Skip to content

Releases: buildpacks/lifecycle

lifecycle v0.15.0-rc.1

10 Oct 19:13
@github-actions github-actions
v0.15.0-rc.1
e6cf04c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.15.0-rc.1 Pre-release
Pre-release

lifecycle v0.15.0-rc.1

Welcome to v0.15.0-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.15.0-rc.1.

Features

  • When using platform API 0.10 or greater, the lifecycle provides experimental support for image extensions: experimental components that generate Dockerfiles that can be used to define build and runtime base images (#860 and #869 by @natalieparellano and #896 by @BarDweller, @jromero, and @natalieparellano)
  • When using buildpack API 0.9 or greater, buildpacks should write command as a list of strings in launch.toml, instead of a single string; entries in command are arguments that are always provided to the process, whereas entries in args are default arguments that can be overridden by the end user if supported by the platform (#889 by @jabrown85)
  • When using platform API 0.10 or greater, user-provided arguments override buildpack-provided default arguments, instead of being appended (#920 by @jabrown85 and #921 by @natalieparellano)

Bug Fixes

  • When using platform API 0.7 or greater, the creator logs the expected phase header for the analyze phase (#878 by @jromero)

Known Issues

  • Vulnerability scanners such as grype may trigger on non-impactful CVEs:
    • GHSA-f3fp-gc8g-vw66 and GHSA-v95c-p5hm-xq8f for package github.com/opencontainers/runc: non-impactful as the lifecycle does not create containers; the lifecycle cannot update runc until github.com/docker/docker updates to a compatible version
    • CVE-2015-5237 and CVE-2021-22570 for package google.golang.org/protobuf: false positives (see .grype.yaml in project root for further information)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors: @BarDweller, @jabrown85, @jromero, @mboldt, @natalieparellano

Contributors

jromero, jabrown85, and 2 other contributors
Assets 8
Loading

lifecycle v0.14.2

14 Sep 15:13
@github-actions github-actions
v0.14.2
8241b13
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.14.2

lifecycle v0.14.2

Welcome to v0.14.2, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.2.

Features

Bug Fixes

  • The launcher will correctly find processes when the process type contains . (#903 by @jabrown85)
Assets 8
Loading

lifecycle v0.14.1

02 Jun 17:34
@github-actions github-actions
v0.14.1
b5f8bad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.14.1

lifecycle v0.14.1

Welcome to v0.14.1, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.1.

Bug Fixes

  • The lifecycle will attempt to use credential helpers on Amazon and Azure (#855 by @natalieparellano)
  • The lifecycle, when provided an identity token, will attempt to use it (instead of ignoring it) (#854 by @natalieparellano)
  • The lifecycle, when provided a keychain that is missing authorization information for a registry, will fall through to the next keychain instead of returning an empty authorization that may fail (#853 by @natalieparellano)
  • The analyzer ensures ownership of the launch cache directory (#847 by @natalieparellano)
  • The exporter, when saving a cache image that is empty, will add an empty layer in order to avoid save errors on GCR (#852 by @jjbustamante)
  • The lifecycle, when renaming directories, will fall back to copy and delete on Windows (#856 by @natalieparellano)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:
@ekcasey, @jjbustamante, @jromero, @natalieparellano

Contributors

jromero, jjbustamante, and 2 other contributors
Assets 8
Loading

lifecycle v0.14.1-rc.1

27 May 19:01
@github-actions github-actions
v0.14.1-rc.1
b5f8bad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.14.1-rc.1 Pre-release
Pre-release

lifecycle v0.14.1-rc.1

Welcome to v0.14.1-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.1-rc.1.

Bug Fixes

The lifecycle will attempt to use credential helpers on Amazon and Azure (#855 by @natalieparellano)
The lifecycle, when provided an identity token, will attempt to use it (instead of ignoring it) (#854 by @natalieparellano)
The lifecycle, when provided a keychain that is missing authorization information for a registry, will fall through to the next keychain instead of returning an empty authorization that may fail (#853 by @natalieparellano)
The analyzer ensures ownership of the launch cache directory (#847 by @natalieparellano)
The exporter, when saving a cache image that is empty, will add an empty layer in order to avoid save errors on GCR (#852 by @jjbustamante)
The lifecycle, when renaming directories, will fall back to copy and delete on Windows (#856 by @natalieparellano)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:
@ekcasey, @jjbustamante, @jromero, @natalieparellano

Contributors

jromero, jjbustamante, and 2 other contributors
Assets 8
Loading

lifecycle v0.14.0

07 Apr 13:08
@github-actions github-actions
v0.14.0
917c1ac
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.14.0

lifecycle v0.14.0

Welcome to v0.14.0, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.0.

