Skip to content

Releases: kubernetes/git-sync

v4.0.0-rc4

30 Jul 06:51
Compare
Choose a tag to compare
v4.0.0-rc4 Pre-release
Pre-release

Compared to RC3 this includes:

  • OCI image now correctly reports debian 12
  • Lint fixes
  • Fix a leaked goroutine when parsing git options
  • When credential refresh errors occur (e.g. askpass) we no longer try to sync

Converting from git-sync v3.x to v4.x

Git-sync v4 is a significant change from v3. It includes several flag changes
(though many of the old flags are kept for backwards compatibility), but more
importantly it fundamentally changes the way the internal sync-loop works.

It should be possible to upgrade a synced repo (e.g. in a volume) from git-sync
v3 to git-sync v4, but appropriate caution should be used for critical
deployments. We have a test which covers this, but there are many degrees of
config which we simply can't predict.

The v3 loop

The way git-sync v3.x works is sort of like how a human might work:

  1. git clone <repo> <branch>
  2. git fetch <remote>
  3. git checkout <ref>

This made the code somewhat complicated, since it had to keep track of whether
this was the first pass (clone) or a subsequent pass (fetch). This led to a
number of bugs related to back-to-back runs of git-sync, and some race
conditions.

The v4 loop

In v4.x the loop is simpler - every pass is the same. This takes advantage of
some idempotent behaviors (e.g. git init is safe to re-run) and uses git more
efficiently. Instead of cloning a branch, git-sync will now fetch exactly the
commit (by SHA) it needs. This transfers less data and closes the race
condition where a symbolic name can change after git ls-remote but before
git fetch.

Flags

The flag syntax parsing has changed in v4. git-sync v3 accept flags in Go's
own style: either -flag or --flag were accepted. git-sync v4 only accepts
long flag names in the more common two-dash style (--flag), and accepts short
(single-character) flags in the one-dash style (-v 2).

The following does not detail every flag available in v4 - just the one that
existed in v3 and are different in v4.

Verbosity: --v -> -v or --verbose

The change in flag parsing affects the old --v syntax. To set verbosity
either use -v or --verbose. For backwards compatibility, --v will be
used if it is specified.

Sync target: --branch and --rev -> --ref

The old --branch and --rev flags are deprecated in favor of the new --ref
flag. --ref can be either a branch name, a tag name, or a commit hash (aka
SHA). For backwards compatibility, git-sync will still accept the old flags
and try to set --ref from them.

|----------|---------|---------|------------------------------|
| --branch |  --rev  |  --ref  |            meaning           |
|----------|---------|---------|------------------------------|
|    ""    |   ""    | "HEAD"  | remote repo's default branch |
|  brname  |   ""    | brname  | remote branch `brname`       |
|  brname  | "HEAD"  | brname  | remote branch `brname`       |
|    ""    | tagname | tagname | remote tag `tagname`         |
|   other  |  other  |   ""    | error                        |
|----------|---------|---------|------------------------------|

Log-related flags

git-sync v3 exposed a number of log-related flags (e.g. -logtostderr). These
have all been removed. git-sync v4 always logs to stderr, and the only control
offered is the verbosity level (-v / --verbose).

Symlink: --dest -> --link

The old --dest flag is deprecated in favor of --link, which more clearly
conveys what it does. The allowed values remain the same, and for backwards
compatibility, --dest will be used if it is specified.

Loop: --wait -> --period

The old --wait flag took a floating-point number of seconds as an argument
(e.g. "0.1" = 100ms). The new --period flag takes a Go-style duration string
(e.g. "100ms" or "0.1s" = 100ms). For backwards compatibility, --wait will
be used if it is specified.

Failures: --max-sync-failures -> --max-failures

The new name of this flag is shorter and captures the idea that any
non-recoverable error in the sync loop counts as a failure. For backwards
compatibility, --max-sync-failures will be used if it is specified.

Timeouts: --timeout -> --sync-timeout

The old --timeout flag took an integer number of seconds as an argument. The
new --sync-timeout flag takes a Go-style duration string (e.g. "30s" or
"0.5m"). For backwards compatibility, --timeout will be used if it is
specified.

