Releases: zarf-dev/zarf
Releases · zarf-dev/zarf
v0.56.0
v0.56.0
This tag was signed with the committer’s verified signature.
The key has expired.
What's Changed
🚀 Updates
- docs: roadmap updates by @AustinAbro321 in #3875
- chore: lint packager2 by @AustinAbro321 in #3874
- refactor: remove packager1 references by @AustinAbro321 in #3855
- fix(archive): cleanup the archive package by @brandtkeller in #3822
- chore(docs): add community meeting documentation to project/website by @brandtkeller in #3884
- refactor: separate out create / layout to avoid cyclic dependency with zoci by @AustinAbro321 in #3872
- refactor: packager2 api cleanup by @AustinAbro321 in #3888
- fix: sign package during publish by @AustinAbro321 in #3892
- refactor: move zarf state structs from
src/types->src/pkg/stateby @AustinAbro321 in #3897 - refactor: move split file logic to it's own package by @AustinAbro321 in #3898
- refactor: standardize packager2 API and decouple CLI from SDK by @AustinAbro321 in #3894
- docs: tip to use inspect manifest command by @AustinAbro321 in #3903
- feat: live output action command logs by @AustinAbro321 in #3901
- chore!: delete packager and related dead code by @AustinAbro321 in #3902
- fix(monitor): mimic k9s init to silence klog errors by @brandtkeller in #3905
- feat: expose packager(2) as public package by @AustinAbro321 in #3906
- refactor: pass cachepath through packager functions by @AustinAbro321 in #3907
- feat: improve usability and defaults of packager SDK by @AustinAbro321 in #3908
- feat(sdk): intuitive default path when using
./zarfactions by @AustinAbro321 in #3910 - feat(sdk): return final package ref after publish by @AustinAbro321 in #3911
📦 Dependencies
- chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in #3878
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.5.0 to 1.6.0 by @dependabot in #3865
- chore(deps): bump github.com/goccy/go-yaml from 1.17.1 to 1.18.0 by @dependabot in #3886
- chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot in #3890
- chore(deps): bump github.com/go-git/go-git/v5 from 5.16.0 to 5.16.1 by @dependabot in #3891
- chore(deps): bump the golang group across 1 directory with 2 updates by @dependabot in #3895
- chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in #3909
Full Changelog: v0.55.6...v0.56.0
Contributors
dependabot, AustinAbro321, and brandtkeller
Assets 19
- sha256:ebd81cf5ca241778274b3cebf18f1b6e6980f9adb753899436b1e36b17bf554e
2025-06-13T12:40:56Z - sha256:289947a7640d2456f8a85d3393a3a6743640d53ec03724b5bc98c2b3911b8743
2025-06-13T12:40:56Z - sha256:3c99770809a01e1884e2efe04ea413919f53d9570d6bf347a02a3afbdd8809bd
2025-06-13T12:40:53Z - sha256:2b5dc894d65345616208262ce2820c3e3d6eaae072adb9de103108934eb12e3e
2025-06-13T12:40:56Z - sha256:9b775efd87340f2e2f354091369ff60cb1a3d3f1b66f8de1d7cf17d1ecc3090a
2025-06-13T12:40:54Z - sha256:50ba47dd0e8618645b9975098c52113c7044fc1a297d39d510847fecd75bbcfa
2025-06-13T12:40:55Z - sha256:a341966897c3db854ae9445f6e7cfaf6a1608a134f007d510324b17bf0b9781c
2025-06-13T12:40:55Z - sha256:273cdaaa5697b45a4e8b8f52a8d8442c73b94c71b021b5760f96c93cb1221e8d
2025-06-13T12:40:54Z - sha256:4a99b913c9fa32ef9f611eebe57fd905c44cbe3719cfe408352606d006b25c01
2025-06-13T12:40:57Z - sha256:8b34f0f16ad58df3fd1c9de49f728826d2ce6ed30dec785a6870343e546c622b
2025-06-13T12:40:57Z -
2025-06-12T18:33:59Z -
2025-06-12T18:33:59Z - Loading
v0.55.6
What's Changed
🚀 Updates
- refactor: combine and output split files in LoadPackage by @AustinAbro321 in #3796
- chore: lint src/internal/packager by @AustinAbro321 in #3854
- refactor: deploy by @AustinAbro321 in #3738
- fix: concurrent registry auth issue by @AustinAbro321 in #3850
- fix: segfault during destroy w/o state by @Racer159 in #3864
- fix: Replace all vars and consts in
actionCmdMutationby @koendelaat in #3799 - feat: expand subcommands from
cranetoregistrycommand by @a1994sc in #3856 - refactor: dev deploy by @AustinAbro321 in #3847
- fix: unchecked err when populating variables for deploy by @AustinAbro321 in #3873
