Skip to content

Release v0.9.0 (minor)#392

Open
github-actions[bot] wants to merge 35 commits into
mainfrom
develop
Open

Release v0.9.0 (minor)#392
github-actions[bot] wants to merge 35 commits into
mainfrom
develop

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented May 28, 2026
edited
Loading

Summary

  • Introduces Conforma supply chain policy validation for enhanced security and compliance.
  • Adds and updates Helm chart schema descriptions to improve configuration clarity and automation.
  • Improves CI workflows with new validation steps for Helm docs, schema, and supply chain policies.
  • Fixes error handling, checksum verification, and dependency vulnerabilities for reliability.
  • Updates documentation, including Helm values references and troubleshooting guides.
  • Adds new unit tests for controller helpers to boost code quality.
  • Updates container base images and streamlines CI tooling for maintainability.

Changes

Features

  • Added Conforma supply chain policy validation and workflow (.conforma/policy.yaml, _conforma-validate.yaml).
  • Integrated @Schema description annotations in Helm charts (openvox-operator, openvox-db-postgres, openvox-stack) and regenerated values.schema.json files.
  • Helm values reference documentation now links to Helm-docs generated chart READMEs.
  • Added troubleshooting guide for easier support.
  • Added unit tests for controller infrastructure helpers.

Fixes

  • Pinned Conforma policy ref and corrected ruleData field name.
  • Improved error handling by wrapping bare error returns in controller helpers.
  • Ensured original filenames are used for checksum verification in Helm CI.
  • Corrected checksum verification paths and filenames for helm-docs and helm-schema.
  • Fixed schema flags (-f/-o), added --verify=false to Helm schema plugin install.
  • Explicitly added return after t.Fatal to satisfy staticcheck SA5011 and avoid nil pointer errors.
  • Upgraded golang.org/x/net to v0.55.0 to resolve GO-2026-5026 vulnerability.
  • Used chart appVersion as fallback when image tag is empty in deployment template.
  • Added kubebuilder RBAC marker for coordination.k8s.io/leases to support lease objects.

Documentation

  • Mentioned Conforma policy validation in supply chain security section.
  • Replaced manual helm-values.md with links to Helm-docs chart READMEs.
  • Added Helm values reference documentation and troubleshooting guide.

Testing

  • Added unit tests for controller infrastructure helpers.
  • Fixed deployment unit test.

CI / Chore

  • Added Renovate tracking for helm-docs and helm-values-schema-json versions.
  • Replaced losisin GitHub Actions with direct binary installs (checksummed).
  • Added helm-docs and helm-schema validation to CI workflow.
  • Updated container base images for all images.
  • Used helm-values-schema-json-action for schema drift check.

Other

  • Minor changes to config controllers, service accounts, and scripts for schema generation.

Testing

  • Run CI pipelines: validate Conforma supply chain policy, Helm chart schemas, and Helm-docs output.
  • Deploy charts and verify configuration options via generated schema and documentation.
  • Review troubleshooting guide and Helm values reference documentation.
  • Run unit tests for controller helpers and verify error handling improvements.
  • Ensure container images build and pass updated security checks.
  • Confirm RBAC permissions for lease objects are correctly applied.

Release prediction

Predicted release: v0.8.0 -> v0.9.0 (minor)
6 feature(s) 14 fix(es)

Source: develop | Target: main | Trigger: Successful CI on develop

Auto-generated by GitHub Actions & AI - updated automatically on new commits.

