Releases: carvel-dev/vendir
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bumping dependencies in #390 by @rohitagg2020
- Add cache for mercurial repositories in #372 by @cdevienne
- Add cache for git repositories in #380 by @cdevienne
Full Changelog: v0.40.1...v0.41.0
📂 Files Checksum
295714208c95c4a3602fc2308d098a7540a2b71fdc1e104f95b3816fa073852c ./vendir-darwin-amd64
3b1094bf45a9ff5c2915a986f4d7cee8480c3cab31c060445f851c48f397ee31 ./vendir-linux-amd64
555806ae50e2f8cb0f0034263ae2e29ece13a3ad2ee691d13536c33ea4728c2e ./vendir-windows-amd64.exe
f1456d6cbf11299eece2e87563caabe24309302c327c5e42a357ebeaba057a05 ./vendir-linux-arm64
f9df00c3d35cf9d15767ea9b18a668ee9627eebefe0b6d4e1e4b648d5c992ceb ./vendir-darwin-arm64
v0.40.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bumping golang to 1.22.4 in #386 by @rohitagg2020
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
59eba74240e96d96fae62c2cd2fdd2606dde9217fb1cd4c04a5a074a9afcb59e ./vendir-linux-amd64
744a181e17cfe92decc1f7952d34d7188359f40d23a15504473087a89a4b9cd2 ./vendir-darwin-amd64
7fcc16616fe2b5f4ab4526d201713cdc365f3b2eca389d55c6f3d00e39f7a03e ./vendir-windows-amd64.exe
c4068b8d46fe740f356685d3294043d3b1358d925e3d85e6b5294d5c7e43099a ./vendir-linux-arm64
c6ad5ec731e5c6e46e37cfed28b7e0596178683bf0bd34556eceac925188dd30 ./vendir-darwin-arm64
v0.34.13
✨ What's new
- Bump vendir in line 34.x by @rohitagg2020 in #383
Full Changelog: v0.34.12...v0.34.13
📂 Files Checksum
30b070d05f9fb6f5db47efa243f7513e198381be86f7c90bf07eb9c9e3cb8162 ./vendir-darwin-arm64
31a45fd3c9549ff70f6f07db63f5e1446440b92560b152e280aa65d769ee84a1 ./vendir-darwin-amd64
5a2fbd3aa40337e42934994db75ca28ec6e3473b7eb12baffb7d0356b47b14b7 ./vendir-windows-amd64.exe
b3bcadb604fe25a7d0012b66f68f7741fd96a623123b54cafd96f996abf61dfa ./vendir-linux-arm64
c0b163ab7bb809241feaeb70f0e8c7c65008d5feb715e2152218fe2784e7f65c ./vendir-linux-amd64
v0.40.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- fix: close tmp file before rename by @meier-christoph in #360
- Make version more flexible to allow vendir to be used as a library by @joaopapereira in #365
- Update copyright headers by @prashantrewar in #369
- Use latest github.com/carvel-dev/semver by @mamachanko in #373
- Bump go version 1.22.2 and imgpkg v0.42.0 by @rcmadhankumar in #378
🔈 Callouts
- @prashantrewar made their first contribution in #369
- @grokspawn made their first contribution in #370
- @mamachanko made their first contribution in #373
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
3941cf7b7ba1219d574b93ce1bd8b77928ad9ff9cdf8e2debf3ae11ae695792f ./vendir-darwin-amd64
34974c9a6a6e32eb21adac47ce72df6340d36886b5ebe8b5937444a0d7ecc529 ./vendir-darwin-arm64
d7c602d8882085be78cd02a575a6c3b437bb2fa1ff1067712f593d8cf05c94fa ./vendir-linux-amd64
43e98922103ef30995a11bd4491b138b635c9b7bf17f98475fb5a06c87392e1d ./vendir-linux-arm64
7d240b999712e617021e057afeabf2803a89ab93ca91f44a58e063fa74d7eee3 ./vendir-windows-amd64.exe
v0.40.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Fix codegeneration
- Force usage of Basic Auth when retrieving repositories from git when a flag is configured #361
- Enforce timeout when retrieving tags from a registry #329
- Normalize paths provided in the configuration file #341
- Do not allow overlapping paths #343
New Contributors
- @alexbarbato made their first contribution in #344
Full Changelog: v0.39.0...v0.40.0
📂 Files Checksum
0bf3840619436908b11fce2c7015d928450b41a3b9ef19fecc6223ff2ed084a4 ./vendir-darwin-amd64
1b8e5eea893f78ed04b6834f24e1a69bbc9259cd7662bd7fe11283cdf8c482d0 ./vendir-windows-amd64.exe
3e076a452d88d6e3bc190d527f4d7c949ab6eccae19bf5d3cbb910d53724f2b9 ./vendir-linux-amd64
b6defba97d36e26e02df8b263de17061bbbc432365c9d26070eb7a837d7e33fc ./vendir-darwin-arm64