- fix(create): ensure that when given an output directory Archive creates the directory for the user by @mkcp in #3869
- fix(archive): sbom directory regression fix by @brandtkeller in #3877
📦 Dependencies
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0 by @dependabot in #3852
- chore(deps): bump github.com/google/go-containerregistry from 0.20.4 to 0.20.5 by @dependabot in #3853
- chore(deps): bump github.com/anchore/syft from 1.26.0 to 1.26.1 by @dependabot in #3857
- chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.21.6 to 5.21.7 by @dependabot in #3866
New Contributors
- @koendelaat made their first contribution in #3799
Full Changelog: v0.55.5...v0.55.6
Contributors
mkcp, a1994sc, and 5 other contributors
Assets 19
v0.55.5
v0.55.5
This tag was signed with the committer’s verified signature.
The key has expired.
What's Changed
🚀 Updates
- feat(utils): support user interrupts in utils.ExecuteWait and add debug logging by @mkcp in #3846
- feat(utils): add user interrupts to wait-for on network protocols by @mkcp in #3848
- Revert "chore(deps): bump helm.sh/helm/v3 from 3.17.3 to 3.18.0" by @AustinAbro321 in #3851
📦 Dependencies
- chore(deps): bump github.com/anchore/syft from 1.23.1 to 1.26.0 by @dependabot in #3841
Full Changelog: v0.55.4...v0.55.5
Contributors
mkcp, dependabot, and AustinAbro321
Assets 19
v0.55.4
v0.55.4
This tag was signed with the committer’s verified signature.
What's Changed
🚀 Updates
- chore(sustainability): document the release process by @brandtkeller in #3823
- fix(archive): replace virtualfilesystem with sequential streaming by @brandtkeller in #3831
- docs: Update 0-creating-a-zarf-package.mdx by @nevinaragam in #3832
- fix(archive): skip format autodetection for tar format by @brandtkeller in #3836
- fix(mirror-resources): add cluster nil check before loading state by @brandtkeller in #3838
- fix(release): remove grype cve report from release by @brandtkeller in #3840
📦 Dependencies
- chore(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot in #3812
- chore(deps): bump github.com/defenseunicorns/pkg/helpers/v2 from 2.0.1 to 2.0.4 by @dependabot in #3803
- chore(deps): bump github.com/mholt/archives from 0.1.1 to 0.1.2 by @dependabot in #3801
- chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #3818
- chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.21.3 to 5.21.6 by @dependabot in #3802
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3819
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1 8000 .10.0 to 1.12.0 by @dependabot in #3827
- chore(deps): bump helm.sh/helm/v3 from 3.17.3 to 3.18.0 by @dependabot in #3826
- chore(deps): bump github.com/google/go-containerregistry from 0.20.4-0.20250225234217-098045d5e61f to 0.20.4 by @dependabot in #3834
- chore(deps): bump github.com/defenseunicorns/pkg/oci from 1.2.0 to 1.3.0 by @dependabot in #3833
New Contributors
- @nevinaragam made their first contribution in #3832
Full Changelog: v0.55.2...v0.55.4
Contributors
dependabot, brandtkeller, and nevinaragam
Assets 19
v0.55.2
v0.55.2
This tag was signed with the committer’s verified signature.
Release v0.55.2
This release includes improvements to the Zarf SDK and continuing iteration on the packager refactor - most of which are consumed by the CLI to-date. In the CLI you will see a few changes:
- Caching OCI layers: Improving package creation time when layers are present in the cache (while hard to represent given all conditions, our package creation of the
examples/longhornpackage saw a %62 improvement on subsequent creations. zarf package mirror-resourceswill now default to zarf state if available and other targets are not defined. Additionally--images/--reposflags were introduced to mirror a type of artifact in isolation.zarf package inspectoperations targeting packages in a registry now only pull the required layers needed for inspect to occur. This fixes inspect previously pulling the full package just to view the definition/sboms/images etc
Release Demo Video for those who want to watch these updates in action.
