Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: automated changelog generation

Browse Source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2022-12-12 14:25:01 +01:00
parent 8ddc8cdb65
commit e5f5e26838
3 changed files with 22 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/pull_request_template.md vendored
View File

@ -25,6 +25,6 @@ Feel free to edit, complete or extend this list while the PR is open.
### Checklist
<!-- Remove items that do not apply. For completed items, change [ ] to [x], or check after submitting. -->
- [ ] Update [CHANGELOG.md](https://github.com/edgelesssys/constellation/blob/main/CHANGELOG.md)
- [ ] Update [docs](https://github.com/edgelesssys/constellation/tree/main/docs)
- [ ] Add labels (e.g., for changelog category)
- [ ] Link to Milestone

21
.github/release.yml vendored Normal file
View File

@ -0,0 +1,21 @@
changelog:
exclude:
labels:
- no-changelog
- dependencies
categories:
- title: 🛠 Breaking changes
labels:
- breaking-change
- title: 🎁 New features
labels:
- feature
- title: 🛡 Security improvements
labels:
- security-fix
- title: 🐛 Bug fixes
labels:
- bug-fix
- title: 🔧 Other changes
labels:
- "*"

171
CHANGELOG.md
View File

@ -1,171 +0,0 @@
<!--
Styleguide for this document:
- Sentences should end with a period.
- This is the keepachangelog style, whereas the Microsoft Style Guide we use for other docs omits periods for short list items.
- Omit the verb if possible.
- "Early boot logging ..." instead of "Add early boot logging ...".
- If you need a verb, it should usually be imperative mood (Add instead of Added).
- Items should start with a capital letter.
-->
# Changelog
All notable changes to Constellation will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
### Changed
<!-- For changes in existing functionality. -->
### Deprecated
<!-- For soon-to-be removed features. -->
### Removed
<!-- For now removed features. -->
### Fixed
### Security
<!-- For security related changes. -->
## [2.3.0] - 2022-12-12
### Added
- Automatic CSI driver deployment for Azure and GCP during Constellation init
- Release CLI with SLSA Level 3 requirements.
- Improve reproducibility by pinning the Kubernetes components.
- Client verification during `constellation init`
- Environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` as an alternative way to provide the configuration value `provider.azure.clientSecretValue`.
### Changed
- Constellation operators are now deployed using Helm.
- Updated the config version to v2. Check [how to migrate your config](https://docs.edgeless.systems/constellation/reference/config-migration).
- OS images are now configured globally in the `images` field of the configuration file.
- The `measurements` entry in the CLI now uses an updated format, merging `enforcedMeasurements` and old `measurements` into one
- Expected measurements in the config and Constellation's Cluster-ID are now hex encoded by default. Base64 is still supported.
### Removed
- `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
- `SSHUsers` has been removed from the user configuration following the removal of `access-manager`.
- Azure Trusted Launch support. May come back in the future.
### Fixed
- `constellation create` on GCP now always uses the local default credentials.
## [2.2.2] - 2022-11-17
### Fixed
- `constellation create` on GCP now always uses the local default credentials.
- A release process error encountered in v2.2.1. This led to a broken QEMU-based Constellation deployment, where PCR[8] didn't match.
## [2.2.1] - 2022-11-16
### Changed
- Increase timeout for `constellation config fetch-measurements` from 3 seconds to 60 seconds.
- Consistently log CLI warnings and errors to `stderr`.
### Security
Vulnerabilities in `kube-apiserver` fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:
- [CVE-2022-3162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3162)
- [CVE-2022-3294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3294)
## [2.2.0] - 2022-11-08
### Added
- Sign generated SBOMs and store container image SBOMs in registry for easier usage.
- Support for Constellation on AWS.
- Constellation Kubernetes services are now managed using Helm.
- Use tags to mark all applicable resources using a Constellation's UID on Azure.
- Use labels to mark all applicable resources using a Constellation's UID on GCP.
### Changed
- Verify measurements using [Rekor](https://github.com/sigstore/rekor) transparency log.
- The `constellation create` on Azure now uses Terraform to create and destroy cloud resources.
- Constellation OS images are now based on Fedora directly and are built using [mkosi](https://github.com/systemd/mkosi).
- `constellation terminate` will now prompt the user for confirmation before destroying any resources (can be skipped with `--yes`).
- Use the `constellation-role` tag instead of `role` to indicate an instance's role on Azure.
- Use labels instead of metadata to apply the `constellation-uid` and `constellation-role` tags on GCP.
### Deprecated
- `access-manager` is no longer deployed.
### Removed
- `endpoint` flag of `constellation init`. IP is now always taken from the `constellation-id.json` file.
- `constellation-state.json` file won't be created anymore. Resources are now managed through Terraform.
### Fixed
### Security
### Internal
## [2.1.0] - 2022-10-07
### Added
- MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: `constellation mini up`
- Loadbalancer for control-plane recovery
- K8s conformance mode
- Local cluster creation based on QEMU
- Verification of Azure trusted launch attestation keys
- Kubernetes version v1.25 is now fully supported.
- Enabled Konnectivity.
### Changed
<!-- For changes in existing functionality. -->
- Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
- The `constellation create` on GCP now uses Terraform to create and destroy cloud resources.
- GCP instances are now created without public IPs by default.
- Kubernetes default version used in Constellation is now v1.24.
### Deprecated
<!-- For soon-to-be removed features. -->
### Removed
<!-- For now removed features. -->
- CLI options for autoscaling, as this is now managed inside Kubernetes.
- Kubernetes version v1.22 is no longer supported.
### Fixed
### Security
Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:
- [GO-2022-1037](https://pkg.go.dev/vuln/GO-2022-1037) ([CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))
- [GO-2022-1038](https://pkg.go.dev/vuln/GO-2022-1038) ([CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880))
- [GO-2022-0969](https://pkg.go.dev/vuln/GO-2022-0969) ([CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664))
### Internal
## [2.0.0] - 2022-09-12
Initial release of Constellation.
[Unreleased]: https://github.com/edgelesssys/constellation/compare/v2.1.0...HEAD
[2.1.0]: https://github.com/edgelesssys/constellation/compare/v2.0.0...v2.1.0
[2.0.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.0.0
[2.1.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.1.0
[2.2.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.2.0
[2.2.1]: https://github.com/edgelesssys/constellation/releases/tag/v2.2.1
[2.2.2]: https://github.com/edgelesssys/constellation/releases/tag/v2.2.2
[2.3.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.3.0