v3.59.0

v3.59.0 (2023-11-09)

Full Changelog

Security

• This release is built with Go 1.20.11, which includes fixes for two vulnerabilities in file path handling on Windows (CVE-2023-45283, CVE-2023-45284). #2486 (@dependabot[bot])

Changed

• Experimental: Signed Pipelines
  • Allow omitting the key ID when signing pipelines #2481 (@triarius)
  • Remove Org and Pipeline slugs from pipeline invariants and update the signing tool to use the GraphQL API #2479 (@triarius)
  • Add key.Validate call #2488 (@DrJosh9000)
• Use zzglob.MultiGlob to process multiple globs simultaneously, and stop sending GlobPath with artifact upload #2472 (@DrJosh9000)

Internal

• Migrate usage of internal/{pipeline,ordered,jwkutil} to go-pipeline #2489 (@moskyb)
• Update bintest to v3.2.0 to resolve ETXTBSY race condition in tests #2480 (@DrJosh9000)
• Fix race in header times streamer #2485, #2487 (@DrJosh9000)
• Various dependency updates #2484, #2482 (@dependabot[bot])

v3.58.0

v3.58.0 (2023-11-02)

Full Changelog

Added

• Add allowed-plugin param to enable plugins allow-list #2471 (@jakubm-canva)
• New experiment: pty-raw avoids LF→CRLF mapping by setting PTY to raw mode #2453 (@pda)
• Experimental: Signed Pipelines
  • Add some pipeline invariants to the signature and create a cli subcommand to sign a pipeline #2457 (@triarius)
  • Add log group headers and timestamps to job verification success and failure logs #2461 (@triarius)

Fixed

• Fix checkout of short commit hashes #2465 (@triarius)
• Parallelise artifact collection #2456 (@DrJosh9000), #2477 (@DrJosh9000)
• Log warning about short vars once #2454 (@DrJosh9000)

Internal

• Reduce header regexps #2135 (@DrJosh9000)
• Various dependency updates: #2469, #2468, #2467, #2463, #2450, #2460, #2459, #2458 (@dependabot[bot])

v3.57.0

v3.57.0 (2023-10-19)

Full Changelog

Added

• Experimental: Signed Pipelines
  • Signing build matrices #2440 #2429 #2426 #2425 #2391 #2395 (@DrJosh9000)
  • Add debug logs for job verification #2439 (@DrJosh9000)
  • Reduce information in verification errors #2431 (@DrJosh9000)
  • Separate step/pipeline env vars for job validation #2428 (@DrJosh9000)
  • Signing config cleanup #2420 #2427 (@moskyb)
  • Fix verifying jobs with no plugins #2419 (@DrJosh9000)
  • Use canonicalised JSON as signature payload #2416 (@DrJosh9000)
  • Add utility for generating signing and verification keys #2415 #2422 (@moskyb)

Changed

• Revert "Upgrade pre-installed packages in docker images" and Pin docker images by digest #2430 (@triarius)

Internal

• Use docker image bases from ECR public gallery #2423 #2424 (@triarius + @moskyb)
• Add CODEOWNERS file #2444 (@moskyb)
• Push agent packages to Packagecloud #2438 #2441 #2443 #2442 (@sj26)
• Test clicommand config completeness #2414 (@moskyb)
• As always, the cosmic background radiation of dependabot updates. Thanks dependabot! #2435 #2434 #2433 #2432 #2421 #2418 #2417 (@dependabot[bot])

v3.56.0

v3.56.0 (2023-10-05)

Full Changelog

Security

• Upgrade libc packages in Ubuntu 22.04 docker image to those patched for CVE-2023-4911 #2410 (@triarius)

Added

• Add allow-repositories param to enable repository allow-listing #2361 (@david-poirier)

Changed

• Upgrade pre-installed packages in docker images #2410 (@triarius)
• Add Matrix parsing #2382 (@DrJosh9000)
• Add EXPERIMENTAL: to the help text for all pipeline signing flags #2412 (@moskyb)

Fixed

• Fix parsing pipelines what use a string as the skip key in a matrix adjustment #2407 (@moskyb)

Internal

• Fix flaky TestLockFileRetriesAndTimesOut #2392 (@DrJosh9000)
• Fix apt install awscli #2390 (@moskyb)
• Fix incorrect check in a test 😅 #2381 (@DrJosh9000)
• Run createrepo_c on ubuntu #2385 #2389 (@moskyb)
• Update dependabot config to use groups #2384 (@moskyb)
• Fix some typos in code comments #2380 (@testwill)

And (a slightly larger?) than usual amount of (@dependabot[bot]) updates #2369 #2371 #2372 #2373 #2377 #2378 #2383 #2386 #2387 #2397 #2398 #2399 #2400 #2401 #2402 #2403 #2405

v3.55.0

v3.55.0 (2023-09-14)

Full Changelog

Fixed

• Annotations created with contexts that contain . can now be removed #2365 (@DrJosh9000)

Changed

• Add a full agent version which includes the commit #2283 (@triarius)

v3.54.0

v3.54.0 (2023-09-05)

Full Changelog

⚠️ We're adjusting how the set of supported OS versions changes over time.
For the details, see #2354.

