v0.17.1

What's Changed

• Remove cycle in release process by @jonjohnsonjr in #1435

Full Changelog: v0.17.0...v0.17.1

v0.17.0

What's Changed

• allow setting annotations by @seankhliao in #1426
• Update recorder to lazy create file. by @jeffmendoza in #1379
• Change OCI Layout publisher to lazy create layout after build. by @jeffmendoza in #1385
• feat: add image user option by @maxbrunet in #1266

Other changes

• update k8s for kind e2e tests by @cpanato in #1352
• Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by @dependabot in #1387
• Bump golang.org/x/tools from 0.21.0 to 0.25.0 by @dependabot in #1386
• Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by @dependabot in #1357
• Bump github/codeql-action from 3.25.7 to 3.26.6 by @dependabot in #1383
• Bump imjasonh/setup-crane from 0.3 to 0.4 by @dependabot in #1335
• Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1336
• Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by @dependabot in #1370
• Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #1341
• Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by @dependabot in #1374
• Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #1328
• Bump ko-build/setup-ko from 0.6 to 0.7 by @dependabot in #1392
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #1390
• Bump actions/setup-python from 5.1.0 to 5.2.0 by @dependabot in #1388
• Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #1389
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #1391
• docs: kamaji is a ko adopter by @prometherion in #1384
• Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by @dependabot in #1394
• build with go1.23 and general housekeeping by @cpanato in #1396
• Bump actions/upload-artifact from 4.3.3 to 4.4.0 by @dependabot in #1397
• Bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #1399
• Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by @dependabot in #1393
• Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by @dependabot in #1398
• Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by @dependabot in #1402
• Bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #1401
• Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by @dependabot in #1404
• Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by @dependabot in #1405
• Bump github/codeql-action from 3.26.8 to 3.26.9 by @dependabot in #1406
• Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #1408
• Bump github/codeql-action from 3.26.9 to 3.26.10 by @dependabot in #1410
• Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by @dependabot in #1411
• Bump github/codeql-action from 3.26.10 to 3.26.11 by @dependabot in #1414
• Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by @dependabot in #1412
• Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #1413
• Bump golang.org/x/tools from 0.25.0 to 0.26.0 by @dependabot in #1415
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #1416
• Bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #1419
• Bump actions/upload-artifact from 4.4.0 to 4.4.1 by @dependabot in #1418
• Bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in #1417
• debug: separate target and delve parameters by @zregvart in #1368
• Bump actions/upload-artifact from 4.4.1 to 4.4.2 by @dependabot in #1420
• Fix config links by @jeffmendoza in #1380
• Bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by @dependabot in #1432
• Bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #1431
• Bump actions/upload-artifact from 4.4.2 to 4.4.3 by @dependabot in #1421
• Bump github/codeql-action from 3.26.12 to 3.27.0 by @dependabot in #1429
• Remove remaining references to vendor/ by @rsrchboy in #1427
• Document linux_capabilities in builds section by @mejedi in #1430
• feat(docs): Add dark theme by @gabe565 in #1422

New Contributors

• @zregvart made their first contribution in #1368
• @jeffmendoza made their first contribution in #1380
• @gabe565 made their first contribution in #1422
• @rsrchboy made their first contribution in #1427
• @maxbrunet made their first contribution in #1266

Full Changelog: v0.16.0...v0.17.0

v0.16.0

What's Changed

• Add debug flag to include delve by @luhring in #1320
• remove support for CycloneDX SBOMs by @imjasonh in #1333

Other changes

• Fix a typo in terraform.md by @chaodaiG in #1323
• Bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1276
• Bump k8s.io/apimachinery from 0.29.4 to 0.30.1 by @dependabot in #1313
• Bump github.com/spf13/viper from 1.18.2 to 1.19.0 by @dependabot in #1324
• Bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #1325
• Bump golang/govulncheck-action from 1.0.2 to 1.0.3 by @dependabot in #1326
• Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible by @dependabot in #1331
• Update CONTRIBUTING.md by @caniszczyk in #1250
• Bump reviewdog/action-misspell from 1.17.0 to 1.19.0 by @dependabot in #1332

New Contributors

• @chaodaiG made their first contribution in #1323
• @caniszczyk made their first contribution in #1250

Full Changelog: v0.15.4...v0.16.0

v0.15.4

What's Changed

• Refactor global values to be defaults by @nmittler in #1318

• Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #1316

• Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by @dependabot in #1315

• Bump github/codeql-action from 2.13.4 to 3.25.5 by @dependabot in #1319

• Bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in #1321

Full Changelog: v0.15.3...v0.15.4

v0.15.3

🚨 We are investigating an issue with this release 🚨
See #1317 for more details.

