog

Signed pipelines is now GA! Check out the docs here if you want a little more zero-trust mixed into your pipelines.

Added

• Signed Pipelines goes GA! 🎉 #2492 #2521 #2522 (@moskyb + @triarius)

Changed

• Insert extra timestamps after a timeout #2447 (@DrJosh9000)
• Log the max size warning once #2497 (@DrJosh9000)
• MetaDataSetCommand: retry longer (exponential backoff) #2514 (@pda)
• Humanize bytes to IEC (1024 → KiB etc) not SI (1000 → KB etc) #2513 (@pda)

Internal

• More log streamer cleanups #2498 (@DrJosh9000)
• Add a helpful note to security researchers #2520 (@DrJosh9000)
• Update Go to 1.21 #2284 (@triarius + @moskyb)
• Dependabot's making us all look bad at our jobs: #2501 #2499 #2515 #2509 #2502 #2516 #2517 #2496 #2493 #2495 #2494 #2504

v3.59.0

v3.59.0 (2023-11-09)

Full Changelog

Security

• This release is built with Go 1.20.11, which includes fixes for two vulnerabilities in file path handling on Windows (CVE-2023-45283, CVE-2023-45284). #2486 (@dependabot[bot])

Changed

• Experimental: Signed Pipelines
  • Allow omitting the key ID when signing pipelines #2481 (@triarius)
  • Remove Org and Pipeline slugs from pipeline invariants and update the signing tool to use the GraphQL API #2479 (@triarius)
  • Add key.Validate call #2488 (@DrJosh9000)
• Use zzglob.MultiGlob to process multiple globs simultaneously, and stop sending GlobPath with artifact upload #2472 (@DrJosh9000)

Internal

• Migrate usage of internal/{pipeline,ordered,jwkutil} to go-pipeline #2489 (@moskyb)
• Update bintest to v3.2.0 to resolve ETXTBSY race condition in tests #2480 (@DrJosh9000)
• Fix race in header times streamer #2485, #2487 (@DrJosh9000)
• Various dependency updates #2484, #2482 (@dependabot[bot])

v3.58.0

v3.58.0 (2023-11-02)

Full Changelog

Added

• Add allowed-plugin param to enable plugins allow-list #2471 (@jakubm-canva)
• New experiment: pty-raw avoids LF→CRLF mapping by setting PTY to raw mode #2453 (@pda)
• Experimental: Signed Pipelines
  • Add some pipeline invariants to the signature and create a cli subcommand to sign a pipeline #2457 (@triarius)
  • Add log group headers and timestamps to job verification success and failure logs #2461 (@triarius)

Fixed

• Fix checkout of short commit hashes #2465 (@triarius)
• Parallelise artifact collection #2456 (@DrJosh9000), #2477 (@DrJosh9000)
• Log warning about short vars once #2454 (@DrJosh9000)

Internal

• Reduce header regexps #2135 (@DrJosh9000)
• Various dependency updates: #2469, #2468, #2467, #2463, #2450, #2460, #2459, #2458 (@dependabot[bot])

v3.57.0

v3.57.0 (2023-10-19)

Full Changelog

Added

• Experimental: Signed Pipelines
  • Signing build matrices #2440 #2429 #2426 #2425 #2391 #2395 (@DrJosh9000)
  • Add debug logs for job verification #2439 (@DrJosh9000)
  • Reduce information in verification errors #2431 (@DrJosh9000)
  • Separate step/pipeline env vars for job validation #2428 (@DrJosh9000)
  • Signing config cleanup #2420 #2427 (@moskyb)
  • Fix verifying jobs with no plugins #2419 (@DrJosh9000)
  • Use canonicalised JSON as signature payload #2416 (@DrJosh9000)
  • Add utility for generating signing and verification keys #2415 #2422 (@moskyb)

Changed

• Revert "Upgrade pre-installed packages in docker images" and Pin docker images by digest #2430 (@triarius)

