v0.0.35

What's Changed

• Add buf lint to our lint target by @JAORMX in #2504
• Refactor: Move logging level method to utils by @Vyom-Yadav in #2487
• build(deps): bump golang from 1.22.0 to 1.22.1 by @dependabot in #2508
• build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #2507
• build(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 by @dependabot in #2511
• build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #2510
• build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in #2509
• Remove helper function duplication in EEA tests by @JAORMX in #2513
• Make GitHub provider interface more generic by @eleftherias in #2514
• Add new endpoint for fetching rule evaluations by @evankanderson in #2470
• Auto-generated cli documentation update - 2024-03-06 06:04:57 by @github-actions in #2523
• Update gitignore to ignore local sigstore artifacts by @rdimitrov in #2527
• Wrap controlplane metrics with interface by @JAORMX in #2516
• Create single status comment and correctly dismiss reviews by @gregfurman in #2171
• Refactor: Move Dockerfile to a separate docker directory by @Vyom-Yadav in #2488
• Move projects to be self-contained trees by @JAORMX in #2275
• build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.20 to 2.0.21 by @dependabot in #2532
• Add license information to repositories by @JAORMX in #2515
• Revert "Auto-generated cli documentation update - 2024-03-06 06:04:57" by @JAORMX in #2533
• Revert "Refactor: Move Dockerfile to a separate docker directory" by @JAORMX in #2534
• Add provider authorization flow types to database by @JAORMX in #2535
• Auto-generated DB schema update - 2024-03-07 10:45:02 by @github-actions in #2537
• build(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.62.1 by @dependabot in #2531
• Add Project List RPC by @JAORMX in #2536
• Cast sql limit to bigint to force sqlc to generate NullInt64 by @Vyom-Yadav in #2490
• Remove unused 'port' from session state queries by @evankanderson in #2547
• Remove token from builtin rules by @eleftherias in #2550
• Add crypto engine mock by @eleftherias in #2548
• build(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #2552
• build(deps): bump github.com/bufbuild/buf from 1.29.0 to 1.30.0 in /tools by @dependabot in #2553
• build(deps): bump redocusaurus from 2.0.1 to 2.0.2 in /docs by @dependabot in #2554
• build(deps): bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 by @dependabot in #2555
• Move default project creation and add tests by @JAORMX in #2557
• Implement project list CLI subcommand by @JAORMX in #2558
• Hook severity into GHSA generation by @JAORMX in #2560
• Remove unused Git client in pull request remediator by @eleftherias in #2561
• Change name and triggers for documentation test deployment CI by @JAORMX in #2562
• OpenFGA: change playground port to 8085 by @ethomson in #2551
• build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #2569
• Return alert status in profile get by @jhrozek in #2568
• Remove project tree migration code by @JAORMX in #2570
• Make GitHub provider implement Git provider by @eleftherias in #2564
• Reuse token from GitHub client in container verifier by @eleftherias in #2571
• Use basic auth for container verifier by @eleftherias in #2572
• Allow setting project ID via environment variable by @JAORMX in #2574
• Revert "Allow setting project ID via environment variable (#2574)" by @JAORMX in #2577
• Ensure we actually set the default auth flows for the github provider by @JAORMX in #2575
• Implement a mock response for ListEvaluationResults by @rdimitrov in #2549
• Use static token source for GitHub provider by @eleftherias in #2580
• Add test server mindev command by @JAORMX in #2579
• Project providers through the hierarchy by @JAORMX in #2573
• Auto-generated DB schema update - 2024-03-12 05:27:22 by @github-actions in #2583
• Clean up provider enroll, provide error message on failure by @evankanderson in #2567
• Move from docker-compose to docker compose by @Vyom-Yadav in #2538
• build(deps): bump github.com/daixiang0/gci from 0.13.0 to 0.13.1 in /tools by @dependabot in #2588
• Add subproject creation/deletion operations by @JAORMX in #2556
• Wait for OpenFGA to be healthy in tests by @JAORMX in #2586
• Auto-generated cli documentation update - 2024-03-12 05:56:50 by @github-actions in #2584
• Fix docs build by @JAORMX in #2592
• Add authorization flows to the providers API by @JAORMX in #2593
• Use project ID when querying by repo UUID by @dmjb in #2590
• Implement provider get API and CLI by @JAORMX in #2595
• Read database migrations from embedded filesystem and not dynamically by @JAORMX in #2587
• Enforce project boundaries in profile API by @JAORMX in #2597
• Implement a HTTP PATCH method for updating profiles by @jhrozek in #2565
• Disable ingestcache for artifacts by @JAORMX in #2603
• Revert "Disable ingestcache for artifacts (#2603)" by @rdimitrov in #2606
• Assorted refactoring changes by @dmjb in #2596
• Remove unused mock by @dmjb in #2607
• This makes sure that the github providers have the expected auth flows set up by @JAORMX in #2602
• Refactor: Move Dockerfile to a separate docker directory by @Vyom-Yadav in #2589
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #2610
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in #2611
• build(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 by @dependabot in #2612
• build(deps): bump github.com/grpc-ecosystem/go-grpc-middleware/v2 from 2.0.1 to 2.1.0 by @dependabot in #2614
• Add extra fields to our logging so it's easier to track where issues happen by @JAORMX in #2615
• Actually check for auth flows in provider enrollment by @JAORMX in #2601
• Store expected GitHub userid in database during enroll by @evankanderson in #2566
• Auto-generated DB schema update - 2024-03-13 11:55:22 by @github-actions in #2618
• Remove hardcoded provider check by @JAORMX in #2617
• Suppress the default googlerpc.Status reply from swagger.json by @jhrozek in #2620
• Auto-generated cli documentation update - 2024-03-13 13:10:38 by @github-actions in #2621
• Fix severity handling, default to low for GitHub by @rdimitrov in #2623
• Move rule creation and update into a separate interface by @dmjb in #2622
• Remove the default googlerpcStatus from the PatchProfile rpc method as well by @jhrozek in #2624

