spinnaker

Breaking Changes

Features

• ci/gcb: Add region in gcb account def for regional endpoints (#7504) (7b4a9f35)
• echo: add OTLP/gRPC transport for CDEvents notifications (#7554) (2bae6532)
• echo: add mTLS support for OTLP/gRPC CDEvents transport (#7561) (3a65ecdc)
• igor: allow overriding artifact extensions in Artifactory monitors (#7535) (ed1f4afd)
• kork/artifact/artifactstore/s3: add context to artifact store exceptions (#7650) (85fb3911)
• lambda: Make application names work with Lambda (#7655) (2a3d2a91)
• provider/google, deck/google: Add certificateMap support for GCE HTTP(S) load balancers (#7475) (54aaef22)
• secrets: K8s secret engine support (#7603) (86a21d18)
• spin/iap: add token caching for IAP authentication (#7595) (3e7d4f38)
• webhooks: hide sensitive headers in custom webhook stages (#7421) (e0c3c24f)

Configuration

Fixes

• bom: Fix bom publishing to now reference GHCR (#7553) (0f872993)
• build/test: disable JVM class data sharing to remove warning on jvm startup (#7624) (d4a42dc8)
• build: Fix bad merge from dependabot (#7508) (8aa48f90)
• build: Fix indentation when in a if block (#7621) (91c7367c)
• build: Fix labels on containers (#7620) (c1923555)
• builds: Fix bad character on gha publish breaking echo commands (#7619) (9adacf94)
• builds: Fix spinnaker.io publishing (#7549) (#7551) (45754bc9)
• builds: Fix spinnaker.io publishing (#7549) (095cdce7)
• builds: Fix spinnaker.io publishing when using a GitHub App for token (#7498) (#7499) (0b696139)
• builds: Fix spinnaker.io publishing when using a GitHub App for token (#7498) (c4dbce60)
• builds: Fix testcontainer due to docker client upgrade issue (#7471) (#7476) (f9be1e8a)
• builds: Fix testcontainer due to docker client upgrade issue (#7471) (b9814476)
• clouddriver/eureka: remove leading slashes from all the retrofit2 api interfaces (#7652) (183b6bd7)
• clouddriver: update kubectl download URL (#7470) (#7472) (b39db13d)
• clouddriver: update kubectl download URL (#7470) (330dd8f0)
• deck/pipeline: pass raw pipeline config to MetadataPageContent for V2 templated pipelines (#7537) (e8324196)
• deck: Fix build all for deck/deck-kayenta (#7467) (#7468) (cb5fe264)
• deck: Fix build all for deck/deck-kayenta (#7467) (88682cdb)
• ecs: Fix ecs on demand perf loading issue (#7667) (2d39bc81)
• fiat/api: remove deprecation warnings (#7613) (9337025a)
• fiat: Minor potential issue if groups return list ever was null (#7611) (5dc90a65)
• gate/api-tck/test: remove noisy startup errors from GateFixtureTest output (#7572) (a320d63c)
• gate/basic: replace deprecated Spring Security DSL with lambda-style configuration (#7589) (be01ea3f)
• gate/core: remove deprecation warnings in AnonymousConfig and ServiceAccountFilterConfigProps (#7587) (7416d029)
• gate/oauth2: remove deprecated tokenEndpoint() method call in OAuth2SsoConfig (#7588) (4e4430b2)
• gate/oauth2: restore /login endpoint behavior (#7567) (64251195)
• gate/plugins: make PluginsInstalledController conditional and DeckPluginService optional (#7563) (2269b5e3)
• gate/web/test: remove stale comments in AdminControllerTest (#7584) (#7585) (87a79d27)
• gate/web/test: remove stale comments in AdminControllerTest (#7584) (585b7106)
• gate/web/test: replace deprecated Spring Security DSL in AuthConfigTest (#7571) (209025fd)
• gate/web: include additional exception message in AdminController.killZombie (#7575) (#7579) (a0d688e0)
• gate/web: include additional exception message in AdminController.killZombie (#7575) (1f10a347)
