v0.23.md

v0.23 🚀

This document contains all release notes pertaining to the v0.23.x releases of Vela.

For Vela Administrators

• When upgrading from v0.23, please take note of the migration information

v0.23.3 (go-vela/server component only)

This release fixes a disparity between the built-in vault functionality and native secrets with some of the newly introduced functionality.

• (server) fix(vault): fix for integer64 fields #1083 - thanks @ecrupper

v0.23.2

This new release is a security-focused release that addresses fixes for CVE-2024-28236 and updates Go to the latest 1.21.8 release which also includes some CVE fixes along with other dependency updates.

Vela Administrators: the migration information has been updated, please re-review for this patch release.

🚸 Enhancements

• (server) enhance(ci): keep clone image updated via renovate #1072 - thanks @wass3rw3rk!

🐛 Bug Fixes

• (cli) fix(pipeline): always set local to true for validate local #534 - thanks @ecrupper!
• (server) fix(build-approval): correct approved_by and disallow self-approval #1075 - thanks @ecrupper!
• (server) fix(renovate): add datasourceTemplate #1074 - thanks @wass3rw3rk!

v0.23.1

This patch release addresses a few bug fixes as well as adds a new option for repository build approval settings.

Addressed bugs:

• PRs on forks were considered "from an outside contributor" even if the PR was not targeting the original repository
• vela validate pipeline would not work with file type templates unless user supplied the templates in --template-file
• PR synchronize events would stack up builds pending approval
• Build steps and services set to pending rather than pending approval when in pending approval state

Enhancements:

• First Time option for build approval repository setting
• Build page in UI will show who approved the build, if applicable

Details:

• (server) enhance(approve build): add default setting flag and implement first-time option #1062
• (server) fix(scm/webhook): change fork determination logic #1065
• (server) fix: abstract build component status updates for build approval and cancelation #1064
• (server) enhance: auto cancel builds pending approval when they become obsolete #1066
• (server) fix(compiler): track templates in compileInline so CLI validate command works for nested #1067
• (ui) enhance(repo-settings): add first-time contributor approval option #768
• (ui) fix: add missing approved by info and link PR commit #769
• (cli) fix(typo): Approve -> approve #532
• (cli) fix(pipeline): always set local to true for validate local #534
• (cli) enhance(repo): update validation to include first-time option #535

v0.23.0

📣 Highlights

• Allowed Events
• Native Deployment Records
• Introducing Build Approval
• Bug Fixes and other Enhancements

💥 Breaking Changes

• (server) enhance(api/scm)!: return affected repos in API response and do not assume 404 on GetRepo error #1015 - thanks @ecrupper!
• (server) enhance(secrets)!: use the same allow_events system as repos for secrets #1033 - thanks @ecrupper!
• (server) feat(api/database)!: store deployment record in database for Vela-targeted deployments #1031 - thanks @claire1618!
• (server) feat(repo)!: support allow_events struct #1023 - thanks @ecrupper!
• (server) feat(webhook)!: support build approval based on repository settings #1016 - thanks @ecrupper!
• (types) feat(repo)!: change allow_<event> fields to an AllowEvents struct + DB use integer masking #314 - thanks @ecrupper!

Admins:

• v0.23.x introduces a new deployments table that will be created automatically by default. However, if you are running the server component with the VELA_DATABASE_SKIP_CREATION set to true, you will need to manually create this table.

Users:

• v0.23.x introduces build approval based on repository settings. Please take note of the build approval information.
• With the new deployment-related changes, please take note of the deployment recovery information.

✨ Features

• (cli) feat(build): add approve command #508 - thanks @ecrupper!
• (cli) feat(delete event): add functionality for delete event #520 - thanks @claire1618!
• (cli) feat(repo): support new allow_events struct #509 - thanks @ecrupper!
• (sdk-go) feat(build): add approve build method to build service #276 - thanks @ecrupper!
• (server) feat: adding a delete event #1038 - thanks @claire1618!
• (types) feat(deployment): add deployment table #323 - thanks @claire1618!
• (types) feat(repo settings): approve build mechanism for pull_request events #328 - thanks @ecrupper!
• (types) feat: adding a delete_event #340 - thanks @claire1618!
• (types) feat: remodling EventDelete to resemble EventTag #348 - thanks @claire1618!
• (ui) feat(deployments): updating ui to show new changes to database #753 - thanks @claire1618!
• (ui) feat(repo_settings): new allow_events support #751 - thanks @ecrupper!
• (ui) feat(repo_settings/build): approve build mechanism and related repo settings #745 - thanks @ecrupper!
• (ui) feat: adding a delete event #759 - thanks @claire1618!