Full Changelog: v0.0.34...v0.0.35

v0.0.34

What's Changed

• git ingester: Allow using default branch by @JAORMX in #2496
• minder ruletype lint: Also verify that rule type name matches file name by @JAORMX in #2495
• update doc yarn dependencies by @dmjb in #2498
• add lint-fix command to makefile by @dmjb in #2500
• Allow rule type linting to skip rego and read many rule types by @JAORMX in #2499
• Ensure viper binds to env vars in mindev by @JAORMX in #2501
• Remove replace statement from go.mod by @JAORMX in #2503

Full Changelog: v0.0.33...v0.0.34

v0.0.33

What's Changed

• clean up unused DB queries for repositories by @dmjb in #2483
• Support for offline tokens by @JAORMX in #2468
• Auto-generated cli documentation update - 2024-03-04 19:52:24 by @github-actions in #2485
• Bump OpenFGA in docker-compose to v1.5.0 by @JAORMX in #2484
• Include 'openfga' in the 'depends_on' section of the 'minder' server container by @Vyom-Yadav in #2489
• Upsert provider access tokens instead of Create and Delete by @jhrozek in #2486
• build(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0 by @dependabot in #2492
• build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @dependabot in #2491
• build(deps): bump golang.org/x/tools from 0.18.0 to 0.19.0 in /tools by @dependabot in #2494

