github/hauler
1
0
Fork 0
mirror of https://github.com/hauler-dev/hauler.git synced 2026-05-06 01:08:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
572 Commits 14 Branches 83 Tags
main
Commit Graph

572 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Adam Toy
8b777abc8a add dependabot configuration file to track multiple release minor rel… (#585) 2026-05-05 12:52:31 -06:00
Camryn Carter
fbcbb282c3 remove cherrypick bot and add mergify details (#581) 
Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com>
 2026-05-03 12:27:51 -07:00
Zack Brady
cf6e7bcc40 added makefile command for vulnerability checks (#577) 2026-05-01 09:45:06 -04:00
Zack Brady
6677f10d7b fixed github workflows (tests and cherrypicker) (#574) 2026-04-22 17:01:16 -04:00
Adam Martin
eca35ecb92 adjust logging for extracting oci artifacts with cosign bits (#575) 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-04-22 12:57:51 -04:00
Camryn Carter
2bf284e183 removed unnecessary rewrite flag from sync (#572) 2026-04-21 16:53:01 -04:00
dependabot[bot]
c3cd3c0379 bump github.com/sigstore/timestamp-authority/v2 (#557) 
bumps the go_modules group with 1 update in the / directory: [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority).


updates `github.com/sigstore/timestamp-authority/v2` from 2.0.4 to 2.0.6
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/timestamp-authority/compare/v2.0.4...v2.0.6)

---
updated-dependencies:
- dependency-name: github.com/sigstore/timestamp-authority/v2
  dependency-version: 2.0.6
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-19 18:24:01 -05:00
Adam Martin
40c4fdded4 add ability to add images from local docker daemon (#551) 
signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-04-19 17:51:36 -05:00
Adam Martin
b2d0f9f01e add dry-run flag for sync --products (#547) 
signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-04-14 16:27:59 -04:00
Camryn Carter
57d45f136e handle large diff passed to gh api (#553) 2026-04-11 20:26:29 -04:00
dependabot[bot]
8560d02a6d bump helm.sh/helm/v3 in the go_modules group across 1 directory (#552) 
bumps the go_modules group with 1 update in the / directory: [helm.sh/helm/v3](https://github.com/helm/helm).

updates `helm.sh/helm/v3` from 3.19.0 to 3.20.2
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.19.0...v3.20.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.20.2
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-11 10:39:49 -04:00
Camryn Carter
a8d6e2e527 verified commits and better messges (#550) 2026-04-08 20:23:05 -04:00
dependabot[bot]
7319874ea8 bump go.opentelemetry.io/otel/sdk (#548) 
bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).

updates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.43.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 17:30:16 -04:00
Adam Martin
f059a135da add optional flag for excluding extra artifacts when pulling from a registry (#541) 
* add optional flag for excluding extra artifacts when pulling from a registry

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* add optional flag to charts for excluding extra artifacts when pulling from a registry

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-04-07 12:48:05 -04:00
Zack Brady
b3e21806fe allow multiple prefix references (#532) 
* allow multiple prefix references
* fixed some duplications
 2026-04-07 07:51:25 -04:00
dependabot[bot]
93938d1acb bump github.com/go-jose/go-jose/v4 (#542) 
bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).


updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4

- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4)

---

updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-03 08:41:54 -04:00
Camryn Carter
641b9db8fd chunk the haul (#519) 
* chunk the haul
* validate numeric suffix on join
* enforce valid chunk size
* containerd warning
* updated test.go files
 2026-03-25 10:59:51 -04:00
Camryn Carter
c68e72df1c option to sync images.txt files natively (#538) 
* sync images.txt files
* test worklflow sync w image list
* images.txt
 2026-03-25 10:53:54 -04:00
Camryn Carter
e8046a1e30 fix keep registry logic (#537) 
* fixed keep registry logic
* trim library/
* updated test
* test updates
 2026-03-25 10:45:48 -04:00
Camryn Carter
7fd03ea52e images.txt testdata file (#539) 2026-03-24 13:27:05 -04:00
Camryn Carter
aa9b883d4c add cherry-pick workflow for release branches (#533) 
this workflow automates cherry-picking changes from merged pull requests to specified release branches based on comments... it handles permission checks, version parsing, and conflict resolution during the cherry-pick process.

Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com>
 2026-03-18 23:26:13 -04:00
dependabot[bot]
565b27d54b bump google.golang.org/grpc in the go_modules group across 1 directory (#536) 
bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).

updates `google.golang.org/grpc` from 1.78.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3)

---

updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-18 23:25:22 -04:00
Adam Martin
3adb9257b7 adjust hauler's kind annotation to not reflect cosign (#535) 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-03-18 23:24:47 -04:00
Adam Martin
268485f6d6 fix dockerhub default host bug (#534) 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-03-18 23:24:05 -04:00
Adam Martin
47479b1fa2 adjust extract to handle an image index appropriately (#531) 
* adjust extract to handle images and image indices appropriately

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* updates for review feedback

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
v2.0.0-dev.1 		2026-03-11 23:49:28 -04:00
Adam Martin
bbde34690f improved test coverage (#530) 
* improved test coverage

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* adjusted mapper_test for oddball oci files

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-03-10 17:46:07 -04:00
Adam Martin
0dd1896191 fix extract for oci files (#529) 
* fix extract for oci files

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* have extract guard against path traversal

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-03-10 12:54:11 -04:00
Zack Brady
cc6123918f removed deprecated code (#528) 
* removed deprecated code
* removed all supported for v1alpha1
 2026-03-10 12:51:15 -04:00
dependabot[bot]
995e538412 bump github.com/docker/cli in the go_modules group across 1 directory (#526) 
bumps the go_modules group with 1 update in the / directory: [github.com/docker/cli](https://github.com/docker/cli).


updates `github.com/docker/cli` from 29.0.3+incompatible to 29.2.0+incompatible
- [Commits](https://github.com/docker/cli/compare/v29.0.3...v29.2.0)

---

updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.2.0+incompatible
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-06 12:27:31 -05:00
Adam Martin
e2a59508af over-"haul": replace oras v1 and cosign fork with native containerd-based implementation (#515) 
* remove oras from hauler

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* remove cosign fork and use upstream cosign for verification

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* added support for oci referrers

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* updated README.md projects list

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* updates for copilot PR review

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for unsafe type assertions

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for http getter and dead code

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* fixes for more clarity and better error handling

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for resource leaks and unchecked errors

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for rewrite logic for docker.io images due to cosign removal

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for sigs and referrers

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for index.json missing mediatype

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix to make sure manifest.json doesnt include anything other than actual container images

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-03-06 11:45:47 -05:00
Zack Brady
26b11d5abc smaller changes and updates for v1.4.2 release (#524) 
* smaller changes and updates for v1.4.2 release
* removed unused env variable
 2026-03-05 20:50:41 -05:00
Camryn Carter
a4b16c723d dev.md file (#521) v1.4.2-rc.1 2026-03-02 16:13:50 -05:00
dependabot[bot]
666d220d6c bump go.opentelemetry.io/otel/sdk (#520) 
bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).

updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

---

updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 00:40:54 -05:00
devLeitner
4ed7504264 fix: handling of file referenced dependencies without repository field (#514) 
co-authored-by: devleitner <devleitner@protonmail.com>
 2026-03-02 00:40:16 -05:00
dependabot[bot]
e255eda007 bump github.com/theupdateframework/go-tuf/v2 (#517) 
bumps the go_modules group with 1 update in the / directory: [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf).

updates `github.com/theupdateframework/go-tuf/v2` from 2.3.1 to 2.4.1
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---

updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 17:19:37 -05:00
Camryn Carter
16f47999b1 keep registry on image rewrite if not specified (#501) 
* keep registry on rewrite if not specified
* better logic
* add test
* accurate info output for rewrite references
* apply suggestions from code review

comment format and improved test

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com>

---------

Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com>
Co-authored-by: Zack Brady <zackbrady123@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-23 17:18:50 -05:00
Adam Martin
4c68654424 update tablewriter to v1.1.2 (#512) 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-02-14 11:55:54 -05:00
Eric Klatzer
8ecd87d944 fix for file:// dependency chart path resolutions (#510) 
Signed-off-by: Eric Klatzer <eric@klatzer.at>
 2026-02-14 11:43:30 -05:00
Adam Martin
a355898171 update cosign fork to 3.0.4 plus dep tidy (#509) 
* update cosign fork to 3.0.4 plus dep tidy

