v1.10.0

v1.10.0 Release 2023-05-24

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.10.0
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.10.0-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.10.0-slim

What's Changed

New Features and Additions:

• feat: Add mTLS (client cert) registry authentication #2180
• feat: Add support for zstd compression #2313
• feat: Use correct media type for zstd layers #2459

Fixes:

• fix: Correct deprecated flags in README.md #2335

Docs, Test, and Release Updates:

• ci: use debian buster to fix tests using no longer supported stretch which had broken apt-get urls #2485

Updates and Refactors:

• refactor: Delete scorecards-analysis.yml #2510
• refactor: Light editing to scripts in hack/gofmt #2236
• chore: add .vscode/ dir to .gitignore #2501
• chore: Revert "chore(deps): bump google-github-actions/setup-gcloud from 0.5.1 to 1.1.1 (#2502)" #2524
• chore(deps): bump docker/build-push-action from 3.2.0 to 4.0.0 #2505
• chore(deps): bump docker/setup-qemu-action from 1.2.0 to 2.1.0 #2287
• chore(deps): bump github.com/aws/aws-sdk-go from 1.44.24 to 1.44.253 #2490
• chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible #2503
• chore(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.5+incompatible #2489
• chore(deps): bump github.com/google/go-containerregistry from 0.14.0 to 0.15.1 #2508
• chore(deps): bump github.com/google/slowjam from 1.0.0 to 1.0.1 #2498
• chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 #2453
• chore(deps): bump github.com/otiai10/copy from 1.7.0 to 1.11.0 #2523
• chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 #2522
• chore(deps): bump github.com/spf13/afero from 1.9.2 to 1.9.5 #2448
• chore(deps): bump github/codeql-action from 2.1.8 to 2.3.2 #2487
• chore(deps): bump golang from 1.19 to 1.20 in /deploy #2388
• chore(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 #2497
• chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 #2507
• chore(deps): bump google-github-actions/setup-gcloud from 0.5.1 to 1.1.1 #2502
• chore(deps): bump google.golang.org/api from 0.110.0 to 0.120.0 #2484
• chore(deps): bump google.golang.org/api from 0.120.0 to 0.121.0 #2496
• chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 #2442
• chore(deps): bump imjasonh/setup-crane from 0.1 to 0.3 #2401
• chore(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.3 #2506
• chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 #2495

Huge thanks goes out to all of our contributors for this release:

• Aaron Prindle
• dependabot[bot]
• Eric
• Gabriel Nützi
• Jason Hall
• Mark Moretto

Full Changelog: v1.9.2...v1.10.0

v1.9.2

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.9.2
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.9.2-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.9.2-slim

What's Changed

• Release v1.9.1 by @chuangw6 in #2267
• Provide --cache-repo as OCI image layout path by @natalieparellano in #2250
• fix(WORKDIR): use the config.User for the new dir permissions by @arisro in #2269
• chore: fix typo by @zooneon in #2289
• ci: don't cache certs stage by @islishude in #2296
• chore: fix typo by @stratusjerry in #2316
• chore(deps): bump golang from 1.17 to 1.19 in /deploy by @dependabot in #2328
• Fix Integration tests by @BronzeDeer in #2425
• fix(executor): make pax tar builds reproducible again by @BronzeDeer in #2384
• bump cosign version used to sign images by @imjasonh in #2437
• Update ACR credential helper to enable Azure Workload Identity by @SlavaNL in #2431
• Upgrade docker by @joe-kimmel-vmw in #2440
• Release v1.9.2 by @chuangw6 in #2450

New Contributors

• @arisro made their first contribution in #2269
• @zooneon made their first contribution in #2289
• @islishude made their first contribution in #2296
• @stratusjerry made their first contribution in #2316
• @BronzeDeer made their first contribution in #2425
• @SlavaNL made their first contribution in #2431
• @joe-kimmel-vmw made their first contribution in #2440

Full Changelog: v1.9.1...v1.9.2

v1.9.1

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.9.1
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.9.1-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.9.1-slim

