Skip to content

lifecycle v0.15.0-rc.1

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 10 Oct 19:13
v0.15.0-rc.1
e6cf04c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

lifecycle v0.15.0-rc.1

Welcome to v0.15.0-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.15.0-rc.1.

Features

  • When using platform API 0.10 or greater, the lifecycle provides experimental support for image extensions: experimental components that generate Dockerfiles that can be used to define build and runtime base images (#860 and #869 by @natalieparellano and #896 by @BarDweller, @jromero, and @natalieparellano)
  • When using buildpack API 0.9 or greater, buildpacks should write command as a list of strings in launch.toml, instead of a single string; entries in command are arguments that are always provided to the process, whereas entries in args are default arguments that can be overridden by the end user if supported by the platform (#889 by @jabrown85)
  • When using platform API 0.10 or greater, user-provided arguments override buildpack-provided default arguments, instead of being appended (#920 by @jabrown85 and #921 by @natalieparellano)

Bug Fixes

  • When using platform API 0.7 or greater, the creator logs the expected phase header for the analyze phase (#878 by @jromero)

Known Issues

  • Vulnerability scanners such as grype may trigger on non-impactful CVEs:
    • GHSA-f3fp-gc8g-vw66 and GHSA-v95c-p5hm-xq8f for package github.com/opencontainers/runc: non-impactful as the lifecycle does not create containers; the lifecycle cannot update runc until github.com/docker/docker updates to a compatible version
    • CVE-2015-5237 and CVE-2021-22570 for package google.golang.org/protobuf: false positives (see .grype.yaml in project root for further information)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors: @BarDweller, @jabrown85, @jromero, @mboldt, @natalieparellano

Contributors

jromero, jabrown85, and 2 other contributors
Assets 8
Loading