From 896b883dd78d616f06be310fea5707d376361d87 Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Thu, 17 Oct 2024 14:16:22 +1100 Subject: [PATCH 1/9] Add more info regarding 'environment propagation' for JWKS files. --- clicommand/agent_start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/agent_start.go b/clicommand/agent_start.go index 6ff12c1e7e..84c017b340 100644 --- a/clicommand/agent_start.go +++ b/clicommand/agent_start.go @@ -658,7 +658,7 @@ var AgentStartCommand = cli.Command{ }, cli.StringFlag{ Name: "signing-jwks-file", - Usage: "Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key", + Usage: "Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. If using Docker containers to upload pipeline steps dynamically, turn on environment propagation to allow signing for the new steps generated.", EnvVar: "BUILDKITE_AGENT_SIGNING_JWKS_FILE", }, cli.StringFlag{ From bc49bec259e2e822091d104d65d925cd5220050f Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Thu, 17 Oct 2024 16:36:29 +1100 Subject: [PATCH 2/9] Reformat redactor CLI description for Buildkite Docs. --- clicommand/redactor_add.go | 23 ++++++++++++++++++++--- clicommand/secret_get.go | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index 750315f407..b9034bfc85 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -52,9 +52,26 @@ type RedactorAddConfig struct { } var RedactorAddCommand = cli.Command{ - Name: "add", - Usage: "Add values to redact from a job's log output", - Description: "This may be used to parse a file for values to redact from a running job's log output. If you dynamically fetch secrets during a job, it is recommended that you use this command to ensure they will be redacted from subsequent logs. Secrets fetched with the builtin ′secret get′ command do not require the use of this command, they will be redacted automatically.", + Name: "add", + Usage: "Add values to redact from a job's log output", + Description: `Usage: + + buildkite-agent redactor add [options...] + + Description: + + This command may be used to parse a file for values to redact from a + running job's log output. If you dynamically fetch secrets during a job, + it is recommended that you use this command to ensure they will be + redacted from subsequent logs. Secrets fetched with the builtin + ′secret get′ command do not require the use of this command, they will + be redacted automatically. + + Example: + + $ buildkite-agent redactor add ... + + Redacts something.`, Flags: []cli.Flag{ cli.StringFlag{ Name: "format", diff --git a/clicommand/secret_get.go b/clicommand/secret_get.go index 1e53d725a1..16b8fa6060 100644 --- a/clicommand/secret_get.go +++ b/clicommand/secret_get.go @@ -47,7 +47,7 @@ Examples: The following examples reference the same Buildkite secret ′key′: $ buildkite-agent secret get deploy_key - $ buildkite-agent secret get DEPLOY_KEY`, + $ buildkite-agent secret get DEPLOY_KEY`, Flags: []cli.Flag{ cli.StringFlag{ Name: "job", From 3d38eba1f98407c22f1d776145f67efe2e9da05b Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Fri, 18 Oct 2024 15:04:02 +1100 Subject: [PATCH 3/9] Clarify wording for environment variable propagation using Docker containers. --- clicommand/agent_start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/agent_start.go b/clicommand/agent_start.go index 84c017b340..e2d27a56a0 100644 --- a/clicommand/agent_start.go +++ b/clicommand/agent_start.go @@ -658,7 +658,7 @@ var AgentStartCommand = cli.Command{ }, cli.StringFlag{ Name: "signing-jwks-file", - Usage: "Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. If using Docker containers to upload pipeline steps dynamically, turn on environment propagation to allow signing for the new steps generated.", + Usage: `Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. When using Docker containers to upload pipeline steps dynamically, use environment variable propagation (for example, "docker run -e MYVAR") to allow all steps within the pipeline to be signed.