Releases: pivotal-cf/kiln
Releases · pivotal-cf/kiln
v0.113.0
v0.112.0
Embeds ezbake functionality into kiln as a carvel subcommand Embeds ezbake functionality into kiln as a Go library, adding full lifecycle support for baking, uploading, publishing, and reproducibly re-baking Carvel/Kubernetes tiles. ### New commands - **`kiln carvel bake`** — Transforms an imgpkg bundle into a BOSH release and bakes it into a `.pivotal` file. When a `Kilnfile.lock` is present, downloads the cached BOSH release from Artifactory instead of regenerating locally. - **`kiln carvel upload`** — Generates a BOSH release from Carvel tile source, uploads the tarball to Artifactory, and writes `Kilnfile.lock` with the remote location and checksum. - **`kiln carvel publish`** — Bakes a final tile with version stamping and produces a JSON bake record for reproducible builds. - **`kiln carvel re-bake`** — Reproduces a tile build from a bake record, verifying source revision matches the git checkout. ### New packages - **`internal/carvel`** — Core `Baker` that reads tile metadata (`base.yml`) and imgpkg bundles, generates a BOSH release via `bosh create-release`, creates a kiln-compatible structure in `.ezbake/`, and invokes `kiln bake` to produce the final `.pivotal` file. - **`internal/carvel/models`** — Data models for tile metadata, Carvel lockfiles, package installs, runtime configs, and jobs. ### Architecture The `kiln carvel` command group is registered in `main.go` and delegates to subcommands via `jhanda.CommandSet`. Each subcommand uses the standard `flags.Standard` embedded struct to load Kilnfiles with variable interpolation (e.g., from `~/.kiln/credentials.yml`), keeping credential handling consistent with existing kiln commands. The `Baker` interface drives the imgpkg-to-BOSH transformation and tile assembly. ### Other changes - **Consistent lockfile serialization** — `CarvelLockfile` now uses `releases` (plural, as a slice) instead of `release` (singular), matching the standard `KilnfileLock` format in `pkg/cargo`. - **CI lint fixes** — Resolved all `staticcheck` and `unused` findings across the new files (capitalized error strings, redundant embedded field selectors, unnecessary `fmt.Sprintf`, unused functions). - **CI test stability** — Test `BeforeEach` blocks that run `git commit` now pass `-c user.name` / `-c user.email` inline so they work on CI runners without global git config. - **Acceptance and unit tests** — Full test coverage for all four subcommands, the `Baker`, and the Carvel model types. ## Usage ```sh # Bake a Carvel tile locally kiln carvel bake --source-directory /path/to/tile --output-file tile.pivotal # Upload the BOSH release to Artifactory (writes Kilnfile.lock) kiln carvel upload --source-directory /path/to/tile --kilnfile /path/to/Kilnfile # Publish a versioned tile and produce a bake record kiln carvel publish --source-directory /path/to/tile --output-file tile.pivotal --version 1.0.0 --final # Reproduce a tile from a bake record kiln carvel re-bake --output-file tile.pivotal bake-record.json ``` ## Test plan - [x] `go test ./internal/carvel/...` — Baker and model unit tests - [x] `go test ./internal/commands/...` — All carvel subcommand tests (bake, upload, publish, re-bake) - [x] `go test ./internal/acceptance/carvel/...` — Integration/acceptance tests - [x] `golangci-lint run ./...` — Zero lint issues
v0.111.0
Resolve the stemcell slug for Windows2022 (#630)
v0.110.0
v0.109.0
fix: variable file default discovery for nested tiles (#538)
There's a bug where Kiln `re-bake` wasn't accounting for the relative
tile / Kilnfile path when automatically discovering variable files.
Since `re-bake` relies heavily on convention in typical use, we'd like
to fix this.
### Reproducing the bug
I forked `hello-tile` and modified it to have a nested tile directory
with a single variable `$( variable "hellothere" )` to be interpolated
in its `base.yml`. I created a variables file under
`nest/variables/hellothere.yml` defining its namesake.
It's expected at this point that we need to pass the `--variables-file`
explicitly because `kiln` doesn't know about the nesting yet:
**Creating the record**
```sh
kiln bake --final --version 6 \
--vr artifactory_host=<redacted> \
--vr artifactory_repo=<redacted> \
--vr artifactory_username=<redacted> \
--vr artifactory_password=<redacted> \
--metadata nest/base.yml \
--icon=nest/icon.png \
--kilnfile nest/Kilnfile \
--variables-file nest/variables/hellothere.yml
Setting default credentials from ~/.kiln/credentials.yml. (hint: --variable-file overrides this default. --variable overrides both.)
Warning: The "allow-only-publishable-releases" flag was not set. Some fetched releases may be intended for development/testing only. EXERCISE CAUTION WHEN PUBLISHING A TILE WITH THESE RELEASES!
