chore(deps): update dependency aquaproj/aqua to v2

[renovate]

This PR contains the following updates:

Package	Update	Change
aquaproj/aqua	major	v1.38.0 -> v2.17.0

---

Release Notes

aquaproj/aqua (aquaproj/aqua)

v2.17.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.16.4...v2.17.0

Features

#​2355 #​2447 Limit the number of versions retrieved by command generate and update @​dreamjz

With aqua v2.16.4 or earlier, aqua generate -s and aqua update -s retrieve all versions and you can't change the number of versions.
This release adds the command line option --limit/-l to these commands.
The value of this option is the number of versions.
The default value is 30.
If the value is less than zero, all versions are retrieved.

e.g.

aqua g -s # Retrieve 30 versions
aqua g -s -l 10 # Retrieve 10 versions
aqua g -s -l -1 # Retrieve all versions

#​2445 Change the default checksum algorithm from sha512 to sha256

sha256 is enough.
We don't need to use sha512.

#​2428 Add an alias of update-checksum command

aqua upc

#​2105 #​2425 #​2413 generate-registry: Improve the format of version_overrides and improve the logic to generate version_overrides

Bug Fixes 🐞

#​2444 generate-registry: Fix checksum filename for sha1

Others

#​2436 chore(deps): update dependency slsa-framework/slsa-verifier to v2.4.1
#​2395 change the format of prebuilt binaries for Windows to zip

Before:

aqua_windows_amd64.tar.gz
aqua_windows_arm64.tar.gz

After:

aqua_windows_amd64.zip
aqua_windows_arm64.zip

On Windows zip is more user friendly than tar.gz.
And to support Winget for Windows, it seems we need to change the format to zip.

• https://github.com/aquaproj/aqua/issues/2401

  • winget
  ⨯ release failed after 1m11s               error=no zip archives found matching goos=[windows] goarch=[amd64 386] goamd64=v1 ids=[]
Error: Process completed with exit code 1.

⚠️ To upgrade aqua to v2.17.0 or newer on Windows, you need to upgrade aqua to v2.16.1 ~ v2.16.4 once.

e.g.

aqua upa v2.16.4
aqua upa

New Contributors 🎉

Thank you for your contribution!

@​dreamjz #​2447

v2.16.4

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.16.3...v2.16.4

Bug Fixes

#​2420 generate-registry: Get latest versions of cargo packages

v2.16.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.16.2...v2.16.3

Bug Fixes

#​2414 #​2415 fix a bug that AQUA_DISABLE_POLIDY doesn't work
#​2412 generate-registry: Improve the judgement of OS by file extensions such as .exe, .pkg, and .dmg

Others

Refactoring

v2.16.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.16.1...v2.16.2

Others

#​2399 #​2400 Support Scoop 🎉

You can install aqua by Scoop on Windows.

scoop bucket add aquaproj https://github.com/aquaproj/scoop-bucket
scoop install aqua

v2.16.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.16.0...v2.16.1

Bug Fixes

#​2393 generate-registry: Fix the usage of -cmd option

Others

#​2394 #​2396 Change the format to zip on Windows at aqua v2.17.0

This is a preparation for the future change.
At aqua v2.17.0, the format of prebuilt binaries for Windows will be changed from tar.gz to zip.
This is because zip is more user friendly for Windows Users and some tools such as Winget expects zip.

https://github.com/goreleaser/goreleaser/blob/b1271d2559e05711e31c6d39c9cbf9eb3e808d5a/internal/pipe/winget/winget.go#L41

To upgrade aqua to v2.17.0 or later on Windows, you need to upgrade aqua to v2.16.1 or later first.
aqua can't upgrade aqua from v2.16.0 or earlier to v2.17.0 or later on Windows.

$ aqua update-aqua v2.16.1
$ aqua update-aqua

v2.16.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.15.1...v2.16.0

Features

#​2380 Support removing packages by command names

e.g.

aqua rm tfcmt # Remove suzuki-shunsuke/tfcmt

v2.15.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.15.0...v2.15.1

Bug Fixes

#​2376 Fix a bug that aqua stops searching configuration files if files are located in either aqua or .aqua directory

How to reproduce the issue

Directory structure

/workspace/
  aqua.yaml
  foo/ # current directory
    aqua/
      aqua.yaml

Run aqua i.

aqua i

Expected behaviour

aqua installs packages with /workspace/aqua.yaml and /workspace/foo/aqua/aqua.yaml.

