Skip to content

Commit

Permalink
Add blog post about v0.14.0 release
Browse files Browse the repository at this point in the history
  • Loading branch information
@SaschaSchwarze0
SaschaSchwarze0 committed Nov 10, 2024
1 parent 0ab1bae commit 1191fc1
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 0 deletions.
103 changes: 103 additions & 0 deletions content/en/blog/posts/2024-11-15-release-v0.14.0.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
---
title: "Shipwright v0.14.0 Is Here"
date: 2024-11-15T12:00:01-04:00
draft: false
author: "Sascha Schwarze ([@SaschaSchwarze0](https://github.com/SaschaSchwarze0))"
---

We are happy to announce the v0.14.0 release of Shipwright. This is our first release since we have joined the [Cloud Native Computing Foundation (CNCF)](https://www.cncf.io/projects/shipwright/).

In this release, we have put together some nice features:

## Features

### Vulnerability Scanning

Keeping your environments secure is key these days. For container images, scanning them is widely adopted. Shipwright now performs a shift left of those scans by incorporating image scanning into the image build itself. We'll ensure that a vulnerable image never makes it into your container registry (though, you'd still have to re-scan it regularly to determine when it becomes vulnerable). This is a great safeguard for example against base images you consume in your Dockerfile that suddenly is not updated anymore.

You can read more about it in the separate blog post [Building Secure Container images with Shipwright](2024-07-15-vulnerability-scanning.md).

### Parameters in the CLI

The Shipwright CLI finally received the first support for [build parameters](../../docs/build/build.md#defining-paramvalues). You can use the `--param-value` argument to provide values for strategy parameters such as the Go version and Go flags in our [ko sample build strategy](https://github.com/shipwright-io/build/blob/v0.14.0/samples/v1beta1/buildstrategy/ko/buildstrategy_ko_cr.yaml#L8-L13) like this: `shp build create my-app --param-value go-version=1.23 --param-value go-flags=-mod=vendor`.

### The smaller but still nice things

Often the small changes are what help you, here are some:

* If a step in your BuildRun goes out of memory, then it is now easier to determine that as the BuildRun status will have `StepOutOfMemory` as reason.
* A [new sample build strategy](https://github.com/shipwright-io/build/blob/v0.14.0/samples/v1beta1/buildstrategy/multiarch-native-buildah/buildstrategy_multiarch_native_buildah_cr.yaml) has been added which orchestrates a multi-arch build using Kubernetes Jobs. See TODO link to doc for more information.
* We started to implement node selection properties on Builds with [node selectory support](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). Tolerations will come in v0.15.
* As usual, we have done our due diligence. DependaBot helped us to keep our dependencies secure. We are now building with Go 1.22. Kubernetes and Tekton dependencies have been updated. We are also in the process of establishing automation across our repositories that gives us a GitHub issue once our latest release becomes vulnerable. You'll probably see more patch releases in the future where we keep our release free of vulnerabilities.

## Installing Shipwright

### Build

1. Install Tekton v0.65.1:

```bash
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.1/release.yaml
```

2. Install v0.14.0 using the release YAML manifest:

```bash
kubectl apply --filename https://github.com/shipwright-io/build/releases/download/v0.14.0/release.yaml --server-side

curl --silent --location https://raw.githubusercontent.com/shipwright-io/build/v0.14.0/hack/setup-webhook-cert.sh | bash
```

3. (Optionally) Install the sample build strategies using the YAML manifest:

```bash
kubectl apply --filename https://github.com/shipwright-io/build/releases/download/v0.14.0/sample-strategies.yaml --server-side
```

If you are a long-standing Shipwright user that started to use us on our Alpha API (before v0.13.0), then we recommend you to run a storage version migration. It will update the stored version of all Shipwright resources in your cluster to the Beta API omitting unnecessary invocations of our conversion webhook.

```bash
curl --silent --location https://raw.githubusercontent.com/shipwright-io/build/v0.14.0/hack/storage-version-migration.sh | bash
```

### CLI

#### Windows

```sh
curl --silent --fail --location https://github.com/shipwright-io/cli/releases/download/v0.14.0/cli_0.14.0_windows_x86_64.tar.gz | tar xzf - shp.exe
shp version
shp help
```

#### Mac

```sh
curl --silent --fail --location https://github.com/shipwright-io/cli/releases/download/v0.14.0/cli_0.14.0_macOS_$(uname -m).tar.gz | tar -xzf - -C /usr/local/bin shp
shp version
shp help
```

#### Linux

```sh
curl --silent --fail --location "https://github.com/shipwright-io/cli/releases/download/v0.14.0/cli_0.14.0_linux_$(uname -m | sed 's/aarch64/arm64/').tar.gz" | sudo tar -xzf - -C /usr/bin shp
shp version
shp help
```

### Operator

To deploy and manage Shipwright Builds in your cluster, first ensure the operator v0.14.0 is installed and running on your cluster. You can follow the instructions on [OperatorHub](https://operatorhub.io/operator/shipwright-operator).

Next, create the following:

```yaml
---
apiVersion: operator.shipwright.io/v1alpha1
kind: ShipwrightBuild
metadata:
name: shipwright-operator
spec:
targetNamespace: shipwright-build
```
1 change: 1 addition & 0 deletions themes/docsy
Submodule docsy added at ef3398

0 comments on commit 1191fc1

Please sign in to comment.