• gate/web: remove BakeController.handleBakeOptionsException (#7511) (73950daa)
• gate/web: return 200 instead of 500 for void orca endpoints (#7574) (#7578) (4b41bdf5)
• gate/web: return 200 instead of 500 for void orca endpoints (#7574) (7a62f750)
• gate: rename x509 SecurityFilterChain bean to prevent SAML override when both are enabled (#7539) (e4a5016a)
• gate: rename x509 SecurityFilterChain bean to prevent SAML override when both are enabled (backport #7539) (#7580) (60f45db4)
• gitrepo: Fix git repo with some odd character combinations (#7564) (#7568) (5468ff62)
• gitrepo: Fix git repo with some odd character combinations (#7564) (7997a14a)
• gitrepo: Validate gitrepo hostname (#7541) (58641982)
• halyard-core: correct 'occured' -> 'occurred' in Problem javadoc (#7641) (e08e21a7)
• iap: Fix iap auth post spring 3.0 upgrade (#7503) (195b36d9)
• iap: Fix iap auth post spring 3.0 upgrade (backport #7503) (#7547) (764558f1)
• igor/web: remove some deprecation warnings (#7615) (113494e3)
• kayenta: Send Authorization header proactively for Prometheus-compatible APIs (#7464) (39d3d272)
• kork/core: remove yaml-related deprecation warnings (#7635) (0f70a0b1)
• kork/moniker: fix unchecked warnings in FriggaReflectiveNamer (#7634) (74d99462)
• kork/plugins: remove warnings (#7637) (e070e6af)
• kork/retrofit: remove unchecked, deprecation warnings (#7626) (cc4e08fc)
• kork/secrets-k8s/test: allow KubernetesSecretsEngineTest to pass outside a k8s cluster (#7623) (2646a87c)
• kork/sql-test: remove deprecation warnings (#7628) (1524b77d)
• kork/sql: remove warnings (#7629) (78a095f6)
• kork/web: remove deprecation warnings (#7614) (943a78ae)
• kustomize: Mariadb broken. Fix gate health check (#7606) (9220695c)
• lambda: Lambda APIs when only account or region were still loading all data THEN filtering (#7644) (ca659468)
• oauth2: spin cli oauth2 auth ctx (#7532) (256c3ec5)
• pubsub/aws: rename enableQueueCreationFallback -> skipQueueBootstrap and skip all bootstrap ops for cross-account queues (#7668) (bd3df2e8)
• pubsub/aws: support cross-account SQS queue lookup and make queue creation fallback configurable (#7609) (#7633) (e4a49e41)
• release: Fix release publishing notes to spinnaker.io (#7486) (#7491) (aa0ea524)
• release: Fix release publishing notes to spinnaker.io (#7486) (c90c4c55)
• saml: Fix wiring issue on saml. Add FULL end to end integration test using keycloak & htmlunitdriver (#7525) (943997b2)
• saml: Fix wiring issue on saml. Add FULL end to end integration test using keycloak & htmlunitdriver (backport #7525) (#7528) (1e230e28)
• security: restore AnonymousConfig after Spring Boot 3 / Security 6 upgrade (#7538) (#7594) (3d031ab6)
• security: restore AnonymousConfig after Spring Boot 3 / Security 6 upgrade (#7538) (4d0a82a0)
• spin-cli: update gateclient to always set Bearer token for oauth2 (#7612) (f653d7dd)
• spin/pipeline-template: prevent panic on non-string tag field (#7639) (cf984859)
• spinnaker-gradle-project/publishing: replace deprecated JacksonFactory with GsonFactory (#7627) (39eb96f6)
• spotless: Update to 1.17 of spotless (#7479) (#7482) (6e1a6497)
• spotless: Update to 1.17 of spotless (#7479) (f0dfe854)
• spring: remove LocalVariableTableParameterNameDiscoverer warnings from kork, fiat, and clouddriver (#7502) (db214efa)
• tests: Add tests for eureka so we dont hit issues in future (#7656) (6411e151)
• validation: Fixes some validation around user inputs (#7542) (c4a5b4fd)

