chore(deps): update dependency aquaproj/aqua to v2

[mend-for-jackfan.us.kg]

This PR contains the following updates:

Package	Update	Change
aquaproj/aqua	major	v1.32.0 -> v2.9.0

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

aquaproj/aqua

v2.9.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.8.0...v2.9.0

Features

#​2058 #​2063 Support disabling Lazy Install
#​2027 #​2062 Add -detail option to "generate" command

Support disabling Lazy Install

#​2058 #​2063

Lazy Install is enabled by default, but you can disable it with the environment variable AQUA_DISABLE_LAZY_INSTALL.

e.g.

export AQUA_DISABLE_LAZY_INSTALL=true

If Lazy Install is disabled, the command would fail if the package isn't installed in advance.

e.g.

$ tfcmt -v
FATA[0000] aqua failed                                   aqua_version= doc="https://aquaproj.github.io/docs/reference/codes/006" env=darwin/arm64 error="the executable file isn't installed yet. Lazy Install is disabled" exe_name=tfcmt package=suzuki-shunsuke/tfcmt package_version=v1.0.0 program=aqua

Disabling Lazy Install is useful to improve the security and keep the governance. You can prevent malicious commands from being installed and executed via Lazy Install. And you can also prevent aqua.yaml from being overwritten.

This is especially useful for CI of Monorepo.

The purpose is same with aqua's Policy, but disabling Lazy Install is simpler than Policy.

Add -detail option to "generate" command

#​2027 #​2062

With -detail (-d) option, aqua outputs additional information such as description and link.

$ aqua g -detail cli/cli
- name: cli/[email protected]
  description: GitHub’s official command line tool
  link: https://github.com/cli/cli

The environment variable AQUA_GENERATE_WITH_DETAIL is also available.

export AQUA_GENERATE_WITH_DETAIL=true

Others

#​2046 Update Go 1.20.4 to 1.20.5

v2.8.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.7.1...v2.8.0

Features

#​2016 #​2019 Support a new package type cargo, installing packages by cargo install
#​2023 Support a new command root-dir, outputting the aqua-root directory AQUA_ROOT_DIR to the standard output

Support a new package type cargo

#​2016 #​2019 Document

The package is installed by cargo install command.

You can manage tools written in Rust with aqua, which means you can manage them and their versions declaratively in the consistent way. You can switch tool versions per project and update them continuously by Renovate!

For details, please see Document

Support a new command root-dir

#​2023

$ aqua help root-dir
NAME:
   aqua root-dir - Output the aqua root directory (AQUA_ROOT_DIR)

USAGE:
   aqua root-dir [command options] [arguments...]

DESCRIPTION:
   Output the aqua root directory (AQUA_ROOT_DIR)
   e.g.

   $ aqua root-dir
   /home/foo/.local/share/aquaproj-aqua

   $ export "PATH=$(aqua root-dir)/bin:PATH"

OPTIONS:
   --help, -h  show help

v2.7.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.7.0...v2.7.1

Bug Fixes

#​2003 #​2006 Fix a bug that the progress bar doesn't work well if some verification such as checksum, SLSA, and Cosign are enabled
#​2013 #​2015 Convert files[].src with filepath.FromSlash for Windows

Others

#​2014 Support the character tab as a separator of the default checksum parser

v2.7.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.6.0...v2.7.0

Features

#​1803 #​2002 Support unarchiving PKG format on macOS

Others

#​1996 Update slsa-verifier to v2.3.0
#​1997 #​2001 Refactoring

v2.6.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.5.2...v2.6.0

Features

#​1984 generate-registry: Enable to parse tags not conforming to semver

If you don't develop Registry or don't contribute to Standard Registry, you can ignore this release.

generate-registry command couldn't parse tags not conforming to semver.
This release enables aqua to parse those tags and extract prefixes and versions.