Full Changelog: v0.0.32...v0.0.33

v0.0.32

What's Changed

• Do not ingest indirect go dependencies by @rdimitrov in #2429
• Fix GHSA fix with respect to int64 update in #2415 by @evankanderson in #2431
• Fix client crash with fix for GHSA-q6h8-4j2v-pjg4 by @evankanderson in #2432
• Improve logging when ProjectsForUser returns an error by @evankanderson in #2435
• Add test coverage for #2432 by @evankanderson in #2434
• Log and report operating project details when return permission denied error by @evankanderson in #2436
• build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in #2439
• build(deps): bump github.com/daixiang0/gci from 0.12.3 to 0.13.0 in /tools by @dependabot in #2437
• build(deps): bump github.com/puzpuzpuz/xsync/v3 from 3.0.2 to 3.1.0 by @dependabot in #2438
• build(deps): bump github.com/signalfx/splunk-otel-go/instrumentation/github.com/lib/pq/splunkpq from 1.13.0 to 1.14.0 by @dependabot in #2442
• build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from 0.45.2 to 0.46.0 by @dependabot in #2440
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.23.1 to 1.24.0 by @dependabot in #2441
• migrate webhook IDs to 64-bit integers by @dmjb in #2444
• Expose more errors as user-visible so users can adjust their queries in a useful way. by @evankanderson in #2448
• build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #2450
• build(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 by @dependabot in #2449
• build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #2451
• Use uber-go/mock instead of the deprecated github.com/golang/mock/gomock by @JAORMX in #2454
• Promote Github PR ID to int64 by @dmjb in #2446
• Print a helpful message in case of unauthenticated grpc code by @rdimitrov in #2455
• Add explicit severity to rule types by @JAORMX in #2452
• Auto-generated DB schema update - 2024-02-28 18:18:45 by @github-actions in #2460
• Add provider callback handler for web app by @eleftherias in #2413
• Auto-generated DB schema update - 2024-02-28 19:08:35 by @github-actions in #2461
• build(deps): bump github.com/fergusstrange/embedded-postgres from 1.25.0 to 1.26.0 by @dependabot in #2463
• build(deps): bump github.com/go-critic/go-critic from 0.11.1 to 0.11.2 in /tools by @dependabot in #2466
• build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #2464
• bump github.com/openfga/cli from 0.2.5 to 0.2.6 in /tools by @JAORMX in #2467
• Add name validation for profiles and rule types, move static validation first, add tests by @evankanderson in #2462
• Ensure user is logged in upon going through the quickstart flow by @rdimitrov in #2458
• Auto-generated cli documentation update - 2024-02-29 14:10:50 by @github-actions in #2469
• build(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 by @dependabot in #2472
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #2471
• Catch errors in refresh token fetching by @JAORMX in #2473
• Move webhook create/delete into separate interface by @dmjb in #2459
• Allow for configuring CORS in minder's HTTP server by @JAORMX in #2474
• build(deps): bump github.com/styrainc/regal from 0.17.0 to 0.18.0 by @dependabot in #2480
• build(deps): bump github.com/go-playground/validator/v10 from 10.18.0 to 10.19.0 by @dependabot in #2478
• build(deps): bump github.com/norwoodj/helm-docs from 1.13.0 to 1.13.1 in /tools by @dependabot in #2476
• build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #2477
• build(deps): bump github.com/openfga/openfga from 1.4.3 to 1.5.0 by @dependabot in #2479

