1.0.7 (2026-03-01)
- container: bootstrap pip with --break-system-packages for PEP 668 (12eb4cf)
- ci: scheduled workflow to update GitHub Actions runner version daily (push to main, no human intervention; requires
REPO_PATsecret)
- security: add CVE-2026-24051 to .trivyignore (OpenTelemetry SDK in containerd, trivy, argo)
- container: bootstrap pip with --break-system-packages for PEP 668 (externally-managed-environment)
1.0.6 (2026-03-01)
- deps: upgrade Actions runner from 2.321.0 to 2.332.0 (v2.321.0 deprecated by GitHub)
1.0.5 (2026-02-20)
- ci: remove --all flag from skopeo copy to fix registry push (1602822)
1.0.4 (2026-02-20)
- add .trivyignore for base-image CVEs and document security (706ba83)
- ci: scan image from Docker daemon in Trivy step (54334d3)
- ci: use --input flag for trivy OCI archive scan (88da58a)
- use +0000 in .trivyignore exp dates for Trivy parse (e2d66c5)
1.0.3 (2026-02-19)
- ci: use oci-archive format for trivy scan and cache vulndb (acd077c)
1.0.2 (2026-02-19)
- use bash arrays for BUILD_ARGS and LABELS to handle values with spaces (0dd5806)
1.0.1 (2026-02-19)
- ci: add missing -y flags and fix trivy command in release pipeline (33ca427)
- address PR review feedback (d1e532f)
- address PR review feedback (a178c21)
- comments from pr (hadolint, python version) (30e5588)
- container: bootstrap pip via get-pip.py for deadsnakes Python (48a8477)
- container: install pip for Python 3.12/3.13 via ensurepip (76980ea)
- use ghcr.io/actions/actions-runner base image and fix FromAsCasing (697a7a6)
- add pre-commit with hadolint, shellcheck, and commitlint hooks (ea59872)
- add semantic-release pipeline with build tools and best practices (6db1c23)
- container: add Python pip packages and GCC build tooling (559933d)
- replace custom update-tools workflow with Renovate (ba84de9)
- replace packer with kargo CLI (51c2b52)
- switch base image to GitHub runner and add DevOps tools (10d0b70)
- v1 (20b6ec2)