Skip to content

chore(main): release gitops-reverser 0.30.0#196

Closed
github-actions[bot] wants to merge 1 commit into
mainfrom
release-please--branches--main--components--gitops-reverser
Closed

chore(main): release gitops-reverser 0.30.0#196
github-actions[bot] wants to merge 1 commit into
mainfrom
release-please--branches--main--components--gitops-reverser

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🤖 I have created a release beep boop

0.30.0 (2026-07-05)

⚠ BREAKING CHANGES

  • bumping crd versions and last edits
  • validating webhook is required (even is audit has been configured).
  • api: the configbutler.ai API group is now served only at v1alpha2; v1alpha1 manifests and clients must be updated to v1alpha2.
  • providerRef no longer accepts a Flux GitRepository (group/kind enum values removed), and the per-Secret insecure_ignore_host_key key is replaced by the --insecure-allow-missing-known-hosts controller flag. See docs/UPGRADING.md for migration steps.
  • Field rename for clarity (please check configuration.md)

Features

  • --author-attribution={true|false} is now allowing you to enable or disable the need for kube-api configuration (at the cost of loosing the real author). (7860294)
  • /readyz now waits for healthy audit ingress and valid pingable Reds connection (c10a4da)
  • Adding valkey to allow experiment with 'persistant' queues (a0a15a5)
  • allow end-user to create explicit commit with specific message (which also ends the automatic commit window). (abd6a48)
  • Allowing commit author and message config (04a592b)
  • api: rename API group version v1alpha1 -> v1alpha2 (a7c4dcd)
  • audit webhooks it is (ff31254)
  • bumping apiservice-audit-proxy and it's all TLS now (9d431c2)
  • bumping crd versions and last edits (4fcffa3)
  • commit signing (5e8ad9c)
  • CommitRequest can be attributed by validating webhook handler since it's an internal command (58dd37a)
  • commitrequest: controller-driven, audit-attributed finalize (C-B2) (cc426d8)
  • commitrequest: eager message attach (stage 4) (d5113a1)
  • commitrequest: resolve-on-push with the pushed SHA (stage 5) (c9093d3)
  • commitrequest: the Rejected outcome with a structured reason (stage 6) (d800fb4)
  • count loc (f819e9a)
  • deduplicated audit ingestion for aggregated API, removes the option to indicate cluster id (35443db)
  • demand driven audit ingestion (only for types that we need) (dbfce5e)
  • Field rename for clarity (please check configuration.md) (9f101b0)
  • first phase for commit batching based on author (e742e8c)
  • immutable gittargets and gitdestinations (167a800)
  • let's get all testing to Kubernetes 1.36 (905ff29)
  • Making big steps in Makefile understanding, but it's still messy (cf93ab5)
  • manifestanalyzer,git: refuse unsupported GitTarget folder content in the writer (6264d5d)
  • metrics overhaul as a step into more observability (1a7cd19)
  • Move gitea setup to Makefile (also allowing to have the repos under the .markers) (ea434fe)
  • prevent nested gittargets (c407fa4)
  • read Flux/Argo credential Secrets; drop Flux GitRepository providerRef (fc7a765)
  • refuse weird files in GitTarget path, but do allow .gittargetignore (1bf3820)
  • rename snapshotTemplate to reconcileTemplate, and default now includes type and last resourceVersion (e26676d)
  • replacing Makefile by Taskfile (bd3b709)
  • require value for GitTarget.Path, since hooking up GitTarget to repo root must be deliberate (39e02a6)
  • reworking metrics to new architecture (b502afe)
  • status: two-axis GitTarget status (Ready + Synced/phase), serviceability roll-up (cea0b35)
  • stream: /scale rides the parent type's stream (DEC-A, stages C-A1+C-A2) (4741e66)
  • support --additionalSensitiveResources (in addition to v1/secrets) (3ae1ebd)
  • support "offical_first" for situations where the offical kube-api audit events arrives slightly before the additional body event. (380dc1e)
  • support claim based commit author attribution (06eaf8c)
  • support flexible manifest placement / editting (d43d268)
  • support for subresources (working kubectl scale deployment) (0f34d50)
  • switching to apiservie-audit-proxy (1843cff)
  • typeset,watch: M12 first slices — type lifecycle events + per-type reconcile/sweep (e3f0bd8)
  • typeset: registry owns discovery grace; catalog shrunk to a per-scan normalizer (6d0dba4)
  • validating webhook is required (even is audit has been configured). (96ec390)
  • watch-first ingestion (28389c9)
  • watch: CommitRequest watermark barrier primitive (C-B1) (781bfd6)
  • watch: diff watch-derived vs audit-derived desired sets (Phase 1 payoff) (c8ba472)
  • watch: parallel watch-state stream behind --watch-state-stream (097230b)
  • watch: surface a refused GitTarget folder as a Blocked stream (5bdc43d)