For example, this release enables aqua to parse the tag version_112 and extracts the prefix version_ and the version 112.

v2.5.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.5.1...v2.5.2

Fixes

#​1983 generate-registry: Use the default checksum parser

v2.5.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.5.0...v2.5.1

Fixes

#​1979 generate-registry: Add unknown-linux and pc-windows to patterns of replacements
#​1872 #​1976 Move the symbolic link of aqua-proxy from $AQUA_ROOT_DIR/bin/aqua-proxy to $AQUA_ROOT_DIR/aqua-proxy

v2.5.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.3...v2.5.0

Features

#​1925 #​1926 Execute commands by execve(2) by default

https://aquaproj.github.io/docs/reference/execve-2

#​710 #​729 #​1597 #​1925

⚠️ In Windows this feature doesn't work.
In Windows, aqua creates small shell scripts and bat scripts instead of aqua-proxy and symbolic links.
And Windows doesn't support execve(2), so the environment variable AQUA_X_SYS_EXEC is ignored.

When a command x is executed via aqua, the command is executed as the following.

1. $AQUA_ROOT_DIR/bin/x: symbolic link to aqua-proxy
2. aqua-proxy executes the command aqua exec -- x
3. aqua executes x

So the command x is executed via aqua-proxy and aqua.
Until aqua v2.5.0, aqua-proxy and aqua executed commands as subprocess. You can confirm it by checking the process tree by pstree command.

e.g.

$ nvim # nvim is managed by aqua
$ pstree -s nvim

     \-+= 00719 shunsukesuzuki -zsh
       \-+= 09955 shunsukesuzuki nvim # aqua-proxy
         \-+- 09956 shunsukesuzuki aqua exec -- nvim
           \--- 09957 shunsukesuzuki /Users/shunsukesuzuki/.local/share/aquaproj-aqua/pkgs/github_release/github.com/neovim/neovim/v0.7.0/nvim-macos.tar.gz/nvim-osx64/bin/nvim

aqua-proxy -> aqua -> x

Sometimes this behaviour caused trouble. #​710 #​1597

From aqua v2.5.0, aqua-proxy and aqua execute commands by execve(2) in Linux and macOS by default.

So extra subprocess isn't raised.

     \-+= 82315 shunsukesuzuki -zsh
       \-+= 82630 shunsukesuzuki nvim

If you feel aqua becomes unstable due to this feature, you can disable this feature by the environment variable AQUA_X_SYS_EXEC.

export AQUA_X_SYS_EXEC=false

Others

#​1926 Update aqua-proxy to v1.2.0
#​1964 Improve error messages when it failed to install aqua-proxy, cosign, and slsa-verifier

v2.4.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.2...v2.4.3

Bug Fixes

#​1961 #​1963 Fix the hardcoded checksum of slsa-verifier windows/amd64

The checksum of slsa-verifier v2.2.0 windows/amd64 was wrong.
So it failed to install slsa-verifier internally.

This bug affects only windows/amd64.

This bug affects aqua >= 2.3.7, aqua <= 2.4.2

• https://github.com/aquaproj/aqua/issues/1961#issuecomment-1536897000

v2.4.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.1...v2.4.2

Bug Fixes

#​1956 #​1957 checksum verification: Fix a bug the default checksum parser can't extract the checksum if the checksum has a prefix "*"

If you don't enable the checksum verification, you can ignore this bug.

⚠️ For aqua-registry v4

If you enable the checksum verification and use aqua-registry v4, please update aqua to v2.4.2 or later.

v2.4.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.0...v2.4.1

Features

#​1947 generate-registry: Remove emojis from description @​ponkio-o 🎉 First contribution

v2.4.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.7...v2.4.0

Fixes

#​1904 #​1919 List a package contents if the executable file isn't found in Windows

