Skip to content

Releases: buildless/cli

v1.0.0 (RC 2)

15 Dec 07:15
@elidebot elidebot
1.0.0-rc2
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
129d7a4
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0 (RC 2) Latest
Latest

Summary

This is the second Release Candidate for the stable v1.0.0 release of the Buildless CLI, Buildless Agent, and related local tools. Version 1 will obviously be a major release, and so this RC prepares the CLI, Agent, and release pipeline for stable maturity. The code is settling rather than growing, and we're focused on fixing bugs and enhancing packaging/install options.

Version 1 will be the first release of local tooling which includes support for different locales; the command line has been mostly translated into Spanish as an initial second supported locale. Spanish locale features will activate automatically based on Java's own heuristics (reading settings on your machine), or it can be activated via the new global --locale=sp flag.

(These release notes will continue to evolve and be repeated with each RC until the v1 release).

Changelog

  • feat: global flags are displayed in a section in help
  • feat: global flags inherit properly in each command
  • feat: buildless docs (Search and open docs)
  • feat: buildless dashboard (Open the Dashboard)
  • feat: buildless update (Self-update Buildless)
  • feat: buildless [help|usage] (Extended usage help)
  • feat: buildless bug (File a bug)
  • feat: buildless [legal|notices|license] (Show notices, licenses, etc)
  • feat: embedded sbom in cli
  • feat: two-layer near cache
  • feat: v2 cache stats
  • feat: i18n keys for all options/parameters and commands
  • feat: tailored native library support → smaller, more efficient binaries on each platform
  • feat: initial support for spanish in the cli
  • feat: customizable agent port/sock/host via flags
  • feat: customizable agent cloud behavior via flags
  • feat: reliable exit codes for several commands + docs
  • feat: http/3 support in buildless agent
  • feat: support for console tables, lists, forms, boxes
  • fix: crash starting buildless agent in rc1
  • fix: output issues with buildless support
  • fix: boolean flags no longer require explicit value
  • fix: client selection + load balancing in buildless agent proxy
  • fix: weigher and removal listener for agent near cache
  • chore: complete refactor of input/output facilities for CLI
  • chore: upgrade mosaic → 0.10.0
  • chore: upgrade gRPC → 1.60.0
  • chore: upgrade protobuf → 3.25.0
  • chore: upgrade netty → 4.1.101.Final

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc2/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc2/buildless.darwin-arm64.tgz.sha256 \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help

# `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc2/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc2/buildless.linux-amd64.tgz.sha256 \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help

# `buildless` binary extracted and installed to `~/bin`
  • Windows:
    Please use one of the MSI or exe-based installers.

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS arm64 / amd64 (darwin-arm64 or darwin-amd64)
  • Linux amd64 (linux-amd64)
  • Windows amd64 (windows-amd64)
Assets 34

v1.0.0 (RC 1)

14 Dec 21:50
@elidebot elidebot
1.0.0-rc1
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
778bc18
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0 (RC 1)

Summary

This is the first Release Candidate for the stable v1.0.0 release of the Buildless CLI, Buildless Agent, and related local tools. Version 1 will obviously be a major release, and so this RC prepares the CLI, Agent, and release pipeline for stable maturity. The code is settling rather than growing, and we're focused on fixing bugs and enhancing packaging/install options.

Version 1 will be the first release of local tooling which includes support for different locales; the command line has been mostly translated into Spanish as an initial second supported locale. Spanish locale features will activate automatically based on Java's own heuristics (reading settings on your machine), or it can be activated via the new global --locale=sp flag.

