Skip to content

Commit

Permalink
Merge pull request #1021 from mozilla/develop
Browse files Browse the repository at this point in the history
v3.7.2
  • Loading branch information
ajvb authored Mar 9, 2022
2 parents 2395f07 + 3370591 commit 86f500d
Show file tree
Hide file tree
Showing 20 changed files with 379 additions and 190 deletions.
10 changes: 5 additions & 5 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ workflows:
build-and-deploy:
jobs:
- build
- push:
- push:
filters:
tags:
only: /^v.*/
only: /^v.*/
branches:
ignore: /.*/
jobs:
Expand All @@ -30,7 +30,7 @@ jobs:
resource_class: large
steps:
- checkout
- run:
- run:
name: semver check
command: |
MAJOR=$(echo ${CIRCLE_TAG#v} | cut -d"." -f1)
Expand All @@ -46,8 +46,8 @@ jobs:
This job uses the semver from the git TAG as the public version to publish.
- This should only run on workflows triggered by a tag.
- The tag name should be a semver like 'v1.2.3'
- This should only run on workflows triggered by a tag.
- The tag name should be a semver like 'v1.2.3'
- The version should follow conventions documented at https://github.com/fsaintjacques/semver-tool
EOF
exit 1
Expand Down
29 changes: 22 additions & 7 deletions .github/workflows/cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,22 +12,26 @@ on:

jobs:
build:
name: Build and test ${{ matrix.os }}
name: Build and test ${{ matrix.os }} ${{ matrix.arch }}
runs-on: ubuntu-latest
strategy:
matrix:
os: [linux, darwin, windows]
arch: [amd64, arm64]
exclude:
- os: windows
arch: arm64
env:
VAULT_VERSION: "1.1.3"
VAULT_TOKEN: "root"
VAULT_ADDR: "http://127.0.0.1:8200"
steps:
- name: Install dependencies
run: sudo apt-get update && sudo apt-get install git -y
- name: Set up Go 1.13
- name: Set up Go 1.17
uses: actions/setup-go@v2
with:
go-version: 1.13
go-version: 1.17
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
Expand All @@ -37,13 +41,24 @@ jobs:
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Build
- name: Build Linux and Darwin
if: matrix.os != 'windows'
run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o sops-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} -v ./cmd/sops
- name: Build Windows
if: matrix.os == 'windows'
run: GOOS=${{ matrix.os }} go build -o sops-${{ matrix.os }}-${{ github.sha }} -v ./cmd/sops
- name: Import test GPG keys
run: for i in 1 2 3 4 5; do gpg --import pgp/sops_functional_tests_key.asc && break || sleep 15; done
- name: Test
run: make test
- name: Upload artifact
- name: Upload artifact for Linux and Darwin
if: matrix.os != 'windows'
uses: actions/upload-artifact@v2
with:
name: sops-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }}
path: sops-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }}
- name: Upload artifact for Windows
if: matrix.os == 'windows'
uses: actions/upload-artifact@v2
with:
name: sops-${{ matrix.os }}-${{ github.sha }}
Expand All @@ -63,9 +78,9 @@ jobs:
uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: sops-linux-${{ github.sha }}
name: sops-linux-amd64-${{ github.sha }}
- name: Move SOPS binary
run: mv sops-linux-${{ github.sha }} ./functional-tests/sops
run: mv sops-linux-amd64-${{ github.sha }} ./functional-tests/sops
- name: Make SOPS binary executable
run: chmod +x ./functional-tests/sops
- name: Download Vault
Expand Down
24 changes: 19 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,15 @@ jobs:
run: sudo apt-get update && sudo apt-get install git ruby rpm -y
- name: Install fpm
run: gem install fpm || sudo gem install fpm
- name: Set up Go 1.15
- name: Set up Go 1.17
uses: actions/setup-go@v2
with:
go-version: 1.15
go-version: 1.17
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Go vendor
run: go mod vendor
- name: Make release directory
run: mkdir dist
- name: Build deb and rpm
Expand All @@ -32,20 +34,32 @@ jobs:
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Set RELEASE_NUMBER
run: echo "RELEASE_NUMBER=$(echo $RELEASE_VERSION | cut -c2-)" >> $GITHUB_ENV
- name: Build darwin binary
run: GOOS=darwin CGO_ENABLED=0 go build -mod vendor -o dist/sops-${{ env.RELEASE_VERSION }}.darwin go.mozilla.org/sops/v3/cmd/sops
- name: Build linux arm64 binary
run: GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -mod vendor -o dist/sops-${{ env.RELEASE_VERSION }}.linux.arm64 go.mozilla.org/sops/v3/cmd/sops
- name: Build darwin amd64 binary
run: GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -mod vendor -o dist/sops-${{ env.RELEASE_VERSION }}.darwin.amd64 go.mozilla.org/sops/v3/cmd/sops
- name: Copy darwin amd64 to have a no-architecture labeled version
run: cp dist/sops-${{ env.RELEASE_VERSION }}.darwin.amd64 dist/sops-${{ env.RELEASE_VERSION }}.darwin
- name: Build darwin arm64 binary
run: GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -mod vendor -o dist/sops-${{ env.RELEASE_VERSION }}.darwin.arm64 go.mozilla.org/sops/v3/cmd/sops
- name: Build windows binary
run: GOOS=windows CGO_ENABLED=0 go build -mod vendor -o dist/sops-${{ env.RELEASE_VERSION }}.exe go.mozilla.org/sops/v3/cmd/sops
- name: Copy already built linux binary
run: cp tmppkg/usr/local/bin/sops dist/sops-${{ env.RELEASE_VERSION }}.linux
run: cp tmppkg/usr/local/bin/sops dist/sops-${{ env.RELEASE_VERSION }}.linux && cp tmppkg/usr/local/bin/sops dist/sops-${{ env.RELEASE_VERSION }}.linux.amd64
- name: Create release
uses: "mozilla/action-automatic-releases@latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: true
files: |
dist/sops-${{ env.RELEASE_VERSION }}.exe
dist/sops-${{ env.RELEASE_VERSION }}.darwin.amd64
dist/sops-${{ env.RELEASE_VERSION }}.darwin.arm64
dist/sops-${{ env.RELEASE_VERSION }}.darwin
dist/sops-${{ env.RELEASE_VERSION }}.linux.amd64
dist/sops-${{ env.RELEASE_VERSION }}.linux.arm64
dist/sops-${{ env.RELEASE_VERSION }}.linux
dist/sops_${{ env.RELEASE_NUMBER }}_amd64.deb
dist/sops_${{ env.RELEASE_NUMBER }}_arm64.deb
dist/sops-${{ env.RELEASE_NUMBER }}-1.x86_64.rpm
dist/sops-${{ env.RELEASE_NUMBER }}-1.aarch64.rpm
121 changes: 68 additions & 53 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
@@ -1,123 +1,138 @@
Changelog
=========