Full Changelog: v0.0.31...v0.0.32

v0.0.31

What's Changed

• Fix CLI invocations in first_profile.md by @puerco in #2328
• Run "make gen" for main by @rdimitrov in #2333
• Add Homoglyphs detection in Minder by @teodor-yanev in #2312
• Unname unused params and bump golangci-lint by @puerco in #2335
• build(deps): bump github.com/go-playground/validator/v10 from 10.17.0 to 10.18.0 by @dependabot in #2336
• build(deps): bump github.com/signalfx/splunk-otel-go/instrumentation/github.com/lib/pq/splunkpq from 1.12.0 to 1.13.0 by @dependabot in #2337
• build(deps): bump redocusaurus from 2.0.0 to 2.0.1 in /docs by @dependabot in #2339
• Update docs for getting started and how to by @rdimitrov in #2331
• Fix a few Trusty issues that enable support for Go in Minder by @rdimitrov in #2332
• build(deps): bump golang.org/x/tools from 0.17.0 to 0.18.0 in /tools by @dependabot in #2340
• Use MINDER_CONFIG to simplify selection of local / staging / prod by @evankanderson in #2329
• Enable Coveralls for coverage reporting by @evankanderson in #2342
• Revert "Enable Coveralls for coverage reporting" by @evankanderson in #2344
• build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 by @dependabot in #2347
• build(deps): bump github.com/openfga/go-sdk from 0.3.4 to 0.3.5 by @dependabot in #2346
• build(deps): bump github/codeql-action from 3.24.0 to 3.24.1 by @dependabot in #2345
• build(deps): bump github.com/sigstore/protobuf-specs from 0.2.1 to 0.3.0 by @dependabot in #2341
• build(deps): bump golang from ef61a20 to cefea7f by @dependabot in #2349
• Re-enable coverage reporting to coveralls by @evankanderson in #2351
• Replace unpinned actions with pinned action by @stacklokbot in #2352
• build(deps): bump coverallsapp/github-action from e5e2507fa218d2031f39816cd7d078ebd1f1a6c6 to 3dfc5567390f6fa9267c0ee9c251e4c8c3f18949 by @dependabot in #2356
• build(deps): bump golang from cefea7f to 7b297d9 by @dependabot in #2353
• build(deps): bump k8s.io/apimachinery from 0.29.1 to 0.29.2 by @dependabot in #2354
• build(deps): bump github.com/go-critic/go-critic from 0.11.0 to 0.11.1 in /tools by @dependabot in #2361
• build(deps): bump github/codeql-action from 3.24.1 to 3.24.3 by @dependabot in #2359
• Add coveralls badge, reduce debugging spew by @evankanderson in #2357
• build(deps): bump github.com/golangci/golangci-lint from 1.56.1 to 1.56.2 in /tools by @dependabot in #2360
• build(deps): bump github.com/daixiang0/gci from 0.12.1 to 0.12.3 in /tools by @dependabot in #2362
• build(deps): bump k8s.io/client-go from 0.29.1 to 0.29.2 by @dependabot in #2355
• Add test coverage for internal/util/statuses by @JAORMX in #2364
• Add test coverage for internal/util/rest by @JAORMX in #2363
• Remove unused functions from internal/util/rand by @JAORMX in #2366
• Remove internal/smoke package by @JAORMX in #2367
• Use latest golangci-lint in CI by @JAORMX in #2365
• Drop the artifact_versions table by @jhrozek in #2372
• Auto-generated DB schema update - 2024-02-19 13:19:33 by @github-actions in #2374
• tweak test coverage behaviour by @dmjb in #2373
• Add test coverage for internal/eea FlushAll by @JAORMX in #2375
• Allow golangci-lint to comment on PRs by @JAORMX in #2378