##### aqua -c aqua-global.yaml exec -- kustomize version
ERRO[0000] check file_src is correct                     aqua_version= env=windows/amd64 error="check file_src is correct: get file_src: CreateFile C:\\Users\\runneradmin\\AppData\\Local\\aquaproj-aqua\\pkgs\\github_release\\github.com\\kubernetes-sigs\\kustomize\\kustomize\\v4.5.7\\kustomize_v4.5.7_windows_amd64.tar.gz\\hoge: The system cannot find the file specified." exe_name=kustomize file_name=kustomize package=kubernetes-sigs/kustomize/version_prefix package_name=kubernetes-sigs/kustomize/version_prefix package_version=kustomize/v4.5.7 program=aqua registry=local
ERRO[0000] executable files aren't found
Files in the unarchived package:
kustomize.exe
   aqua_version= env=windows/amd64 exe_name=kustomize package=kubernetes-sigs/kustomize/version_prefix package_name=kubernetes-sigs/kustomize/version_prefix package_version=kustomize/v4.5.7 program=aqua registry=local
FATA[0000] aqua failed                                   aqua_version= env=windows/amd64 error="check file_src is correct" exe_name=kustomize package=kubernetes-sigs/kustomize/version_prefix package_version=kustomize/v4.5.7 program=aqua

Others

#​1914 generate-registry: Use the default checksum parser

⚠️ Default checksum parser requires aqua >= v1.37.0

v2.3.7

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.6...v2.3.7

Fixes

#​1905 Retry slsa-verifier and cosign regardless command outputs

Others

#​1912 update slsa-verifier v2.1.0 to v2.2.0
#​1910 Update google/go-github v51 to v52

v2.3.6

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.5...v2.3.6

Bug Fixes

#​1889 #​1890 Fix a bug that the log is outputted to not stderr but stdout on Windows

Thank you for reporting this issue, @​knqyf263 https://github.com/aquasecurity/trivy/pull/4058#issuecomment-1511250055

v2.3.5

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.4...v2.3.5

Fixes

#​1883 Change the function semver to return false against commit hash

e.g.

version_constraint

version_constraint: semver(">= 4.0.1")

version: a209843d8ea9db383ce1a1976e43c8e95f831c61

The evaluation result:

• AS IS: true
• TO BE: false

v2.3.4

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.3...v2.3.4

Bug Fixes

#​1875 Fix a panic fatal error: concurrent map writes

v2.3.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.2...v2.3.3

Others

#​1873 Change the install path of aqua and aqua-proxy

This is an internal change, so you don't have to care of this basically.

aqua and aqua-proxy are installed in $AQUA_ROOT_DIR/internal instead of $AQUA_ROOT_DIR/pkgs.
By this change aqua and aqua-proxy are kept even if you remove $AQUA_ROOT_DIR/pkgs for cleaning up.

#​1868 Update JSONSchema

v2.3.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.1...v2.3.2

Bug Fixes

#​1864 Fix the bug that it fails to install a package if a version_constraint can't be evaluated

WARN[0000] version constraint is invalid                 aqua_version=2.3.1 env=darwin/arm64 error="evaluate the expression: Malformed version: edge (1:1)\n | semver(\">= 0.0.6\")\n | ^" exe_name=starship package_name=mvisonneau/vac program=aqua registry_name=local

From this release, if a version_constraint can't be evaluated, aqua treats as the version doesn't match with the version_constraint.

#​1863 generate-registry: Fix typo of the file format .tbz2

v2.3.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.0...v2.3.1

Bug Fixes

#​1844 Fix a bug that aqua i -a and aqua cp -a don't read policy files properly

This bug was caused by aqua v2.3.0.

This bug affected the following versions.

• aqua v2.3.0

v2.3.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.2.3...v2.3.0

Features

#​1789 #​1808 Support policy commands and Git Repository root's Policy file

💡 If you use only Standard Registry, you don't have to care of Policy.

The following commands have been added.

• aqua policy init: Create a Policy file
• aqua policy allow: Allow a Policy file
• aqua policy deny: Deny a Policy file

And Git Repository root's Policy file has been introduced.

Please see the document too.

See also

• Tutorial
• Reference
• Reference - Git Repository root's policy file and policy commands

Why is this feature needed?

To improve the user experience of non Standard Registries.
To set up Policy easily keeping the security.

To use non Standard Registries, you had to set the environment variable AQUA_POLICY_CONFIG.
But it is bothersome, especially in the team development because all members have to set the environment variable AQUA_POLICY_CONFIG.
Some tools such as direnv are useful to set environment variables, but it is undesirable to ask users to install additional tools for aqua.