Features

  • When using buildpack API 0.8 or greater, buildpacks can specify the working directory for processes in launch.toml (#792 by @mboldt)
  • When using buildpack API 0.8 or greater, the platform directory and build plan path are provided as environment variables to buildpack bin/detect, in addition to the deprecated positional arguments (#818 by @mboldt)
  • When using buildpack API 0.8 or greater, the platform directory, buildpack plan path, and buildpack layers directory are provided as environment variables to buildpack bin/build, in addition to the deprecated positional arguments (#818 by @mboldt)
  • The exporter, if SOURCE_DATE_EPOCH is set in its environment, will set image create time to the provided value instead of the constant January 1, 1980 (#823 by @jabrown85)
  • When using platform API 0.9 or greater, the exporter will omit legacy BOM information from the io.buildpacks.build.metadata label; this information can instead be found in <layers>/sbom/launch/sbom.legacy.json (#825 by @natalieparellano)
  • Updates go to version 1.17 (#839 by @natalieparellano)

Bug Fixes

  • The builder, when validating buildpack-output SBOM files against buildpack-declared SBOM formats, will omit optional parameters in the declared media type from the comparison, allowing buildpacks to specify parameters in buildpack.toml (#834 by @natalieparellano)
  • When using platform API 0.9 or greater, the analyzer accepts a -launch-cache flag, improving performance when restoring the SBOM layer from the previous image; additionally, the analyzer accepts a -skip-layers flag to completely skip SBOM layer restoration (#800 by @natalieparellano)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:
@aemengo, @jabrown85, @mboldt, @natalieparellano, @samj1912

Contributors

jabrown85, mboldt, and 3 other contributors
Assets 8
Loading

lifecycle v0.14.0-rc.1

24 Mar 15:20
@github-actions github-actions
v0.14.0-rc.1
ff7b574
Compare
Choose a tag to compare
lifecycle v0.14.0-rc.1 Pre-release
Pre-release

lifecycle v0.14.0-rc.1

Welcome to v0.14.0-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.0-rc.1.

Features

  • When using buildpack API 0.8 or greater, buildpacks can specify the working directory for processes in launch.toml (#792 by @mboldt)
  • When using buildpack API 0.8 or greater, the platform directory and build plan path are provided as environment variables to buildpack bin/detect, in addition to the deprecated positional arguments (#818 by @mboldt)
  • When using buildpack API 0.8 or greater, the platform directory, buildpack plan path, and buildpack layers directory are provided as environment variables to buildpack bin/build, in addition to the deprecated positional arguments (#818 by @mboldt)
  • The exporter, if SOURCE_DATE_EPOCH is set in its environment, will set image create time to the provided value instead of the constant January 1, 1980 (#823 by @natalieparellano)
  • When using platform API 0.9 or greater, the exporter will omit legacy BOM information from the io.buildpacks.build.metadata label; this information can instead be found in /sbom/launch/sbom.legacy.json (#825 by @natalieparellano)

Bug Fixes

  • The builder, when validating buildpack-output SBOM files against buildpack-declared SBOM formats, will omit optional parameters in the declared media type from the comparison, allowing buildpacks to specify parameters in buildpack.toml (#834 by @natalieparellano)
  • When using platform API 0.9 or greater, the analyzer accepts a -launch-cache flag, improving performance when restoring the SBOM layer from the previous image; additionally, the analyzer accepts a -skip-layers flag to completely skip SBOM layer restoration (#800 by @natalieparellano)

Contributors

mboldt and natalieparellano
Assets 8
Loading

lifecycle v0.13.5

18 Mar 15:47
@github-actions github-actions
v0.13.5
fede5f9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.13.5

lifecycle v0.13.5

Welcome to v0.13.5, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.13.5.

Bug Fixes

  • When copying sbom files to the buildpack layers directory, the restorer will not error if the directory does not exist (#832 by @natalieparellano)

Contributors

natalieparellano
Assets 8
Loading

lifecycle v0.13.4

10 Mar 20:51
@github-actions github-actions
v0.13.4
54ffaf0
Compare
Choose a tag to compare
lifecycle v0.13.4

lifecycle v0.13.4

Welcome to v0.13.4, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.13.4.

Bug Fixes

  • Updates transitive containerd dependency to 1.5.10 to avoid triggering vulnerability scanners for non-impactful high CVE (#822 by @matthewmcnew)

Contributors

matthewmcnew
Assets 8
Loading

lifecycle v0.13.3

25 Jan 16:56
@github-actions github-actions
v0.13.3
9f48e5a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.13.3

lifecycle v0.13.3

Welcome to v0.13.3, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.13.3.

Bug Fixes

  • When using buildpack API 0.7 or greater, the builder will accept Bill of Materials (BOM) output in both the new files format and the legacy table format. This enables buildpacks to maintain backwards compatibility with older platforms (#794 by @aemengo)
  • When using platform API 0.8 or greater, the restorer will copy launch-associated BOM files to the buildpack layers directory, even when no BOM files are in the cache (#798 by @natalieparellano)

Contributors

aemengo and natalieparellano
Assets 8
Loading

lifecycle v0.13.2

13 Dec 21:04
@github-actions github-actions
v0.13.2
b640863
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
lifecycle v0.13.2

lifecycle v0.13.2

Welcome to v0.13.2, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.13.2.

Bug fixes

  • The creator when using a daemon will pass -launch-cache to the analyzer, to avoid downloading all layers from the previous image when restoring the sbom layer (#784 by @natalieparellano); note that slower performance still exists when the 5 phases are invoked separately (the "untrusted builder" workflow) - for more information, see buildpacks/spec#276

Contributors

natalieparellano
Assets 8
Loading