What's Changed

• Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by @dependabot in #1244
• Fix fly.io deployment docs by @imjasonh in #1247
• Bump golang.org/x/tools from 0.18.0 to 0.19.0 by @dependabot in #1249
• Update setup-ko action link in install.md by @koki-develop in #1256
• Fix kind image names with --bare by @aidy in #1027
• fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by @nesty92 in #1267
• drop go1.20 and start testing with go1.22 and ci updates by @cpanato in #1251
• Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by @dependabot in #1265
• Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by @dependabot in #1252
• Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by @dependabot in #1258
• Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1255
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #1257
• Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #1253
• Bump actions/setup-python from 5.0.0 to 5.1.0 by @dependabot in #1269
• Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by @dependabot in #1259
• Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by @dependabot in #1263
• Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by @dependabot in #1270
• Add support for setting capabilities on the app binary by @mejedi in #1271
• Bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1273
• Bump golang.org/x/tools from 0.19.0 to 0.20.0 by @dependabot in #1272
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1275
• Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1277
• chore: fix function names in comment by @camcui in #1278
• Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by @dependabot in #1279
• Fix AWS Lambda advanced docs by @mattn in #1281
• Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1284
• Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #1283
• Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1285
• Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by @dependabot in #1286
• Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1288
• Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by @dependabot in #1287
• Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1290
• Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1289
• Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #1291
• Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.1+incompatible by @dependabot in #1292
• Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1293
• Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #1294
• Update index.md by @xcloudscript in #1295
• Bump golang.org/x/tools from 0.20.0 to 0.21.0 by @dependabot in #1299
• Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #1298
• Bump golangci/golangci-lint-action from 5.3.0 to 6.0.0 by @dependabot in #1297
• update golangci-lint by @cpanato in #1296
• Bump github.com/docker/docker from 26.1.1+incompatible to 26.1.2+incompatible by @dependabot in #1303
• Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #1309
• Bump golangci/golangci-lint-action from 6.0.0 to 6.0.1 by @dependabot in #1300
• Bump sigs.k8s.io/kind from 0.22.0 to 0.23.0 by @dependabot in #1311
• feat: Add global env by @nmittler in #1310
• feat: Add template params for git by @nmittler in #1307
• Remove vendor directory by @nmittler in #1312
• feat: add template params for platform info by @nmittler in #1302
• Add global flags and ldflags by @nmittler in #1314

New Contributors

• @koki-develop made their first contribution in #1256
• @nesty92 made their first contribution in #1267
• @mejedi made their first contribution in #1271
• @camcui made their first contribution in #1278
• @mattn made their first contribution in #1281
• @xcloudscript made their first contribution in #1295
• @nmittler made their first contribution in #1310

Full Changelog: v0.15.2...v0.15.3

v0.15.2

What's Changed

• Fix kind image loading for MacOS by @aidy in #1057
• Bump golang.org/x/tools from 0.15.0 to 0.16.0 by @dependabot in #1185
• (feat) Adding styling to code blocks by @userbradley in #1187
• Bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 by @dependabot in #1188
• Correct cluster name in error message when no nodes are found by @SaschaSchwarze0 in #1189
• Bump actions/setup-python from 4.7.1 to 4.8.0 by @dependabot in #1192
• Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2 by @dependabot in #1191
• Bump github.com/spf13/viper from 1.17.0 to 1.18.0 by @dependabot in #1196
• Bump actions/setup-python from 4.8.0 to 5.0.0 by @dependabot in #1195
• Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #1194
• Bump actions/stale from 8.0.0 to 9.0.0 by @dependabot in #1197
• Bump reviewdog/action-misspell from 1.14.0 to 1.14.1 by @dependabot in #1200
• Bump github.com/spf13/viper from 1.18.0 to 1.18.1 by @dependabot in #1199
• chore: add capsule as lover by @oliverbaehler in #1193
• Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #1201
• Bump golang.org/x/tools from 0.16.0 to 0.16.1 by @dependabot in #1202
• Bump k8s.io/apimachinery from 0.28.4 to 0.29.0 by @dependabot in #1203
• Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #1204
• Bump github.com/spf13/viper from 1.18.1 to 1.18.2 by @dependabot in #1206
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #1205
• Bump reviewdog/action-misspell from 1.14.1 to 1.15.0 by @dependabot in #1207
• Fix the KO_CONFIG_PATH default value in the documentation by @amirh in #1208
• Bump golang.org/x/sync from 0.5.0 to 0.6.0 by @dependabot in #1209
• Bump golang.org/x/tools from 0.16.1 to 0.17.0 by @dependabot in #1211
• Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in #1212
• Bump k8s.io/apimachinery from 0.29.0 to 0.29.1 by @dependabot in #1213
• Bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0 by @dependabot in #1214
• Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in #1215
• Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in #1219
• Bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0 by @dependabot in #1222
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #1224
• Bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3 by @dependabot in #1223
• Bump github.com/docker/docker from 24.0.7+incompatible to 25.0.2+incompatible by @dependabot in #1225
• Bump sigs.k8s.io/kind from 0.20.0 to 0.21.0 by @dependabot in #1226
• Bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6 by @dependabot in #1230
• Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #1229
• Bump github.com/docker/docker from 25.0.2+incompatible to 25.0.3+incompatible by @dependabot in #1234
• Bump aws-actions/configure-aws-credentials from 4.0.1 to 4.0.2 by @dependabot in #1233
• Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #1237
• Bump golang.org/x/tools from 0.17.0 to 0.18.0 by @dependabot in #1238
• Bump sigs.k8s.io/kind from 0.21.0 to 0.22.0 by @dependabot in #1239
• Bump k8s.io/apimachinery from 0.29.1 to 0.29.2 by @dependabot in #1240
• Bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 by @dependabot in #1242