Actual behaviour

aqua installs packages with only /workspace/foo/aqua/aqua.yaml, and ignores /workspace/aqua.yaml.

v2.15.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.14.1...v2.15.0

Overview

• Features
  • #​2351 #​2366 generate-registry: Get all GitHub Releases by default
  • #​2349 #​2362 generate-registry: Add an option -cmd
• Others
  • #​2359 update-aqua: Add an alias upa to the command

generate-registry: Get all GitHub Releases by default

#​2351 #​2366

The behaviour of generate-registry command was changed.
The command gets all GitHub Releases by default to generate version_overrides.

The option --deep is deprecated. The option has no meaning anymore. The option is kept only for the compatibility.
The option will be removed at aqua v3.

The option --limit (-l) is added. This option takes an integer, which is the maximum number of releases.

e.g.

aqua gr --limit 100

generate-registry: Add an option -cmd

#​2349 #​2362

If -cmd is set, files is set.

e.g.

$ aqua gr -cmd gh cli/cli

##### ...
  files:
    - name: gh

You can specify multiple commands with commas ,.

e.g.

$ aqua gr -cmd age,age-keygen FiloSottile/age

##### ...
  files:
    - name: age
    - name: age-keygen

update-aqua: Add an alias upa to the command

#​2359

update-aqua is too long.

$ aqua upa # update-aqua

v2.14.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.14.0...v2.14.1

Fixes

#​2354 #​2356 generate: Fixed a bug that sometimes aqua g outputs non latest version

versiongetter: Fix getting the latest version

Use GetLatestRelease API before using ListReleases API

#​2245 #​2358 generate: Fixed a bug that aqua g -i fails when a comment exists in the same line with packages:

Get string values from *ast.StringNode.Value instead of ast.MapKeyNode.String()

Others

#​2340 fix(deps): update module github.com/google/go-github/v55 to v56

v2.14.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.13.1...v2.14.0

#​1657 #​2329 Update registries and packages by update command

Finally aqua update command is supported 🎉
You can update all packages and registries, or select updated packages.
You can also select packages and versions with fuzzy finder.

Document

[!NOTE]
You can update registries and packages by Renovate too.
Please see Update packages by Renovate.

You can update registries and packages by aqua update (up) command.

If no argument is passed, all registries and packages are updated to the latest.

##### Update all packages and registries to the latest versions
aqua update

This command has an alias "up"

aqua up

This command

• gets the latest version from GitHub Releases, GitHub Tags, and crates.io and updates aqua.yaml
• doesn't install packages

Updated configuration file paths

This command finds a configuration file aqua.yaml according to the rule and updates only one file.
Once this command finds one file, it stops searching other aqua.yaml.

So if you want to update other files, please change the current directory or specify the configuration file path with the option -c.

aqua -c foo/aqua.yaml update

Update only registries

If you want to update only registries, please use the --only-registry [-r] option.

##### Update only registries
aqua update -r

Update only packages

If you want to update only packages, please use the --only-package [-p] option.

##### Update only packages
aqua update -p

Update only specific commands

You can specify packages with command names. aqua finds packages that have these commands and updates them.

aqua update <command name> [<command name> ...]

e.g.

##### Update cli/cli
aqua update gh

Select packages with Fuzzy Finder

If you want to update only specific packages, please use the -i option.
You can select packages with the fuzzy finder.
If -i option is used, registries aren't updated.

##### Select updated packages with fuzzy finder
aqua update -i

Select the package version with Fuzzy Finder

If you want to select versions, please use the -s option.
You can select versions with the fuzzy finder. You can not only update but also downgrade packages.