• Elevate the permissions on the linting job in main.yml by @rdimitrov in #2379
• When the context of a request is nil, return InvalidArgument/400 by @dmjb in #2377
• Fix linting permissions for pr.yml and tags.yml workflows by @rdimitrov in #2380
• build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.19 to 2.0.20 by @dependabot in #2382
• Add more coverage to internal/eea package by @JAORMX in #2383
• Deprecate the Trusty options from the protobuf by @rdimitrov in #2381
• Handle rate limiting errors for GitHub API by @Vyom-Yadav in #2271
• Deduplicate configuration reading from viper instance by @JAORMX in #2384
• Fix infinite wait for ratecache using non blocking Close() func by @Vyom-Yadav in #2385
• Change the yarn serve port for docs to 3001 by @jhrozek in #2387
• Update artifact provenance documentation by @jhrozek in #2389
• Clean up some JWT code by @evankanderson in #2390
• Revert proto changes from #2381, as they invalidated JSON stored in the Minder database by @evankanderson in #2395
• build(deps): bump github.com/styrainc/regal from 0.16.0 to 0.17.0 by @dependabot in #2398
• build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 by @dependabot in #2397
• Mischief managed, return buf breaking checks to normal. by @evankanderson in #2396
• Standard PR template for Minder and a workflow check by @teodor-yanev in #2399
• Stacklokbot shouldn't run the PR validate workflow by @teodor-yanev in #2401
• add new type of PR for refactoring by @dmjb in #2403
• Replace unpinned actions with pinned action by @stacklokbot in #2400
• Replace unpinned actions with pinned action by @stacklokbot in #2406
• update: stacklokbot without [bot] by @teodor-yanev in #2405
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.4 by @dependabot in #2408
• build(deps): bump actions/github-script from 5c56fde4671bc2d3592fb0f2c5b5bab9ddae03b1 to 60a0d83039c74a4aee543508d2ffcb1c3799cdea by @dependabot in #2407
• Fix TUF root init to bump to sigstore-go to v0.2.0 by @puerco in #2358
• Fix the PR check workflow to take into account the refactoring change type by @rdimitrov in #2410
• Refactor project structure: Move cursor file to utils package and migrate common config struct to common.go by @Vyom-Yadav in #2394
• move profile validation logic out of controlplane by @dmjb in #2402
• Updated Makefile to handle command failure within loops by @Vyom-Yadav in #2416
• Verify the signer identity upon evaluation by @rdimitrov in #2409
• Fix OSV support for Go to properly identify go.mod packages by @rdimitrov in #2417
• Upgrade repoID to int64, because that's the size from GitHub by @evankanderson in #2415
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.48.0 to 0.49.0 by @dependabot in #2425
• build(deps): bump github/codeql-action from 3.24.4 to 3.24.5 by @dependabot in #2420
• Hyperlink to trusty page for lower scored packages by @rdimitrov in #2419
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.48.0 to 0.49.0 by @dependabot in #2422
• build(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.23.1 to 1.24.0 by @dependabot in #2423
• Bump helm-docs to v1.13.0 by @rdimitrov in #2427
• Fix trusty API URL by @rdimitrov in #2428

