v0.14.0

What's Changed

The images build themselves on latest once a week. Then the readme file updates itself based on CVE scan results.

Add Ubuntu 24.04 LTS.

Bump deps.

Full Changelog: v0.13.4...v0.14.0

v0.13.4

Changes

Cutting a release to rebuild, but also to see what the new build summary is looking like

🧰 Maintenance

• Bump docker/build-push-action from 5 to 6 @dependabot (#252)

v0.13.3 - now with better sbom naming, i think

Changes

• update sbom action and test deployments @some-natalie (#251)

v0.13.2

Changes

• bump arc to 0.9.2, ubi9 to 9.4, docker too @some-natalie (#250)

v0.13.1

Changes

• bunch of small cleanup tasks @some-natalie (#249)

v0.13.0

🐙 Now there's a runner to use based on Wolfi to lower CVEs and bring some ConMon sanity to Feds and Fed-adjacent folks. Given some of the conversations I've had over the years about container security w/i ARC, it makes sense to pave a path towards a sane count of CVEs for use in highly secured environments.

The new wolfi runner image goes from 67 CVEs in the upstream (actions/runner) image to a more-manageable 6 CVEs (according to Grype 0.77.1 on 29 April 2024). It's anticipated that it'll stay significantly lower moving forwards as well.

Changes

• change home paths to match upstream @some-natalie (#248)
• add wolfi dockerfile and helm charts for deployment @some-natalie (#247)
• Wolfi runner addition @some-natalie (#245)
• change test suite to run on a local cluster @some-natalie (#246)

v0.12.7

Changes

• bump runner, docker version @some-natalie (#244)
• bump docker @some-natalie (#243)

v0.12.6

Changes

• Not much changed. Just bumped the test-image workflows for Actions to 0.9.1

Happy automating! 🥂

fix grype scans on multi-arch builds

this did not spark joy, but at least it's fixed.

remove buildah

there has to be a better way