##### Select updated packages and versions with fuzzy finder
aqua update -i -s

The field version is ignored

This command doesn't update packages if the version field is used.

packages:
  - name: cli/[email protected] # Update
  - name: gohugoio/hugo
    version: v0.118.0 # Doesn't update

So if you don't want to update specific packages, the version field is useful.

commit hashes are ignored

This command doesn't update commit hashes.

packages:
  - name: google/pprof@d04f2422c8a17569c14e84da0fae252d9529826b # Doesn't update

⚠️ Known Issues

There are some known issues related to the third party library goccy/go-yaml.

null is set to packages wrongly if registries are updated and packages is empty

This issue is because of the third party library goccy/go-yaml.

Before

registries:
- ref: v4.60.0
  type: standard
packages:

Run aqua up.

$ aqua up
INFO[0000] updating a registry                           aqua_version= env=darwin/arm64 new_version=v4.65.0 old_version=v4.60.0 program=aqua registry_name=standard

After

registries:
- ref: v4.65.0
  type: standard
packages: null

Newlines are removed wrongly

This issue is because of the third party library goccy/go-yaml.

• https://github.com/goccy/go-yaml/issues/285

Before

registries:
- ref: v4.60.0
  type: standard

packages:
- name: suzuki-shunsuke/[email protected]

Run aqua up.

$ aqua up
INFO[0000] updating a registry                           aqua_version= env=darwin/arm64 new_version=v4.65.0 old_version=v4.60.0 program=aqua registry_name=standard

After

registries:
- ref: v4.65.0
  type: standard
packages:
- name: suzuki-shunsuke/[email protected]

Discord Channel was open 🎉

This has nothing to do with this release, but we opened a Discord channel 🎉

https://discord.com/channels/1141777454164365382/1162444533959757955

v2.13.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.13.0...v2.13.1

Others

#​2332 chore(deps): update dependency golang/go to v1.21.3
#​2335 fix(deps): update module github.com/google/go-cmp to v0.6.0

v2.13.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.12.2...v2.13.0

This release includes several improvement of Registry settings.
This updates affect Registry developers including aqua-registry's contributors.
There is no direct change for almost all aqua users.

To keep the compatibility and minimize the effect to users, we won't use new features in aqua-registry for at least one month after v2.13.0 is released.
If we apply new features to existing packages of aqua-registry, this requires a major update of aqua-registry because this is a breaking change.

Features

#​2318 #​2320 Add a new field envs to overrides instead of goos and goarch
#​2132 #​2317 Support using go_install or go_build if the platform isn't included in supported_envs
#​1774 #​2314 Support omitting .{{.Format}} in asset and url
#​1876 #​2313 Support short file extensions in format
#​1774 #​2310 Add the template variable AssetWithoutExt to files[].src

Add a new field envs to overrides instead of goos and goarch

#​2318 #​2320

Add a new field envs to overrides.
The syntax of envs is same with supported_envs.

The syntax of envs is more flexible than the combination of goos and goarch.
In some cases we can simplify the code.

For example, the combination of goos and goarch can't express the pair of linux/arm64 and windows/arm64.

overrides:
  - goos: windows
    goarch: arm64

### ...
  - goos: linux
    goarch: arm64

### ...

envs can simplify the code.

overrides:
  - envs:
      - windows/arm64
      - linux/arm64

### ...

Support using go_install or go_build if the platform isn't included in supported_envs

#​2132 #​2317

A new field build is added to Registry settings.
This enables to install packages by go_install or go_build on platforms where prebuilt binaries aren't published.

This is an example usage of the new field build.

packages:
  - type: github_release
    repo_owner: suzuki-shunsuke
    repo_name: tfcmt
    asset: tfcmt_{{.OS}}_{{.Arch}}.{{.Format}}
    format: tar.gz
    supported_envs:
      - linux
    build:
      type: go_build
      files:
        - name: tfcmt
          src: ./cmd/tfcmt
          dir: tfcmt-{{trimV .Version}}

supported_envs is linux, so on platforms other than linux aqua installs tfcmt by go_build.

go_install is also available.

    build:
      type: go_install
      path: github.com/suzuki-shunsuke/tfcmt/v4/cmd/tfcmt

If go_build failed on windows/arm64 and you'd like to exclude windows/arm64, excluded_envs is available.

    build:
      type: go_build
      excluded_envs:
        - windows/arm64
      files:
        - name: tfcmt
          src: ./cmd/tfcmt
          dir: tfcmt-{{trimV .Version}}

If you'd like to disable build in version_overrides, enabled is available.

build:
  enabled: false

Why not overrides?