Internal

• Use docker image bases from ECR public gallery #2423 #2424 (@triarius + @moskyb)
• Add CODEOWNERS file #2444 (@moskyb)
• Push agent packages to Packagecloud #2438 #2441 #2443 #2442 (@sj26)
• Test clicommand config completeness #2414 (@moskyb)
• As always, the cosmic background radiation of dependabot updates. Thanks dependabot! #2435 #2434 #2433 #2432 #2421 #2418 #2417 (@dependabot[bot])

v3.56.0

v3.56.0 (2023-10-05)

Full Changelog

Security

• Upgrade libc packages in Ubuntu 22.04 docker image to those patched for CVE-2023-4911 #2410 (@triarius)

Added

• Add allow-repositories param to enable repository allow-listing #2361 (@david-poirier)

Changed

• Upgrade pre-installed packages in docker images #2410 (@triarius)
• Add Matrix parsing #2382 (@DrJosh9000)
• Add EXPERIMENTAL: to the help text for all pipeline signing flags #2412 (@moskyb)

Fixed

• Fix parsing pipelines what use a string as the skip key in a matrix adjustment #2407 (@moskyb)

Internal

• Fix flaky TestLockFileRetriesAndTimesOut #2392 (@DrJosh9000)
• Fix apt install awscli #2390 (@moskyb)
• Fix incorrect check in a test 😅 #2381 (@DrJosh9000)
• Run createrepo_c on ubuntu #2385 #2389 (@moskyb)
• Update dependabot config to use groups #2384 (@moskyb)
• Fix some typos in code comments #2380 (@testwill)

And (a slightly larger?) than usual amount of (@dependabot[bot]) updates #2369 #2371 #2372 #2373 #2377 #2378 #2383 #2386 #2387 #2397 #2398 #2399 #2400 #2401 #2402 #2403 #2405

v3.55.0

v3.55.0 (2023-09-14)

Full Changelog

Fixed

• Annotations created with contexts that contain . can now be removed #2365 (@DrJosh9000)

Changed

• Add a full agent version which includes the commit #2283 (@triarius)

v3.54.0

v3.54.0 (2023-09-05)

Full Changelog

⚠️ We're adjusting how the set of supported OS versions changes over time.
For the details, see #2354.

Added

• New experiment use-zzglob: uses a different library for resolving glob patterns in buildkite-agent artifact upload #2341 (@DrJosh9000)

Changed

• Logged errors might look different: errors passed back up to main.go from clicommand #2347 (@triarius)
• HEAD commit found faster: git log is now used to get commit information instead of git show #2323 (@leakingtapan)

Internal

• Adapt Olfactor to allow sniffing for multiple smells #2332 (@triarius)

v3.53.0

v3.53.0 (2023-08-31)

Full Changelog

Added

• Artifact upload and download to/from Azure Blob Storage #2318 (@DrJosh9000)

Fixed

• Fix detection of missing commits on checkout #2322 (@goodspark)
• [Experimental] Handle the case when unmarshalling a step where there aren't any plugins #2321 (@moskyb)
• [Experimental] Fix signature mismatches when steps have plugins #2339, #2319 (@DrJosh9000)
• [Experimental] Catch step env/job env edge case #2340 (@DrJosh9000)

Changed

• Retry fork/exec errors when running hook #2325 (@triarius)

Internal

• Fix ECR authentication failure #2337, #2335, #2334 (@DrJosh9000)
• Split checkout, artifact, and plugin phases out of executor.go #2324 (@triarius)
• Store experiments in contexts #2316 (@DrJosh9000)

v3.52.1

v3.52.1 (2023-08-23)

Full Changelog

Fixed

• Fix missing group interpolation #2303 (@DrJosh9000)
• Experimental fix for agent workers reading plugin directories while they are being written to by other agent workers #2301 (@triarius)

Internal

• Rework method of pushing releases to RPM repos #2315 #2314 #2312 #2310 #2304 (@DrJosh9000)
• Update help text with suggestions from docs code review #2313 (@triarius)
• Fix a flaky shell test #2311 (@triarius)
• Adjust cli help output to work better with documentation generation #2317 (@triarius)