Note: We ran into an issue with our release process and identified a bug which resulted in releasing v0.54.0 -> v0.55.2 and have since identified improvements to testing and release to work towards more resilient zarf releases.
What's Changed
🚀 Updates
- fix: template variables in values file in
zarf package inspect value-filesby @AustinAbro321 in #3760 - feat(mirror-resources): support for State fallback without flags by @brandtkeller in #3757
- chore(docs): 2025 roadmap proposal by @brandtkeller in #3670
- feat: cache OCI packages by @AustinAbro321 in #3767
- feat: avoid using a cache in
zarf package pullis cachepath is not set by @AustinAbro321 in #3775 - fix(wait-for): return early on connection refused by @brandtkeller in #3772
- fix(docs): update mirror resources docs to include examples by @brandtkeller in #3778
- feat(packager): make packager2.Pull public by @mkcp in #3773
- refactor: lint by @AustinAbro321 in #3776
- Log out available disk space on create-release failure by @mkcp in #3698
- fix(inspect): only pull required layers for inspecting OCI packages by @brandtkeller in #3679
- fix: avoid panic during wait-for HTTP server by @AustinAbro321 in #3797
- test: run unit tests on arm64 by @AustinAbro321 in #3805
- fix: respect
.metadata.architectureon package create output to registry by @AustinAbro321 in #3806 - fix(archiver): archiver migration to archives by @brandtkeller in #3788
- fix(archiver): remaining cleanup and variables swap in #3809
- fix(CLI): migrate to Packager2 for init package downloads by @brandtkeller in #3810
📦 Dependencies
- chore(deps): bump actions/create-github-app-token from 2.0.2 to 2.0.3 by @dependabot in #3758
- chore(deps): bump vite from 6.3.3 to 6.3.4 in /site by @dependabot in #3753
- chore(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot in #3764
- chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in #3765
- chore(deps): bump actions/create-github-app-token from 2.0.3 to 2.0.6 by @dependabot in #3763
- chore(deps): bump aws-actions/configure-aws-credentials from 4.1.0 to 4.2.0 by @dependabot in #3770
- chore(dependencies): update crane by @AustinAbro321 in #3771
- chore(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @dependabot in #3779
- chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in #3780
- chore(deps): bump github.com/anchore/syft from 1.19.0 to 1.23.1 by @dependabot in #3740
- chore(deps): bump github.com/golang-cz/devslog from 0.0.12 to 0.0.13 by @dependabot in #3785
- chore(deps): bump the golang group across 1 directory with 3 updates by @dependabot in #3784
- chore(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0 by @dependabot in #3786
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.45.1 to 4.45.4 by @dependabot in #3792
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.2 to 0.20.4 by @dependabot in #3791
- chore(deps): bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @dependabot in #3795
- chore(deps): bump aws-actions/configure-aws-credentials from 4.2.0 to 4.2.1 by @dependabot in #3804
Full Changelog: v0.54.0...v0.55.2
Contributors
mkcp, dependabot, and 2 other contributors
Assets 19
v0.54.0
v0.54.0
This tag was signed with the committer’s verified signature.
The key has expired.
What's Changed
🚀 Updates
- refactor(cluster,state,types)!: migrate types.ZarfState to state.State by @mkcp in #3682
- fix(images): support for insecure skip tls verify on image push/pull by @brandtkeller in #3725
- feat: add timeout to image operations by @AustinAbro321 in #3731
- feat: remove user submitted digest from OCI pull log by @AustinAbro321 in #3743
- chore: remove invopop/jsonschema dependency from root go.mod by @AustinAbro321 in #3744
- test: avoid dockerhub flake in agent ignore test by @AustinAbro321 in #3742
- test: improve archive test by @Noxsios in #3739
- fix: retry on images and components by @Noxsios in #3746
- feat: respect context during HTTP file downloads by @AustinAbro321 in #3751
- test: improve http pull test by @Noxsios in #3748
- fix: set default user for git and registry state during
zarf package deployby @AustinAbro321 in #3754
📦 Dependencies
- chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in #3727
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3728
- chore(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot in #3735
- chore(deps): bump the cosign-providers group across 1 directory with 3 updates by @dependabot in #3733
- chore(deps): bump vite from 5.4.14 to 5.4.18 in /site by @dependabot in #3692
- chore(deps): bump prismjs from 1.29.0 to 1.30.0 in /site by @dependabot in #3695
- chore(deps): bump @babel/helpers from 7.26.0 to 7.27.0 in /site by @dependabot in #3694
- chore(deps): bump esbuild, @astrojs/starlight and astro in /site by @dependabot in #3697
- fix: resolve CVE-2025-3445 in cmd/archiver with pkg/archive by @mkcp in #3732
Full Changelog: v0.53.0...v0.54.0
Contributors
mkcp, dependabot, and 3 other contributors
Assets 19
v0.53.0
v0.53.0
This tag was signed with the committer’s verified signature.