`, EnvVar: "BUILDKITE_AGENT_SIGNING_JWKS_FILE", }, cli.StringFlag{ From 144518b3b6454627681af20a86986f204f8fbade Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Fri, 18 Oct 2024 15:07:41 +1100 Subject: [PATCH 4/9] Fix spacing on redactor add CLI command description text. --- clicommand/redactor_add.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index b9034bfc85..3dc1c1f6fa 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -58,20 +58,20 @@ var RedactorAddCommand = cli.Command{ buildkite-agent redactor add [options...] - Description: +Description: - This command may be used to parse a file for values to redact from a - running job's log output. If you dynamically fetch secrets during a job, - it is recommended that you use this command to ensure they will be - redacted from subsequent logs. Secrets fetched with the builtin - ′secret get′ command do not require the use of this command, they will - be redacted automatically. +This command may be used to parse a file for values to redact from a +running job's log output. If you dynamically fetch secrets during a job, +it is recommended that you use this command to ensure they will be +redacted from subsequent logs. Secrets fetched with the builtin +′secret get′ command do not require the use of this command, they will +be redacted automatically. - Example: +Example: $ buildkite-agent redactor add ... - Redacts something.`, +Redacts something.`, Flags: []cli.Flag{ cli.StringFlag{ Name: "format", From c51f204acf038f7ae255a03f079177feb7fded53 Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Tue, 29 Oct 2024 14:34:54 +1100 Subject: [PATCH 5/9] Add examples to redactor command. --- clicommand/redactor_add.go | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index 3dc1c1f6fa..70652b7228 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -56,7 +56,7 @@ var RedactorAddCommand = cli.Command{ Usage: "Add values to redact from a job's log output", Description: `Usage: - buildkite-agent redactor add [options...] + buildkite-agent redactor add [options...] [file-contents-to-redact] Description: @@ -69,9 +69,23 @@ be redacted automatically. Example: - $ buildkite-agent redactor add ... +To redact the verbatim contents of the file 'id_ed25519' from future logs: -Redacts something.`, + $ buildkite-agent redactor add id_ed25519 + +To redact the string 'llamasecret' from future logs: + + $ echo llamasecret | buildkite-agent redactor add + +To redact multiple secrets from future logs in one command, create a flat +JSON object file (for example, 'my-secrets.json', with multiple "key" values, +one for each secret: + + $ echo '{"key":"secret1","key":"secret2"}' | buildkite-agent redactor add --format=json + +Or + + $ buildkite-agent redactor add --format=json my-secrets.json`, Flags: []cli.Flag{ cli.StringFlag{ Name: "format", From 1c255950916f052d1149d14e63bb7461842733bf Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Tue, 29 Oct 2024 14:50:54 +1100 Subject: [PATCH 6/9] Add missing closing bracket. --- clicommand/redactor_add.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index 70652b7228..47cb83159d 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -78,7 +78,7 @@ To redact the string 'llamasecret' from future logs: $ echo llamasecret | buildkite-agent redactor add To redact multiple secrets from future logs in one command, create a flat -JSON object file (for example, 'my-secrets.json', with multiple "key" values, +JSON object file (for example, 'my-secrets.json'), with multiple "key" values, one for each secret: $ echo '{"key":"secret1","key":"secret2"}' | buildkite-agent redactor add --format=json From ab5803a53db056da18a915b5ff93462d597d9759 Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Tue, 29 Oct 2024 14:54:28 +1100 Subject: [PATCH 7/9] Minor wording clarification. --- clicommand/redactor_add.