Permissions: --change-permissions -> --group-write

The old --change-permissions flag was poorly designed and not able to express
the real intentions (e.g. "allow group write" does not mean "set everything to
0775"). The new --group-write flag should cover what people ACTUALLY are
trying to do. The --change-permissions flag is no longer supported.

Manual: --man

The new --man flag prints a man-page style help document and exits.

Env vars

Most flags can also be configured by environment variables. In v3 the
variables all start with GIT_SYNC_. In v4 they all start with GITSYNC_,
though the old names are still accepted for compatibility.

Defaults

Depth

git-sync v3 would sync the entire history of the remote repo by default. v4
syncs just one commit, by default. This can be a significant performance and
disk-space savings for large repos. Users who want the full history can
specify --depth=0.

Logs

The logging output for v3 was semi-free-form text. Log output in v4 is
structured and rendered as strict JSON.

Root dir

git-sync v3 container images defaulted --root to "/tmp/git". In v4, that has
moved to "/git". Users who mount a volume and expect to use the default
--root must mount it on "/git".

Hooks

git-sync v3 could "lose" exechook and webhook calls in the face of the app
restarting. In v4, app startup is treated as a sync, even if the correct hash
was already present, which means that hooks are always called.

Other changes

git-sync v3 would allow invalidly formatted env vars (e.g. a value that was
expected to be boolean holding an integer) and just ignore them with
a warning. v4 requires that they parse correctly.

Available at: registry.k8s.io/git-sync/git-sync:v4.0.0-rc4

What's Changed since rc3

New Contributors

  • @Gemesil made their first contribution in #772
  • @justinsb made their first contribution in #784

Full Changelog: v4.0.0-rc3...v4.0.0-rc4

v3.6.9

28 Jul 20:16
2a29733
Compare
Choose a tag to compare

Small bug fixes and better errors

Available at: registry.k8s.io/git-sync/git-sync:v3.6.9

What's Changed

  • v3: Don't block on hooks when already synced + one-time by @thockin in #762
  • Handle errors from credential refresh (v3) by @thockin in #782

Full Changelog: v3.6.6...v3.6.9

v4.0.0-rc3

17 Jul 15:44
Compare
Choose a tag to compare
v4.0.0-rc3 Pre-release
Pre-release

v4 RC3. Compared to RC2 this includes:

  • Fix a bug with relative-path submodules
  • Debian bookworm base image
  • Smaller container images

Converting from git-sync v3.x to v4.x

Git-sync v4 is a significant change from v3. It includes several flag changes
(though many of the old flags are kept for backwards compatibility), but more
importantly it fundamentally changes the way the internal sync-loop works.

It should be possible to upgrade a synced repo (e.g. in a volume) from git-sync
v3 to git-sync v4, but appropriate caution should be used for critical
deployments. We have a test which covers this, but there are many degrees of
config which we simply can't predict.

The v3 loop

The way git-sync v3.x works is sort of like how a human might work:

  1. git clone <repo> <branch>
  2. git fetch <remote>
  3. git checkout <ref>

This made the code somewhat complicated, since it had to keep track of whether
this was the first pass (clone) or a subsequent pass (fetch). This led to a
number of bugs related to back-to-back runs of git-sync, and some race
conditions.

The v4 loop

In v4.x the loop is simpler - every pass is the same. This takes advantage of
some idempotent behaviors (e.g. git init is safe to re-run) and uses git more
efficiently. Instead of cloning a branch, git-sync will now fetch exactly the
commit (by SHA) it needs. This transfers less data and closes the race
condition where a symbolic name can change after git ls-remote but before
git fetch.

Flags

The flag syntax parsing has changed in v4. git-sync v3 accept flags in Go's
own style: either -flag or --flag were accepted. git-sync v4 only accepts
long flag names in the more common two-dash style (--flag), and accepts short
(single-character) flags in the one-dash style (-v 2).

The following does not detail every flag available in v4 - just the one that
existed in v3 and are different in v4.

