v0.2.1

Primary motivation for this release is to (re-)use timestamped cosignature format, and ensure freshness of signatures on distributed checkpoints.

What's Changed

• Pin versions of modules and providers by @mhutchinson in #237
• Use the new tagged release of v0.2.0 for the prod distributor by @mhutchinson in #236
• Bumped terragrunt dependencies by @mhutchinson in #238
• 🌱(deps): Bump github/codeql-action from 3.26.12 to 3.26.13 in the all-gha-deps group by @dependabot in #240
• 🌱(deps): Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 in the all-go-deps group by @dependabot in #239
• Switch back to using cosignature by @mhutchinson in #241
• Specify content encoding on text/plain responses by @aditsachde in #217
• Add a cli option to get a witness' checkpoints by @gregoire-mullvad in #202
• Update aggregated checkpoints even with CP of same size by @AlCutter in #243
• Make fmt string use correct method by @mhutchinson in #244
• Add sigsum log to distributor by @mhutchinson in #245

New Contributors

• @aditsachde made their first contribution in #217
• @gregoire-mullvad made their first contribution in #202

Full Changelog: v0.2.0...v0.2.1

v0.2.0 - stable release

Release with full set of provisioned witnesses. Also contains important fixes to cosignature verification which previously had little/big endian confusion.

What's Changed

• 🌱(deps): Bump the all-go-deps group with 4 updates by @dependabot in #148
• 🌱(deps): Bump codecov/codecov-action from 4.1.1 to 4.3.0 in the all-gha-deps group by @dependabot in #149
• Bump prod to v0.1.2 by @AlCutter in #147
• Create dashboard for liveness graphs. by @jiggoha in #150
• Define liveness alert policy and add its graph to the dashboard. by @jiggoha in #151
• Add CI fused devices by @AlCutter in #152
• Check error returned for Body.Close in defer by @mhutchinson in #154
• Fix final sum bug in live witnesses alert. by @jiggoha in #153
• 🌱(deps): Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #156
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #157
• 🌱(deps): Bump cloud.google.com/go/cloudsqlconn from 1.8.1 to 1.9.0 in the all-go-deps group by @dependabot in #158
• 🌱(deps): Bump the all-gha-deps group across 1 directory with 5 updates by @dependabot in #160
• Bump golang from 1.22.2-alpine3.19 to 1.22.3-alpine3.19 in /cmd by @dependabot in #161
• 🌱(deps): Bump the all-gha-deps group with 3 updates by @dependabot in #162
• 🌱(deps): Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 in the all-go-deps group by @dependabot in #163
• Bump golang from 2a88224 to 282ddcd in /cmd by @dependabot in #164
• Bump golang from 282ddcd to f1fe698 in /cmd by @dependabot in #165
• 🌱(deps): Bump the all-gha-deps group with 3 updates by @dependabot in #167
• 🌱(deps): Bump the all-go-deps group with 2 updates by @dependabot in #166
• Bump alpine from 3.19.1 to 3.20.0 in /cmd by @dependabot in #168
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #169
• 🌱(deps): Bump cloud.google.com/go/cloudsqlconn from 1.10.0 to 1.10.1 in the all-go-deps group by @dependabot in #170
• 🌱(deps): Bump github/codeql-action from 3.25.6 to 3.25.7 in the all-gha-deps group by @dependabot in #172
• Bump golang from 1.22.3-alpine3.19 to 1.22.4-alpine3.19 in /cmd by @dependabot in #173
• 🌱(deps): Bump golang.org/x/mod from 0.17.0 to 0.18.0 in the all-go-deps group by @dependabot in #174
• 🌱(deps): Bump github/codeql-action from 3.25.7 to 3.25.8 in the all-gha-deps group by @dependabot in #175
• 🌱(deps): Bump the all-gha-deps group with 3 updates by @dependabot in #178
• Bump golang from 65b5d2d to d9b1f00 in /cmd by @dependabot in #177
• 🌱(deps): Bump cloud.google.com/go/cloudsqlconn from 1.10.1 to 1.11.0 in the all-go-deps group by @dependabot in #176
• Bump golang from d9b1f00 to c46c460 in /cmd by @dependabot in #180
• Bump alpine from 3.20.0 to 3.20.1 in /cmd by @dependabot in #179
• 🌱(deps): Bump github/codeql-action from 3.25.10 to 3.25.11 in the all-gha-deps group by @dependabot in #181
• Move dependabot to weekly by @mhutchinson in #183
• Update version of go, and run vuln checking by @mhutchinson in #184
• Bump golang from 1.22.4-alpine3.19 to 1.22.5-alpine3.19 in /cmd by @dependabot in #185
• 🌱(deps): Bump actions/upload-artifact from 4.3.3 to 4.3.4 in the all-gha-deps group by @dependabot in #186
• 🌱(deps): Bump the all-go-deps group with 2 updates by @dependabot in #187
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #189
• 🌱(deps): Bump the all-go-deps group with 2 updates by @dependabot in #188
• 🌱(deps): Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-gha-deps group by @dependabot in #190
• Bump golang from 0642d4f to 2a88294 in /cmd by @dependabot in #192
• Bump alpine from 3.20.1 to 3.20.2 in /cmd by @dependabot in #191
• Bump golang from 2a88294 to 48aac60 in /cmd by @dependabot in #193
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #194
• 🌱(deps): Bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible by @dependabot in #195
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #197
• 🌱(deps): Bump the all-go-deps group with 2 updates by @dependabot in #196
• Bump golang from 1.22.5-alpine3.19 to 1.22.6-alpine3.19 in /cmd by @dependabot in #199
• Update token used for scorecard by @mhutchinson in #198
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #200
• 🌱(deps): Bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 in the all-go-deps group by @dependabot in #201
• Bump golang from 1.22.6-alpine3.19 to 1.23.0-alpine3.19 in /cmd by @dependabot in #203
• Add new shard for Rekor by @haydentherapper in #204
• 🌱(deps): Bump the all-go-deps group with 2 updates by @dependabot in #206
• 🌱(deps): Bump github/codeql-action from 3.26.0 to 3.26.3 in the all-gha-deps group across 1 directory by @dependabot in #207
• 🌱(deps): Bump github/codeql-action from 3.26.3 to 3.26.5 in the all-gha-deps group by @dependabot in #209
• 🌱(deps): Bump github.com/prometheus/client_golang from 1.20.0 to 1.20.2 in the all-go-deps group by @dependabot in #208
• 🌱(deps): Bump the all-gha-deps group with 2 updates by @dependabot in #210
• 🌱(deps): Bump google.golang.org/grpc from 1.65.0 to 1.66.0 in the all-go-deps group by @dependabot in #211
• Bump golang from 1.23.0-alpine3.19 to 1.23.1-alpine3.19 in /cmd by @dependabot in #212
• Bump go and golangci-lint to latest version by @roger2hk in #216
• 🌱(deps): Bump the all-go-deps group with 3 updates by @dependabot in #215
• Bump golang from 90a6622 to e0ea2a1 in /cmd by @dependabot in #213
• Bump alpine from 3.20.2 to 3.20.3 in /cmd by @dependabot in #214
• 🌱(deps): Bump google.golang.org/grpc from 1.66.0 to 1.66.2 in the all-go-deps group by @dependabot in #218
• 🌱(deps): Bump github/codeql-action from 3.26.6 to 3.26.7 in the all-gha-deps group by @dependabot in #219
• Add some simple device metrics to dashboard by @AlCutter in #220
• 🌱(deps): Bump the all-go-deps group with 3 updates by @dependabot in #222
• 🌱(deps): Bump github/codeql-action from 3.26.7 to 3.26.8 in the all-gha-deps group by @dependabot in https:...

