mirror of
https://github.com/hauler-dev/hauler.git
synced 2026-05-16 14:17:26 +00:00
c0294c733b
* fix: handling of file referenced dependencies without repository field (#514) co-authored-by: devleitner <devleitner@protonmail.com> * bump go.opentelemetry.io/otel/sdk (#520) bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go). updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.40.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dev.md file (#521) * smaller changes and updates for v1.4.2 release (#524) * smaller changes and updates for v1.4.2 release * removed unused env variable * over-"haul": replace oras v1 and cosign fork with native containerd-based implementation (#515) * remove oras from hauler Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * remove cosign fork and use upstream cosign for verification Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * added support for oci referrers Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * updated README.md projects list Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * updates for copilot PR review Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix for unsafe type assertions Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix for http getter and dead code Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * fixes for more clarity and better error handling Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix for resource leaks and unchecked errors Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix for rewrite logic for docker.io images due to cosign removal Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix for sigs and referrers Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix for index.json missing mediatype Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bug fix to make sure manifest.json doesnt include anything other than actual container images Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> --------- Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bump github.com/docker/cli in the go_modules group across 1 directory (#526) bumps the go_modules group with 1 update in the / directory: [github.com/docker/cli](https://github.com/docker/cli). updates `github.com/docker/cli` from 29.0.3+incompatible to 29.2.0+incompatible - [Commits](https://github.com/docker/cli/compare/v29.0.3...v29.2.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.2.0+incompatible dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * removed deprecated code (#528) * removed deprecated code * removed all supported for v1alpha1 * fix extract for oci files (#529) * fix extract for oci files Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * have extract guard against path traversal Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> --------- Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * improved test coverage (#530) * improved test coverage Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * adjusted mapper_test for oddball oci files Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> --------- Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * adjust extract to handle an image index appropriately (#531) * adjust extract to handle images and image indices appropriately Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * updates for review feedback Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> --------- Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * fix dockerhub default host bug (#534) Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * adjust hauler's kind annotation to not reflect cosign (#535) Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * bump google.golang.org/grpc in the go_modules group across 1 directory (#536) bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). updates `google.golang.org/grpc` from 1.78.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add cherry-pick workflow for release branches (#533) this workflow automates cherry-picking changes from merged pull requests to specified release branches based on comments... it handles permission checks, version parsing, and conflict resolution during the cherry-pick process. Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com> * images.txt testdata file (#539) * fix keep registry logic (#537) * fixed keep registry logic * trim library/ * updated test * test updates * option to sync images.txt files natively (#538) * sync images.txt files * test worklflow sync w image list * images.txt * chunk the haul (#519) * chunk the haul * validate numeric suffix on join * enforce valid chunk size * containerd warning * updated test.go files * bump github.com/go-jose/go-jose/v4 (#542) bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * allow multiple prefix references (#532) * allow multiple prefix references * fixed some duplications * add optional flag for excluding extra artifacts when pulling from a registry (#541) * add optional flag for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> * add optional flag to charts for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> --------- Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com> Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com> Co-authored-by: devLeitner <87783219+devLeitner@users.noreply.github.com> Co-authored-by: devleitner <devleitner@protonmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Camryn Carter <camryn.carter@ranchergovernment.com> Co-authored-by: Adam Martin <adam.martin@ranchergovernment.com>
4.8 KiB
4.8 KiB
Development Guide
This document covers how to build hauler locally and how the project's branching strategy works.
It's intended for contributors making code changes or maintainers managing releases.
Local Build
Prerequisites
- Git - version control of the repository
- Go — check
go.modfor the minimum required version - Make - optional... for common commands used for builds
- Docker - optional... for container image builds
Clone the Repository
git clone https://github.com/hauler-dev/hauler.git
cd hauler
Build the Binary
Using make...
# run this command from the project root
make build
# the compiled binary will be output to a directory structure and you can run it directly...
./dist/hauler_linux_amd64_v1/hauler
./dist/hauler_linux_arm64_v8.0/hauler
./dist/hauler_darwin_amd64_v1/hauler
./dist/hauler_darwin_arm64_v8.0/hauler
./dist/hauler_windows_amd64_v1/hauler.exe
./dist/hauler_windows_arm64_v8.0/hauler.exe
Using go...
# run this command from the project root
go build -o hauler ./cmd/hauler
# the compiled binary will be output to the project root and you can run it directly...
./hauler version
Run Tests
Using make...
make test
Using go...
go test ./...
Useful Tips
- The
--storeflag defaults to./storein the current working directory during local testing, so running./hauler store add ...from the project root is safe and self-contained. Userm -rf storein the working directory to clear. - Set
--log-level debugwhen developing to get verbose output.
Branching Strategy
Hauler uses a main-first, release branch model. All development flows through main and release/x.x branches are maintained for each minor version to support patching older release lines in parallel.
Branch Structure
main ← source of truth, all development targets here
release/1.3 ← 1.3.x patch line
release/1.4 ← 1.4.x patch line
Release tags (v1.4.1, v1.3.2, etc.) are always cut from the corresponding release/X.Y branch, never directly from main.
Where to Target Your Changes
All pull requests should target main by default and maintainers are responsible for cherry picking fixes onto release branches as part of the patch release process.
| Change Type | Target branch |
|---|---|
| New features | main |
| Bug fixes | main |
| Security patches | main (expedited backport to affected branches) |
| Release-specific fix (see below) | release/X.Y directly |
Creating a New Release Branch
When main is ready to ship a new minor version, a release branch is cut:
git checkout main
git pull origin main
git checkout -b release/1.4
git push origin release/1.4
The first release is then tagged from that branch:
git tag v1.4.0
git push origin v1.4.0
Development on main immediately continues toward the next minor.
Backporting a Fix to a Release Branch
When a bug fix merged to main also needs to apply to an active release line, cherry-pick the commit onto the release branch and open a PR targeting it:
git checkout release/1.3
git pull origin release/1.3
git checkout -b backport/fix-description-to-1.3
git cherry-pick <commit-sha>
git push origin backport/fix-description-to-1.3
Open a PR targeting release/1.3 and reference the original PR in the description. If the cherry-pick doesn't apply cleanly, resolve conflicts and note them in the PR.
Fixes That Only Apply to an Older Release Line
Sometimes a bug exists in an older release but the relevant code has been removed or significantly changed in main — making a forward-port unnecessary or nonsensical. In these cases, it's acceptable to open a PR directly against the affected release/X.Y branch.
When doing this, the PR description must explain:
- Which versions are affected
- Why the fix does not apply to
mainor newer release lines (e.g., "this code path was removed in 1.4 when X was refactored")
This keeps the history auditable and prevents future contributors from wondering why the fix never made it forward.
Summary
┌─────────────────────────────────────────► main (next minor)
│
│ cherry-pick / backport PRs
│ ─────────────────────────► release/1.4 (v1.4.0, v1.4.1 ...)
│
│ ─────────────────────────► release/1.3 (v1.3.0, v1.3.1 ...)
│
│ direct fix (older-only bug)
│ ─────────────────────────► release/1.2 (critical fixes only)