New Contributors

• @puerco made their first contribution in #2328

Full Changelog: v0.0.30...v0.0.31

v0.0.30

What's Changed

• Add provider listing functionality by @JAORMX in #2310
• Auto-generated cli documentation update - 2024-02-09 11:25:56 by @github-actions in #2324
• Full diff ingestor by @teodor-yanev in #2325
• Update CLI table outputs for ruletype and profile by @rdimitrov in #2327

Full Changelog: v0.0.29...v0.0.30

v0.0.29

What's Changed

• Update the tmpfs path for sigstore caching in docker compose by @rdimitrov in #2267
• Add documentation for built-in roles by @eleftherias in #2258
• Cleanup unused GRPC paths from ingress by @JAORMX in #2268
• Fix documentation formatting by @eleftherias in #2269
• Allow setting custom TUF root with the minder container verify command by @jhrozek in #2270
• build(deps): bump github.com/rs/zerolog from 1.31.0 to 1.32.0 by @dependabot in #2273
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in #2272
• Add wait to ensure all entity events are executed by @Vyom-Yadav in #2274
• Fix Rule Evaluation Logic for Handling Multiple Rules of the Same Type - Part 2 (Data Backfilling) by @Vyom-Yadav in #2206
• Auto-generated DB schema update - 2024-02-05 09:49:19 by @github-actions in #2276
• build(deps): bump GoTestTools/gotestfmt-action from 02b936e80bd5b0e515b98eb8f7d998a60ccca462 to 7dd37bbcc925453b6d7465164cf3bcbd87bc691d by @dependabot in #2278
• build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #2279
• build(deps): bump github.com/styrainc/regal from 0.15.0 to 0.16.0 by @dependabot in #2280
• Add "openfga" to list of services to start by @dmjb in #2281
• build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 by @dependabot in #2289
• minor: Add rule name to evaluation logs by @Vyom-Yadav in #2290
• build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from 0.45.0 to 0.45.1 by @dependabot in #2288
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.22.0 to 1.23.0 by @dependabot in #2285
• Migrate to github.com/puzpuzpuz/xsync/v3 by @jhrozek in #2292
• Extend artifact processing to enable richer provenance checks by @jhrozek in #2235
• Auto-generated cli documentation update - 2024-02-07 12:48:38 by @github-actions in #2293
• Add test coverage for "nice status" middleware/interceptor by @JAORMX in #2294
• Support GH's private sigstore instance by @jhrozek in #2295
• Remove golang-based helm tests by @JAORMX in #2297
• some docs changes by @dmjb in #2296
• Verify all simple signing layers, do not filter events for .sig, enable OIDC identities by @rdimitrov in #2299
• build(deps): bump golang from 1.21.6 to 1.22.0 by @dependabot in #2308
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.23.0 to 1.23.1 by @dependabot in #2307
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.47.0 to 0.48.0 by @dependabot in #2306
• build(deps): bump golang.org/x/term from 0.16.0 to 0.17.0 by @dependabot in #2303
• build(deps): bump github.com/golangci/golangci-lint from 1.55.2 to 1.56.0 in /tools by @dependabot in #2302
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.23.0 to 1.23.1 by @dependabot in #2304
• Display name of profile when running profile create by @dmjb in #2301
• Fix user deletion logic (first minder then keycloak) by @JAORMX in #2311
• Add test coverage for OpenFGA authz driver by @JAORMX in #2291
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 3.7.1 by @dependabot in #2316
• build(deps): bump github.com/golangci/golangci-lint from 1.56.0 to 1.56.1 in /tools by @dependabot in #2315
• build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #2321
• build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 by @dependabot in #2318
• build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from 0.45.1 to 0.45.2 by @dependabot in #2320
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.47.0 to 0.48.0 by @dependabot in #2319
• Add json/yaml output to whoami by @jhrozek in #2313
• Auto-generated cli documentation update - 2024-02-09 08:52:50 by @github-actions in #2322