What's Changed

• fix(KanikoDir): update DOCKER_CONFIG env when use custom kanikoDir by @chenggui53 in #2202
• refactor: Make CLI argument names consistent by @gabyx in #2084
• fix(README.md): remove duplicate caching section by @bryanasdev000 in #2223
• bump cosign version so it can sign by @imjasonh in #2224
• feat: disable cache-copy-layers in multistage builds; closes 2065 by @dradetsky in #2227
• docs(CHANGELOG.md): fix link to issue #2040 by @JonasGroeger in #2228
• chore: remove duplicate word in comments by @Abirdcfly in #2232
• Add the ability to skip unpacking the initial file system by @natalieparellano in #2234
• (fix):Pass full URI path to bucket.GetNameAndFilepathFromURI by @almg80 in #2221

New Contributors

• @chenggui53 made their first contribution in #2202
• @bryanasdev000 made their first contribution in #2223
• @dradetsky made their first contribution in #2227
• @JonasGroeger made their first contribution in #2228
• @Abirdcfly made their first contribution in #2232
• @natalieparellano made their first contribution in #2234
• @almg80 made their first contribution in #2221

Full Changelog: v1.9.0...v1.9.1

v1.9.0

What's Changed

• Bump github.com/aws/aws-sdk-go from 1.43.26 to 1.43.31 by @dependabot in #2030
• Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #2031
• Bump cloud.google.com/go/storage from 1.21.0 to 1.22.0 by @dependabot in #2041
• Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.43.36 by @dependabot in #2042
• Bump github/codeql-action from 2.1.6 to 2.1.8 by @dependabot in #2043
• Bump sigstore/cosign-installer from b4f55743d10d066fee1de1cf0fa26069700c0195 to 2.2.0 by @dependabot in #2044
• Add GitLab CI credentials helper by @ePirat in #2040
• Fixes #2046: make target stage lookup case insensitive by @hypnoce in #2047
• proc: detect kubernetes runtime by mounts by @mrvik in #2054
• fix: Remove hardcoded whiteout prefix by @gabyx in #2056
• Fix: Flatten layer function needs to return existing files in the layer correctly by @gabyx in #2057
• hasher: hash security.capability attributes by @zhouhaibing089 in #1994
• Bump go-containerregistry dependency by @imjasonh in #2076
• Bump docker/setup-buildx-action from 1.6.0 to 2 by @dependabot in #2081
• fix: kaniko dir env unused by @jdockerty in #2067
• Fix release tagging workflow by @imjasonh in #2034
• Documentation: Clarify README.md blurb on --cache-copy-layers by @korenyoni in #2064
• feat: add flag to disable pushing cache by @jasondamour in #2038
• fix: Main by @gabyx in #2094
• fix(ci): Docker build for issue 1837 by @gabyx in #2095
• fix: Refactor LayersMap to correct old strange code behavior by @gabyx in #2066
• fix: Regression test for #2066 by @gabyx in #2096
• fix: COPY --chown regression tests by @gabyx in #2097
• Fix missing setuid flags on COPY --from=build operation by @tonydelanuez in #2089
• Update Azure credHelpers docs by @n3011 in #2109
• Write parent directories to tar before whiteout files by @andreasf in #2113
• fix: Add test for issue #2049 by @gabyx in #2114
• Bump actions/setup-go from 3.0.0 to 3.2.0 by @dependabot in #2112
• Bump github.com/aws/aws-sdk-go from 1.43.36 to 1.44.24 by @dependabot in #2111
• Bump ossf/scorecard-action from 1.0.4 to 1.1.1 by @dependabot in #2116
• fix: use refrence should after err handles by @hingbong in #2128
• refactor: simpler local integration tests by @hown3d in #2110
• CA certificates tasks in kaniko images by @rockdrilla in #2142
• ci(setup-minikube): use cri-dockerd by @hown3d in #2149
• Fix the /kaniko directory permissions in container by @claudex in #2009
• fix(Dockerfile): use temporary busybox mount to create /kaniko directory by @hown3d in #2155
• fix: getUIDandGID is able to resolve non-existing users and groups by @hown3d in #2106
• add cache option for run command by @RamyChaabane in #2032
• Release v1.9.0 by @chuangw6 in #2117

