Skip to content

Add post for release v0.19#209

Merged
openshift-merge-bot[bot] merged 4 commits intomainfrom
qu1queee/v0.19
Mar 25, 2026
Merged

Add post for release v0.19#209
openshift-merge-bot[bot] merged 4 commits intomainfrom
qu1queee/v0.19

Conversation

@qu1queee
Copy link
Copy Markdown
Contributor

@qu1queee qu1queee commented Mar 13, 2026

Changes

Add post entry for v0.19 Release

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

NONE

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 13, 2026
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 13, 2026
@qu1queee qu1queee added kind/documentation Categorizes issue or PR as related to documentation. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Mar 13, 2026
@qu1queee qu1queee requested a review from Copilot March 13, 2026 14:46
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Shipwright blog post announcing the v0.19.0 release, summarizing key Build/CLI updates and providing installation instructions for users of the website documentation.

Changes:

  • Introduce a new release announcement post for Shipwright v0.19.0
  • Document Build feature highlights (step resources, RuntimeClass, PipelineRun execution mode) and dependency updates
  • Provide updated install commands and CLI example snippets for v0.19.0

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md Outdated
Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md Outdated
@ILpinto
Copy link
Copy Markdown

ILpinto commented Mar 23, 2026

@qu1queee
I would add a note regarding the recent Trivy Supply Chain Attack: This Shipwright release was not impacted by this incident.

@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 25, 2026
@qu1queee qu1queee marked this pull request as ready for review March 25, 2026 08:21
@qu1queee qu1queee requested a review from Copilot March 25, 2026 08:21
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds the Shipwright v0.19.0 release announcement post to the website blog, summarizing notable Build/CLI updates and providing installation instructions.

Changes:

  • Introduces a new blog post for the v0.19.0 release announcement.
  • Highlights Build feature additions/behavior changes and infrastructure/dependency updates.
  • Documents CLI updates and provides install commands for Build and CLI artifacts.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md
Comment on lines +16 to +19
{{< alert color="info" title="Security Notice: Trivy Compromise (March 2026)" >}}

On March 19, 2026, the open source Trivy project disclosed a compromise that led to a malicious release of their security scanner (v0.69.4). Shipwright imports the Trivy scanner through the build's image-processing container, which launches security scans when the vulnerability scan feature is enabled in a build. Based on our analysis, Shipwright was not affected by this compromise. None of our nightly releases included the vulnerable version of Trivy, and our current official v0.19.z releases predate the compromise. Current Shipwright adopters and end users are not affected and no further action is required.

Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The security notice references an event on "March 19, 2026", but this post’s front matter date/lastmod is "2026-03-13" (and the filename is 2026-03-13). That makes the post appear to describe an incident that hadn’t happened yet at the time of publication. Please either update the post date/lastmod to reflect when the notice was added, or adjust the notice timeline so it matches the post’s publication date.

Copilot uses AI. Check for mistakes.
Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md Outdated

### RuntimeClass Flag

The `shp buildrun create` and `shp build run create` command now supports a `--runtime-class` flag, allowing you to specify
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shp build run create doesn’t match the CLI syntax used elsewhere in the docs (e.g., content/docs/build/runtime-class.md uses shp build run <build> ...). Also, the sentence refers to two commands but uses singular agreement (“command … supports”). Please correct the command name(s) and update the wording (e.g., “commands … support”).

Suggested change
The `shp buildrun create` and `shp build run create` command now supports a `--runtime-class` flag, allowing you to specify
The `shp buildrun create` and `shp build run <build>` commands now support a `--runtime-class` flag, allowing you to specify

Copilot uses AI. Check for mistakes.
SaschaSchwarze0
SaschaSchwarze0 reviewed Mar 25, 2026
View reviewed changes
Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md Outdated
Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md Outdated
Comment thread content/docs/blog/posts/2026-03-13-release-v0.19.md Outdated
SaschaSchwarze0
SaschaSchwarze0 approved these changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@SaschaSchwarze0 SaschaSchwarze0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 25, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 25, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SaschaSchwarze0

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 25, 2026
qu1queee and others added 4 commits March 25, 2026 17:10
@qu1queee @SaschaSchwarze0
Add post for release v0.19
5f1b547 
Signed-off-by: Sascha Schwarze <schwarzs@de.ibm.com>
@qu1queee @SaschaSchwarze0
Potential fix for pull request finding
e51a6bc 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sascha Schwarze <schwarzs@de.ibm.com>
@qu1queee @SaschaSchwarze0
add on trivy handling
da4186e 
Signed-off-by: Sascha Schwarze <schwarzs@de.ibm.com>
@SaschaSchwarze0
Apply suggestions from code review
b974b03 
Co-authored-by: Sascha Schwarze <schwarzs@de.ibm.com>
Signed-off-by: Sascha Schwarze <schwarzs@de.ibm.com>
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 25, 2026
@SaschaSchwarze0
Copy link
Copy Markdown
Member

SaschaSchwarze0 commented Mar 25, 2026

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 25, 2026
@SaschaSchwarze0 SaschaSchwarze0 added this to the release-v0.19.0 milestone Mar 25, 2026
@openshift-merge-bot openshift-merge-bot bot merged commit 555c1d9 into main Mar 25, 2026
6 checks passed
@openshift-merge-bot openshift-merge-bot bot deleted the qu1queee/v0.19 branch March 25, 2026 16:14
@github-project-automation github-project-automation bot moved this to Done in Issues Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@SaschaSchwarze0 SaschaSchwarze0 SaschaSchwarze0 approved these changes

@rxinui rxinui Awaiting requested review from rxinui

Assignees

@SaschaSchwarze0 SaschaSchwarze0

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/documentation Categorizes issue or PR as related to documentation. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

Issues
Status: Done

Milestone

release-v0.19.0

Development

Successfully merging this pull request may close these issues.

5 participants

@qu1queee @ILpinto @SaschaSchwarze0 @shipwright-ci-bot