New Contributors

• @dmjb made their first contribution in #2281

Full Changelog: v0.0.28...v0.0.29

v0.0.28

What's Changed

• build(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 by @dependabot in #2200
• build(deps): bump github.com/sigstore/sigstore-go from 0.0.0-20240108223800-a3df13b8ba29 to 0.1.0 by @dependabot in #2199
• Add ability to evaluate scores based on detailed scores for trusty by @JAORMX in #2198
• Make authz tuple deletion idempotent by @JAORMX in #2201
• Remove unused code by @jhrozek in #2202
• Allow to configure a custom sigstore tuf root by @rdimitrov in #2204
• Add new policy writer role by @JAORMX in #2203
• Solidify authz Client interface by @JAORMX in #2205
• build(deps): bump github.com/openfga/openfga from 1.4.2 to 1.4.3 in /tools by @dependabot in #2208
• Update compose-migrate action to run openfga container alongside by @Vyom-Yadav in #2209
• Upgrade OpenFGA container to v1.4.3 in docker-compose by @JAORMX in #2210
• build(deps): bump github.com/evanphx/json-patch/v5 from 5.8.1 to 5.9.0 by @dependabot in #2215
• build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in #2213
• build(deps): bump mvdan.cc/gofumpt from 0.5.0 to 0.6.0 in /tools by @dependabot in #2216
• build(deps-dev): bump @docusaurus/module-type-aliases from 3.1.0 to 3.1.1 in /docs by @dependabot in #2214
• Upgrade keycloak in docker-compose to 23.0 by @JAORMX in #2211
• Define Permissions API by @JAORMX in #2217
• Fully rely on OpenFGA to delete user permissions by @JAORMX in #2207
• Print user subject on auth subcommands by @JAORMX in #2221
• Add permissions API to FGA model by @JAORMX in #2219
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.0 to 2.19.1 by @dependabot in #2223
• build(deps): bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0 by @dependabot in #2222
• build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by @dependabot in #2224
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.0 to 2.19.1 in /tools by @dependabot in #2225
• Ensure roles in authz AllRoles are defined in FGA model by @JAORMX in #2220
• Bootstrap Permissions API in minder server and implement roles list by @JAORMX in #2226
• Add authorization relations in proto by @eleftherias in #2218
• build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 by @dependabot in #2230
• build(deps): bump github.com/stacklok/frizbee from 0.0.12 to 0.0.13 by @dependabot in #2231
• Implement role assignment and removal APIs by @JAORMX in #2227
• Implement CLI for permissions by @JAORMX in #2229
• Auto-generated cli documentation update - 2024-01-31 13:44:42 by @github-actions in #2233
• Add ability to list role assignments in a project by @JAORMX in #2234
• Auto-generated cli documentation update - 2024-01-31 17:47:15 by @github-actions in #2236
• Add relation for fetching remote repos from GitHub by @eleftherias in #2237
• Fix Rule Evaluation Logic for Handling Multiple Rules of the Same Type - Part 1 (No Data Backfilling) by @Vyom-Yadav in #2161
• Move user id telemetry to token interceptor by @eleftherias in #2240
• Auto-generated DB schema update - 2024-01-31 10:34:06 by @github-actions in #2239
• Auto-generated cli documentation update - 2024-01-31 10:34:06 by @github-actions in #2238
• build(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8 by @dependabot in #2243
• build(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 by @dependabot in #2242
• build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #2241
• build(deps): bump golang from 76aadd9 to 0c22572 by @dependabot in #2244
• Fix CLI error output for role grant list by @JAORMX in #2247
• Make openfga call in authz middleware by @eleftherias in #2246
• Upgrade postgres to 16.1-alpine in docker-compose by @JAORMX in #2212
• Change the database migration CI workflow to check for the expected DB version instead by @jhrozek in #2250
• Remove unused roles database tables by @JAORMX in #2249
• Auto-generated DB schema update - 2024-02-01 13:22:35 by @github-actions in #2251
• Remove the signing keys DB table and API by @jhrozek in #2252
• Auto-generated DB schema update - 2024-02-01 13:54:40 by @github-actions in #2253
• Fix a typo in minder server in docker-compose.yaml by @rdimitrov in #2257
• build(deps): bump golang from 0c22572 to 7b575fe by @dependabot in #2263
• Get project information for users from OpenFGA by @JAORMX in #2259
• Auto-generated DB schema update - 2024-02-02 11:16:11 by @github-actions in #2264
• Add PermissionsService to ingress configuration by @JAORMX in #2265
• Correct permissions for accessing provider enroll by @eleftherias in #2266