Changelog

  • feat: global flags are displayed in a section in help
  • feat: global flags inherit properly in each command
  • feat: buildless docs (Search and open docs)
  • feat: buildless dashboard (Open the Dashboard)
  • feat: buildless update (Self-update Buildless)
  • feat: buildless [help|usage] (Extended usage help)
  • feat: buildless bug (File a bug)
  • feat: buildless [legal|notices|license] (Show notices, licenses, etc)
  • feat: embedded sbom in cli
  • feat: two-layer near cache
  • feat: v2 cache stats
  • feat: i18n keys for all options/parameters and commands
  • feat: tailored native library support → smaller, more efficient binaries on each platform
  • feat: initial support for spanish in the cli
  • feat: customizable agent port/sock/host via flags
  • feat: customizable agent cloud behavior via flags
  • feat: reliable exit codes for several commands + docs
  • feat: http/3 support in buildless agent
  • feat: support for console tables, lists, forms, boxes
  • fix: boolean flags no longer require explicit value
  • fix: client selection + load balancing in buildless agent proxy
  • fix: weigher and removal listener for agent near cache
  • chore: complete refactor of input/output facilities for CLI
  • chore: upgrade mosaic → 0.10.0
  • chore: upgrade gRPC → 1.60.0
  • chore: upgrade protobuf → 3.25.0
  • chore: upgrade netty → 4.1.101.Final

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc1/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc1/buildless.darwin-arm64.tgz.sha256 \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help

# `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc1/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-rc1/buildless.linux-amd64.tgz.sha256 \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help

# `buildless` binary extracted and installed to `~/bin`
  • Windows:
    Please use one of the MSI or exe-based installers.

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS arm64 / amd64 (darwin-arm64 or darwin-amd64)
  • Linux amd64 (linux-amd64)
  • Windows amd64 (windows-amd64)
Assets 35
Loading

1.0.0-beta9

05 Dec 12:00
@elidebot elidebot
1.0.0-beta9
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
4f9f1cf
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta9

Summary

Bugfixes on Linux and Windows, and general dependency updates.

Changelog

  • fix: unix domain socket issue on linux
  • chore: dependency updates

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta9/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta9/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta9/buildless.darwin-arm64.sigstore.json \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help || (echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta9/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta9/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta9/buildless.linux-amd64.sigstore.json \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-amd64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help || (echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Windows:
    Please use one of the MSI or exe-based installers.

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS arm64 / amd64 (darwin-arm64 or darwin-amd64)
  • Linux amd64 (linux-amd64)
  • Windows amd64 (windows-amd64)
Assets 26
Loading

1.0.0-beta8

05 Dec 03:05
@elidebot elidebot
1.0.0-beta8
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
58ae400
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta8

Summary

Automated release pipeline and bug fixes on macOS, Windows, and Linux.

Changelog

  • fix: issue with macOS x86 binary archives
  • chore: automated release flow, with SLSA and Sigstore support

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta8/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta8/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta8/buildless.darwin-arm64.sigstore.json \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta8/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta8/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta8/buildless.linux-amd64.sigstore.json \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-amd64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Windows:
    Please use one of the MSI or exe-based installers.

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS arm64 / amd64 (darwin-arm64 or darwin-amd64)
  • Linux amd64 (linux-amd64)
  • Windows amd64 (windows-amd64)
Assets 26
Loading

1.0.0-beta7

01 Dec 10:09
@sgammon sgammon
1.0.0-beta7
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
ec099ee
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta7

Summary

Fixes a critical bug in Windows version detection, and some known issues when installing the Buildless Agent on macOS. This release is the first to support macOS x86_64, which enables use from Github Actions runners under that arch and OS pair.

Changelog

  • feat: release macOS x86 binary
  • fix: agent install bugs on macos
  • fix: windows version / os detection issue

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta7/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta7/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta7/buildless.darwin-arm64.sigstore.json \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta7/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta7/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta7/buildless.linux-amd64.sigstore.json \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-amd64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Windows:
    Please use one of the MSI or exe-based installers.

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS arm64 / amd64 (darwin-arm64 or darwin-amd64)
  • Linux amd64 (linux-amd64)
  • Windows amd64 (windows-amd64)
Assets 38
Loading

1.0.0-beta6

27 Nov 09:00
@sgammon sgammon
1.0.0-beta6
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
0bcc043
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta6

Summary

Native Windows support, and several improvements and bugfixes for other platforms. Binaries now ship native libraries for their target platform only, resulting in smaller binaries.

Tip

All users are encouraged to upgrade to 1.0.0-beta6 or newer, as it includes several critical fixes for known issues present in beta3 and beta4.

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta6/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta6/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta6/buildless.darwin-arm64.sigstore.json \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta6/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta6/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta6/buildless.linux-amd64.sigstore.json \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-amd64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Windows:
    Please use one of the MSI or exe-based installers.