By policy commands and Git Repository root's Policy file, you don't have to set the environment variable AQUA_POLICY_CONFIG.
Instead of setting AQUA_POLICY_CONFIG, you can allow Policy files by running aqua policy allow command according to the guide.
This change improves the user experience keeping the security.

v2.2.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.2.2...v2.2.3

Others

#​1818 #​1840 Add a link to the document "command is not found"

https://aquaproj.github.io/docs/reference/codes/004

$ ci-info --version
FATA[0000] aqua failed                                   aqua_version=2.2.3 doc="https://aquaproj.github.io/docs/reference/codes/004" env=linux/arm64 error="command is not found" exe_name=ci-info program=aqua

v2.2.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.2.1...v2.2.2

Bug Fixes

#​1813 Fix a bug that aqua.yaml in the directory \.?aqua isn't read on Windows

Others

#​1822 Update Go 1.20.2 to 1.20.3

v2.2.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.2.0...v2.2.1

Others

#​1809 Fix aqua's Go Module Path. We forgot to fix Go Module Path when we released aqua v2.
#​1801 #​1806 Remove code regarding go type package. We abandoned go type package since aqua v2

v2.2.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.1.0...v2.2.0

Features

#​1706 #​1798 Support Apple Disk Image (.dmg) format @​u-yas

aqua has supported installing tools from Apple Disk Image.

hdiutil is required.

Fixes

#​1794 #​1795 Fix a bug that a checksum file content isn't outputted even if the checksum isn't found in the checksum file

v2.1.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.0.0...v2.1.0

Features

#​1790 #​1791 Support disabling Policy by environment variable AQUA_DISABLE_POLICY

$ export AQUA_DISABLE_POLICY=true

If the environment variable AQUA_DISABLE_POLICY is true, AQUA_POLICY_CONFIG is ignored and Policy is disabled, which means every Registry and Package are available.

About Policy, please see the following documents too.

• https://aquaproj.github.io/docs/reference/upgrade-guide/v2/only-standard-registry-is-allowed-by-default/
• https://aquaproj.github.io/docs/reference/security/policy-as-code/

Why this feature is needed

This feature is introduced to enable users using non Standard Registries to upgrade aqua to v2 easily.

⚠️ We don't recommend this feature

We don't recommend this feature basically because Policy is important in terms of security.
You shouldn't use this feature in CI.

v2.0.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.38.0...v2.0.0

🎉 aqua v2 has been released 🎉

⚠️ This release is a major update and includes several breaking changes. ⚠️

Please see the document.

v1.38.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.37.2...v1.38.0

Features

#​1781 #​1783 Support configuring require_checksum by the environment variable

export AQUA_REQUIRE_CHECKSUM=true # false

If require_checksum is configured in a configuration file, the environment variable is ignored.
If checksum isn't enabled in a configuration file, the environment variable is ignored.

Why is the feature needed?

To combine security and convenience.
In CI we would like to enable require_checksum for security.
On the other hand, we don't want to enable require_checksum in your laptops for convenience.
If require_checksum is enabled, you have to run aqua update-checksum when you change the package version.
Otherwise, it fails to run the package. This is a bad experience.

v1.37.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.37.1...v1.37.2

Fixes

#​1777 init, init-policy: remove broken links

aqua.yaml and aqua-policy.yaml generated by aqua init and aqua init-policy commands contained broken links.
So we removed them.

v1.37.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.37.0...v1.37.1

Bug Fixes

#​1771 #​1772 Fixed a bug that update-checksum --deep command fails if go_install package is used

v1.37.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.36.1...v1.37.0

Features

#​1762 Support default checksum parser

aqua supported two checksum file format raw and regexp and the file format is mandatory.
This pull request supports a default file format and the file format becomes optional.

If a checksum file contains only one line and doesn't contain a space , a file content is treated as checksum.

e.g.