Of course, we can do the same thing with overrides.
But build makes the intension of the code clear and simplify the code.

Support omitting .{{.Format}} in asset and url

#​1774 #​2314

The file extension is complemented if it isn't included in asset and url.

e.g.

asset: foo # This is same with `foo.tar.gz` and `foo.{{.Format}}`
format: tar.gz

The benefit is that you can unify the setting of raw format and non raw format.

Before

asset: kalker-{{.OS}}.{{.Format}}
format: zip
overrides:
  - goos: linux
    format: raw
    asset: kalker-{{.OS}}

After

asset: kalker-{{.OS}}
format: zip
overrides:
  - goos: linux
    format: raw

You can disable the complementation by setting append_ext: false.

append_ext: false

Support short file extensions in format

#​1876 #​2313

The following short file extensions can be available in format.

• tbr
• tbz
• tbz2
• tgz
• tlz4
• tsz
• txz

e.g.

format: tbz2

Add the template variable AssetWithoutExt to files[].src

#​1774 #​2310

The new template variable AssetWithoutExt is a string that a file extension is removed from Asset.

e.g.

    asset: aks-engine-{{.Version}}-{{.OS}}-{{.Arch}}.tar.gz
    files:
      - name: aks-engine
        src: "{{.AssetWithoutExt}}/aks-engine" # "{{.AssetWithoutExt}}" == "aks-engine-{{.Version}}-{{.OS}}-{{.Arch}}"

v2.12.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.12.1...v2.12.2

Bug Fixes

#​2303 Fix a bug that path isn't overriden by overrides

Others

#​2304 Update aqua-proxy to v1.2.4
#​2302 Update Go to v1.21.2
#​2286 #​2287 #​2289 #​2290 #​2291 Refactoring

v2.12.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.12.0...v2.12.1

Bug Fixes

#​2282 Fix a bug that supported_envs gets true even if darwin isn't supported on darwin/arm64

This bug was introduced in aqua v1.30.0.

• https://github.com/aquaproj/aqua-registry/pull/15753#issuecomment-1736716809

We found an original issue and a pull request.

• https://github.com/aquaproj/aqua/issues/1512
• https://github.com/aquaproj/aqua/pull/1514

Add darwin/arm64 to supported_envs if rosetta2 is enabled.
Currently, we have to add darwin/arm64 explicitly even if rosetta2 is enabled.

We remembered the intention, but this should be applied only if darwin/amd64 is included in supported_envs.

v2.12.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.11.0...v2.12.0

Features

#​2251 #​2254 Support selecting packages interactively with a fuzzy finder when uninstalling packages

Added -i option to remove command

$ aqua rm -i

If enabling this option, you can select packages interactively with a fuzzy finder.

Others

#​2255 Update aqua-proxy to v1.2.3

v2.11.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.10.1...v2.11.0

Features

#​538 #​2249 Support uninstalling packages
#​2131 #​2065 Support go_build package

Support uninstalling packages

#​538 #​2249

Add a subcommand rm to uninstall packages

Usage

$ aqua rm --all [-a] # Uninstall all packages

$ aqua rm [<registry name>,]<package name> [...] # Uninstall packages

Example

$ aqua rm -a

$ aqua rm cli/cli direnv/direnv

⚠️ Limitation

The following package types can't be removed without --all option.

• http
• go_install

Support go_build package

#​2039 #​2131 #​2065

The new package type go_build has been supported.

Example

packages:
  - type: go_build
    repo_owner: suzuki-shunsuke
    repo_name: github-comment
    files:
      - name: github-comment
        src: ./cmd/github-comment
        dir: github-comment-{{trimV .Version}}

$AQUA_ROOT_DIR/pkgs/go_build/github.com/suzuki-shunsuke/github-comment/v4.0.0/
  bin/
    github-comment
  src/github-comment-4.0.0/
    cmd/github-comment/main.go
    ...

Why is the feature needed?