Verbosity: --v -> -v or --verbose

The change in flag parsing affects the old --v syntax. To set verbosity
either use -v or --verbose. For backwards compatibility, --v will be
used if it is specified.

Sync target: --branch and --rev -> --ref

The old --branch and --rev flags are deprecated in favor of the new --ref
flag. --ref can be either a branch name, a tag name, or a commit hash (aka
SHA). For backwards compatibility, git-sync will still accept the old flags
and try to set --ref from them.

|----------|---------|---------|------------------------------|
| --branch |  --rev  |  --ref  |            meaning           |
|----------|---------|---------|------------------------------|
|    ""    |   ""    | "HEAD"  | remote repo's default branch |
|  brname  |   ""    | brname  | remote branch `brname`       |
|  brname  | "HEAD"  | brname  | remote branch `brname`       |
|    ""    | tagname | tagname | remote tag `tagname`         |
|   other  |  other  |   ""    | error                        |
|----------|---------|---------|------------------------------|

Log-related flags

git-sync v3 exposed a number of log-related flags (e.g. -logtostderr). These
have all been removed. git-sync v4 always logs to stderr, and the only control
offered is the verbosity level (-v / --verbose).

Symlink: --dest -> --link

The old --dest flag is deprecated in favor of --link, which more clearly
conveys what it does. The allowed values remain the same, and for backwards
compatibility, --dest will be used if it is specified.

Loop: --wait -> --period

The old --wait flag took a floating-point number of seconds as an argument
(e.g. "0.1" = 100ms). The new --period flag takes a Go-style duration string
(e.g. "100ms" or "0.1s" = 100ms). For backwards compatibility, --wait will
be used if it is specified.

Failures: --max-sync-failures -> --max-failures

The new name of this flag is shorter and captures the idea that any
non-recoverable error in the sync loop counts as a failure. For backwards
compatibility, --max-sync-failures will be used if it is specified.

Timeouts: --timeout -> --sync-timeout

The old --timeout flag took an integer number of seconds as an argument. The
new --sync-timeout flag takes a Go-style duration string (e.g. "30s" or
"0.5m"). For backwards compatibility, --timeout will be used if it is
specified.

Permissions: --change-permissions -> --group-write

The old --change-permissions flag was poorly designed and not able to express
the real intentions (e.g. "allow group write" does not mean "set everything to
0775"). The new --group-write flag should cover what people ACTUALLY are
trying to do. The --change-permissions flag is no longer supported.

Manual: --man

The new --man flag prints a man-page style help document and exits.

Env vars

Most flags can also be configured by environment variables. In v3 the
variables all start with GIT_SYNC_. In v4 they all start with GITSYNC_,
though the old names are still accepted for compatibility.

Defaults

Depth

git-sync v3 would sync the entire history of the remote repo by default. v4
syncs just one commit, by default. This can be a significant performance and
disk-space savings for large repos. Users who want the full history can
specify --depth=0.

Logs

The logging output for v3 was semi-free-form text. Log output in v4 is
structured and rendered as strict JSON.

Root dir

git-sync v3 container images defaulted --root to "/tmp/git". In v4, that has
moved to "/git". Users who mount a volume and expect to use the default
--root must mount it on "/git".

Hooks

git-sync v3 could "lose" exechook and webhook calls in the face of the app
restarting. In v4, app startup is treated as a sync, even if the correct hash
was already present, which means that hooks are always called.

Other changes

git-sync v3 would allow invalidly formatted env vars (e.g. a value that was
expected to be boolean holding an integer) and just ignore them with
a warning. v4 requires that they parse correctly.

Available at: registry.k8s.io/git-sync/git-sync:v4.0.0-rc3

What's Changed since rc2

Full Changelog: v4.0.0-rc2...v4.0.0-rc3

v4.0.0-rc2

26 Jun 18:27
Compare
Choose a tag to compare
v4.0.0-rc2 Pre-release
Pre-release

v4 RC2. This has only minor fixes vs RC1 (Fix off-by-one in max-failures and docs)

Converting from git-sync v3.x to v4.x

Git-sync v4 is a significant change from v3. It includes several flag changes
(though many of the old flags are kept for backwards compatibility), but more
importantly it fundamentally changes the way the internal sync-loop works.

