v3.4.0

What's Changed

• Avoid writing to /etc/passwd unless needed by @mac-chaffee in #461
• Expose the ssh diagnostic message by @nan-yu in #464
• Ensure web/exec hooks complete in --one-time by @thockin in #469 and @ChrisERo in #466
• Don't try to remove the root if it appears corrupt by @thockin in #473
• Don't double-register the hook metric by @thockin in #475
• Allow --dest to be an absolute path by @thockin in #477

New Contributors

• @mac-chaffee made their first contribution in #461
• @ChrisERo made their first contribution in #466 (on the v4 branch, ported to v3 in #469)

Full Changelog: v3.3.5...v3.4.0

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.4.0

v3.3.5

This is a minor release. It includes the following changes and also picks up the latest base image, which addresses some vulnerabilities.

• Flag --sync-hook-command ($GIT_SYNC_HOOK_COMMAND) is deprecated (but still works). Use --exechook-command ($GIT_SYNC_EXECHOOK_COMMAND) instead (functionally identical). This adds flags --exechook-timeout ($GIT_SYNC_EXECHOOK_TIMEOUT) and --exechook-backoff ($GIT_SYNC_EXECHOOK_BACKOFF) to parallel webhooks.
• Fix a bug that can mis-attribute callers in log-lines.
• Create git worktrees using the specific SHA rather than branch name. This allows to change branches with persistent volumes. Otherwise should be functionally identical.
• Add flag password-file ($GIT_SYNC_PASSWORD_FILE), which reads the password from a file and this is considered as safer than reading from env or flag directly.
  • --password and --password-file can't be specified at the same time.
  • If --username is specified, then one of --password or --password-file must be specified.

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.5

v3.3.4

This is a security release. It picks up the latest base image, which addresses:

• https://nvd.nist.gov/vuln/detail/CVE-2021-20231

• https://nvd.nist.gov/vuln/detail/CVE-2021-20232

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.4

v3.3.3

This is a minor release.

• Fix a race between ls-remote and fetch that could crash
• Clean up worktrees in case of corruption

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.3

v3.3.2

This is a bugfix release. There is a known bug in libcurl that made HTTPS basically not work. This release changes how git is included so only the most backport of git is installed, and not the backport of libcurl.

See https://superuser.com/questions/1642858/git-throws-fatal-unable-to-access-https-github-com-user-repo-git-failed-se for some more information

Other changes:

• Container image is now just 1 layer
• Make the --error-file world-readable (for use across container boundaries)

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.2

v3.3.1 (BROKEN)

EDIT: This release is broken for HTTPS.

This release is fairly small:

• Create the git-root directory if it does not exist and we need to write to the error file.

• Add sparse-checkout support via a new --sparse-checkout-file flag ($GIT_SYNC_SPARSE_CHECKOUT_FILE). (07e552b)

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.1

v3.3.0

This release includes several noteworthy changes:

• Explicitly set GIT_SYNC_ROOT=/tmp/git in the container image so it is easier to use as non-root with a volume.

• Update Go to 1.15 and debian-base image to buster-v1.4.0

• Add a --git-config flag for arbitrary git settings (45bba18 for more info)

• Use a newer git version (from debian backports)

• Change the symlink target to just the SHA. This allows users to call readlink() on the link and learn the current checked out SHA.

• Fix cases of exit(0) when errors occurred and running as pid1 inside a container.

• Copy all license files for all deps into the container image at /LICENSES/

• Move the exec-hook to AFTER the symlink flip.

• Add a a --error-file flag to export runtime errors. This is useful to be able to inspect the status when running as a sidecar container. (8ea4492)

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.0

v3.2.2

This is a minor release.

• Add support for octal values to int env vars (specifically GIT_SYNC_PERMISSIONS)

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.2.2

v3.2.1

This is a minor release.

• Add a --sync-hook-command flag ($GIT_SYNC_HOOK_COMMAND) which is executed after syncing a new hash of the remote repository

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.2.1

v3.2.0

This is a minor release, except that it makes 1 potentially significant change in behavior.

The --wait flag (aka GIT_SYNC_WAIT) used to default to 0, meaning "immediately". It is now defaulting to 1 second. This should somewhat mitigate users who don't set it and pound their git-servers.

In v4.x I will propose to make it longer by default.

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.2.0