Bug Fixes

  • allow generated names with a commit request (#155) (ff27eba)
  • Allow GitTarget to respond quickly to changes in the tracked GitFolder (591d310)
  • Always check these things yourself (ce9031d)
  • audit messages that indicate conflict (409) can't end up in Git anymore (should never happen given that they also don't end up in etcd). (ec47c52)
  • better reconcile (f3dcf56)
  • central APIResourceCatalog so that we have one abstraction/cache to which things the current apiserver is serving. (3d6cb62)
  • ci: free runner disk after image loads; diagnose e2e rollout timeouts (#187) (b89432f)
  • ci: pin Trivy platform when scanning release digests (#191) (08d557d)
  • controller: retry Declare on the settle cadence instead of stalling 10m (b4cafce)
  • e2e: deliver image via k3d direct mode, keep retry + pin verification (#186) (31abd14)
  • e2e: gate cluster readiness on healthy API discovery (5b81718)
  • e2e: retry k3d image import when the tools-node tarball race drops the image (#185) (e426206)
  • Failing folder reconcile for core group (group="") resources (212132f)
  • first relevant commit can also include optional files (is now included). (5801b5d)
  • fixing flaky e2e test (83e9f17)
  • gate audit body joins by rule relevance (605964a)
  • Getting all paths right (77ac054)
  • Getting the image insertion at least a little bit straight (ff31576)
  • git: push a window closed by a no-op resync (stage 3) (103ad36)
  • gittarget can just be created without existing gitprovider (don't block, just give a good error). (ee20cfd)
  • green CI — guard anonymous-access nil deref and skip audit webhook TLS for committer-only e2e (1e23e16)
  • Handle deletion 'updates' by checking for terminating and deletionTimestamp (fdf4214)
  • Have working printcolumns (eca9ae8)
  • heal: drain a deferred heal when an atomic finalizes the window; fix drifted comments (23c881b)
  • heal: restore periodic checkpoint healing via a deferred-until-idle heal resync (9a06fe8)
  • ignore subresource audit events (that was hard to debug!) and replaced debug dump mechanism (#153) (23a2d65)
  • improve and test GitTarget isolation behaviour (0787b1b)
  • Kind and docker outside docker (e94be0c)
  • Let's get the linter happy again (ce18453)
  • Linting errors in Makefile (05faf7c)
  • materialization: retry a failed Declare-time initial backfill (af6c5b8)
  • Mistake in Makefile syntax (2a8820a)
  • Now we can really uninstall, also multiple if that would already be supported (241bb13)
  • One edgecase where a secret is deleted (is now recreated) (3a3f139)
  • prevent PrepareBranch call for cold cases (f760c36)
  • prevent race in creating gitea org (ddbcbb3)
  • Preventing reconcile code from ignoring ns boundary (d3b0ecf)
  • preventing warning on k3d creation DoD style (30a8208)
  • race condition in HelmRelease causing unstable e2e tests (03b95ab)
  • readds support for wildcards (8e1b3ab)
  • Really patch the status so that the test makes sense (bbad230)
  • reconicle fail on restart and wildcard (26511a9)
  • resolving a flaky unit test (04715a2)
  • showing spec.message at commitrequests (54225eb)
  • Some tweaks to cleaning existing installs, and moving to a seperate file (22e960e)
  • The order in which the dependencies is (perhaps to?) important (a38102a)
  • This should remove the timing mistake in the e2e setup (74d25af)
  • timing issues when adding a new WatchRule in e2e: simplifying the ingestion resolves this (a688620)
  • upgrade to latest a apiservice-audit-proxy should resolve our non 0 shallow events, also included tests to verify that we don't misread deletecollection events as shallow (903d792)
  • wainting for the right status to return (cc701d6)
  • watch for changes in dependent resources (8c9aeb8), closes #145
  • watch: only backfill-reconcile a type on its first TypeSynced (8f2ad84)
  • WatchRule leaking resources from other namespaces in live event stream (1676a42)

Performance Improvements

  • build: cache Go build + module dirs in Dockerfile builder (#194) (55ed662)

