v1.4.0

Full Changelog: v1.3.0...v1.4.0

v1.3.0

What's Changed

• Bump golang from 1.19.2-alpine to 1.19.3-alpine by @dependabot in #4
• Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 by @dependabot in #5
• Bump hadolint/hadolint-action from 2.0.0 to 3.0.0 by @dependabot in #6
• Add CodeQL workflow by @capnspacehook in #7
• Make vuln and go generate workflows run weekly by @capnspacehook in #8
• Bump go.uber.org/zap from 1.23.0 to 1.24.0 by @dependabot in #9
• Improve workflows when used with private repo by @capnspacehook in #10
• Bump golang from 1.19.3-alpine to 1.19.4-alpine by @dependabot in #11
• Bump goreleaser/goreleaser-action from 3 to 4 by @dependabot in #12
• Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0 by @dependabot in #13
• Bump golang from 1.19.4-alpine to 1.19.5-alpine by @dependabot in #14
• Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #16
• Bump docker/build-push-action from 3 to 4 by @dependabot in #17
• Bump hadolint/hadolint-action from 3.0.0 to 3.1.0 by @dependabot in #15
• Create shared constant env vars for workflows and update to Go 1.20 by @capnspacehook in #19
• Bump golang from 1.19.5-alpine to 1.20.0-alpine by @dependabot in #18
• Bump golang from 1.20.0-alpine to 1.20.1-alpine by @dependabot in #20
• Bump golang from 1.20.1-alpine to 1.20.2-alpine by @dependabot in #21
• Bump actions/setup-go from 3 to 4 by @dependabot in #22
• Bump golang from 1.20.2-alpine to 1.20.4-alpine by @dependabot in #24
• Bump golang from 1.20.4-alpine to 1.20.5-alpine by @dependabot in #26
• fix multiple workflows failing by @capnspacehook in #29
• Bump golang from 1.20.5-alpine to 1.20.6-alpine by @dependabot in #28
• Bump go.uber.org/zap from 1.24.0 to 1.25.0 by @dependabot in #31
• Bump golang from 1.20.6-alpine to 1.20.7-alpine by @dependabot in #30
• move shared env var file used in workflows by @capnspacehook in #32
• Bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 by @dependabot in #27
• don't tell golangci-lint to show only new issues by @capnspacehook in #33
• remove explicit caching now that setup-go@v4 does it by default by @capnspacehook in #34
• Bump golang from 1.20.7-alpine to 1.21.0-alpine by @dependabot in #35
• enable more golangci-lint linters by @capnspacehook in #36
• Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #37
• exit codeql job if the repository is private by @capnspacehook in #38
• ensure version reported from a Docker container is always set by @capnspacehook in #40
• overhaul Go code to make it more useful by @capnspacehook in #39
• Bump golang from 1.21.0-alpine to 1.21.1-alpine by @dependabot in #42
• explicitly set and use Go toolchain version specified in go.mod by @capnspacehook in #43
• Bump actions/checkout from 3 to 4 by @dependabot in #41
• Bump docker/metadata-action from 4 to 5 by @dependabot in #44
• Bump docker/#-action from 2 to 3 by @dependabot in #45
• Bump docker/setup-buildx-action from 2 to 3 by @dependabot in #46
• Bump goreleaser/goreleaser-action from 4 to 5 by @dependabot in #48
• Bump docker/build-push-action from 4 to 5 by @dependabot in #47
• Set explicit timeout for golangci-lint by @capnspacehook in #50
• setup Go faster in workflows by @capnspacehook in #51
• use reusable workflows by @capnspacehook in #52

New Contributors

• @capnspacehook made their first contribution in #7

Full Changelog: v1.2.0-beta1...v1.3.0

v1.2.0-beta1

Full Changelog: v1.1.0...v1.2.0-beta1

v1.1.0

Changelog

• 117be7d: tactically ignore specific hadolint warning (@capnspacehook)

v1.1.0-beta8

Changelog

• f25471a: add job to ensure generated files are up to date (@capnspacehook)
• 3c8d679: add opinionated logging with zap (@capnspacehook)
• 7c6c25a: add release verification information (@capnspacehook)
• 97a55fc: another attempt at vcs info in docker binary (@capnspacehook)
• 0e86e47: change license to unilicense (@capnspacehook)
• 378109e: fix git version in dockerfile (@capnspacehook)
• 9ad0ef5: fix go generate check job (@capnspacehook)
• 91a8d94: fix typo in dockerfile (@capnspacehook)
• 4c874a7: make pie-loader:latest explicit (@capnspacehook)
• 364f21d: run workflows on any branch, and ensure binaries and images will build from PRs (@capnspacehook)
• 01a9a00: stamp vcs info in docker binary (@capnspacehook)
• f2bf519: try using path context to docker build action to get vcs info stamped correctly (@capnspacehook)

v1.1.0-beta7

Changelog

• 6d086cf: add fuzz job (@capnspacehook)
• 59a1a03: add more details to README (@capnspacehook)
• c5936d7: add names to workflow steps (@capnspacehook)
• a76a753: add workflow to lint dockerfile (@capnspacehook)
• 929be5b: add workflow to lint workflow files (@capnspacehook)
• c5e60c4: address actionlint errors (@capnspacehook)
• 6c2c4da: allow all workflows except release to be triggered manually by maintainers (@capnspacehook)
• 44346d0: don't check binary reproducibility for now, requires upstream changes with Go to work (@capnspacehook)
• 53d0973: fix hadolint action version (@capnspacehook)
• 1b4083a: ignore specific hadolint warning (@capnspacehook)
• 9f5d11e: make docker image run as non-root user (@capnspacehook)
• 75d25ab: make hadolint verbose (@capnspacehook)
• e1f946e: manually install and run govulncheck in workflow (@capnspacehook)
• ab8ae3d: set timeout for tests in case they hang (@capnspacehook)
• a85950d: try with older version of hadolint (@capnspacehook)

v1.1.0-beta6

Changelog

• a986ef2: turn off manual goreleaser module proxying (@capnspacehook)

v1.1.0-beta5

Changelog

• cea05da: add missing doublequote (@capnspacehook)

v1.1.0-beta4

Changelog

• b5e900f: ensure released binary is reproducible (@capnspacehook)
• 70dd4e0: format with gofumpt (@capnspacehook)
• 49ab6d0: test that released binaries are reproducible (@capnspacehook)

v1.1.0-beta3

Changelog

• ce47c59: add release step to scan docker images (@capnspacehook)
• dd31bc2: add vcs info to released binaries (@capnspacehook)
• ba3e16f: fix typo in lint workflow (@capnspacehook)
• 436a17e: make go version in workflows easier to change, add test workflow and go mod tidy lint step (@capnspacehook)
• 406e58d: sign image first (@capnspacehook)
• aca6fca: update golang.org/x/text to silence vuln warnings that don't apply (@capnspacehook)