3.7.2
-----
Changes:

* README updates (#861, #860)
* Various test fixes (#909, #906, #1008)
* Added Linux and Darwin arm64 releases (#911, #891)
* Upgrade to go v1.17 (#1012)
* Support SOPS_AGE_KEY environment variable (#1006)

Bug fixes:

* Make sure comments in yaml files are not duplicated (#866)
* Make sure configuration file paths work correctly relative to the config file in us (#853)

3.7.1
-----
Changes:

* Security fix
* Add release workflow (#843)
* Fix issue where CI wouldn't run against master (#848)
* Trim extra whitespace around age keys (#846)
* Security fix
* Add release workflow (#843)
* Fix issue where CI wouldn't run against master (#848)
* Trim extra whitespace around age keys (#846)

3.7.0
-----
Features:

* Add support for age (#688)
* Add filename to exec-file (#761)
* Add support for age (#688)
* Add filename to exec-file (#761)

Changes:

* On failed decryption with GPG, return the error returned by GPG to the sops user (#762)
* Use yaml.v3 instead of modified yaml.v2 for handling YAML files (#791)
* Update aws-sdk-go to version v1.37.18 (#823)
* On failed decryption with GPG, return the error returned by GPG to the sops user (#762)
* Use yaml.v3 instead of modified yaml.v2 for handling YAML files (#791)
* Update aws-sdk-go to version v1.37.18 (#823)

Project Changes:

* Switch from TravisCI to Github Actions (#792)
* Switch from TravisCI to Github Actions (#792)

3.6.1
-----
Features:

* Add support for --unencrypted-regex (#715)
* Add support for --unencrypted-regex (#715)

Changes:

* Use keys.openpgp.org instead of gpg.mozilla.org (#732)
* Upgrade AWS SDK version (#714)
* Support --input-type for exec-file (#699)
* Use keys.openpgp.org instead of gpg.mozilla.org (#732)
* Upgrade AWS SDK version (#714)
* Support --input-type for exec-file (#699)

Bug fixes:

* Fixes broken Vault tests (#731)
* Revert "Add standard newline/quoting behavior to dotenv store" (#706)
* Fixes broken Vault tests (#731)
* Revert "Add standard newline/quoting behavior to dotenv store" (#706)


3.6.0
-----
Features:

* Support for encrypting data through the use of Hashicorp Vault (#655)
* `sops publish` now supports `--recursive` flag for publishing all files in a directory (#602)
* `sops publish` now supports `--omit-extensions` flag for omitting the extension in the destination path (#602)
* sops now supports JSON arrays of arrays (#642)
* Support for encrypting data through the use of Hashicorp Vault (#655)
* `sops publish` now supports `--recursive` flag for publishing all files in a directory (#602)
* `sops publish` now supports `--omit-extensions` flag for omitting the extension in the destination path (#602)
* sops now supports JSON arrays of arrays (#642)