Gathering releases...
All releases already downloaded
Reading release manifests...
Reading stemcell criteria from Kilnfile.lock
Encoding icon...
Building tile-6.pivotal...
Adding metadata/metadata.yml to tile-6.pivotal...
Creating empty migrations folder in tile-6.pivotal...
Adding releases/hello-release-1.0.5-ubuntu-jammy-1.737.tgz to tile-6.pivotal…
```
This is expected behavior.
Then we find the bug:
**Re-baking the record**
```sh
mv nest/bake_records/6.json /tmp/6.json
mv tile-6.pivotal ~/workspace/tilediff/tile-6-new.zip
kiln re-bake --output-file /tmp/tile-6-rebake.pivotal /tmp/6.json
Setting default credentials from ~/.kiln/credentials.yml. (hint: --variable-file overrides this default. --variable overrides both.)
Warning: The "allow-only-publishable-releases" flag was not set. Some fetched releases may be intended for development/testing only. EXERCISE CAUTION WHEN PUBLISHING A TILE WITH THESE RELEASES!
Gathering releases...
All releases already downloaded
Reading release manifests...
Reading stemcell criteria from Kilnfile.lock
Encoding icon...
2025/03/13 13:45:30 could not execute "re-bake": failed when rendering a template: nest/base.yml:3:10: executing "nest/base.yml" at <variable "hellothere">: error calling variable: could not find variable with key 'hellothere'
```
### The fix
Essentially we're including the nested directory when available during
our variable files search. We define
```go
func getVariablesDir(fs flags.FileSystem, kilnfilePath string) string
```
and then use it during the search:
```go
func getVariablesFilePaths(fs flags.FileSystem, kilnfilePath string) ([]string, error) {
variablesDirPath := getVariablesDir(fs, kilnfilePath)
files, err := fs.ReadDir(variablesDirPath)
...
```
and
```go
func variablesDirPresent(fs flags.FileSystem, kilnfilePath string) bool {
variablesDirPath := getVariablesDir(fs, kilnfilePath)
file, err := fs.Stat(variablesDirPath)
...
```
### Testing the fix
Let's build this branch as `kiln-dev` and then re-run the above commands
in an equivalent way:
**Creating the record**
```sh
kiln-dev bake --final --version 6 \
--vr artifactory_host=<redacted> \
--vr artifactory_repo=<redacted> \
--vr artifactory_username=<redacted> \
--vr artifactory_password=<redacted> \
--metadata nest/base.yml \
--icon=nest/icon.png \
--kilnfile nest/Kilnfile
Setting default credentials from ~/.kiln/credentials.yml. (hint: --variable-file overrides this default. --variable overrides both.)
Warning: The "allow-only-publishable-releases" flag was not set. Some fetched releases may be intended for development/testing only. EXERCISE CAUTION WHEN PUBLISHING A TILE WITH THESE RELEASES!
Gathering releases...
All releases already downloaded
Reading release manifests...
Reading stemcell criteria from Kilnfile.lock
Encoding icon...
Building tile-6.pivotal...
Adding metadata/metadata.yml to tile-6.pivotal...
Creating empty migrations folder in tile-6.pivotal...
Adding releases/hello-release-1.0.5-ubuntu-jammy-1.737.tgz to tile-6.pivotal...
```
**Re-baking the record**
```sh
kiln-dev re-bake --output-file /tmp/tile-6-rebake.pivotal /tmp/6.json
Setting default credentials from ~/.kiln/credentials.yml. (hint: --variable-file overrides this default. --variable overrides both.)
Warning: The "allow-only-publishable-releases" flag was not set. Some fetched releases may be intended for development/testing only. EXERCISE CAUTION WHEN PUBLISHING A TILE WITH THESE RELEASES!
Gathering releases...
All releases already downloaded
Reading release manifests...
Reading stemcell criteria from Kilnfile.lock
Encoding icon...
Building /tmp/tile-6-rebake.pivotal...
Adding metadata/metadata.yml to /tmp/tile-6-rebake.pivotal...
Creating empty migrations folder in /tmp/tile-6-rebake.pivotal...
Adding releases/hello-release-1.0.5-ubuntu-jammy-1.737.tgz to /tmp/tile-6-rebake.pivotal…
```
fixing the issue.
v0.108.0
Add NPM as part of installing NodeJS Co-authored-by: Dave Walter <dave.walter@broadcom.com>
v0.107.0
Install latest NodeJS using apt-get (#581)
v0.106.0
fix: escape non-scalar literals in variables (#560) fixes #559 Signed-off-by: Max Brauer <mbrauer@vmware.com>
v0.105.0
Update kiln test to read the response from image building Co-authored-by: Dave Walter <dave.walter@broadcom.com>
v0.104.0
Update the release workflow to goreleaser v2