What's Changed
🚀 Updates
- fix(release): update goreleaser configuration by @brandtkeller in #3709
- refactor: generate by @AustinAbro321 in #3666
- fix: stop warning users when flavors are not used by @AustinAbro321 in #3714
- feat: inspect values files by @AustinAbro321 in #3706
- fix: ensure variable uniqueness during compose by @AustinAbro321 in #3713
- feat: use websockets for port forwards by @AustinAbro321 in #3717
- feat: add retries to image push by @AustinAbro321 in #3718
📦 Dependencies
- chore(deps): bump github.com/go-git/go-git/v5 from 5.14.0 to 5.16.0 by @dependabot in #3680
Full Changelog: v0.52.1...v0.53.0
Contributors
dependabot, AustinAbro321, and brandtkeller
Assets 19
v0.52.1
v0.52.1
This tag was signed with the committer’s verified signature.
The key has expired.
There was an issue with our release process in v0.52.0. While their is no problem with the Go code the release process failed. While the v0.52.0 tag remains there will not be a GitHub release for v0.52.0.
What's Changed
🚀 Updates
- feat!: Add debug granularity to package create validation and update error message by @mkcp in #3636
- refactor: remove statefulness from Helm package by @AustinAbro321 in #3609
- chore(deps): update to distribution/distribution v3 by @AustinAbro321 in #3642
- fix: oci-concurrency flag on init by @AustinAbro321 in #3643
- docs: Migrate "air gap" to "airgap" by @mkcp in #3638
- chore: update Zarf Homebrew description by @mkcp in #3646
- refactor: include all workload resources by @wcrum in #3640
- chore(deps): update k3s version by @AustinAbro321 in #3648
- refactor: find images by @AustinAbro321 in #3621
- feat: respect filters for all package sources in
LoadPackageby @AustinAbro321 in #3650 - fix(publish): deterministic SHA for package publish by @brandtkeller in #3656
- feat: zarf package inspect manifests by @AustinAbro321 in #3653
- fix: restore ability to publish Zarf packages to root level of an OCI registry by @Noxsios in #3663
- fix(publish): cleanup trailing manifest file by @brandtkeller in #3662
- feat: zarf dev inspect manifest by @AustinAbro321 in #3658
- fix(skeleton): resolve support for kustomizations in isolation by @brandtkeller in #3669
- chore: move v1beta1 internal by @AustinAbro321 in #3659
- docs: remove component-choice example by @AustinAbro321 in #3668
- fix: require username and password for
zarf tools registry loginby @AustinAbro321 in #3676 - fix: require one of
passwordorpassword-stdininzarf tools registry loginby @AustinAbro321 in #3681 - feat: allow unused flavors with a warning by @AustinAbro321 in #3683
- feature: Add ability for zarf to find oci artifacts for fluxcd ocirepo resource by @a1994sc in #3238
- feat: warn if cert is expiring soon, error if cert is expired by @AustinAbro321 in #3677
- ci: move release workflow to larger runner by @AustinAbro321 #3701
📦 Dependencies
- chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @dependabot in #3626
- chore(deps): bump github/codeql-action from 3.28.12 to 3.28.15 by @dependabot in #3641
- chore(deps): bump actions/create-github-app-token from 1.12.0 to 2.0.2 by @dependabot in #3634
- chore(deps): bump github.com/defenseunicorns/pkg/oci from 1.0.2 to 1.0.4 by @dependabot in #3652
- chore(deps): bump the cosign-providers group across 1 directory with 3 updates by @dependabot in #3651
- chore(deps): bump the golang group across 1 directory with 3 updates by @dependabot in #3657
- chore(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by @dependabot in #3665
- chore(deps): bump github.com/golang-cz/devslog from 0.0.11 to 0.0.12 by @dependabot in #3664
- chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot in #3674
- chore(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 by @dependabot in #3673
- chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot in #3688
- chore(deps): bump helm.sh/helm/v3 from 3.17.2 to 3.17.3 by @dependabot in #3689
- chore(deps): bump github.com/containerd/containerd from 1.7.24 to 1.7.27 by @dependabot in #3690
- chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #3687
- chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 by @dependabot in #3693
Full Changelog: v0.51.0...v0.52.1
Contributors
mkcp, a1994sc, and 5 other contributors
Assets 19
v0.51.0
v0.51.0
This tag was signed with the committer’s verified signature.