🐛 Bug Fixes

• (cli) fix(ci): add timeout to golangci-lint reviewdog job #505 - thanks @ecrupper!
• (cli) fix(ci): install go for codeql #527 - thanks @wass3rw3rk!
• (cli) fix(deployments): support commas in values for deploy parameters #526 - thanks @ecrupper!
• (cli) fix(exec): set tag prefix if user does not provide one #512 - thanks @ecrupper!
• (cli) fix(pipeline): include starlark exec limit to compiler flags in exec + validate #504 - thanks @ecrupper!
• (cli) fix(pipeline): remove template flag #522 - thanks @ecrupper!
• (cli) fix(pipeline): validate presence of tag on tag events to avoid panic #529 - thanks @ecrupper!
• (cli) fix(repo): add missing approve-build flag to add and update #530 - thanks @ecrupper!
• (sdk-go) fix(ci): install go for codeql #289 - thanks @wass3rw3rk!
• (sdk-go) fix(ci): title validator handle no parentheses + enforce whitespace #281 - thanks @ecrupper!
• (sdk-go) fix(pipeline): remove template opt #287 - thanks @ecrupper!
• (server) Fix: deployment table post.go and restart.go error #1032 - thanks @claire1618!
• (server) fix(api/build): zero out error on restarted build #1042 - thanks @wass3r!
• (server) fix(api/list-org-repos): ensure active flag is boolean #1037 - thanks @wass3r!
• (server) fix(auto_cancel): support canceling pull_request:opened and abstract determination logic #1012 - thanks @ecrupper!
• (server) fix(ci): add timeout to golangci-lint reviewdog job #1014 - thanks @ecrupper!
• (server) fix(ci): check out go code for codeql #1056 - thanks @wass3rw3rk!
• (server) fix(ci): title validator handle no parentheses + enforce whitespace #1041 - thanks @ecrupper!
• (server) fix(compiler): remove template param from CompileLite #1052 - thanks @ecrupper!
• (server) fix(compiler): validate yaml.Build post-expansion and fully validate step image #1036 - thanks @ecrupper!
• (server) fix(database): increase build character count in deploy table #1055 - thanks @ecrupper!
• (server) fix(graph): return proper error on complex builds #1009 - thanks @wass3r!
• (server) fix(mock): add approve build to mock #1024 - thanks @ecrupper!
• (server) fix(mock): update payloads and test for struct changes #1060 - thanks @ecrupper!
• (server) fix(repo): repair update name #1011 - thanks @timhuynh94!
• (server) fix(schedule): better handling of commit status limit for schedule build #1046 - thanks @timhuynh94!
• (server) fix(scm): prefer starlark file for starlark pipeline #1043 - thanks @wass3r!
• (server) fix(templates): handle nil PrivateGitHub #1034 - thanks @ecrupper!
• (server) fix: changing ProcessWebhook so that the deployment ref is only set once #1054 - thanks @claire1618!
• (server) fix: minor tweak in messaging for event not enabled #1051 - thanks @wass3rw3rk!
• (types) fix(ci): codeql #356 - thanks @wass3rw3rk!
• (types) fix(ci): title validator handle no parentheses + enforce whitespace #347 - thanks @ecrupper!
• (types) fix(database): add limit and eviction policy for deployment builds #355 - thanks @ecrupper!
• (types) fix(events): add schedule to ToDatabase and improve tests #345 - thanks @ecrupper!
• (types) fix(repo): remove dead code EventAllowed #343 - thanks @ecrupper!
• (types) fix(repo_events): add support for reopen #337 - thanks @ecrupper!
• (types) fix(schema): add delete events and wildcard to pull_request #354 - thanks @ecrupper!
• (types) fix: enabling a delete event to be allowed #342 - thanks @claire1618!
• (types) fix: fixing Nullify() DeployNumber statment to actually work #351 - thanks @claire1618!
• (ui) fix(tabs): remove red alert from audit on skipped hooks #763 - thanks @ecrupper!
• (ui) fix: form style consistency #762 - thanks @wass3r!
• (ui) fix: removing id field and adding created at field to deployments table #757 - thanks @claire1618!
• (worker) fix(ci): install go for codeql #558 - thanks @wass3rw3rk!
• (worker) fix(ci): title validator handle no parentheses + enforce whitespace #550 - thanks @ecrupper!
• (worker) fix(exec): move secret.exec to ExecBuild and assemble prior to streaming #544 - thanks @ecrupper!
• (worker) fix(init): set init step status to failure on plan / assemble errors #543 - thanks @ecrupper!
• (worker) fix(secrets): abstract lazy loading and use it for steps and stages #552 - thanks @ecrupper!
• (server) test(integration): refactor to run db integration test as matrix #1018 - thanks @wass3r!