mathildabot and others added 30 commits May 22, 2026 09:49
@mathildabot
ci: add helm-docs and helm-schema validation to CI workflow
b7dc287
@renovate
chore(deps): update container base images
c9147f4
@mathildabot
test: add unit tests for controller infrastructure helpers, closes #374
26f9b0e
@mathildabot
docs: add troubleshooting guide, closes #375
6eadcc4
@mathildabot
docs: add Helm values reference documentation, closes #376
de7fb3e
@mathildabot
fix: add kubebuilder RBAC marker for coordination.k8s.io/leases, closes
5782758 
#372
@mathildabot
fix: use chart appVersion as fallback when image tag is empty in depl…
9934473 
…oyment template
@mathildabot
fix: bump golang.org/x/net to v0.55.0 (GO-2026-5026) and fix deployme…
d83fd5c 
…nt unit test
@mathildabot
fix: use helm-values-schema-json-action for schema drift check
e34e4fb
@mathildabot
fix: upgrade golang.org/x/net to v0.55.0 to fix GO-2026-5026 vulnerab…
500e106 
…ility
@mathildabot
docs: replace manual helm-values.md with links to helm-docs generated…
717a891 
… chart READMEs
@mathildabot
fix: replace schema action with plugin-based check; fix SA5011 nil po…
45da7c9 
…inter lint errors
@mathildabot
fix: add explicit return after t.Fatal to satisfy staticcheck SA5011
8655b98
@mathildabot
fix: add return after t.Fatal (SA5011) and regenerate values.schema.j…
d6de134 
…son files
@mathildabot
fix: add return after t.Fatal (SA5011), fix schema flags (-f/-o), reg…
f6ed229 
…enerate all values.schema.json
@mathildabot
fix: add --verify=false to helm schema plugin install
5286f4f
@mathildabot
ci: replace losisin GitHub Actions with direct binary installs (check…
7cc48fe 
…summed)
@mathildabot
ci: add renovate tracking for helm-docs and helm-values-schema-json v…
714e703 
…ersions
@mathildabot @claude
feat(helm): add @Schema description annotations to openvox-operator v…
8a4b653 
…alues.yaml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@mathildabot @claude
feat(helm): add @Schema description annotations to openvox-stack valu…
6232c4e 
…es.yaml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@mathildabot @claude
feat(helm): add @Schema description annotations to openvox-db-postgre…
9232f5d 
…s values.yaml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@mathildabot
feat(helm): add missing @Schema description annotations to top-level …
f3309d3 
…object fields in openvox-operator
@mathildabot
fix: correct checksum verification paths and filenames for helm-docs …
c7b1ccc 
…and helm-schema
@mathildabot
feat(helm): add @Schema description annotations and regenerate values…
64da325 
….schema.json for all charts
@mathildabot
merge: bulk fixes #372 #374 #375 #376 #378
5433637
@mathildabot
merge: helm-docs and schema CI
0787cbc
@slauger
fix: use original filenames for checksum verification in helm CI
5016a20 
Signed-off-by: Simon Lauger <simon@lauger.de>
@slauger
Merge pull request #387 from slauger/renovate/container-base-images
e5df5d8 
chore(deps): update container base images
@slauger
Merge pull request #390 from mathildabot/fix/bulk-fixes-and-helm-ci
d04be2f 
fix/docs/ci: bulk fixes #372 #374 #375 #376 #378 + helm-docs/schema CI
@slauger
fix: wrap bare error returns in controller helpers with context
c0a38b4 
Closes #373

Signed-off-by: Simon Lauger <simon@lauger.de>
slauger and others added 5 commits May 28, 2026 17:38
@slauger
Merge pull request #391 from slauger/fix/wrap-controller-errors
f043097 
fix: wrap bare error returns in controller helpers with context
@slauger
feat: add Conforma supply chain policy validation
006a5e4 
Add ec CLI-based policy validation for container images in the release
pipeline. Validates base image registries, signatures, SBOM, and SLSA
provenance attestations using the @minimal and @github policy collections.

- Add .conforma/policy.yaml with allowed registry prefixes
- Add _conforma-validate.yaml reusable workflow with checksummed ec CLI
- Expose image digest as output from _container-build.yaml
- Add validation jobs for all production images in release.yaml
- Add Renovate tracking for ec CLI version

Closes #155, closes #156, closes #158, closes #159

Signed-off-by: Simon Lauger <simon@lauger.de>
@slauger
fix: pin conforma policy ref and fix ruleData field name
bd29443 
Signed-off-by: Simon Lauger <simon@lauger.de>
@slauger
docs: mention Conforma policy validation in supply chain security sec…
3ab3dda 
…tion

Signed-off-by: Simon Lauger <simon@lauger.de>
@slauger
Merge pull request #393 from slauger/feat/conforma-validation
8771dfd 
feat: add Conforma supply chain policy validation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mathildabot @slauger