From 507f29673e2eeb7d49d46ca059939e26e956a8e9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:33:10 +0200 Subject: [PATCH] chore(deps): update dependency aquaproj/aqua to v2.40.0 (main) (#29) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua](https://redirect.github.com/aquaproj/aqua) | minor | `v2.25.2` -> `v2.40.0` | --- ### Release Notes
aquaproj/aqua (aquaproj/aqua) ### [`v2.40.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.40.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.39.1...v2.40.0-0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.40.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.40.0) | https://github.com/aquaproj/aqua/compare/v2.39.1...v2.40.0 ##### Features [#​3363](https://redirect.github.com/aquaproj/aqua/issues/3363) Support getting package versions from external files This release enables you to get package versions from external files. This feature is useful when: - Migrate any tool to aqua gradually - Support aqua and other tools This release adds some fields to aqua.yaml's packages. - version_expr: An [expr](https://expr-lang.org/docs/language-definition) expression to read external files - version_expr_prefix: A prefix of version e.g. ```yaml packages: - name: hashicorp/terraform version_expr: | "v" + readFile('.terraform-version') ``` ```yaml version_expr: | readJSON('version.json').version version_expr_prefix: cli- ``` ```yaml version_expr: | readYAML('version.yaml').version ``` `version_expr` is evaluated using [expr](https://expr-lang.org/docs/language-definition). The following custom functions are available. - readFile("file path"): reads a file and returns a file content - readJSON("file path"): read and unmarshal a JSON file and returns an object - readYAML("file path"): read and unmarshal a YAML file and returns an object ##### :warning: Constraint of `version_expr` Allowing to read external files is potentially risky in terms of security. Malicious users can try to read secret files and expose secrets via log using `version_expr`. To prevent such a threat, we restrict the evaluation result of `version_expr`. It must match with the regular expression `^v?\d+\.\d+(\.\d+)*[.-]?((alpha|beta|dev|rc)[.-]?)?\d*`. ### [`v2.39.1`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.39.1) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.39.0...v2.39.1) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.39.1) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.39.1) | https://github.com/aquaproj/aqua/compare/v2.39.0...v2.39.1 #### Fixes [#​3365](https://redirect.github.com/aquaproj/aqua/issues/3365) cargo: Normalize the install path of cargo packages #### Others [#​3361](https://redirect.github.com/aquaproj/aqua/issues/3361) Refactor reading config ### [`v2.39.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.39.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.38.4...v2.39.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.39.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.39.0) | https://github.com/aquaproj/aqua/compare/v2.38.4...v2.39.0 #### Features [#​3354](https://redirect.github.com/aquaproj/aqua/issues/3354) policy: add a code comment for YAML Language Servers to a generated file `aqua-policy.yaml` ```yaml ### yaml-language-server: $schema=https://raw.githubusercontent.com/aquaproj/aqua/main/json-schema/policy.json ``` [#​3352](https://redirect.github.com/aquaproj/aqua/issues/3352) init: Add a code comment for YAML Language Servers to a generated file `aqua.yaml` ```yaml ### yaml-language-server: $schema=https://raw.githubusercontent.com/aquaproj/aqua/main/json-schema/aqua-yaml.json ``` These code comments are useful when you edit files with editors such as VSCode. image image ### [`v2.38.4`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.38.4) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.38.3...v2.38.4) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.38.4) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.38.4) | https://github.com/aquaproj/aqua/compare/v2.38.3...v2.38.4 ##### Bug Fixes [#​3337](https://redirect.github.com/aquaproj/aqua/issues/3337) generate-registry: Fix a bug that unused replacements are added ### [`v2.38.3`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.38.3) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.38.2...v2.38.3) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.38.3) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.38.3) | https://github.com/aquaproj/aqua/compare/v2.38.2...v2.38.3 ##### Bug Fixes [#​3325](https://redirect.github.com/aquaproj/aqua/issues/3325) [#​3333](https://redirect.github.com/aquaproj/aqua/issues/3333) Fix a bug that `aqua g -i` removes comments from `packages` ### [`v2.38.2`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.38.2) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.38.1...v2.38.2) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.38.2) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.38.2) | https://github.com/aquaproj/aqua/compare/v2.38.1...v2.38.2 ##### 🐛 Bug Fixes [#​3307](https://redirect.github.com/aquaproj/aqua/issues/3307) generate-registry: Fix a bug that description isn't formatted ### [`v2.38.1`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.38.1) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.38.0...v2.38.1) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.38.1) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.38.1) | https://github.com/aquaproj/aqua/compare/v2.38.0...v2.38.1 #### Fixes [#​3297](https://redirect.github.com/aquaproj/aqua/issues/3297) completion: Improve the completion settings suggested in `aqua completion --help` [@​akinomyoga](https://redirect.github.com/akinomyoga) ### [`v2.38.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.38.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.37.2...v2.38.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.38.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.38.0) | https://github.com/aquaproj/aqua/compare/v2.37.2...v2.38.0 #### Features [#​3269](https://redirect.github.com/aquaproj/aqua/issues/3269) Get available versions from [Go Module Proxy](https://proxy.golang.org/) https://aquaproj.github.io/docs/reference/registry-config/go-version-path This release adds the new field `go_version_path` to registries. e.g. ```yaml packages: - name: _go/sigsum.org/sigsum-go#cmd/sigsum-key type: go_install path: sigsum.org/sigsum-go/cmd/sigsum-key go_version_path: sigsum.org/sigsum-go ``` If this field is set, `aqua g` and `aqua up` commands gets available versions from [Go Module Proxy](https://proxy.golang.org/). ### [`v2.37.2`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.37.2) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.37.1...v2.37.2) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.37.2) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.37.2) | https://github.com/aquaproj/aqua/compare/v2.37.1...v2.37.2 ##### Fixes [#​3233](https://redirect.github.com/aquaproj/aqua/issues/3233) which, exec: Search configuration files even if `AQUA_CONFIG` is set ### [`v2.37.1`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.37.1) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.37.0...v2.37.1) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.37.1) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.37.1) | https://github.com/aquaproj/aqua/compare/v2.37.0...v2.37.1 #### Bug Fixes [#​3226](https://redirect.github.com/aquaproj/aqua/issues/3226) [#​584](https://redirect.github.com/aquaproj/aqua/issues/584) Fix a bug that newlines in aqua.yaml are removed when updating aqua.yaml by `aqua g -i` and `aqua up` This issue came from the bug of goccy/go-yaml. [https://github.com/goccy/go-yaml/issues/285](https://redirect.github.com/goccy/go-yaml/issues/285) The issue was solved at goccy/go-yaml 1.13.3. So we updated goccy/go-yaml to 1.13.3 and solve the issue. ### [`v2.37.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.37.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.36.2...v2.37.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.37.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.37.0) | https://github.com/aquaproj/aqua/compare/v2.36.2...v2.37.0 ##### Features [#​3224](https://redirect.github.com/aquaproj/aqua/issues/3224) Allow to set command aliases in aqua.yaml You can now define command aliases in aqua.yaml. This is useful to use multiple versions of the same package. e.g. ```yaml registries: - type: standard ref: v4.246.0 # renovate: depName=aquaproj/aqua-registry packages: - name: hashicorp/terraform@v1.9.8 - name: hashicorp/terraform version: v0.13.7 command_aliases: - command: terraform alias: terraform-013 ##### no_link: true ``` Then you can run `terraform` (v1.9.8) and `terraform-013` (v0.13.7). ```console $ terraform version Terraform v1.9.8 on darwin_arm64 $ terraform-013 version Terraform v0.13.7 Your version of Terraform is out of date! The latest version is 1.9.8. You can update by downloading from https://www.terraform.io/downloads.html ``` You can skip creating symbolic links for aliases by `no_link: true` ```yaml command_aliases: - command: terraform alias: terraform-013 no_link: true ``` You can still run aliases via `aqua exec`. ```sh aqua exec -- terraform-013 version ``` ### [`v2.36.2`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.36.2) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.36.1...v2.36.2) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.36.2) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.36.2) | https://github.com/aquaproj/aqua/compare/v2.36.1...v2.36.2 ##### Bug Fixes [#​3193](https://redirect.github.com/aquaproj/aqua/issues/3193) [#​3194](https://redirect.github.com/aquaproj/aqua/issues/3194) Fix a bug that `vars` are not replaced in `files[].src` ### [`v2.36.1`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.36.1) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.36.0...v2.36.1) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.36.1) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.36.1) | https://github.com/aquaproj/aqua/compare/v2.36.0...v2.36.1 #### Fixes [#​3146](https://redirect.github.com/aquaproj/aqua/issues/3146) generate-registry: Remove `rosetta2` and `windows_arm_emulation` if `{{.Arch}}` isn't included in `asset` #### Dependency updates [#​3148](https://redirect.github.com/aquaproj/aqua/issues/3148) Update aqua-proxy to 1.2.8 [#​3149](https://redirect.github.com/aquaproj/aqua/issues/3149) Update Go to 1.23.2 ### [`v2.36.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.36.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.35.0...v2.36.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.36.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.36.0) | https://github.com/aquaproj/aqua/compare/v2.35.0...v2.36.0 ##### Features [#​3130](https://redirect.github.com/aquaproj/aqua/issues/3130) [#​3134](https://redirect.github.com/aquaproj/aqua/issues/3134) support changing $0 by symlink Some tools change their behavior by `$0`. For example, `granted` changes the behavior based on `args[0]`. https://github.com/common-fate/granted/blob/e8de3ec7d62d543062d8be802b27abb3d8fac429/cmd/granted/main.go#L37-L44 ```go // Use a single binary to keep keychain ACLs simple, swapping behavior via argv[0] var app *cli.App switch filepath.Base(os.Args[0]) { case "assumego", "assumego.exe", "dassumego", "dassumego.exe": app = assume.GetCliApp() default: app = granted.GetCliApp() } ``` This release supports changing $0 by symlink. ```yaml files: - name: granted - name: assumego src: granted link: assumego # link is the relative path from src to the symlink ``` ##### Bug Fixes [#​3136](https://redirect.github.com/aquaproj/aqua/issues/3136) [#​3137](https://redirect.github.com/aquaproj/aqua/issues/3137) remove: Handle panic error when package is not found [@​Shion1305](https://redirect.github.com/Shion1305) [#​3138](https://redirect.github.com/aquaproj/aqua/issues/3138) remove: Ignore not found commands ### [`v2.35.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.35.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.34.0...v2.35.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.35.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.35.0) | https://github.com/aquaproj/aqua/compare/v2.34.0...v2.35.0 ##### Features [#​3119](https://redirect.github.com/aquaproj/aqua/issues/3119) [#​3131](https://redirect.github.com/aquaproj/aqua/issues/3131) Verify packages' GitHub Artifact Attestations When aqua installs packages, it verifies their GitHub Artifact Attestations if they are provided and registries have settings for GitHub Artifact Attestations. [#​3117](https://redirect.github.com/aquaproj/aqua/issues/3117) Create GitHub Artifact Attestations of aqua We start providing aqua's GitHub Artifact Attestations! https://github.com/aquaproj/aqua/attestations If you download aqua from GitHub Releases, you can verify GitHub Artifact Attestations using GitHub CLI. https://aquaproj.github.io/docs/install#verify-downloaded-binaries-from-github-releases Reference: - https://aquaproj.github.io/docs/reference/security/github-artifact-attestations - https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds ##### Fixes [#​3129](https://redirect.github.com/aquaproj/aqua/issues/3129) Redirect stdout of some commands to stderr aqua executes some os commands to install packages. - go install - go build - cargo - cosign - slsa-verifier - minisign - gh attestation verify aqua should redirect the stdout of these commands to stderr. ### [`v2.34.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.34.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.33.0...v2.34.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.34.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.34.0) | https://github.com/aquaproj/aqua/compare/v2.33.0...v2.34.0 ##### Features [#​3103](https://redirect.github.com/aquaproj/aqua/issues/3103) Enabling you to verify checksum files using Minisign You can now verify checksum files using Minisign. e.g. ```yaml checksum: type: github_release asset: sha256.txt algorithm: sha256 minisign: type: github_release asset: sha256.txt.minisig public_key: RWQ/i9xseZwBVE7pEniCNjlNOeeyp4BQgdZDLQcAohxEAH5Uj5DEKjv6 ``` ### [`v2.33.