New Contributors

• @ePirat made their first contribution in #2040
• @mrvik made their first contribution in #2054
• @korenyoni made their first contribution in #2064
• @jasondamour made their first contribution in #2038
• @tonydelanuez made their first contribution in #2089
• @n3011 made their first contribution in #2109
• @andreasf made their first contribution in #2113
• @hingbong made their first contribution in #2128
• @hown3d made their first contribution in #2110
• @rockdrilla made their first contribution in #2142
• @claudex made their first contribution in #2009
• @RamyChaabane made their first contribution in #2032

Full Changelog: v1.8.1...v1.9.0

v1.8.1

What's Changed

• release v1.8 by @chuangw6 in #1972
• Fix image tags in release workflow by @imjasonh in #1977
• Bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible by @dependabot in #1988
• Bump github.com/spf13/afero from 1.8.1 to 1.8.2 by @dependabot in #1987
• Bump github.com/aws/aws-sdk-go from 1.43.12 to 1.43.17 by @dependabot in #1986
• Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #1985
• Fix - Incomplete regular expression for hostnames by @naveensrinivasan in #1993
• Bump github/codeql-action from 1.1.3 to 1.1.5 by @dependabot in #2000
• Add SVG logos by @sisp in #2002
• Fix minor glitch in the SVG logos by @sisp in #2004
• Move and fix GetContainerRuntime check from bpfd proc by @MyIgel in #1996
• README.md: Update docs on building for AWS ECR by @Jasper-Ben in #2020
• Bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible by @dependabot in #2016
• Bump github.com/containerd/containerd from 1.6.1 to 1.6.2 by @dependabot in #2017
• Bump github.com/aws/aws-sdk-go from 1.43.17 to 1.43.26 by @dependabot in #2018
• feat: kaniko dir config option by @jdockerty in #1997
• Use canonical platform values. Fix 1995. by @gadiego92 in #2025
• Release v1.8.1 by @chuangw6 in #2029

New Contributors

• @chuangw6 made their first contribution in #1972
• @sisp made their first contribution in #2002
• @MyIgel made their first contribution in #1996
• @Jasper-Ben made their first contribution in #2020
• @jdockerty made their first contribution in #1997
• @gadiego92 made their first contribution in #2025

