Tags give the ability to mark specific points in history as being important
-
v8.2.0
Release: v8.2.08f75808c · ·base-build-scratch: vm_size input — estate-runner VM sizing for the heavy jobs New optional vm_size input sets the VM_SIZE variable on the five heavy build jobs (build-base, kmod-zfs, kmod-nvidia, build-base-zfs, build-base-zfs-nvidia); the estate custom executor's prepare hook maps it to VM vCPU/memory/disk (small|medium|large). Inert on SaaS runners and at the default empty value. promote deliberately keeps the executor default (network-bound). Pairs with runner_tag: anvil for routing compose/kmod builds onto estate hardware. Non-breaking. Built for basef#22 (SaaS-exit Stage 2). E2E validated: ci/lint synthetic consumers at 8f75808 — vm_size=large path (five jobs get VM_SIZE=large, promote unset) and the default/current-basef path (VM_SIZE empty, inert).
-
v8.0.0
Release: v8.0.0e2e7e790 · ·v8.0.0 — fold validate into instance promote The validate component (mock exists-check + retag) is removed; instance promote moves :latest and :stable together in one idempotent step. Instances deliberately don't boot-smoke — basef's earned :stable is the quality bar. Also: kickstart/summary clone literals bumped + release-check guard; earned-stable.svg timing rot removed; README accuracy pass. BREAKING: removes the validate component.
-
v7.0.0
Release: v7.0.00d0fa939 · ·v7.0.0 — instance + validate promote auto-gate on a path list Extends the v6.0.0 base-build-scratch fix to instance and validate. Removes instance.promote_job_rules and validate.job_rules; both gate internally on a path list (instance reuses build_change_paths, validate gets change_paths) via .promote-rules / .validate-rules anchors (build rules minus merge_request). promote and validate-and-promote fire on identical conditions. BREAKING: removes those two inputs. carmine re-pins and drops its overrides.
-
v6.0.0
Release: v6.0.0cd83d304 · ·v6.0.0 — base-build-scratch promote auto-gates on build_change_paths Removes the promote_job_rules input; promote shares the build jobs' change-path gate (heavy-job-rules minus merge_request) via an internal .promote-rules anchor. A docs/CI-only push no longer runs promote or fires a cascade, and build and promote can't drift. BREAKING: consumers passing promote_job_rules must drop it. Backfills v5.0.0/v5.0.1 CHANGELOG entries.
-
v5.0.0
Release: v5.0.0fe842838 · ·v5.0.0 — :stable must be earned promotion behind a verification job (basef boot-smoke). A failed gate skips promote, so :stable never moves and the cascade never fires; a passing gate promotes and pins :stable to the exact smoke-validated digest. consumer's preflight responsibility). Justifies the major bump. Catalog's own CI migrated to composable just recipes (component templates remain inline YAML — they ship to consumers). Proven end-to-end on the crucible nested-KVM runner in both directions (fail blocks, pass promotes).
-
v4.4.0
Release: v4.4.00d2c02a1 · ·v4.4.0 — drop .gitlab-ci.yml from build_change_paths + optional needs on promote Removes .gitlab-ci.yml from default build_change_paths in base-build-scratch.yml and instance.yml so non-image-affecting pushes to main no longer trigger the bootc cascade. Bundled fix for the sibling empty-pipeline failure: promote jobs now have optional: true on their needs of the build job, plus a runtime guard that exits 0 silently when the SHA-tagged image doesn't exist. See CHANGELOG.md for details.
-
v4.3.0
Release: v4.3.0febfef66 · ·v4.3.0: drop cosign signing — subtractive release containers/image cannot verify our keyless signatures at pull time (containers/container-libs#388 since Oct 2025, no fix landed). Signing without verification is ceremony; remove the ceremony. SBOM generation stays as real audit value. See basef README for the upstream blocker + monthly re-check + how-to-re-enable runbook.
-
v4.2.0
Release: v4.2.06a90e490 · ·v4.2.0: subtractive release — drop WATCH_CVE infrastructure Reverts the v4.1.2/v4.1.3 WATCH_CVE != 'true' guards. With cve-watch deprecated on the consumer side (replaced by daily basef-recurring + manual tools/acute-rebuild), the discriminator is dead weight. Validated at SHA 1ab93a60 via basef MR !19 (green) and carmine MR !19 (green).
-
v4.1.1
Release: v4.1.126d47167 · ·v4.1.1: heavy-job rules accept api source Group access token POSTs to /projects/:id/pipeline create source=api pipelines. This patch adds 'if: $CI_PIPELINE_SOURCE == "api"' to heavy-job-rules in base-build-scratch, instance, and container-build. Backward-compatible: trigger source still accepted. Pivots the cascade pattern from N per-project trigger tokens to a single group access token (TRIGGER at dunn.dev/immutable scope). basef + carmine consumer pin bumps land alongside this.
-
v4.1.0
Release: v4.1.0d66ec0a4 · ·v4.1.0: substrate -> instance cascade Validated against basef + carmine v4.1.0 MRs (both GREEN). Catalog changes: - base-build-scratch .heavy-job-rules, instance build rules, container-build job_rules: accept ACUTE=true and trigger source Wires the basef -> carmine cascade pattern with cve-watch acute trigger (deterministic pre-screen) and operator acute-rebuild command. AI triage (claude-sonnet) lands in v4.2.0.