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index 47cb83159d..a1935f7e76 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -56,7 +56,7 @@ var RedactorAddCommand = cli.Command{ Usage: "Add values to redact from a job's log output", Description: `Usage: - buildkite-agent redactor add [options...] [file-contents-to-redact] + buildkite-agent redactor add [options...] [file-with-content-to-redact] Description: From ef2a3b96c3a6db349935f95bf51a92c1c18eed94 Mon Sep 17 00:00:00 2001 From: Giles Gas Date: Tue, 29 Oct 2024 15:09:13 +1100 Subject: [PATCH 8/9] Update clicommand/agent_start.go Co-authored-by: Josh Deprez --- clicommand/agent_start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/agent_start.go b/clicommand/agent_start.go index e2d27a56a0..c0ee30ea80 100644 --- a/clicommand/agent_start.go +++ b/clicommand/agent_start.go @@ -658,7 +658,7 @@ var AgentStartCommand = cli.Command{ }, cli.StringFlag{ Name: "signing-jwks-file", - Usage: `Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. When using Docker containers to upload pipeline steps dynamically, use environment variable propagation (for example, "docker run -e MYVAR") to allow all steps within the pipeline to be signed.`, + Usage: `Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. When using Docker containers to upload pipeline steps dynamically, use environment variable propagation (for example, "docker run -e BUILDKITE_AGENT_JWKS_FILE") to allow all steps within the pipeline to be signed.`, EnvVar: "BUILDKITE_AGENT_SIGNING_JWKS_FILE", }, cli.StringFlag{ From 005b984645b72680117fc21fb85060f6f79670a7 Mon Sep 17 00:00:00 2001 From: Josh Deprez Date: Tue, 29 Oct 2024 11:11:35 +1100 Subject: [PATCH 9/9] Bump version and changelog for v3.84.0 --- CHANGELOG.md | 19 +++++++++++++++++++ version/VERSION | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e86a9d4a82..15e10d93a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [v3.84.0](https://github.com/buildkite/agent/tree/v3.84.0) (2024-10-28) +[Full Changelog](https://github.com/buildkite/agent/compare/v3.83.1...v3.84.0) + +### Added +- Add command for canceling a running a build [#2958](https://github.com/buildkite/agent/pull/2958) (@dannymidnight) +- Add tini-static to alpine images [#3054](https://github.com/buildkite/agent/pull/3054) (@DrJosh9000) + +### Fixed +- Implement several documentation improvements to the Agent (for the Buildkite Docs). [#3043](https://github.com/buildkite/agent/pull/3043) (@gilesgas) +- Allow token to be empty if graphql-token is provided [#3051](https://github.com/buildkite/agent/pull/3051) (@jordandcarter) +- Fix multiline secret redaction when output with \r\n [#3050](https://github.com/buildkite/agent/pull/3050) (@DrJosh9000) +- k8s exec: Perform liveness check of clients [#3045](https://github.com/buildkite/agent/pull/3045) (@DrJosh9000) +- Fix request headers for multipart [#3042](https://github.com/buildkite/agent/pull/3042) (@DrJosh9000) + +### Internal +- install.sh tidyups [#3032](https://github.com/buildkite/agent/pull/3032) (@DrJosh9000) +- Parallel container image uploads [#3035](https://github.com/buildkite/agent/pull/3035) (@DrJosh9000) +- Various dependency bumps: [#3058](https://github.com/buildkite/agent/pull/3058), [#3026](https://github.com/buildkite/agent/pull/3026), [#3055](https://github.com/buildkite/agent/pull/3055), [#3056](https://github.com/buildkite/agent/pull/3056), [#3048](https://github.com/buildkite/agent/pull/3048), [#3047](https://github.com/buildkite/agent/pull/3047), [#3049](https://github.com/buildkite/agent/pull/3049), [#3036](https://github.com/buildkite/agent/pull/3036), [#3041](https://github.com/buildkite/agent/pull/3041), [#3040](https://github.com/buildkite/agent/pull/3040), [#3037](https://github.com/buildkite/agent/pull/3037), [#3039](https://github.com/buildkite/agent/pull/3039) (@dependabot[bot]) + ## [v3.83.1](https://github.com/buildkite/agent/tree/v3.83.0) (2024-10-10) [Full Changelog](https://github.com/buildkite/agent/compare/v3.83.0...v3.83.1) diff --git a/version/VERSION b/version/VERSION index 986127d056..d7c40214e1 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -3.83.1 +3.84.0