lifecycle v0.15.0-rc.2

lifecycle v0.15.0-rc.2

Welcome to v0.15.0-rc.2, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.15.0-rc.2.

Features

• When using platform API 0.10 or greater, the lifecycle provides experimental support for image extensions: experimental components that generate Dockerfiles that can be used to define build and runtime base images (#860 and #869 by @natalieparellano and #896 by @BarDweller, @jromero, and @natalieparellano)
• When using buildpack API 0.9 or greater, buildpacks should write command as a list of strings in launch.toml, instead of a single string; entries in command are arguments that are always provided to the process, whereas entries in args are default arguments that can be overridden by the end user if supported by the platform (#889 by @jabrown85)
• When using platform API 0.10 or greater, user-provided arguments override buildpack-provided default arguments, instead of being appended (#920 by @jabrown85 and #921 by @natalieparellano)

Bug Fixes

• When using platform API 0.10 or greater, the creator when passed -skip-restore will still restore store.toml (#929 by @natalieparellano)
• When using platform API 0.7 or greater, the creator logs the expected phase header for the analyze phase (#878 by @jromero)

Known Issues

• Vulnerability scanners such as grype may trigger on non-impactful CVEs:
  • GHSA-f3fp-gc8g-vw66 and GHSA-v95c-p5hm-xq8f for package github.com/opencontainers/runc: non-impactful as the lifecycle does not create containers; the lifecycle cannot update runc until github.com/GoogleContainerTools/kaniko updates to a compatible version
  • CVE-2015-5237 and CVE-2021-22570 for package google.golang.org/protobuf: false positives (see .grype.yaml in project root for further information)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors: @BarDweller, @jabrown85, @jromero, @mboldt, @natalieparellano

lifecycle v0.14.3

lifecycle v0.14.3

Welcome to v0.14.3, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.3.

Features

• Updates dependencies (#939 by @natalieparellano)
• Updates go from 1.18.4 to 1.18.7

lifecycle v0.15.0-rc.1

lifecycle v0.15.0-rc.1

Welcome to v0.15.0-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.15.0-rc.1.

Features

• When using platform API 0.10 or greater, the lifecycle provides experimental support for image extensions: experimental components that generate Dockerfiles that can be used to define build and runtime base images (#860 and #869 by @natalieparellano and #896 by @BarDweller, @jromero, and @natalieparellano)
• When using buildpack API 0.9 or greater, buildpacks should write command as a list of strings in launch.toml, instead of a single string; entries in command are arguments that are always provided to the process, whereas entries in args are default arguments that can be overridden by the end user if supported by the platform (#889 by @jabrown85)
• When using platform API 0.10 or greater, user-provided arguments override buildpack-provided default arguments, instead of being appended (#920 by @jabrown85 and #921 by @natalieparellano)

Bug Fixes

• When using platform API 0.7 or greater, the creator logs the expected phase header for the analyze phase (#878 by @jromero)

Known Issues

• Vulnerability scanners such as grype may trigger on non-impactful CVEs:
  • GHSA-f3fp-gc8g-vw66 and GHSA-v95c-p5hm-xq8f for package github.com/opencontainers/runc: non-impactful as the lifecycle does not create containers; the lifecycle cannot update runc until github.com/docker/docker updates to a compatible version
  • CVE-2015-5237 and CVE-2021-22570 for package google.golang.org/protobuf: false positives (see .grype.yaml in project root for further information)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors: @BarDweller, @jabrown85, @jromero, @mboldt, @natalieparellano

lifecycle v0.14.2

lifecycle v0.14.2

Welcome to v0.14.2, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.2.

Features

• Updates go to version 1.18 (#907 by @natalieparellano)

Bug Fixes

• The launcher will correctly find processes when the process type contains . (#903 by @jabrown85)

lifecycle v0.14.1

lifecycle v0.14.1

Welcome to v0.14.1, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.1.

Bug Fixes

• The lifecycle will attempt to use credential helpers on Amazon and Azure (#855 by @natalieparellano)
• The lifecycle, when provided an identity token, will attempt to use it (instead of ignoring it) (#854 by @natalieparellano)
• The lifecycle, when provided a keychain that is missing authorization information for a registry, will fall through to the next keychain instead of returning an empty authorization that may fail (#853 by @natalieparellano)
• The analyzer ensures ownership of the launch cache directory (#847 by @natalieparellano)
• The exporter, when saving a cache image that is empty, will add an empty layer in order to avoid save errors on GCR (#852 by @jjbustamante)
• The lifecycle, when renaming directories, will fall back to copy and delete on Windows (#856 by @natalieparellano)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:
@ekcasey, @jjbustamante, @jromero, @natalieparellano

lifecycle v0.14.1-rc.1

lifecycle v0.14.1-rc.1

Welcome to v0.14.1-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.1-rc.1.

