v2.7.0

Spin v2.7.0

The v2.7.0 release of Spin brings a number of features, improvements, and bug fixes.

Some highlights in v2.7.0 at a glance:

✨ Features

• Added support for client certificate-based authentication and custom root CA in outbound requests for HTTP triggers, with a new client_tls runtime configuration option. (PR #2596 )
• Azure CosmosDB key value implementation support for workload identity (PR #2566) Thanks, @devigned, for your first contribution 💟

🌐 Spin Governance and Documentation

• Governance Updates: Implemented a new SIP for governance changes and updated documentation to reflect substantial changes in project governance procedures. ( PR #2593)
• Documentation Enhancements: Revised release-process.md to include a notes template, and added MAINTAINERS.md for clarity on project maintainers. (PR #2622, PR #2683)
• Code of Conduct: Integrated Fermyon's Code of Conduct into the project's documentation. (PR #2691)

🧪 Better Test Coverage

• Expanded Test Coverage: Added key-value and Redis tests to conformance checks to ensure broader validation of functionalities. (PR #2591, PR #2603)
• TCP Runtime Tests Fixes: Resolved issues with TCP runtime tests to ensure accurate performance assessment. (PR #2608)
• Template Manager Testing: Improved the test setups for TemplateManagers, including deduplicating test code to streamline testing processes. (PR #2657)

🩹 Fixes and Improvement

• CI Fixes: Addressed issues with CI integration tests and updated dependencies for conformance testing to stabilize the build process. (PR #2614, PR #2669)
• Rust and Clippy Compatibility: Applied changes to maintain compatibility with Rust 1.79, 1.80 and address Clippy lint warnings. (PR #2569, PR #2680)
• Improved error handling to provide clearer messages for registry component issues and refined the behavior of the spin new command. (PR #2634)
• Follow OCI standards by inferring predefined annotation when pushed to the registry (PR #2618)
• Better handling when the file path is outside root (PR #2574) and if the file is missing (PR #2674)
• Improve OTel error logging #2572

As always, thanks to contributors old and new for helping improve Spin on a daily basis! 🎉

Verifying the Release Signature

After downloading the release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/fermyon/spin/.github/workflows/release.yml@refs/tags/v2.7.0 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha a11151706449fa1ba39bfe96597fe1041438dc67 \
    --certificate-github-workflow-repository fermyon/spin \
    spin

If the verification passed, you should see:

Verified OK

Full Changelog

• Add deprecation warning for uncomponentizable modules by @lann in #2571
• Update README with Spin Project meeting information by @mikkelhegn in #2576
• fix: add error message when file path outside root by @me-diru in #2574
• Fix warnings introduced by new Rust 1.79 release by @rylev in #2569
• Fix typo in meeting info by @itowlson in #2581
• Improve OTel error logging by @calebschoepp in #2572
• chore(*): post-2.6.0 release bumps by @vdice in #2586
• Upgrade to wasmtime 22.0.0 by @lann in #2587
• Bump wasm-pkg-loader to 0.4.1 by @fibonacci1729 in #2588
• Remove duplicate crate definitions in Cargo.lock by @rylev in #2592
• docs(Makefile): fix comment typos by @vdice in #2594
• Update from's help output for the up subcommand by @tpmccallum in #2595
• Conformance Tests Update by @rylev in #2591
• Update conformance to include Redis and SQLite tests by @rylev in #2603
• Fix broken TCP runtime tests. by @rylev in #2608
• add support for client certs by @rajatjindal in #2596
• Infer predefined annotations when pushing to registry by @itowlson in #2618
• add SIP for governance.md by @michelleN in #2593
• docs(releasing): update release-process.md; add notes template by @vdice in #2622
• Better error if component from registry has regrettable version by @itowlson in #2634
• Improve non-interactive behaviour of spin new by @itowlson in #2643
• Fixes watch rebuild loop if empty watch by @itowlson in #2642
• Deduplicate template tests by @itowlson in #2657
• Update conformance test version by @rylev in #2615
• Break circular dependency between http and testing crates by @itowlson in #2668
• Fix CI issue in integration tests by updating conformance-test dependency by @rylev in #2669
• Bump rustls from 0.22.3 to 0.22.4 by @dependabot in #2614
• Allow sqlite migrations for non-default databases. by @rylev in #2610
• Run conformance tests as part of runtime tests by @rylev in #2663
• Revert "Run conformance tests as part of runtime tests" by @rylev in #2671
• Add support for workload identity in the Azure CosmosDB Key/Value impl by @devigned in #2566
• Tell user which file we failed to read by @itowlson in #2674
• Summarise plugins list by @itowlson in #2662
• Retry running conformance tests as part of runtime tests by @rylev in #2675
• Changes need to make Rust and Clippy happy on Rust 1.80 by @rylev in #2680
• trigger: Tweak wording of AOT compilation code by @lann in #2682
• add MAINTAINERS.md by @michelleN in #2683
• [COC]: Embed content from Fermyon COC by @endocrimes in #2691
• Bump versions for v2.7 release by @me-diru in #2694

New Contributors

• @devigned made their first contribution in #2566

Full Changelog: v2.6.0...v2.7.0