Added

• New experiment use-zzglob: uses a different library for resolving glob patterns in buildkite-agent artifact upload #2341 (@DrJosh9000)

Changed

• Logged errors might look different: errors passed back up to main.go from clicommand #2347 (@triarius)
• HEAD commit found faster: git log is now used to get commit information instead of git show #2323 (@leakingtapan)

Internal

• Adapt Olfactor to allow sniffing for multiple smells #2332 (@triarius)

v3.53.0

v3.53.0 (2023-08-31)

Full Changelog

Added

• Artifact upload and download to/from Azure Blob Storage #2318 (@DrJosh9000)

Fixed

• Fix detection of missing commits on checkout #2322 (@goodspark)
• [Experimental] Handle the case when unmarshalling a step where there aren't any plugins #2321 (@moskyb)
• [Experimental] Fix signature mismatches when steps have plugins #2339, #2319 (@DrJosh9000)
• [Experimental] Catch step env/job env edge case #2340 (@DrJosh9000)

Changed

• Retry fork/exec errors when running hook #2325 (@triarius)

Internal

• Fix ECR authentication failure #2337, #2335, #2334 (@DrJosh9000)
• Split checkout, artifact, and plugin phases out of executor.go #2324 (@triarius)
• Store experiments in contexts #2316 (@DrJosh9000)

v3.52.1

v3.52.1 (2023-08-23)

Full Changelog

Fixed

• Fix missing group interpolation #2303 (@DrJosh9000)
• Experimental fix for agent workers reading plugin directories while they are being written to by other agent workers #2301 (@triarius)

Internal

• Rework method of pushing releases to RPM repos #2315 #2314 #2312 #2310 #2304 (@DrJosh9000)
• Update help text with suggestions from docs code review #2313 (@triarius)
• Fix a flaky shell test #2311 (@triarius)
• Adjust cli help output to work better with documentation generation #2317 (@triarius)

v3.52.0

v3.52.0 (2023-08-17)

Full Changelog

Note: the buildkite-agent step get command now prints a new line to stdout in circumstances where it previously did not. We advise you to always strip whitespace from the output of this (and other commands). If you are processing the output of this in a POSIX compliant shell with command substitution (i.e. step="$(buildkite-agent step get ...)"), trailing newlines will be removed automatically.

Added

• [Experimental] Include pipeline and step env in step signatures #2295 (@DrJosh9000)

Fixed

• Fix step get is printing the address of the stdout stream at the start #2299 (@triarius)

Changed

• Add a newline after printing errors from the config parser #2296 (@triarius)

Internal

• Enable mount-buildkite-agent in release pipeline containers #2298 (@DrJosh9000)
• Update ecr, docker plugins, and agent image ver #2297 (@DrJosh9000)
• Pin bk cli used in agent pipeline to a commit #2294 (@triarius)

v3.51.0

Known Issues

⚠️ There is a known issue with buildkite-agent step get. This is fixed in v3.52.0

v3.51.0 (2023-08-15)

Full Changelog

Added

• Add --strict-single-hooks #2268 (@DrJosh9000)
• Add missing 'an' in annotation help #2285 (@mdb)
• [Experimental] Verify step signatures #2210 (@moskyb)
• [Experimental] Pipeline Signing/Verification with JWS #2252 (@moskyb)
• [Experimental] Include plugins in command step signatures #2292 (@DrJosh9000)

Changed

• Make the agent send a SIGTERM (configurable) before a SIGKILL to subprocesses #2250 (@triarius)
• Limit job log length #2192 (@DrJosh9000)
• Refactor redactor into streaming replacer and use it to redact secrets #2277 (@DrJosh9000)
• Dependency upgrades #2278 #2274 #2271 #2272 #2275 #2266 (@dependabot[bot])

Fixed

• Fix fatal: bad object not detected from git fetch #2286 (@triarius)
• Fix scalar plugin parsing #2264 (@DrJosh9000)

Internal

• Reorganise step types among files #2267 (@DrJosh9000)
• Upload test coverage #2270 (@DrJosh9000)
• Remove unwrapping in error Is methods #2269 (@triarius)
• Use capacity hint in concat #2288 (@DrJosh9000)
• Add ordered.Unmarshal, and use it in pipeline parsing #2279 (@DrJosh9000)
• Create a setup method for config and logger to reduce boilerplate #2281 (@triarius)
• Add retry for publishing RPMs #2280 (@triarius)
• Fix data race in testAgentEndpoint #2265 (@DrJosh9000)
• Fix missing "fmt" import #2287 (@DrJosh9000)