It should be possible to upgrade a synced repo (e.g. in a volume) from git-sync
v3 to git-sync v4, but appropriate caution should be used for critical
deployments. We have a test which covers this, but there are many degrees of
config which we simply can't predict.

The v3 loop

The way git-sync v3.x works is sort of like how a human might work:

  1. git clone <repo> <branch>
  2. git fetch <remote>
  3. git checkout <ref>

This made the code somewhat complicated, since it had to keep track of whether
this was the first pass (clone) or a subsequent pass (fetch). This led to a
number of bugs related to back-to-back runs of git-sync, and some race
conditions.

The v4 loop

In v4.x the loop is simpler - every pass is the same. This takes advantage of
some idempotent behaviors (e.g. git init is safe to re-run) and uses git more
efficiently. Instead of cloning a branch, git-sync will now fetch exactly the
commit (by SHA) it needs. This transfers less data and closes the race
condition where a symbolic name can change after git ls-remote but before
git fetch.

Flags

The flag syntax parsing has changed in v4. git-sync v3 accept flags in Go's
own style: either -flag or --flag were accepted. git-sync v4 only accepts
long flag names in the more common two-dash style (--flag), and accepts short
(single-character) flags in the one-dash style (-v 2).

The following does not detail every flag available in v4 - just the one that
existed in v3 and are different in v4.

Verbosity: --v -> -v or --verbose

The change in flag parsing affects the old --v syntax. To set verbosity
either use -v or --verbose. For backwards compatibility, --v will be
used if it is specified.

Sync target: --branch and --rev -> --ref

The old --branch and --rev flags are deprecated in favor of the new --ref
flag. --ref can be either a branch name, a tag name, or a commit hash (aka
SHA). For backwards compatibility, git-sync will still accept the old flags
and try to set --ref from them.

|----------|---------|---------|------------------------------|
| --branch |  --rev  |  --ref  |            meaning           |
|----------|---------|---------|------------------------------|
|    ""    |   ""    | "HEAD"  | remote repo's default branch |
|  brname  |   ""    | brname  | remote branch `brname`       |
|  brname  | "HEAD"  | brname  | remote branch `brname`       |
|    ""    | tagname | tagname | remote tag `tagname`         |
|   other  |  other  |   ""    | error                        |
|----------|---------|---------|------------------------------|

Log-related flags

git-sync v3 exposed a number of log-related flags (e.g. -logtostderr). These
have all been removed. git-sync v4 always logs to stderr, and the only control
offered is the verbosity level (-v / --verbose).

Symlink: --dest -> --link

The old --dest flag is deprecated in favor of --link, which more clearly
conveys what it does. The allowed values remain the same, and for backwards
compatibility, --dest will be used if it is specified.

Loop: --wait -> --period

The old --wait flag took a floating-point number of seconds as an argument
(e.g. "0.1" = 100ms). The new --period flag takes a Go-style duration string
(e.g. "100ms" or "0.1s" = 100ms). For backwards compatibility, --wait will
be used if it is specified.

Failures: --max-sync-failures -> --max-failures

The new name of this flag is shorter and captures the idea that any
non-recoverable error in the sync loop counts as a failure. For backwards
compatibility, --max-sync-failures will be used if it is specified.

Timeouts: --timeout -> --sync-timeout

The old --timeout flag took an integer number of seconds as an argument. The
new --sync-timeout flag takes a Go-style duration string (e.g. "30s" or
"0.5m"). For backwards compatibility, --timeout will be used if it is
specified.

Permissions: --change-permissions -> --group-write

The old --change-permissions flag was poorly designed and not able to express
the real intentions (e.g. "allow group write" does not mean "set everything to
0775"). The new --group-write flag should cover what people ACTUALLY are
trying to do. The --change-permissions flag is no longer supported.

Manual: --man

The new --man flag prints a man-page style help document and exits.

Env vars

Most flags can also be configured by environment variables. In v3 the
variables all start with GIT_SYNC_. In v4 they all start with GITSYNC_,
though the old names are still accepted for compatibility.