c43469a085dd0f6cebdab97a7747710f9dafa4886dd5e0ae7c1d3f975a12756e ./vendir-linux-arm64
v0.39.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bump go version 1.21.9 in line 39.x by @rcmadhankumar in #376
Full Changelog: v0.39.0...v0.39.1
📂 Files Checksum
e503602554411978e5c9a1129eab1dd89abd738c5c129379b0dcaf0baccb7d1f ./vendir-darwin-amd64
bc1506f17622f5dbba73c357c7185ed5461a78bbabe88c5e363c0ff9a9cf9541 ./vendir-darwin-arm64
8ef90d2b4365d7033e86c1ebe91d9d87fea69e32c3e5986b358d2b9862d710d8 ./vendir-linux-amd64
47172f99a1fe3cc57062f96ffb4908295daa0d43d92e250110b209767675f879 ./vendir-linux-arm64
1ec2929a78e031bea824c3b7bbe4092801e611ab506e46c9bf88af97df8fa653 ./vendir-windows-amd64.exe
v0.39.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- fix grammar in README by @vtrenton in #324
- Added changes to sign artifacts by @kumaritanushree in #339
- Simplify gitignore and make sure all binaries are accounted for by @100mik in #351
- PrivateKey with or without extra char as newline will be accepted by @kumaritanushree in #349
- Fix race condition when running multiple vendir from the same directory by @Zebradil in #345
- Refactor lazy sync code by @Zebradil in #340
- Fix: updated setup cosign step in release process by @kumaritanushree in #352
- updated release to have installation and verification steps included in release notes by @kumaritanushree in #354
New Contributors
Full Changelog: v0.38.0...v0.39.0
📂 Files Checksum
012531a2f1a2de8bc89f1623edfc40a7ac5aee421fe609085278fb9e287f1cdf ./vendir-linux-arm64
20b71cc25dc3fea31edf9667c92a05167f713935f854882159736443c2f7a0e6 ./vendir-windows-amd64.exe
90ae82718c1072831f3097bdb031d5a897cc9f2f8334e2e1d7f35e35d0abd84f ./vendir-darwin-amd64
91ecf04ad5cdfa0f8839dc1430da7a4da665f7cb88c64c0c72202f6db261e651 ./vendir-darwin-arm64
feb2836153508adfb6fd33c127e466c9ce26577678e93a252be2fec445f4501f ./vendir-linux-amd64
v0.38.0
✨ What's new
- Bug fix: lazy sync clears vendor directory on second sync by @fritzduchardt in #322
- Bug fix: vendir sync --directory option error by @fritzduchardt in #286
Full Changelog: v0.37.0...v0.38.0
📂 Files Checksum
49076dd93ae931ac0d341d81e51b6fdb2288c718cfda8279b78e31c6d389da5f ./vendir-linux-amd64
7795fc1ccb82982b380b01ab617f4950d29dcecbf2daa5ac204654358ff79df5 ./vendir-windows-amd64.exe
88e3588632f58f44f31d3fa19f60d4aad8ea0075b6fc68956a9d061d8de2442d ./vendir-linux-arm64
a57a086d5153d00c7812b82227ab6f4eed7da3b7edae4c32a03a61a9fe114030 ./vendir-darwin-amd64
a9dba10fa543beedbf2144dd311d9c4014bfb992bb3f988f879ce44327cd7738 ./vendir-darwin-arm64
v0.34.11
✨ What's new
- Bump go version 1.22.2 in line 34.x by @rcmadhankumar in #377
Full Changelog: v0.34.10...v0.34.11
📂 Files Checksum
cb93ea67a90bc35d491100577a9ba0a387d998d4b704e053e9a5b1d5af3a753c ./vendir-darwin-amd64
a1d97a7ef1a9d977c6902d9fbdf1c904ba8c5eadbcc9bf015f59b16d551ff01b ./vendir-darwin-arm64
d9a622e4ae430ce83328c05616099b7d2bbb52577257d44700836defaae2b193 ./vendir-linux-amd64
f45107e84eb71c0ba83530609e32c7bafc4286f907a5852e4b2f8d2c68d7b898 ./vendir-linux-arm64
9ce787a49cedd8725e6c7f631f410c4cce16b8b906668f9e8f4b17ea919cf4be ./vendir-windows-amd64.exe
v0.34.10
What's Changed
- Bump go1.20.12 by @kumaritanushree in #332
- Bump imgpkg v0.37.9 by @rcmadhankumar in #337
Full Changelog: v0.34.9...v0.34.10
📂 Files Checksum
14e35ca3bf1aadf57765f3a566d04123fe1d3df92849c1f7390007c2326a500a ./vendir-windows-amd64.exe
1b26235cdb154707a0c5251aa2e0bf1d0d25ead7318e53d0823ff49883a6c694 ./vendir-darwin-arm64
1be8afdb43f096c9eac089eda3924fbe1a6b5ba36dee70a1312c0515573b3a99 ./vendir-linux-amd64
2ebb246662121ffac0eb0d9072bb7b189f9fa82f06e13b4b6f4c441a3eae9403 ./vendir-darwin-amd64
42631ff39515ba9683bbfe12cc1a9555f7937107aa3eeaa083bd86da78a20c05 ./vendir-linux-arm64