Tags

v1.2.0

feat: add installer ISO pipeline component

New component: templates/installer.yml
Reusable manual job for building anaconda-iso installer media from any bootc instance.

v1.1.0

refactor: instance component uses supply-chain !reference

Instance build/promote jobs now use !reference to supply-chain hidden
jobs for cosign, syft, SBOM, and attestation. Eliminates inline
duplication that caused the v1.0.3-v1.0.6 bug chain. Net -49 lines.

Breaking: consumers MUST include supply-chain component alongside
instance component for !reference resolution.

v1.0.6

fix: use -a short flag for cosign annotations in instance component

cosign sign with COSIGN_EXPERIMENTAL=1 rejects --annotation long flag.
Use -a short flag, matching supply-chain component pattern.

v1.0.5

fix: add registry credentials to instance component cosign

Instance cosign sign/attest were missing --registry-username,
--registry-password, and COSIGN_EXPERIMENTAL=1. Aligned with
supply-chain component's .sign_image pattern.

v1.0.4

fix: remove stderr suppression from cosign in instance component

Cosign sign/attest failures were hidden by 2>/dev/null. Removed so
errors are visible in CI logs.

v1.0.3

fix: install jq in instance build job

Instance build job used jq to extract base image digest but never
installed it. detect-changes and promote already had jq — build was
the only job missing it.

v1.0.2

fix: dotenv artifact paths and release automation

- Write dotenv artifacts to CI_PROJECT_DIR in base-modules (fixes empty version variables)
- Slim README for catalog-first documentation
- Release descriptions now populated from annotated tag messages with commit changelog

v1.0.1

v1.0.0