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

• Revert "Support mirror registries with path component (#1707)" by @tejal29 in #1794
• Fix syntax error in release.yaml by @imjasonh in #1800
• Fix the e2e K8s test by @mattmoor in #1842
• Bump the cosign version (a lot) by @mattmoor in #1839
• Sign digests not tags. by @mattmoor in #1840
• Start keyless signing kaniko releases by @mattmoor in #1841
• Attempt to speed up PR image builds by sharing a cache by @imjasonh in #1844
• Use golang:1.17 and build from reproducible source by @imjasonh in #1848
• Consolidate PR and real release workflows by @imjasonh in #1845
• Call cosign sign --key by @imjasonh in #1849
• Share the Go build cache when building in Dockerfiles by @imjasonh in #1853
• Collapse integration test workflows into one config by @imjasonh in #1855
• Use setup-gcloud@v0.3.0 instead of @master by @imjasonh in #1854
• Fixes #1837 : keep file capabilities on archival by @hypnoce in #1838
• Add documentation on pushing to ACR by @dszakallas in #1831
• Update readme insecure flags by @lucid-at-dream in #1811
• Use pax tar format by @travigd in #1809
• Fix broken anchor link by @tammert in #1804
• include auth for FetchOptions by @ygelfand in #1796
• Fix possible nil pointer derefence in fs_util.go by @slrz in #1813
• Fix typo by @jeunii in #1825
• Fix copying ownership by @kvaps in #1725
• Fix calculating path for copying ownership by @kvaps in #1859
• Fix regression: can fetch branches and tags references without specifying commit hashes for private git repository used as context by @gcalmettes in #1823
• tar: read directly from stdin by @kvaps in #1728
• Remove GitHub Actions concurrency limits by @imjasonh in #1858
• Log full image ref by digest when pushing an image by @imjasonh in #1857
• Fix implicit GCR auth by @imjasonh in #1856
• fix: change the name of the acr cred helper by @ankitm123 in #1865
• fix: ARG/ENV used in script does not invalidate build cache (#1688) by @madawei2699 in #1693
• Add s390x support to docker images by @kun-lu20 in #1749
• Attempt to fix erroneous build cancellation by @imjasonh in #1867
• Add ossf/scorecard Github Action to kaniko by @priyawadhwa in #1874
• Pin to more recent version of scorecard by @priyawadhwa in #1878
• Bump AWS ecr-login cred helper to v0.5.0 by @imjasonh in #1880
• Add KANIKO_REGISTRY_MIRROR env var by @imjasonh in #1875
• Run GitHub Actions on pushes and PRs to main, not master by @imjasonh in #1883
• Bump github.com/docker/docker to latest release by @imjasonh in #1866
• Update golang.org/x/oauth2/google by @hermanbanken in #1890
• Bump dependencies by @imjasonh in #1885
• Remove k8schain, directly depend on cred helpers by @imjasonh in #1891
• Update readme by @geudrik in #1897
• Enable dependabot for Go and GitHub Actions dependencies by @imjasonh in #1884
• Bump github/codeql-action from 1.0.26 to 1.0.30 by @dependabot in #1901
• Bump google-github-actions/setup-gcloud from 0.3.0 to 0.4.0 by @dependabot in #1900
• Bump ossf/scorecard-action from 5da1b6b2680a229f2e66131f5c6a692bcd80b246 to 1.0.2 by @dependabot in #1899
• Bump github.com/aws/aws-sdk-go from 1.42.38 to 1.42.44 by @dependabot in #1902
• Bump cloud.google.com/go/storage from 1.18.2 to 1.19.0 by @dependabot in #1903
• Bump go-containerregistry to pick up ACR fix by @imjasonh in #1898
• Remove deploy/cloudbuild-*.yaml files by @imjasonh in #1907
• adding ppc64le support for executor and warmer image by @AaruniAggarwal in #1908
• Vagrantfile should install and configure go (see #1913) by @acanewby in #1914
• Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in #1927
• Bump google-github-actions/setup-gcloud from 0.4.0 to 0.5.0 by @dependabot in #1925
• Bump ossf/scorecard-action from 1.0.2 to 1.0.3 by @dependabot in #1926
• Bump cloud.google.com/go/storage from 1.19.0 to 1.20.0 by @dependabot in #1924
• Bump github.com/aws/aws-sdk-go from 1.42.44 to 1.42.47 by @dependabot in #1923
• Bump github.com/spf13/afero from 1.8.0 to 1.8.1 by @dependabot in #1922
• test: use T.TempDir to create temporary test directory by @Juneezee in #1918
• Restore build args after optimize. Fixes #1910, #1912. by @apollo13 in #1915
• Correctly handle platforms that include CPU variants by @imjasonh in #1929
• Fix resolving arguments over multi-stage build by @gabyx in #1928
• Set DOCKER_BUILDKIT=1 in make images by @imjasonh in #1906
• Bump github/codeql-action from 1.0.31 to 1.1.0 by @dependabot in #1938
• Bump github.com/aws/aws-sdk-go from 1.42.47 to 1.42.52 by @dependabot in #1937
• Pick up per-repository auth changes from go-containerregistry by @imjasonh in #1939
• readme: Fix formatting for --image-fs-extract-retry by @wolfgangwalther in #1942
• Bump ecr-login dep to avoid some log spam by @imjasonh in #1946
• Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #1952
• Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #1951
• Bump cloud.google.com/go/storage from 1.20.0 to 1.21.0 by @dependabot in #1947
• Bump github.com/containerd/containerd from 1.5.9 to 1.6.0 by @dependabot in #1948
• Removed --whitelist-var-run normalization as this breaks functionality by @olivergregorius in #1956
• Bump github.com/aws/aws-sdk-go from 1.42.52 to 1.43.7 by @dependabot in #1957
• Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #1958
• Fix bug with log disabling by @imjasonh in #1959
• Bump github.com/containerd/containerd from 1.6.0 to 1.6.1 by @dependabot in #1961
• Bump github.com/aws/aws-sdk-go from 1.42.52 to 1.43.12 by @dependabot in #1966
• Bump actions/checkout from 2 to 3 by @dependabot in #1967
• Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #1968
• Pinned GitHub actions by SHA by @naveensrinivasan in #1963
• Update dependabot settings to get updates for docker by @NaveenSR...

v1.7.0

v1.7.0 Release 2021-10-19

This is Oct's 2021 release.