0549CBAA2DF451CF3A2011A9D73A9CB127784D26749D9CD14C9F4818AF104D44

Each line is split by a space .
The first element is treated as a checksum
The second element is treated as a file path, and the base name is treated as the asset name.

e.g.

944fdfebfdf1026d318609cc706bad454196f0b1d76e557b56c829b0e6165a9f  ./kapp-linux-arm64
9aaa735985efbe240af0ca1d80adf3b43be6cf4ec6620a053082e31bea25dae7  ./kapp-linux-amd64
dcbf6dd9b4cecfc6316391029a6e9a5f3863e6a1f7848eb5fb78bfdbdc06faf8  ./kapp-darwin-amd64
e802044c2676455464675e290ea5b5eed7da9741eae1260af8d8d15355495db3  ./kapp-windows-amd64.exe
f059d708fc550c516d1f04ee4c82efd8bc346c480156c03a3445825c73d827a6  ./kapp-darwin-arm64

Why this feature is needed

This feature works well flexibly and we don't have to fix checksum configuration when the checksum file format is changed.
We don't have to write complicated regular expressions.
This feature improves the maintainability of checksum configuration.

Others

#​1764 Update Go from v1.20.1 to v1.20.2

v1.36.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.36.0...v1.36.1

Bug Fixes

#​1742 #​1752 install: install command succeeded unexpectedly even if unknown packages are included

This bug was caused by aquaproj/aqua@40154d3 v1.19.5 (2022-10-01).

#​1746 #​1757 Clear unrelated fields if package type is changed by overrides or version_overrides

Others

#​1718 #​1721 #​1755 #​1756 Use slsa-verifier as CLI instead of Go library to separate slsa-verifier from aqua itself
#​1753 update google/go-github from v45 to v50

Use slsa-verifier as CLI instead of Go library to separate slsa-verifier from aqua itself

#​1718 #​1721

From aqua v1.26.0, aqua has supported verifing packages by slsa-verifier. aqua used slsa-verifier as a Go library, but then some issues occured because slsa-verifier is so large.

• aqua binary becomes so large 5 MB => 15 MB
• It takes a long time to build aqua
• #​1717 Renovate fails to run go mod tidy and go get

Especially, #​1717 was critical.

To solve these issues, we decided to use slsa-verifer as CLI instead of Go library.

v1.36.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.35.0...v1.36.0

Features

#​1668 #​1710 Show files in a package if an executable file isn't found
#​1704 #​1705 Output HTTP status code when it fails to install a http package

Show files in a package if an executable file isn't found

#​1668 #​1710

e.g.

$ aqua i --test
ERRO[0000] check file_src is correct                     aqua_version= env=darwin/arm64 error="check file_src is correct: exe_path isn't found: stat /Users/shunsukesuzuki/.local/share/aquaproj-aqua/pkgs/github_release/github.com/Azure/aks-engine/v0.76.0/aks-engine-v0.76.0-darwin-amd64.tar.gz/aks-engine: no such file or directory" file_name=aks-engine package_name=Azure/aks-engine package_version=v0.76.0 program=aqua registry=standard
ERRO[0000] executable files aren't found
Files in the unarchived package:
aks-engine-v0.76.0-darwin-amd64/aks-engine
   aqua_version= env=darwin/arm64 package_name=Azure/aks-engine package_version=v0.76.0 program=aqua registry=standard
ERRO[0000] install the package                           aqua_version= env=darwin/arm64 error="check file_src is correct" package_name=Azure/aks-engine package_version=v0.76.0 program=aqua registry=standard
FATA[0000] aqua failed                                   aqua_version= env=darwin/arm64 error="it failed to install some packages" program=aqua

v1.35.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.34.2...v1.35.0

Features

#​1692 #​1699 Output the content of a checksum file when it fails to parse a checksum file
#​1684 #​1687 Support outputting error messages when a package is installed
#​1693 #​1695 Add a field no_asset to package configuration for returing an error because there is no asset

Output the content of a checksum file when it fails to parse a checksum file

#​1692 #​1699

This is useful to fix the package's checksum configuration.

e.g.