New Contributors

• @userbradley made their first contribution in #1187
• @SaschaSchwarze0 made their first contribution in #1189
• @oliverbaehler made their first contribution in #1193
• @amirh made their first contribution in #1208

Full Changelog: v0.15.1...v0.15.2

v0.15.1

What's Changed

• Don't AppendDescriptor until we've written config by @jonjohnsonjr in #1175
• Add more locking around on-disk image cache by @jonjohnsonjr in #1176
• Fix "AM" Time Typo by @StephenGrider in #1179
• docs: add MacPorts install info by @herbygillot in #1180

New Contributors

• @StephenGrider made their first contribution in #1179
• @herbygillot made their first contribution in #1180

Full Changelog: v0.15.0...v0.15.1

v0.15.0

What's Changed

• implement dumb cache for images by @jonjohnsonjr in #1102
• fixed typo in configuration.md by @samlaf in #1105
• pkg/commands: fix dropped errors by @alrs in #1109
• ci: add govulncheck by @imjasonh in #1110
• chore: remove refs to deprecated io/ioutil by @testwill in #1092
• Update install docs to install ko using Scoop by @pgrunm in #1118
• include go build output in build error by @imjasonh in #1127
• Use go1.21, clean up ci and drop go1.19 by @cpanato in #1137
• Update e2e.yaml by @imjasonh in #1141
• handle newfound lint errors by @imjasonh in #1142
• fix test broken by lint fix by @imjasonh in #1143
• Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #1136
• fix env var for go env by @cpanato in #1140
• docs: add docs for TF and Lambda by @imjasonh in #1139
• docs: add Lambda and TF pages to sidebar by @imjasonh in #1144
• include example using go packages by @imjasonh in #1145
• fix the release workflow and install instructions by @developer-guy in #1150
• update missing places that was using go1.20 by @cpanato in #1163

New Contributors

• @samlaf made their first contribution in #1105
• @alrs made their first contribution in #1109
• @testwill made their first contribution in #1092
• @pgrunm made their first contribution in #1118

Full Changelog: v0.14.1...v0.15.0

v0.14.1

What's Changed

• fix: Use attestation-name output by @ianlewis in #980
• Upgrade to go120 by @cpanato in #984
• fix release workflow by @imjasonh in #977
• fix deprecated attestation name by @developer-guy in #983
• refactor release job by @cpanato in #986
• use git hash instead of git tag by @cpanato in #988
• Correct a typo in resolver.go by @felixonmars in #989
• feat: add riscv64 to goreleaser goarch by @ernado in #990
• try to fix codeql workflow by @imjasonh in #994
• Push images faster by @jonjohnsonjr in #1005
• Don't publish tags twice by @jonjohnsonjr in #1010
• Add context to many gobuild errors by @jonjohnsonjr in #1016
• Fix --local with KO_DOCKER_REPO by @jonjohnsonjr in #1017
• Fix: Incorporate platform architecture by @mattmoor in #1029
• Update community.md by @imjasonh in #1035
• mention ko tekton task by @imjasonh in #1039
• Update community.md by @imjasonh in #1037
• Fix kind image loading for MacOS by @aidy in #1026
• Revert "Fix kind image loading for MacOS" by @imjasonh in #1054
• update boilerplate file to be KO Build Authors by @cpanato in #1056
• Pin setup-ko to previous release by @jonjohnsonjr in #1082

New Contributors

• @felixonmars made their first contribution in #989
• @ernado made their first contribution in #990
• @aidy made their first contribution in #1026
• @luhring made their first contribution in #1073

Full Changelog: v0.13.0...v0.14.1

v0.14.0

Merge pull request #1079 from ko-build/dependabot/github_actions/slsa…