Full Changelog: v0.0.27...v0.0.28

v0.0.27

What's Changed

• Implement Cursor-Based Pagination in ListRepositories Endpoint by @Vyom-Yadav in #2097
• Auto-generated DB schema update - 2024-01-17 10:31:02 by @github-actions in #2136
• Switch to offline Sigstore verification and set TimestampVerificationData to nil by @rdimitrov in #2131
• Update proto files for pagination by @eleftherias in #2138
• Add middleware that populates project in context by @eleftherias in #2139
• Revert "Update proto files for pagination (#2138)" by @eleftherias in #2141
• Add project relationships to FGA model by @JAORMX in #2140
• build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in #2148
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.21.0 to 1.22.0 by @dependabot in #2143
• Remove EntityContext pointers and replace with struct references by @evankanderson in #2142
• build(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.21.0 to 1.22.0 by @dependabot in #2147
• Bump go.opentelemetry.io/otel/exporters/prometheus from 0.44.0 to 0.45.0 by @eleftherias in #2150
• build(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 by @dependabot in #2152
• build(deps): bump k8s.io/apimachinery from 0.29.0 to 0.29.1 by @dependabot in #2156
• build(deps): bump github.com/signalfx/splunk-otel-go/instrumentation/database/sql/splunksql from 1.11.0 to 1.12.0 by @dependabot in #2153
• build(deps): bump github.com/signalfx/splunk-otel-go/instrumentation/github.com/lib/pq/splunkpq from 1.11.0 to 1.12.0 by @dependabot in #2154
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.46.1 to 0.47.0 by @dependabot in #2155
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.46.1 to 0.47.0 by @dependabot in #2157
• Add BusinessTelemetry to authenticated RPC calls by @rdimitrov in #2117
• Create initial configuration for authz and create store as part of migration by @JAORMX in #2110
• build(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0 by @dependabot in #2162
• Don't default to minder as default store ID is authz configuration by @JAORMX in #2163
• Actually run authz tests by @JAORMX in #2165
• Checkout back to the original branch to reset the filesystem preventing ingest cache from corrupting by @Vyom-Yadav in #2160
• Add authorization JSON model workflow by @JAORMX in #2166
• Move OpenFGA interactions to authz package by @JAORMX in #2164
• rego: Add new function to list files using a glob pattern by @JAORMX in #2158
• Initialize model on migration by @JAORMX in #2168
• Remove superadmin role by @eleftherias in #2169
• build(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 by @dependabot in #2174
• build(deps): bump github.com/openfga/go-sdk from 0.3.3 to 0.3.4 by @dependabot in #2172
• build(deps): bump k8s.io/client-go from 0.29.0 to 0.29.1 by @dependabot in #2173
• Skeleton of Authz client interface to enable integration by @JAORMX in #2175
• Add rego function to detect file types by @JAORMX in #2180
• Add new rego function called file.walk by @JAORMX in #2181
• Implement Write and Delete tuple functions for OpenFGA Authz Client by @JAORMX in #2177
• Add a mindev command to verify containers by @jhrozek in #2178
• Update: telemetry field to be string by @teodor-yanev in #2184
• Create new docs entry under "Using Minder" for using Minder with GHAS by @meganbruce in #2185
• build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 by @dependabot in #2188
• build(deps): bump github.com/openfga/cli from 0.2.4 to 0.2.5 in /tools by @dependabot in #2186
• build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in #2187
• build(deps): bump golang from 5f5d61d to 76aadd9 by @dependabot in #2189
• Move authorization logic to interceptor by @eleftherias in #2183
• Remove unused org owner enum by @eleftherias in #2190
• rego: Return true for file.exists for directories too by @JAORMX in #2191
• Hook up authz tuple writing to Minder server by @JAORMX in #2179
• Set up OpenFGA as authz client implementation for minder server by @JAORMX in #2192
• Update authz configuration example by @JAORMX in #2193
• build(deps): bump bufbuild/buf-setup-action from 1.28.1 to 1.29.0 by @dependabot in #2196
• build(deps): bump github.com/bufbuild/buf from 1.28.1 to 1.29.0 in /tools by @dependabot in #2197
• Add migration step for minder users to FGA tuples by @JAORMX in #2194
• Support GitHub attestation endpoint by @jhrozek in #2195

New Contributors

• @meganbruce made their first contribution in #2185

Full Changelog: v0.0.26...v0.0.27

v0.0.26

What's Changed

• Derive ruletype response from DB entry by @eleftherias in #2130
• build(deps): bump github.com/openfga/cli from 0.2.3 to 0.2.4 by @dependabot in #2133
• build(deps): bump github.com/evanphx/json-patch/v5 from 5.8.0 to 5.8.1 by @dependabot in #2134
• build(deps): bump golang from 6fbd2d3 to 5f5d61d by @dependabot in #2132
• Add overrides for enabling alerts and remediations when creating profiles by @JAORMX in #2129
• Auto-generated cli documentation update - 2024-01-17 10:56:53 by @github-actions in #2135

Full Changelog: v0.0.25...v0.0.26