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
  • Windows X64 (windows-amd64)
Assets 24
Loading

1.0.0-beta5

27 Nov 03:00
@sgammon sgammon
1.0.0-beta5
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
bf62ea4
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta5 Pre-release
Pre-release

Summary

Bugfixes for the local Buildless and Pkgst proxies, and several improvements or other bugfixes in the CLI. Buildless local agent services now leverage Unix domain sockets and native Netty transports where possible, and will not wait for operations to complete before releasing clients.

Tip

All users are encouraged to upgrade to 1.0.0-beta5 or newer, as it includes several critical fixes for known issues present in beta3 and beta4.

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Changelog

  • fix: near cache deadlock with remote service fetch
  • fix: metrics issue with proxied requests/responses
  • fix: buildless rpc domain updated to global.less.build
  • fix: native netty transport
  • fix: unix domain sockets on macOS
  • fix: async (deferred) push to remote
  • fix: compression for pkgst proxy (brotli and gzip)
  • chore: increase default IO threads to prevent pkgst proxy deadlock
  • chore: dependency updates

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.darwin-arm64.sigstore.json \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.linux-amd64.sigstore.json \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-amd64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
Assets 23
Loading

1.0.0-beta4

27 Nov 01:22
@sgammon sgammon
1.0.0-beta4
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
e789c7b
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta4 Pre-release
Pre-release

Summary

Bugfixes for the local Buildless and Pkgst proxies, and several improvements or other bugfixes in the CLI. Buildless local agent services now leverage Unix domain sockets and native Netty transports where possible, and will not wait for operations to complete before releasing clients.

Warning

This version has known issues. Instead, please use 1.0.0-beta5 or later.

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Changelog

  • fix: buildless rpc domain updated to global.less.build
  • fix: native netty transport
  • fix: unix domain sockets on macOS
  • fix: async (deferred) push to remote
  • fix: compression for pkgst proxy (brotli and gzip)
  • chore: increase default IO threads to prevent pkgst proxy deadlock
  • chore: dependency updates

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.darwin-arm64.sigstore.json \
  && tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir ~/bin \
  && cp -fv buildless ~/bin \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --version \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.linux-amd64.sigstore.json \
  && tar -xzvf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-arm64.sigstore.json \
    buildless \
  && mkdir ~/bin \
  && cp -fv buildless ~/bin \
  && export PATH="$PATH:~/bin" \
  && rm -fv buildless "buildless.linux-amd64.*" \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
Assets 23
Loading

1.0.0-beta3

26 Nov 05:05
@sgammon sgammon
1.0.0-beta3
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
bb185f0
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta3 Pre-release
Pre-release

Summary

Release #3 of the Buildless CLI, which extends the new Local Agent functionality to Linux and adds a new Pkgst proxy. Please see the CLI documentation for more info.

Warning

This version has known issues. Instead, please use 1.0.0-beta5 or later.

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://accounts.google.com Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a Google account)

New features

  • Local Agent: Early support for Linux
  • Pkgst Proxy: Local proxy for Pkgst traffic
  • Secure Releases: Support for binary-embedded SBOM, provenance, and Sigstore signing

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta3/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta3/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta3/buildless.darwin-arm64.sigstore.json \
  && tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://accounts.google.com \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir ~/bin \
  && cp -fv buildless ~/bin \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --version \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta3/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta3/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta3/buildless.linux-amd64.sigstore.json \
  && tar -xzvf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://accounts.google.com \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-arm64.sigstore.json \
    buildless \
  && mkdir ~/bin \
  && cp -fv buildless ~/bin \
  && export PATH="$PATH:~/bin" \
  && rm -fv buildless "buildless.linux-amd64.*" \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
Assets 17
Loading

1.0.0-beta2

22 Nov 23:55
@sgammon sgammon
1.0.0-beta2
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Learn about vigilant mode.
d9e2052
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-beta2 Pre-release
Pre-release

Release #2 of the Buildless CLI, including new Local Agent functionality on macOS. Please see the CLI documentation for more info. Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
Assets 5
Loading