ERRO[0005] Checksum isn't found in a checksum file. Checksum file content:
237db2e5a4fa7525362c012e94c8a76b36a73d138ac7950cc1c07d862a7cc74a  github-comment_5.0.3_windows_amd64.tar.gz
48e49e0b5f1b3af4b5be13b7031bfb38d856259f09f3582e4f67bcae4b357429  github-comment_5.0.3_linux_arm64.tar.gz
58a32e01623ea00fc3650ffb149f724d3e76a06b2aa5237bb128da138ee79359  github-comment_5.0.3_linux_amd64.tar.gz
621a03cd09ee7eb57d9a00cdfb8c2fe70232b64db070c74122df5a0d7f26ae02  github-comment_5.0.3_darwin_arm64.tar.gz
b893acb1bef079724017590a115bc1447208ea92b0c1fdf8563c6dfc1ef19ff0  github-comment_5.0.3_darwin_amd64.tar.gz
c1a3e184957850e333e24ee437a14b55c8ea78d2e190be71c0f72b0eac0e09d7  github-comment_5.0.3_windows_arm64.tar.gz  aqua_version= checksum_file_format=regexp checksum_pattern_checksum="^(\\b[A-Fa-f0-9]{128}\\b)" checksum_pattern_file="^\\b[A-Fa-f0-9]{128}\\b\\s+(\\S+)$" env=darwin/arm64 exe_name=github-comment exe_path=/Users/shunsukesuzuki/.local/share/aquaproj-aqua/pkgs/github_release/github.com/suzuki-shunsuke/github-comment/v5.0.3/github-comment_5.0.3_darwin_arm64.tar.gz/github-comment package=suzuki-shunsuke/github-comment package_name=suzuki-shunsuke/github-comment package_version=v5.0.3 program=aqua registry=standard

Support outputting error messages when a package is installed

#​1684 #​1687

e.g.

registry.yaml

packages:
  - type: github_release
    repo_owner: grafana
    repo_name: xk6
    version_constraint: semver("< 0.9.0")
    version_overrides:
      - version_constraint: semver(">= 0.9.0")
        error_message: |
          From version xk6 v0.9.0 there are no more binaries published.

          https://github.com/grafana/xk6/issues/60

$ xk6 --help                   
ERRO[0000] failed to install a package grafana/xk6@​v0.9.0. From version xk6 v0.9.0 there are no more binaries published.

https://github.com/grafana/xk6/issues/60  aqua_version= env=darwin/arm64 exe_name=xk6 exe_path=/Users/shunsukesuzuki/.local/share/aquaproj-aqua/pkgs/github_release/github.com/grafana/xk6/v0.9.0/xk6_0.9.0_mac_arm64.tar.gz/xk6 package=grafana/xk6 package_name=grafana/xk6 package_version=v0.9.0 program=aqua registry=standard
FATA[0000] aqua failed                                   aqua_version= env=darwin/arm64 error= exe_name=xk6 package=grafana/xk6 package_version=v0.9.0 program=aqua

Add a field no_asset to package configuration for returing an error because there is no asset

#​1693 #​1695

e.g.

registry.yaml

packages:
  - type: github_release
    repo_owner: grafana
    repo_name: xk6
    version_constraint: semver("< 0.9.0")
    version_overrides:
      - version_constraint: semver(">= 0.9.0")
      	no_asset: true

$ xk6 --help                   
ERRO[0000] failed to install a package grafana/xk6@​v0.9.0. No asset is released in this version  aqua_version= env=darwin/arm64 exe_name=xk6 exe_path=/Users/shunsukesuzuki/.local/share/aquaproj-aqua/pkgs/github_release/github.com/grafana/xk6/v0.9.0/xk6_0.9.0_mac_arm64.tar.gz/xk6 package=grafana/xk6 package_name=grafana/xk6 package_version=v0.9.0 program=aqua registry=standard
FATA[0000] aqua failed                                   aqua_version= env=darwin/arm64 error= exe_name=xk6 package=grafana/xk6 package_version=v0.9.0 program=aqua