Improvements:

* Updates and standardization for the dotenv store (#612, #622)
* Close temp files after using them for edit command (#685)
* Updates and standardization for the dotenv store (#612, #622)
* Close temp files after using them for edit command (#685)

Bug fixes:

* AWS SDK usage now correctly resolves the `~/.aws/config` file (#680)
* `sops updatekeys` now correctly matches config rules (#682)
* `sops updatekeys` now correctly uses the config path cli flag (#672)
* Partially empty sops config files don't break the use of sops anymore (#662)
* Fix possible infinite loop in PGP's passphrase prompt call (#690)
* AWS SDK usage now correctly resolves the `~/.aws/config` file (#680)
* `sops updatekeys` now correctly matches config rules (#682)
* `sops updatekeys` now correctly uses the config path cli flag (#672)
* Partially empty sops config files don't break the use of sops anymore (#662)
* Fix possible infinite loop in PGP's passphrase prompt call (#690)

Project changes:

* Dockerfile now based off of golang version 1.14 (#649)
* Push alpine version of docker image to Dockerhub (#609)
* Push major, major.minor, and major.minor.patch tagged docker images to Dockerhub (#607)
* Removed out of date contact information (#668)
* Update authors in the cli help text (#645)
* Dockerfile now based off of golang version 1.14 (#649)
* Push alpine version of docker image to Dockerhub (#609)
* Push major, major.minor, and major.minor.patch tagged docker images to Dockerhub (#607)
* Removed out of date contact information (#668)
* Update authors in the cli help text (#645)


3.5.0
-----
Features:

* `sops exec-env` and `sops exec-file`, two new commands for utilizing sops secrets within a temporary file or env vars
* `sops exec-env` and `sops exec-file`, two new commands for utilizing sops secrets within a temporary file or env vars

Bug fixes:

* Sanitize AWS STS session name, as sops creates it based off of the machines hostname
* Fix for `decrypt.Data` to support `.ini` files
* Various package fixes related to switching to Go Modules
* Fixes for Vault-related tests running locally and in CI.
* Sanitize AWS STS session name, as sops creates it based off of the machines hostname
* Fix for `decrypt.Data` to support `.ini` files
* Various package fixes related to switching to Go Modules
* Fixes for Vault-related tests running locally and in CI.

Project changes:

* Change to proper use of go modules, changing to primary module name to `go.mozilla.org/sops/v3`
* Change tags to requiring a `v` prefix.
* Add documentation for `sops updatekeys` command
* Change to proper use of go modules, changing to primary module name to `go.mozilla.org/sops/v3`
* Change tags to requiring a `v` prefix.
* Add documentation for `sops updatekeys` command

3.4.0
-----
Features:

* `sops publish`, a new command for publishing sops encrypted secrets to S3, GCS, or Hashicorp Vault
* Support for multiple Azure authentication mechanisms
* Azure Keyvault support to the sops config file
* `encrypted_regex` option to the sops config file
* `sops publish`, a new command for publishing sops encrypted secrets to S3, GCS, or Hashicorp Vault
* Support for multiple Azure authentication mechanisms
* Azure Keyvault support to the sops config file
* `encrypted_regex` option to the sops config file

Bug fixes:

* Return non-zero exit code for invalid CLI flags
* Broken path handling for sops editing on Windows
* `go lint/fmt` violations
* Check for pgp fingerprint before slicing it
* Return non-zero exit code for invalid CLI flags
* Broken path handling for sops editing on Windows
* `go lint/fmt` violations
* Check for pgp fingerprint before slicing it

Project changes:

* Build container using golang 1.12
* Switch to using go modules
* Hashicorp Vault server in Travis CI build
* Mozilla Publice License file to repo
* Replaced expiring test gpg keys
* Build container using golang 1.12
* Switch to using go modules
* Hashicorp Vault server in Travis CI build
* Mozilla Publice License file to repo
* Replaced expiring test gpg keys

3.3.1
-----
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.15
FROM golang:1.17

COPY . /go/src/go.mozilla.org/sops
WORKDIR /go/src/go.mozilla.org/sops

RUN CGO_ENABLED=1 make install
RUN apt-get update
RUN apt-get install -y vim python-pip emacs
RUN apt-get install -y vim python3-pip emacs
RUN pip install awscli
ENV EDITOR vim
3 changes: 2 additions & 1 deletion Dockerfile.alpine
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM golang:1.12-alpine3.10 AS builder
FROM golang:1.17-alpine3.15 AS builder

RUN apk --no-cache add make

Expand All @@ -8,7 +9,7 @@ WORKDIR /go/src/go.mozilla.org/sops
RUN CGO_ENABLED=1 make install


FROM alpine:3.10
FROM alpine:3.15

RUN apk --no-cache add \
vim ca-certificates
Expand Down
Loading

0 comments on commit 86f500d

Please sign in to comment.