Because some packages couldn't be installed by go install but could be installed by go build.

aqua ever supported go type package, but it was abandoned at aqua v2 because we thought we could replace it to go_install type package.

• https://aquaproj.github.io/docs/reference/registry-config/go-package
• https://aquaproj.github.io/docs/reference/upgrade-guide/v2/remove-type-go

But we found that some packages couldn't be installed by go install but could be installed by go build.

For example, suzuki-shunsuke/github-comment v5 can't be installed by go install.

$ go install github.com/suzuki-shunsuke/github-comment/v5/cmd/[email protected]
go: github.com/suzuki-shunsuke/github-comment/v5/cmd/[email protected]: github.com/suzuki-shunsuke/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/suzuki-shunsuke/github-comment/v5")

$ go install github.com/suzuki-shunsuke/github-comment/cmd/[email protected] 
go: github.com/suzuki-shunsuke/github-comment/cmd/[email protected]: github.com/suzuki-shunsuke/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/suzuki-shunsuke/github-comment/v5")

This is because github-comment's go.mod was wrong.

https://github.com/suzuki-shunsuke/github-comment/blob/e5fd429b4d1bd84e8b825a2c7b693d6ac570022f/go.mod#L1

module github.com/suzuki-shunsuke/github-comment

This issue was solved by github-comment v6, but github-comment v2 ~ v5 can't still be installed by go install.

• https://github.com/suzuki-shunsuke/github-comment/pull/900

There are many Go tools that can't be installed by go install.

Bug Fixes

#​2120 Fix the default checksum parser to support a tab character as separator
#​2147 Use the basename of the package name as the default command name
#​2176 generate-registry: Fix the format of .tar.zst
#​2202 generate-registry: Remove empty error_message
#​2215 fix a log field version_constraint

Others

#​2151 #​2163 #​2227 Update Go 1.20.6 to 1.21.1

v2.10.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.10.0...v2.10.1

Bug Fixes

#​2119 Stop outputting checksum file paths except for aqua update-checksum

This is a bug of aqua v2.10.0 #​2108

v2.10.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.9.1...v2.10.0

Features

#​2111 Add a subcommand info
#​2108 update-checksum: Output created or updated file names

Others

#​2110 Update aqua-proxy v1.2.0 to v1.2.1

https://github.com/aquaproj/aqua-proxy/releases/tag/v1.2.1

Features - Add a subcommand info

#​2111

e.g.

$ aqua info
{
  "version": "2.10.0",
  "commit_hash": "b80f805489c317d83d7fe0b182f3ef5c82a06725",
  "os": "darwin",
  "arch": "arm64",
  "pwd": "/Users/(USER)/Documents/aqua/info",
  "root_dir": "/Users/(USER)/.local/share/aquaproj-aqua",
  "env": {
    "AQUA_GITHUB_TOKEN": "(masked)",
    "AQUA_GLOBAL_CONFIG": "/Users/(USER)/repos/src/github.com/aquaproj/aqua-registry/aqua-all.yaml"
  },
  "config_files": [
    {
      "path": "/Users/(USER)/Documents/aqua/info/aqua/aqua.yaml"
    }
  ]
}

GitHub Access Token and user name are masked.

This is useful for troubleshooting.
Please paste the result of this command to your support issues.

Features - update-checksum: Output created or updated file names

#​2108

$ aqua update-checksum

This is useful to commit and push created or updated files in CI.

v2.9.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.9.0...v2.9.1

Bug Fixes

#​2098 Fix the Windows support. Fix a bug that aqua skips renaming files mistakenly on Windows.

This bug affects only Windows.
Windows can't execute files without file extension, but some packages release executable files without file extension.
So aqua renames files to add file extension such as .exe on Windows when aqua installs them.

This release fixes a bug that this feature doesn't work well.

Others

#​2091 Update Go 1.20.5 to 1.20.6

v2.9.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.8.0...v2.9.0

Features

#​2058 #​2063 Support disabling Lazy Install
#​2027 #​2062 Add -detail option to "generate" command

Support disabling Lazy Install

#​2058 #​2063

Lazy Install is enabled by default, but you can disable it with the environment variable AQUA_DISABLE_LAZY_INSTALL.

e.g.

export AQUA_DISABLE_LAZY_INSTALL=true

If Lazy Install is disabled, the command would fail if the package isn't installed in advance.

e.g.