The key has expired.
What's Changed
🚀 Updates
- feat: validate submitted flavor exists by @AustinAbro321 in #3597
- chore: switch to new aws resources by @AustinAbro321 in #3380
- chore: update init s3 publish path by @AustinAbro321 in #3600
- chore: update init package injector by @AustinAbro321 in #3601
- chore: update cosign key to new aws environment by @AustinAbro321 in #3602
- chore: update dos-games references to use new version by @AustinAbro321 in #3611
- refactor: package publish by @AustinAbro321 in #3495
- test: increase timeout for in cluster test health check by @AustinAbro321 in #3612
- fix: set flavor on composed component by @AustinAbro321 in #3624
- feat: replace Crane usage for Image pull and Push with ORAS by @AustinAbro321 in #3559
- Remove support for legacy logging by @mkcp in #3546
- fix: init-package s3 url by @AustinAbro321 in #3631
📦 Dependencies
- chore(deps): bump github.com/goccy/go-yaml from 1.15.23 to 1.16.0 by @dependabot in #3596
- chore(deps): bump github.com/opencontainers/image-spec from 1.1.0 to 1.1.1 by @dependabot in #3554
- chore(deps): bump actions/create-github-app-token from 1.11.6 to 1.11.7 by @dependabot in #3595
- chore(deps): bump helm.sh/helm/v3 from 3.17.1 to 3.17.2 by @dependabot in #3599
- chore(deps): bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 by @dependabot in #3604
- chore(deps): bump actions/create-github-app-token from 1.11.7 to 1.12.0 by @dependabot in #3615
- chore(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 by @dependabot in #3619
Breaking Changes
The function "github.com/zarf-dev/zarf/src/cmd".SetupMessage and struct "github.com/zarf-dev/zarf/src/cmd".MessageCfg have been removed.
Full Changelog: v0.50.0...v0.51.0
Contributors
mkcp, dependabot, and AustinAbro321
Assets 19
v0.50.0
v0.50.0
This tag was signed with the committer’s verified signature.
What's Changed
🚀 Updates
- feat: recording deployed component status in package deploy by @sgettys in #3556
- docs: remove interactive tutorial by @AustinAbro321 in #3566
- feat: accept version flag for
zarf tools download-initby @jbrewer3 in #3568 - fix(unit): resolve TestRepository host git configuration dependency by @brandtkeller in #3573
- fix: change Helm chart dependency verification to "verify never" from "verify if possible" by @AustinAbro321 in #3571
- chore: use setup-zarf from zarf-dev by @AustinAbro321 in #3583
- fix: support for ephemeral container mutation by @brandtkeller in #3560
📦 Dependencies
- chore(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @dependabot in #3569
- chore(deps): b 68F7 ump the cosign-providers group across 1 directory with 3 updates by @dependabot in #3558
- chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot in #3561
- chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot in #3577
- chore(deps): bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 by @dependabot in #3581
- chore(deps): bump actions/setup-node from 4.2.0 to 4.3.0 by @dependabot in #3582
- chore(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @dependabot in #3591
- chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot in #3590
- chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in #3588
- chore(deps): bump actions/download-artifact from 4.1.9 to 4.2.1 by @dependabot in #3589
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3574
New Contributors
Full Changelog: v0.49.1...v0.50.0
Contributors
dependabot, AustinAbro321, and 3 other contributors