🚸 Enhancements

• (cli) enhance(ci): add PR title validation #519 - thanks @ecrupper!
• (cli) enhance(pipeline/exec): incorporate privileged image handling in runtime config #503 - thanks @ecrupper!
• (cli) enhance(workers): flags for new filters #517 - thanks @ecrupper!
• (sdk-go) enhance(ci): add PR title validation #280 - thanks @ecrupper!
• (sdk-go) enhance(workers): add list filters for GetAll #279 - thanks @ecrupper!
• (server) enhance(api/workers): add filters to list workers #1029 - thanks @ecrupper!
• (server) enhance(ci): add PR title validation #1039 - thanks @ecrupper!
• (server) enhance(compiler): allow users to override $HOME in environment #1045 - thanks @ecrupper!
• (types) enhance(ci): include PR title validation workflow #344 - thanks @ecrupper!
• (types) enhance(env): add VELA_PULL_REQUEST_SOURCE and _TARGET to comment type #346 - thanks @ecrupper!
• (types) enhance(secret): use allow event system #341 - thanks @ecrupper!
• (ui) enhance(secrets): update UI decode / encode / payload building for AllowEvents #756 - thanks @ecrupper!
• (worker) enhance(ci): add PR title validation #549 - thanks @ecrupper!
• (worker) enhance(queue): support worker-sourced queue address if given #542 - thanks @ecrupper!

🔧 Miscellaneous

• (cli) chore(ci): include minor and patch versions in workflows #528 - thanks @ecrupper!
• (cli) chore(version): Remove invalid flag from help text #525 - thanks @tmapes!
• (sdk-go) chore(ci): include minor and patch versions in workflows #290 - thanks @ecrupper!
• (sdk-go) chore: bump version to x.23.y #282 - thanks @wass3rw3rk!
• (server) chore(ci): include minor and patch versions in workflows #1058 - thanks @ecrupper!
• (server) chore(steps): add context to step functions #1044 - thanks @rfigueroa!
• (server) chore: add context to deployment functions #1040 - thanks @rfigueroa!
• (server) chore: minor tweaks for local dev #1019 - thanks @wass3r!
• (types) chore(ci): include minor and patch versions in workflows #357 - thanks @ecrupper!
• (ui) chore(ci): include minor and patch versions in workflows #765 - thanks @ecrupper!
• (worker) chore(ci): include minor and patch versions in workflows #559 - thanks @ecrupper!
• (worker) chore(secrets): update tests to reflect new Match function #555 - thanks @ecrupper!
• (ui) docs(schedule_build): update to valid link #750 - thanks @KellyMerrick!

🔗 Release Links

• https://github.com/go-vela/cli/releases
• https://github.com/go-vela/sdk-go/releases
• https://github.com/go-vela/server/releases
• https://github.com/go-vela/types/releases
• https://github.com/go-vela/ui/releases
• https://github.com/go-vela/worker/releases

💟 Thank you to all the contributors in this release!

• @claire1618
• @ecrupper
• @KellyMerrick
• @plyr4
• @rfigueroa
• @timhuynh94
• @tmapes
• @wass3r
• @wass3rw3rk