Highights

• In this release, we have kaniko/executor:slim images for linux/s390x and linux/ppc64le platform.
• Kaniko Self Serve documentation is up to enableuser to build and push kaniko images themselves here

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.7.0
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.7.0-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.7.0-slim

• git: accept explicit commit hash for git context #1765
• Remove tarball.WithCompressedCaching flag to resolve OOM Killed error #1722
• disable github action workflow on push to master #1770
• Add s390x support to docker images [copy] #1769
• Fix typo #1719
• Fix composite cache key for multi-stage copy command #1735
• chore: add workflows for pr tests #1766
• Make /bin/sh available to debug image #1748
• Fix executor Dockerfile, which wasn't building #1741
• Support force-building metadata layers into snapshot #1731
• Add support for CPU variants #1676
• refactor: adjust bpfd container runtime detection #1686
• Fix snapshotter ignore list; do not attempt to delete whiteouts of ignored paths #1652
• Add instructions for using JFrog Artifactory #1715
• add SECURITY.md #1710
• Support mirror registries with path component #1707
• Retry extracting filesystem from image #1685
• Bugfix/trailing path separator #1683
• docs: add missing cache-copy-layers arg in README #1672
• save snaphots to tmp dir #1662
• Revert "save snaphots to tmp dir" #1670
• Try to warm all images and warn about errors #1653
• Exit Code Propagation #1655
• Fix changelog headings #1643

Huge thank you for this release towards our contributors:

• Anbraten
• Benjamin Krenn
• Gilbert Gilb's
• Jake Sanders
• Janosch Maier
• Jason Hall
• Jose Donizetti
• Kamal Nasser
• Liwen Guo
• Max Walther
• Mikhail Vasin
• Patrick Barker
• Rhianna
• Silvano Cirujano Cuesta
• Tejal Desai
• Yahav Itzhak
• ankitm123
• ejose19
• nihilo
• priyawadhwa
• wwade

v1.6.0

v1.6.0 Release 2021-04-26

This is the April 2021 relase for kaniko

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.6.0
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.6.0-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.6.0-slim

In this release, we have following featurs/bug fixes:

• Support warming images by digest #1629
• Fix resolution of Dockerfile relative dockerignore #1607
• create parent directory before writing digest files #1612
• adds ignore-path command arguments to executor #1622
• Specifying a tarPath will push the image as well #1597

Huge thank you for this release towards our contributors:

• Chris Hoffman
• Colin
• Jon Friesen
• Lars Gröber
• Sascha Schwarze
• Tejal Desai

v1.5.2

This release is the first to be signed by cosign!

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.5.2
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.5.2-debug and

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.5.2-slim

This release is the first to be signed by cosign!
The PEM-encoded public key to validate against the released kaniko images is:

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9aAfAcgAxIFMTstJUv8l/AMqnSKw
P+vLu3NnnBDHCfREQpV/AJuiZ1UtgGpFpHlJLCNPmFkzQTnfyN5idzNl6Q==
-----END PUBLIC KEY-----

v1.5.1

v1.5.1 Release 2021-02-22

This release is a minor release with following a fix to version number for v1.5.0
The kaniko images now report the right version number.

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.5.1
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.5.1-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.5.1-slim

In this release, we have 1 new feature:

• Improve retry behavior for push operation #1578

And following refactors/updates to documentation

• Added a video introduction to Kaniko #1517
• Use up-to-date ca-certificates during build #1580

Huge thank you for this release towards our contributors:

• Sascha Schwarze
• Tejal Desai
• Viktor Farcic