v0.1.2 - patch release

What's Changed

Adds: new witness IDs to prod, resilience improvements, finer-grained metrics, and dependency bumps.

• Use the 0.1.1 release in prod by @mhutchinson in #117
• Refactor terragrunt by @mhutchinson in #119
• Terraform: set witnesses per environment by @mhutchinson in #118
• Print out the witness keys in a better way by @mhutchinson in #121
• Set flags known to assist reproducible builds by @mhutchinson in #120
• 🌱(deps): Bump the all-go-deps group with 1 update by @dependabot in #122
• Bump golang from 1.22.0-alpine3.19 to 1.22.1-alpine3.19 in /cmd by @dependabot in #123
• Add AW-wispy-snow by @AlCutter in #124
• Fix bug with witness key init by @mhutchinson in #125
• Add GitHub actions for lint and tests by @mhutchinson in #126
• Updated CI keys by @mhutchinson in #127
• Fix nil ptr by @AlCutter in #128
• 🌱(deps): Bump the all-go-deps group with 4 updates by @dependabot in #129
• Allow distribution of the AW CI log by @mhutchinson in #130
• Add CI-3 Armored Witness log. by @jiggoha in #131
• 🌱(deps): Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #132
• 🌱(deps): Bump the all-go-deps group with 1 update by @dependabot in #133
• 🌱(deps): Bump the all-gha-deps group with 1 update by @dependabot in #135
• Bump golang from fc5e584 to 0466223 in /cmd by @dependabot in #134
• Added my dev armored witness and QEMU ID for testing by @mhutchinson in #136
• 🌱(deps): Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #137
• Roll prod witness list by @AlCutter in #138
• 🌱(deps): Bump the all-go-deps group with 1 update by @dependabot in #140
• 🌱(deps): Bump the all-gha-deps group with 1 update by @dependabot in #139
• Bump golang from 1.22.1-alpine3.19 to 1.22.2-alpine3.19 in /cmd by @dependabot in #142
• Add witness ID label to distribute counter. by @jiggoha in #141
• Add prod witness identities by @AlCutter in #146

Full Changelog: v0.1.1...v0.1.2

Patch release for security

What's Changed

Primary motivation for release is that base image of Dockerfile used for serving has been bumped, which closes known vulnerabilities in openssl in that base image.

• Bump base image in Dockerfile by @mhutchinson in #111
• Bump alpine from 3.17.3 to 3.19.1 in /cmd by @dependabot in #115

This release also includes the new endpoint to get all witnesses the distributor is configured with.

• Expose an endpoint with all of the witness keys by @mhutchinson in #114

Full Changelog: v0.1.0...v0.1.1

v0.1.0: Initial release

Initial release of the distributor. This is still a v0 and any of the public HTTP API or Go APIs could change.

Full Changelog: https://github.com/transparency-dev/distributor/commits/v0.1.0