Documentation

  • Adding and removing ai stuff (4d0ac12)
  • adding architectural overview (e932402)
  • adding DAG overview of tasks (#177) (f7a8b6a)
  • adding designs with use cases (31b7857)
  • adding skills and working on status design (e55b63a)
  • Adjusting docs to how it all works now (f8c7796)
  • and simpler (c27f7ab)
  • And the last claude additions for today (76191b3)
  • architecture tweaks and cleaning docs (f9aca70)
  • capture contextual-namespace + SOPS single-file decisions, add folder fixtures (1bd8af7)
  • cleaning and moving to finished (bb79343)
  • cleaning branch work (d07233a)
  • cleaning up and more clarity (51396a2)
  • Cleaning up docs (96b249d)
  • cleaning up old docs (791d2f9)
  • continue designing for this approach (27ba3db)
  • continue docs clean-up, and other small things from review (80c380c)
  • created new plan, and hopefully found why the tests are so flaky (9e610e6)
  • desiging the next phase (c2d3ce8)
  • designing gittargetignore (19ffc7e)
  • document learnings, and some tests to see how this behaves (64a0c19)
  • fighting over abstractions, and what the exact value is of certain parts (f9227fc)
  • final review on architecture.md (046b538)
  • first design (7d60c22)
  • getting all design docs together so that we can cleanup (17339c0)
  • getting audit ingestion (63de7d8)
  • getting better (7bd1f32)
  • getting claude to review it again, with some questioning of my own (e133724)
  • getting codex feedback (a42145c)
  • getting docs in and small fixes and tests (160640a)
  • getting docs in line and reporting on current findings (76929d8)
  • getting more details in the plan (135820b)
  • getting more whys into the architecture document (5762a4a)
  • Getting next steps in (ac12d25)
  • getting started hints for aggregated API usage (7d86434)
  • getting the plan ready for execution (6eb3787)
  • Improving docs (dc411c6)
  • Improving quick-start quality by moving to helm (cf25552)
  • initial docs (also some findings from preps for Cozysummit) (fbbfcec)
  • investing in good designs is worth it I guess (4cb5f45)
  • let clean it up a little bit for now (026443a)
  • Let's get an elaborate description of the e2e tests (9091712)
  • Let's just commit it then (401d194)
  • materialization: correct the stale watch-first sync comment; scope Slice D (c3e6122)
  • More details in the document (1b51f1c)
  • moving architecture along with the rewrite (6e1193a)
  • Phase 2.5 status + Monday resume plan (3-agent CI green once; stability TBD) (b285ac5)
  • planning and designing for new features (856beee)
  • planning the implementation (d6e174b)
  • reconcile residual-flake findings across the stream design docs (90a1e7e)
  • record Phase 2.5 implementation status and measured impact (dba83ac)
  • reorder readme steps for devcontainer (#178) (7856f69)
  • reworking docs and tuning the new CRD (8ebceaf)
  • second design (2146289)
  • some claude (5315440)
  • the plan is ambitious now I would say (24457fb)
  • typeset-grace: pin the exact typeset surface, consumers, and per-stage interface delta (8e45ff8)
  • Working on plans (7bb77bb)
  • working on refining the design of this new pipeline (7b15e2d)
  • working on vision docs (394d8bf)

This PR was generated with Release Please. See documentation.

@codecov

codecov Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

sunib added a commit that referenced this pull request Jul 6, 2026
release-please lost its last-release baseline after the failed 0.29.1
release was manually deleted: with the 0.29.1 GitHub release gone (its tag
still present, but no release), release-please walked back to ~v0.27.1 and
opened a release PR (#196) proposing 0.30.0 that re-lists 168 already-shipped
commits and re-declares breaking changes released back in v0.28.0.

Pin last-release-sha to the v0.29.2 release commit
(7a53779) so release-please only considers
commits after 0.29.2. main is currently exactly at that commit (0 commits
after), so on the next run release-please will find nothing to release and
close/empty #196. Future releases then bump correctly from 0.29.2.

Non-bumping (chore) so this change does not itself trigger a release. The pin
can be removed after the next clean release once the tag chain is trusted
again.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sunib

sunib commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Closing: this proposes a bogus 0.30.0 that re-lists 168 already-shipped commits (breaking changes released back in v0.28.0) because release-please lost its baseline after the deleted 0.29.1 release. Fixed by #197 (pinned last-release-sha to the v0.29.2 commit). The next release PR — generated once real new commits land (e.g. #198) — will bump correctly from 0.29.2 with only new changes.

@sunib sunib closed this Jul 6, 2026
@sunib sunib deleted the release-please--branches--main--components--gitops-reverser branch July 6, 2026 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] GitTarget and ClusterWatchRule don't react to referenced dependencies appearing; up to 2-min lag on first install

1 participant