Bug Fixes

The lifecycle will attempt to use credential helpers on Amazon and Azure (#855 by @natalieparellano)
The lifecycle, when provided an identity token, will attempt to use it (instead of ignoring it) (#854 by @natalieparellano)
The lifecycle, when provided a keychain that is missing authorization information for a registry, will fall through to the next keychain instead of returning an empty authorization that may fail (#853 by @natalieparellano)
The analyzer ensures ownership of the launch cache directory (#847 by @natalieparellano)
The exporter, when saving a cache image that is empty, will add an empty layer in order to avoid save errors on GCR (#852 by @jjbustamante)
The lifecycle, when renaming directories, will fall back to copy and delete on Windows (#856 by @natalieparellano)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:
@ekcasey, @jjbustamante, @jromero, @natalieparellano

lifecycle v0.14.0

lifecycle v0.14.0

Welcome to v0.14.0, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.0.

Features

• When using buildpack API 0.8 or greater, buildpacks can specify the working directory for processes in launch.toml (#792 by @mboldt)
• When using buildpack API 0.8 or greater, the platform directory and build plan path are provided as environment variables to buildpack bin/detect, in addition to the deprecated positional arguments (#818 by @mboldt)
• When using buildpack API 0.8 or greater, the platform directory, buildpack plan path, and buildpack layers directory are provided as environment variables to buildpack bin/build, in addition to the deprecated positional arguments (#818 by @mboldt)
• The exporter, if SOURCE_DATE_EPOCH is set in its environment, will set image create time to the provided value instead of the constant January 1, 1980 (#823 by @jabrown85)
• When using platform API 0.9 or greater, the exporter will omit legacy BOM information from the io.buildpacks.build.metadata label; this information can instead be found in <layers>/sbom/launch/sbom.legacy.json (#825 by @natalieparellano)
• Updates go to version 1.17 (#839 by @natalieparellano)

Bug Fixes

• The builder, when validating buildpack-output SBOM files against buildpack-declared SBOM formats, will omit optional parameters in the declared media type from the comparison, allowing buildpacks to specify parameters in buildpack.toml (#834 by @natalieparellano)
• When using platform API 0.9 or greater, the analyzer accepts a -launch-cache flag, improving performance when restoring the SBOM layer from the previous image; additionally, the analyzer accepts a -skip-layers flag to completely skip SBOM layer restoration (#800 by @natalieparellano)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:
@aemengo, @jabrown85, @mboldt, @natalieparellano, @samj1912

lifecycle v0.14.0-rc.1

lifecycle v0.14.0-rc.1

Welcome to v0.14.0-rc.1, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.14.0-rc.1.

Features

• When using buildpack API 0.8 or greater, buildpacks can specify the working directory for processes in launch.toml (#792 by @mboldt)
• When using buildpack API 0.8 or greater, the platform directory and build plan path are provided as environment variables to buildpack bin/detect, in addition to the deprecated positional arguments (#818 by @mboldt)
• When using buildpack API 0.8 or greater, the platform directory, buildpack plan path, and buildpack layers directory are provided as environment variables to buildpack bin/build, in addition to the deprecated positional arguments (#818 by @mboldt)
• The exporter, if SOURCE_DATE_EPOCH is set in its environment, will set image create time to the provided value instead of the constant January 1, 1980 (#823 by @natalieparellano)
• When using platform API 0.9 or greater, the exporter will omit legacy BOM information from the io.buildpacks.build.metadata label; this information can instead be found in /sbom/launch/sbom.legacy.json (#825 by @natalieparellano)

Bug Fixes

• The builder, when validating buildpack-output SBOM files against buildpack-declared SBOM formats, will omit optional parameters in the declared media type from the comparison, allowing buildpacks to specify parameters in buildpack.toml (#834 by @natalieparellano)
• When using platform API 0.9 or greater, the analyzer accepts a -launch-cache flag, improving performance when restoring the SBOM layer from the previous image; additionally, the analyzer accepts a -skip-layers flag to completely skip SBOM layer restoration (#800 by @natalieparellano)

lifecycle v0.13.5

lifecycle v0.13.5

Welcome to v0.13.5, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.13.5.

Bug Fixes

• When copying sbom files to the buildpack layers directory, the restorer will not error if the directory does not exist (#832 by @natalieparellano)

lifecycle v0.13.4

lifecycle v0.13.4

Welcome to v0.13.4, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.13.4.

Bug Fixes

• Updates transitive containerd dependency to 1.5.10 to avoid triggering vulnerability scanners for non-impactful high CVE (#822 by @matthewmcnew)