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.33.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.32.0...v2.33.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.33.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.33.0) | https://github.com/aquaproj/aqua/compare/v2.32.0...v2.33.0 ##### Features [#​3101](https://redirect.github.com/aquaproj/aqua/issues/3101) Enable you to remove `go_install` and `http` packages You can now uninstall `go_install` and `http` packages! Furthermore, the uninstall can now handles version_overrides properly. ### [`v2.32.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.32.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.31.0...v2.32.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.32.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.32.0) | https://github.com/aquaproj/aqua/compare/v2.31.0...v2.32.0 ##### Features [#​3075](https://redirect.github.com/aquaproj/aqua/issues/3075) [#​3094](https://redirect.github.com/aquaproj/aqua/issues/3094) Support removing links from the `bin` directory By default, `aqua remove` command removes only packages from the `pkgs` directory and doesn't remove links from the `bin` directory. This release has added the command line option `-mode` to the remove command. The value of `-mode` is a string containing characters `l` and `p`. The order of the characters doesn't matter. ```sh aqua rm -m l cli/cli # Remove only links aqua rm -m pl cli/cli # Remove links and packages ``` You can also configure the mode by the environment variable `AQUA_REMOVE_MODE`, so you can change the default behaviour of `aqua remove` command by setting `AQUA_REMOVE_MODE` in your shell setting such as `.bashrc`. ```sh export AQUA_REMOVE_MODE=pl ``` ### [`v2.31.0`](https://redirect.github.com/aquaproj/aqua/releases/tag/v2.31.0) [Compare Source](https://redirect.github.com/aquaproj/aqua/compare/v2.30.0...v2.31.0) [Pull Requests](https://redirect.github.com/aquaproj/aqua/pulls?q=is%3Apr+milestone%3Av2.31.0) | [Issues](https://redirect.github.com/aquaproj/aqua/issues?q=is%3Aissue+milestone%3Av2.31.0) | https://github.com/aquaproj/aqua/compare/v2.30.0...v2.31.0 ##### Overview ##### Featuers [#​2978](https://redirect.github.com/aquaproj/aqua/issues/2978) [#​2994](https://redirect.github.com/aquaproj/aqua/issues/2994) Support verifying packages with minisign [#​3052](https://redirect.github.com/aquaproj/aqua/issues/3052) Support passing variables ##### Fixes [#​3012](https://redirect.github.com/aquaproj/aqua/issues/3012) Fix typo `temporal`. Replace them with `temporary` [#​3017](https://redirect.github.com/aquaproj/aqua/issues/3017) [#​3024](https://redirect.github.com/aquaproj/aqua/issues/3024) Stop using `replace` directive ##### Others Update Go 1.22.5 to 1.22.6 ##### Feature - Support verifying packages with minisign [#​2978](https://redirect.github.com/aquaproj/aqua/issues/2978) [#​2994](https://redirect.github.com/aquaproj/aqua/issues/2994) Support verifying packages with [minisign](https://redirect.github.com/jedisct1/minisign). ##### Why is the feature needed? To install some packages securely. For example, [zig](https://ziglang.org/download/) is signed by minisign. ##### Example Code This feature is similar to Cosign and slsa-verifier. https://aquaproj.github.io/docs/reference/registry-config/cosign/ This feature depends on minisign. So aqua should install minisign transparently same as Cosign and slsa-verifier. registry.yaml ```yaml minisign: enabled: true public_key: "RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U" ##### public_key_url: https://example/signature.pub ``` ##### Feature - Support passing variables [#​3052](https://redirect.github.com/aquaproj/aqua/issues/3052) Add the optional field `vars` in aqua.yaml and Registry. ##### `vars` in Registry e.g. ```yaml packages: - type: github_release repo_owner: indygreg repo_name: python-build-standalone asset: cpython-{{.Vars.python_version}}+{{.Version}}-{{.Arch}}-{{.OS}}-install_only.{{.Format}} # .Vars.python_version vars: - name: python_version required: true ##### ... ``` `vars` is a list of variables. Fields of a variable - name: string (Required): A variable name - required: boolean (Optional): If true, the variable is required. To use the package, users need to set the variable in aqua.yaml - default: any (Optional): The default value of the variable Variables are passed to template strings as `.Vars.