Other

• build/protobuf: upgrade com.google.protobuf plugin 0.8.12 -> 0.9.6 (#7618) (ac49be5d)
• build: remove gradle warnings (#7625) (7e5fdfb3)
• change: Adopt latching for fiat role sync (#7647) (40706834)
• change: Improve parallelization of redis fiat get and put (#7648) (c41d8622)
• change: Merge commit from fork (95829010)
• change: Merge commit from fork (a14c26ef)
• change: Merge commit from fork (f69d7b53)
• clouddriver/aws: cleanup dependencies (#7590) (db998010)
• clouddriver: bump json-flattener from 0.14.2 to 0.16.6 (#7598) (3b254970)
• clouddriver: centralize version of json-flattener (#7591) (6c096ec0)
• deck/build: update rollup to v4 (#7523) (cf4a260a)
• deck: upgrade webpack to 5.104.1, webpack-dev-server to 5.2.1 & eslint to 9.39.2 (#7516) (9980f156)
• dependencies: upgrade to Spring Boot 3.1.12 and align dependent libraries (#7338) (81f227f6)
• deps-dev: bump rollup from 2.79.2 to 2.80.0 in /deck-kayenta (#7514) (817dcc74)
• deps: bump actions/create-github-app-token from 2 to 3 (#7597) (42a085c7)
• deps: bump actions/github-script from 7 to 8 (#7520) (0ca720b6)
• deps: bump axios from 1.13.6 to 1.15.0 in /deck (#7631) (4c8a40d2)
• deps: bump bn.js from 4.12.2 to 4.12.3 in /deck (#7506) (9dc2b880)
• deps: bump docker/login-action from 3 to 4 (#7596) (4a75cb0d)
• deps: bump express from 4.18.2 to 4.22.0 in /deck-kayenta (#7349) (90212867)
• deps: bump fast-xml-parser and @google-cloud/storage (#7483) (aeb2a4cc)
• deps: bump fast-xml-parser in /.github/actions/spinnaker-release (#7519) (5570ccd0)
• deps: bump fast-xml-parser in /.github/actions/spinnaker-release (#7540) (62e23c93)
• deps: bump fast-xml-parser in /.github/actions/spinnaker-release (#7546) (3fc2a7c6)
• deps: bump fast-xml-parser in /.github/actions/spinnaker-release (#7654) (3e75e3b3)
• deps: bump flatted from 3.3.4 to 3.4.2 in /deck (#7552) (52e65fba)
• deps: bump follow-redirects from 1.15.11 to 1.16.0 in /deck (#7642) (1cd788ec)
• deps: bump follow-redirects in /deck-kayenta (#7638) (71bbb66b)
• deps: bump follow-redirects in /deck/test/functional (#7640) (2cbdca69)
• deps: bump handlebars from 4.7.8 to 4.7.9 in /deck (#7573) (c4b81240)
• deps: bump js-yaml in /deck/packages/kubernetes (#7341) (efeec340)
• deps: bump lodash from 4.17.21 to 4.17.23 in /deck (#7515) (f667c9b4)
• deps: bump lodash from 4.17.23 to 4.18.1 in /deck (#7600) (24662152)
• deps: bump lodash in /.github/actions/spinnaker-release (#7513) (d3ef1142)
• deps: bump lodash in /deck/packages/cloudrun (#7507) (f5fde96e)
• deps: bump lodash in /deck/packages/kubernetes (#7509) (401be8c5)
• deps: bump lodash-es from 4.17.21 to 4.18.1 in /deck-kayenta (#7599) (488c7116)
• deps: bump minimatch from 3.1.2 to 3.1.5 in /deck-kayenta (#7517) (7a624c52)
• deps: bump node-forge from 1.3.3 to 1.4.0 in /deck (#7582) (d809a6e1)
• deps: bump path-to-regexp from 0.1.12 to 0.1.13 in /deck (#7583) (92609e78)
• deps: bump postcss from 8.5.3 to 8.5.12 in /deck/test/functional (#7659) (8ff0f9ef)
• deps: bump postcss from 8.5.8 to 8.5.10 in /deck (#7664) (caffebf8)
• deps: bump rollup from 3.29.5 to 3.30.0 in /deck/test/functional (#7512) (6497a1c3)
• deps: bump svgo from 2.8.0 to 2.8.2 in /deck (#7524) (25cb982b)
• deps: bump uuid and @actions/core (#7653) (c34013f6)
• deps: bump yaml in /.github/actions/spinnaker-release (#7566) (16281185)
• deps: bump yaml in /.github/actions/update-monorepo (#7565) (51ffb3f6)
• deps: update jinjava to 2.7.6 (#7536) (61787ec7)
• docs: add AGENTS.md, CLAUDE.md and copilot-instructions.md (#7559) (a427629a)
• gate/header: skip login of service account users when using header authentication (#7557) (da35224f)
• gate/web/test: mock ApplicationService to prevent noisy log output (#7562) (f29d55e9)
• gate: parameterize raw types in OrcaService (#7586) (b040c76f)
• kork/sql-test: use postgres:16.13 to stay up to date (#7610) (4b1291af)
• kork/sql/test: remove warnings + clean up test output (#7636) (07cc8180)
• kork/test: close the jedis pool before shutting down redis (#7558) (16db7d76)
• kustomize: Add auth to kustomize install and some defaults and an ingress (#7601) (678e231e)
• lambda: Update UI lambda runtime defaults to match current releases (#7665) (1f25ba39)
• mergify: upgrade configuration to current format (#7645) (5f9a4afa)
• oauth2: demonstrate that Bearer token is used to authenticate (#7545) (5282b204)
• publishing: Move to GHCR for image references (#7452) (79d8d240)
• wercker: Remove wercker as a dead product from spinnaker (#7622) (1c8205e9)