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* update to cosign fork tag v3.0.4+hauler.2

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-02-12 22:07:53 -05:00
dependabot[bot]
3440b1a641 bump github.com/theupdateframework/go-tuf/v2 (#502) 
bumps the go_modules group with 1 update in the / directory: [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf).

updates `github.com/theupdateframework/go-tuf/v2` from 2.3.1 to 2.4.1
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---

updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-27 09:55:45 -05:00
dependabot[bot]
9081ac257b Bump github.com/sigstore/sigstore (#498) 
bumps the go_modules group with 1 update in the / directory: [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).

updates `github.com/sigstore/sigstore` from 1.10.3 to 1.10.4
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.10.3...v1.10.4)

---

updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.4
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 16:18:01 -05:00
dependabot[bot]
a01895bfff bump github.com/sigstore/rekor (#497) 
bumps the go_modules group with 1 update in the / directory: [github.com/sigstore/rekor](https://github.com/sigstore/rekor).

updates `github.com/sigstore/rekor` from 1.4.3 to 1.5.0
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---

updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 14:25:27 -05:00
Zack Brady
e8a5f82b7d new fix for new helm chart features (#496) v1.4.2-dev.1 2026-01-22 10:30:59 -05:00
dependabot[bot]
dffcb8254c bump github.com/theupdateframework/go-tuf/v2 (#495) 
bumps the go_modules group with 1 update in the / directory: [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf).

updates `github.com/theupdateframework/go-tuf/v2` from 2.3.0 to 2.3.1
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---

updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 13:24:06 -05:00
Zack Brady
4a2b7b13a7 fixed typos for containerd imports (#493) v1.4.1 2026-01-15 20:45:24 -05:00
Zack Brady
cf22fa8551 fix and support containerd imports of hauls (#492) 
* fixed hauler save for containerd
* added flag for containerd compatibility
 2026-01-15 09:09:23 -05:00
dependabot[bot]
28432fc057 bump github.com/sigstore/fulcio (#489) 
bumps the go_modules group with 1 update in the / directory: [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio).

updates `github.com/sigstore/fulcio` from 1.8.3 to 1.8.5
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.3...v1.8.5)

---

updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-13 23:57:10 -05:00
Zack Brady
ac7d82b55f added/updated logging for serve and remove (#487) 
* added error logging for hauler store serve
* updated logging for hauler store remove to match others
* added more error logging for user responses
v1.4.0 		2026-01-12 16:36:37 -05:00
Zack Brady
ded947d609 added/fixed helm chart images/dependencies features (#485) 
* added/fixed helm chart images/dependencies features
* added helm chart images/dependencies features to sync/manifests
* more fixes for helm chart images/dependencies features
* fixed tests for incorrect referenced images
* fixed sync for helm chart images/dependencies
* added helm chart image annotations and registry/platform features
* updated ordering of experimental
* added more parsing types for helm images/dependencies
* a few more remove artifacts updates

---------

Signed-off-by: Zack Brady <zackbrady123@gmail.com>
v1.4.0-rc.1 		2026-01-09 13:39:52 -05:00
Zack Brady
ff3cece87f more experimental feature updates (#486) 
* updates for experimental features and renamed delete to remove
* added examples back for experimental features
* update stability warning message

Co-authored-by: Camryn Carter <camryn.carter@ranchergovernment.com>
Signed-off-by: Zack Brady <zackbrady123@gmail.com>

* fixed more tests to use ghcr for hauler
* updated test data workflow

---------

Signed-off-by: Zack Brady <zackbrady123@gmail.com>
Co-authored-by: Camryn Carter <camryn.carter@ranchergovernment.com>
 2026-01-08 14:57:52 -05:00