$ tfcmt -v
FATA[0000] aqua failed                                   aqua_version= doc="https://aquaproj.github.io/docs/reference/codes/006" env=darwin/arm64 error="the executable file isn't installed yet. Lazy Install is disabled" exe_name=tfcmt package=suzuki-shunsuke/tfcmt package_version=v1.0.0 program=aqua

Disabling Lazy Install is useful to improve the security and keep the governance. You can prevent malicious commands from being installed and executed via Lazy Install. And you can also prevent aqua.yaml from being overwritten.

This is especially useful for CI of Monorepo.

The purpose is same with aqua's Policy, but disabling Lazy Install is simpler than Policy.

Add -detail option to "generate" command

#​2027 #​2062

With -detail (-d) option, aqua outputs additional information such as description and link.

$ aqua g -detail cli/cli
- name: cli/[email protected]
  description: GitHub’s official command line tool
  link: https://github.com/cli/cli

The environment variable AQUA_GENERATE_WITH_DETAIL is also available.

export AQUA_GENERATE_WITH_DETAIL=true

Others

#​2046 Update Go 1.20.4 to 1.20.5

v2.8.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.7.1...v2.8.0

Features

#​2016 #​2019 Support a new package type cargo, installing packages by cargo install
#​2023 Support a new command root-dir, outputting the aqua-root directory AQUA_ROOT_DIR to the standard output

Support a new package type cargo

#​2016 #​2019 Document

The package is installed by cargo install command.

You can manage tools written in Rust with aqua, which means you can manage them and their versions declaratively in the consistent way. You can switch tool versions per project and update them continuously by Renovate!

For details, please see Document

Support a new command root-dir

#​2023

$ aqua help root-dir
NAME:
   aqua root-dir - Output the aqua root directory (AQUA_ROOT_DIR)

USAGE:
   aqua root-dir [command options] [arguments...]

DESCRIPTION:
   Output the aqua root directory (AQUA_ROOT_DIR)
   e.g.

   $ aqua root-dir
   /home/foo/.local/share/aquaproj-aqua

   $ export "PATH=$(aqua root-dir)/bin:PATH"

OPTIONS:
   --help, -h  show help

v2.7.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.7.0...v2.7.1

Bug Fixes

#​2003 #​2006 Fix a bug that the progress bar doesn't work well if some verification such as checksum, SLSA, and Cosign are enabled
#​2013 #​2015 Convert files[].src with filepath.FromSlash for Windows

Others

#​2014 Support the character tab as a separator of the default checksum parser

v2.7.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.6.0...v2.7.0

Features

#​1803 #​2002 Support unarchiving PKG format on macOS

Others

#​1996 Update slsa-verifier to v2.3.0
#​1997 #​2001 Refactoring

v2.6.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.5.2...v2.6.0

Features

#​1984 generate-registry: Enable to parse tags not conforming to semver

If you don't develop Registry or don't contribute to Standard Registry, you can ignore this release.

generate-registry command couldn't parse tags not conforming to semver.
This release enables aqua to parse those tags and extract prefixes and versions.

For example, this release enables aqua to parse the tag version_112 and extracts the prefix version_ and the version 112.

v2.5.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.5.1...v2.5.2

Fixes

#​1983 generate-registry: Use the default checksum parser

v2.5.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.5.0...v2.5.1

Fixes

#​1979 generate-registry: Add unknown-linux and pc-windows to patterns of replacements
#​1872 #​1976 Move the symbolic link of aqua-proxy from $AQUA_ROOT_DIR/bin/aqua-proxy to $AQUA_ROOT_DIR/aqua-proxy

v2.5.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.3...v2.5.0

Features

#​1925 #​1926 Execute commands by execve(2) by default

https://aquaproj.github.io/docs/reference/execve-2

#​710 #​729 #​1597 #​1925

⚠️ In Windows this feature doesn't work.
In Windows, aqua creates small shell scripts and bat scripts instead of aqua-proxy and symbolic links.
And Windows doesn't support execve(2), so the environment variable AQUA_X_SYS_EXEC is ignored.