Fixes

#​1700 #​1701 Remove exe_path from log

exe_path isn't helpful in many cases. exe_path is long, so this is a bit noisy.

v1.34.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.34.1...v1.34.2

Bug Fixes

#​1682 #​1685 generate-registry: Fix --deep option to handle GitHub Releases not conforming to semantic versioning

v1.34.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.34.0...v1.34.1

Bug Fixes

#​1092 #​1675 #​1677 #​1678 generate-registry: Refactoring and fix some bugs

v1.34.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.33.0...v1.34.0

Features

#​1655 #​1662 generate-registry: Support generating version_overrides and testdata

https://aquaproj.github.io/docs/reference/scaffold-registry/#generate-version_overrides-by---deep-option

Add command line options --deep and --out-testdata to aqua gr command.

• --deep: Generate version_overrides
• --out-testdata: Output testdata to a file

⚠️ --deep option calls GitHub API per GitHub Release. So if there are a lot of GitHub Releases, many GitHub API are called and GitHub API rate limiting may occur.

Fixes

#​1639 generate-registry: Support md5 and sha1
#​1640 generate-registry: Fix checksum asset names
#​1611 Use the default configuration if the package version doesn't match any version_constraint

Others

#​1638 generate-registry: Refactoring

v1.33.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.32.3...v1.33.0

Features

#​1595 #​1615 #​1626 Support keeping configuration files in one directory

https://aquaproj.github.io/docs/tutorial-extras/keep-in-one-dir

aqua has several configuration files such as aqua.yaml, aqua-checksums.json, policy file, and imported files.

e.g.

aqua.yaml
aqua-checksums.json
aqua-policy.yaml # You can rename freely
aqua/ # You can rename freely
  terraform.yaml
  ...

From aqua v1.33.0, aqua supports keeping configuration files in one directory.

e.g.

aqua/ # or .aqua
  aqua.yaml
  aqua-checksums.json
  policy.yaml # You can rename freely
  imports/ # You can rename freely
    terraform.yaml
    ...

This is useful to keep the working directory clean.

How to migrate

• Update aqua to v1.33.0 or later
• Update update-checksum-action to v0.2.0 or later
• Update update-checksum-workflow to v0.1.1 or later
• Move files
  • aqua.yaml => aqua/aqua.yaml
  • aqua-checksums.json => aqua/aqua-checksums.json
  • aqua-policy.yaml => aqua/policy.yaml # rename freely
  • imported files => aqua/imports/*.yaml # change the filename freely
• Fix AQUA_POLICY_CONFIG
• Fix GitHub Actions Path filters
• Fix aqua-renovate-config's file preset argument

v1.32.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.32.2...v1.32.3

Bug Fixes

#​1610 fix a bug Registry's checksums are compared without normalization

This bug occurs when a Registry is installed and the Registry's checksum in aqua-checksums.json is uppercase,
because the calculated checksum is lowercase.

This bug raised by https://github.com/aquaproj/aqua/releases/tag/v1.32.2 , because the release made checksums uppercase.

e.g.

time="2023-02-02T01:22:11Z" level=error msg="install the registry" actual_checksum=603942e90f42411891411460a1ff5ceac0e9ae9233cc828b7cab5d8bedd76d90bbe5476e6744c50de6827869da2641562990fe649dd5f872cb98397b2e2c30e6 aqua_version=1.32.2 env=linux/amd64 error="check a registry's checksum: checksum is invalid" expected_checksum=603942E90F42411891411460A1FF5CEAC0E9AE9233CC828B7CAB5D8BEDD76D90BBE5476E6744C50DE6827869DA2641562990FE649DD5F872CB98397B2E2C30E6 program=aqua registry_name=standard

v1.32.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.32.1...v1.32.2

Bug Fixes

#​1599 #​1600 Skip setting checksum if the key already exists

Fixes

#​1601 Normalize checksum when a newly added

v1.32.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v1.32.0...v1.32.1

Fixes

#​1585 #​1588 Retry slsa-verifier when slsa-verifier failed due to timeout

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box