Defaults

Depth

git-sync v3 would sync the entire history of the remote repo by default. v4
syncs just one commit, by default. This can be a significant performance and
disk-space savings for large repos. Users who want the full history can
specify --depth=0.

Logs

The logging output for v3 was semi-free-form text. Log output in v4 is
structured and rendered as strict JSON.

Root dir

git-sync v3 container images defaulted --root to "/tmp/git". In v4, that has
moved to "/git". Users who mount a volume and expect to use the default
--root must mount it on "/git".

Hooks

git-sync v3 could "lose" exechook and webhook calls in the face of the app
restarting. In v4, app startup is treated as a sync, even if the correct hash
was already present, which means that hooks are always called.

Other changes

git-sync v3 would allow invalidly formatted env vars (e.g. a value that was
expected to be boolean holding an integer) and just ignore them with
a warning. v4 requires that they parse correctly.

Available at: registry.k8s.io/git-sync/git-sync:v4.0.0-rc2

Detailed changes

Read more

v4.0.0-rc1

13 Jun 22:59
b60eef6
Compare
Choose a tag to compare
v4.0.0-rc1 Pre-release
Pre-release

This is the first RC for the long-promised v4 branch.

Converting from git-sync v3.x to v4.x

Git-sync v4 is a significant change from v3. It includes several flag changes
(though many of the old flags are kept for backwards compatibility), but more
importantly it fundamentally changes the way the internal sync-loop works.

It should be possible to upgrade a synced repo (e.g. in a volume) from git-sync
v3 to git-sync v4, but appropriate caution should be used for critical
deployments. We have a test which covers this, but there are many degrees of
config which we simply can't predict.

The v3 loop

The way git-sync v3.x works is sort of like how a human might work:

  1. git clone <repo> <branch>
  2. git fetch <remote>
  3. git checkout <ref>

This made the code somewhat complicated, since it had to keep track of whether
this was the first pass (clone) or a subsequent pass (fetch). This led to a
number of bugs related to back-to-back runs of git-sync, and some race
conditions.

The v4 loop

In v4.x the loop is simpler - every pass is the same. This takes advantage of
some idempotent behaviors (e.g. git init is safe to re-run) and uses git more
efficiently. Instead of cloning a branch, git-sync will now fetch exactly the
commit (by SHA) it needs. This transfers less data and closes the race
condition where a symbolic name can change after git ls-remote but before
git fetch.

Flags

The flag syntax parsing has changed in v4. git-sync v3 accept flags in Go's
own style: either -flag or --flag were accepted. git-sync v4 only accepts
long flag names in the more common two-dash style (--flag), and accepts short
(single-character) flags in the one-dash style (-v 2).

The following does not detail every flag available in v4 - just the one that
existed in v3 and are different in v4.

Verbosity: --v -> -v or --verbose

The change in flag parsing affects the old --v syntax. To set verbosity
either use -v or --verbose. For backwards compatibility, --v will be
used if it is specified.

Sync target: --branch and --rev -> --ref

The old --branch and --rev flags are deprecated in favor of the new --ref
flag. --ref can be either a branch name, a tag name, or a commit hash (aka
SHA). For backwards compatibility, git-sync will still accept the old flags
and try to set --ref from them.

|----------|---------|---------|------------------------------|
| --branch |  --rev  |  --ref  |            meaning           |
|----------|---------|---------|------------------------------|
|    ""    |   ""    | "HEAD"  | remote repo's default branch |
|  brname  |   ""    | brname  | remote branch `brname`       |
|  brname  | "HEAD"  | brname  | remote branch `brname`       |
|    ""    | tagname | tagname | remote tag `tagname`         |
|   other  |  other  |   ""    | error                        |
|----------|---------|---------|------------------------------|

Log-related flags

git-sync v3 exposed a number of log-related flags (e.g. -logtostderr). These
have all been removed. git-sync v4 always logs to stderr, and the only control
offered is the verbosity level (-v / --verbose).