When a command x is executed via aqua, the command is executed as the following.

1. $AQUA_ROOT_DIR/bin/x: symbolic link to aqua-proxy
2. aqua-proxy executes the command aqua exec -- x
3. aqua executes x

So the command x is executed via aqua-proxy and aqua.
Until aqua v2.5.0, aqua-proxy and aqua executed commands as subprocess. You can confirm it by checking the process tree by pstree command.

e.g.

$ nvim # nvim is managed by aqua
$ pstree -s nvim

     \-+= 00719 shunsukesuzuki -zsh
       \-+= 09955 shunsukesuzuki nvim # aqua-proxy
         \-+- 09956 shunsukesuzuki aqua exec -- nvim
           \--- 09957 shunsukesuzuki /Users/shunsukesuzuki/.local/share/aquaproj-aqua/pkgs/github_release/github.com/neovim/neovim/v0.7.0/nvim-macos.tar.gz/nvim-osx64/bin/nvim

aqua-proxy -> aqua -> x

Sometimes this behaviour caused trouble. #​710 #​1597

From aqua v2.5.0, aqua-proxy and aqua execute commands by execve(2) in Linux and macOS by default.

So extra subprocess isn't raised.

     \-+= 82315 shunsukesuzuki -zsh
       \-+= 82630 shunsukesuzuki nvim

If you feel aqua becomes unstable due to this feature, you can disable this feature by the environment variable AQUA_X_SYS_EXEC.

export AQUA_X_SYS_EXEC=false

Others

#​1926 Update aqua-proxy to v1.2.0
#​1964 Improve error messages when it failed to install aqua-proxy, cosign, and slsa-verifier

v2.4.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.2...v2.4.3

Bug Fixes

#​1961 #​1963 Fix the hardcoded checksum of slsa-verifier windows/amd64

The checksum of slsa-verifier v2.2.0 windows/amd64 was wrong.
So it failed to install slsa-verifier internally.

This bug affects only windows/amd64.

This bug affects aqua >= 2.3.7, aqua <= 2.4.2

• https://github.com/aquaproj/aqua/issues/1961#issuecomment-1536897000

v2.4.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.1...v2.4.2

Bug Fixes

#​1956 #​1957 checksum verification: Fix a bug the default checksum parser can't extract the checksum if the checksum has a prefix "*"

If you don't enable the checksum verification, you can ignore this bug.

⚠️ For aqua-registry v4

If you enable the checksum verification and use aqua-registry v4, please update aqua to v2.4.2 or later.

v2.4.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.4.0...v2.4.1

Features

#​1947 generate-registry: Remove emojis from description @​ponkio-o 🎉 First contribution

v2.4.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.7...v2.4.0

Fixes

#​1904 #​1919 List a package contents if the executable file isn't found in Windows

##### aqua -c aqua-global.yaml exec -- kustomize version
ERRO[0000] check file_src is correct                     aqua_version= env=windows/amd64 error="check file_src is correct: get file_src: CreateFile C:\\Users\\runneradmin\\AppData\\Local\\aquaproj-aqua\\pkgs\\github_release\\github.com\\kubernetes-sigs\\kustomize\\kustomize\\v4.5.7\\kustomize_v4.5.7_windows_amd64.tar.gz\\hoge: The system cannot find the file specified." exe_name=kustomize file_name=kustomize package=kubernetes-sigs/kustomize/version_prefix package_name=kubernetes-sigs/kustomize/version_prefix package_version=kustomize/v4.5.7 program=aqua registry=local
ERRO[0000] executable files aren't found
Files in the unarchived package:
kustomize.exe
   aqua_version= env=windows/amd64 exe_name=kustomize package=kubernetes-sigs/kustomize/version_prefix package_name=kubernetes-sigs/kustomize/version_prefix package_version=kustomize/v4.5.7 program=aqua registry=local
FATA[0000] aqua failed                                   aqua_version= env=windows/amd64 error="check file_src is correct" exe_name=kustomize package=kubernetes-sigs/kustomize/version_prefix package_version=kustomize/v4.5.7 program=aqua