Symlink: --dest -> --link

The old --dest flag is deprecated in favor of --link, which more clearly
conveys what it does. The allowed values remain the same, and for backwards
compatibility, --dest will be used if it is specified.

Loop: --wait -> --period

The old --wait flag took a floating-point number of seconds as an argument
(e.g. "0.1" = 100ms). The new --period flag takes a Go-style duration string
(e.g. "100ms" or "0.1s" = 100ms). For backwards compatibility, --wait will
be used if it is specified.

Failures: --max-sync-failures -> --max-failures

The new name of this flag is shorter and captures the idea that any
non-recoverable error in the sync loop counts as a failure. For backwards
compatibility, --max-sync-failures will be used if it is specified.

Timeouts: --timeout -> --sync-timeout

The old --timeout flag took an integer number of seconds as an argument. The
new --sync-timeout flag takes a Go-style duration string (e.g. "30s" or
"0.5m"). For backwards compatibility, --timeout will be used if it is
specified.

Permissions: --change-permissions -> --group-write

The old --change-permissions flag was poorly designed and not able to express
the real intentions (e.g. "allow group write" does not mean "set everything to
0775"). The new --group-write flag should cover what people ACTUALLY are
trying to do. The --change-permissions flag is no longer supported.

Manual: --man

The new --man flag prints a man-page style help document and exits.

Env vars

Most flags can also be configured by environment variables. In v3 the
variables all start with GIT_SYNC_. In v4 they all start with GITSYNC_,
though the old names are still accepted for compatibility.

Defaults

Depth

git-sync v3 would sync the entire history of the remote repo by default. v4
syncs just one commit, by default. This can be a significant performance and
disk-space savings for large repos. Users who want the full history can
specify --depth=0.

Logs

The logging output for v3 was semi-free-form text. Log output in v4 is
structured and rendered as strict JSON.

Root dir

git-sync v3 container images defaulted --root to "/tmp/git". In v4, that has
moved to "/git". Users who mount a volume and expect to use the default
--root must mount it on "/git".

Hooks

git-sync v3 could "lose" exechook and webhook calls in the face of the app
restarting. In v4, app startup is treated as a sync, even if the correct hash
was already present, which means that hooks are always called.

Other changes

git-sync v3 would allow invalidly formatted env vars (e.g. a value that was
expected to be boolean holding an integer) and just ignore them with
a warning. v4 requires that they parse correctly.

Available at: registry.k8s.io/git-sync/git-sync:v4.0.0-rc1

Detailed changes

Read more

v3.6.8

23 Jun 20:54
a497b98
Compare
Choose a tag to compare

This update is just for base-image CVEs. None of them affect git-sync (AFAICT) but set off scanners.

Available at: registry.k8s.io/git-sync/git-sync:v3.6.8

v3.6.7

19 Jun 18:03
a497b98
Compare
Choose a tag to compare

This update is just for base-image CVEs. None of them affect git-sync (AFAICT) but set off scanners.

Available at: registry.k8s.io/git-sync/git-sync:v3.6.7

Full Changelog: v3.6.6...v3.6.7

v3.6.6

05 May 23:22
a497b98
Compare
Choose a tag to compare

What's Changed

Available at: registry.k8s.io/git-sync/git-sync:v3.6.6

Full Changelog: v3.6.5...v3.6.6

v3.6.5

18 Mar 02:18
e1a9827
Compare
Choose a tag to compare

This is mostly small bug fixes. The "dubious ownership" issue is recent and makes 3.6.4 broken for some people.

Available at: registry.k8s.io/git-sync/git-sync:v3.6.5

What's Changed

  • v3: Log commands we run with original caller by @thockin in #671
  • v3: Fix cases of syncing different SHAs back to back by @thockin in #672
  • V3: prevent git's 'dubious ownership' error by @thockin in #700

Full Changelog: v3.6.4...v3.6.5

v3.6.4

07 Feb 19:46
39ab896
Compare
Choose a tag to compare

This is mostly a CVE-fixing build for base-image issues.

Available at: registry.k8s.io/git-sync/git-sync:v3.6.4

What's Changed

Full Changelog: v3.6.3...v3.6.4