Others

#​1914 generate-registry: Use the default checksum parser

⚠️ Default checksum parser requires aqua >= v1.37.0

v2.3.7

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.6...v2.3.7

Fixes

#​1905 Retry slsa-verifier and cosign regardless command outputs

Others

#​1912 update slsa-verifier v2.1.0 to v2.2.0
#​1910 Update google/go-github v51 to v52

v2.3.6

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.5...v2.3.6

Bug Fixes

#​1889 #​1890 Fix a bug that the log is outputted to not stderr but stdout on Windows

Thank you for reporting this issue, @​knqyf263 https://github.com/aquasecurity/trivy/pull/4058#issuecomment-1511250055

v2.3.5

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.4...v2.3.5

Fixes

#​1883 Change the function semver to return false against commit hash

e.g.

version_constraint

version_constraint: semver(">= 4.0.1")

version: a209843d8ea9db383ce1a1976e43c8e95f831c61

The evaluation result:

• AS IS: true
• TO BE: false

v2.3.4

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.3...v2.3.4

Bug Fixes

#​1875 Fix a panic fatal error: concurrent map writes

v2.3.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.2...v2.3.3

Others

#​1873 Change the install path of aqua and aqua-proxy

This is an internal change, so you don't have to care of this basically.

aqua and aqua-proxy are installed in $AQUA_ROOT_DIR/internal instead of $AQUA_ROOT_DIR/pkgs.
By this change aqua and aqua-proxy are kept even if you remove $AQUA_ROOT_DIR/pkgs for cleaning up.

#​1868 Update JSONSchema

v2.3.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.1...v2.3.2

Bug Fixes

#​1864 Fix the bug that it fails to install a package if a version_constraint can't be evaluated

WARN[0000] version constraint is invalid                 aqua_version=2.3.1 env=darwin/arm64 error="evaluate the expression: Malformed version: edge (1:1)\n | semver(\">= 0.0.6\")\n | ^" exe_name=starship package_name=mvisonneau/vac program=aqua registry_name=local

From this release, if a version_constraint can't be evaluated, aqua treats as the version doesn't match with the version_constraint.

#​1863 generate-registry: Fix typo of the file format .tbz2

v2.3.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.3.0...v2.3.1

Bug Fixes

#​1844 Fix a bug that aqua i -a and aqua cp -a don't read policy files properly

This bug was caused by aqua v2.3.0.

This bug affected the following versions.

• aqua v2.3.0

v2.3.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.2.3...v2.3.0

Features

#​1789 #​1808 Support policy commands and Git Repository root's Policy file

💡 If you use only Standard Registry, you don't have to care of Policy.

The following commands have been added.

• aqua policy init: Create a Policy file
• aqua policy allow: Allow a Policy file
• aqua policy deny: Deny a Policy file

And Git Repository root's Policy file has been introduced.

Please see the document too.

See also

• Tutorial
• Reference
• Reference - Git Repository root's policy file and policy commands

Why is this feature needed?

To improve the user experience of non Standard Registries.
To set up Policy easily keeping the security.

To use non Standard Registries, you had to set the environment variable AQUA_POLICY_CONFIG.
But it is bothersome, especially in the team development because all members have to set the environment variable AQUA_POLICY_CONFIG.
Some tools such as direnv are useful to set environment variables, but it is undesirable to ask users to install additional tools for aqua.

By policy commands and Git Repository root's Policy file, you don't have to set the environment variable AQUA_POLICY_CONFIG.
Instead of setting AQUA_POLICY_CONFIG, you can allow Policy files by running aqua policy allow command according to the guide.
This change improves the user experience keeping the security.

v2.2.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.2.2...v2.2.3

Others

#​1818 #​1840 Add a link to the document "command is not found"

https://aquaproj.github.io/docs/reference/codes/004

$ ci-info --version
FATA[0000] aqua failed                                   aqua_version=2.2.3 doc="https://aquaproj.github.io/docs/reference/codes/004" env=linux/arm64 error="command is not found" exe_name=ci-info program=aqua

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/gha-trigger/test-start-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNC4yIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->