smig/nuc-talos
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

chore(deps): update dependency viaduct-ai/kustomize-sops to v4.5.1 #35

Merged
renovatebot merged 1 commit from renovate/viaduct-ai-kustomize-sops-4.x into main 2026-04-17 00:05:52 -04:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovatebot commented 2026-04-14 00:04:53 -04:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
viaduct-ai/kustomize-sops minor v4.4.0 -> v4.5.1

Release Notes

viaduct-ai/kustomize-sops (viaduct-ai/kustomize-sops)

v4.5.1

Compare Source

Upgrade Guide: v4.5.0 to v4.5.1

What changed

In v4.5.0, ksops install always copied both ksops and kustomize from hardcoded paths. This release makes two improvements based on community feedback (#​327):

  1. ksops install now uses os.Executable() to resolve its own binary path instead of hardcoding /usr/local/bin/ksops. This makes the install command work regardless of where the binary is located.

  2. Kustomize copying is now opt-in via --with-kustomize. Since ArgoCD already ships with kustomize, ksops install now only copies the ksops binary by default. Pass --with-kustomize to also copy kustomize.

How to upgrade

Add --with-kustomize to your ksops install command if you want to continue overriding ArgoCD's built-in kustomize (the previous default behavior).

Before:

initContainers:
  - name: install-ksops
    image: viaductoss/ksops:v4.5.0
    command: ["/usr/local/bin/ksops", "install", "/custom-tools"]
    volumeMounts:
      - mountPath: /custom-tools
        name: custom-tools

After:

initContainers:
  - name: install-ksops
    image: viaductoss/ksops:v4.5.1
    command: ["/usr/local/bin/ksops", "install", "--with-kustomize", "/custom-tools"]
    volumeMounts:
      - mountPath: /custom-tools
        name: custom-tools

If you don't need to override ArgoCD's kustomize, you can drop --with-kustomize and remove the kustomize volume mount:

initContainers:
  - name: install-ksops
    image: viaductoss/ksops:v4.5.1
    command: ["/usr/local/bin/ksops", "install", "/custom-tools"]
    volumeMounts:
      - mountPath: /custom-tools
        name: custom-tools

Changelog

v4.5.0

Compare Source

Upgrade Guide: ArgoCD Init Container

What changed

Starting in v4.4.0, the ksops Docker image uses a distroless base image, which does not include /bin/sh, mv, or other shell utilities. This broke the documented ArgoCD init container pattern that relied on shell commands to copy binaries into a shared volume.

This release adds a built-in ksops install subcommand that copies the ksops and kustomize binaries to a target directory — no shell required.

How to upgrade

Replace the command and args in your init container. The volume mounts stay the same.

Before:

initContainers:

- name: install-ksops
  image: viaductoss/ksops:v4.4.0
  command: ["/bin/sh", "-c"]
  args:
  - echo "Installing KSOPS...";
    mv ksops /custom-tools/;
    mv kustomize /custom-tools/;
    echo "Done.";
    volumeMounts:
  - mountPath: /custom-tools
    name: custom-tools

After:

initContainers:

- name: install-ksops
  image: viaductoss/ksops:vX.Y.Z
  command: ["/usr/local/bin/ksops", "install", "/custom-tools"]
  volumeMounts:
  - mountPath: /custom-tools
    name: custom-tools

That's it. No other changes to your volumes, volume mounts, or container definitions are needed.

Affected configurations

This applies to all three documented ArgoCD integration methods:

  • Strategic merge patch (argo-cd-repo-server-ksops-patch.yaml)
  • ArgoCD CRD (OKD4/OCP4 kind: ArgoCD spec)
  • Argo CD Helm chart (repoServer.initContainers values)

Workarounds no longer needed

If you were using any of these workarounds, you can remove them:

  • Using alpine as the init container image to curl and extract the release tarball
  • Building a custom container image that bundles ksops into the ArgoCD repo server
  • Pinning to a version before v4.4.0

Changelog

  • 92bc163 chore(deps): bump actions/checkout from 5 to 6 (#​307)
  • 42d7795 chore(deps): bump actions/setup-go from 5 to 6 (#​302)
  • cfb835c chore(deps): bump docker/login-action from 3 to 4 (#​315)
  • a25bfcd chore(deps): bump docker/setup-buildx-action from 3 to 4 (#​316)
  • 2aee20e chore(deps): bump docker/setup-qemu-action from 3 to 4 (#​317)
  • 061495f chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#​309)
  • 845389a chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#​325)
  • d70b62e chore(deps): bump github.com/getsops/sops/v3 from 3.11.0 to 3.12.2 (#​319)
  • 98fe884 chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.1 to 4.1.4 (#​323)
  • 80616de chore(deps): bump github/codeql-action from 3 to 4 (#​305)
  • eb80fe6 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.43.0 (#​326)
  • dd0987e chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 (#​306)
  • 31dfb4e chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.79.3 (#​318)
  • d4c8c13 chore(deps): bump goreleaser/goreleaser-action from 6 to 7 (#​312)
  • dfeab3f chore: v4.5.0 (#​329)
  • 8f3b8d1 feat: add ksops install subcommand for distroless compatibility (#​327)
  • 50ad78f feat: concurrent secret decryption (#​328)
  • 4345f5f fix: pin to 1.25.0
  • 8624cb3 update(sops): 3.10.2 -> 3.11.0 (#​304)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [viaduct-ai/kustomize-sops](https://github.com/viaduct-ai/kustomize-sops) | minor | `v4.4.0` -> `v4.5.1` | --- ### Release Notes <details> <summary>viaduct-ai/kustomize-sops (viaduct-ai/kustomize-sops)</summary> ### [`v4.5.1`](https://github.com/viaduct-ai/kustomize-sops/releases/tag/v4.5.1) [Compare Source](https://github.com/viaduct-ai/kustomize-sops/compare/v4.5.0...v4.5.1) ### Upgrade Guide: v4.5.0 to v4.5.1 #### What changed In v4.5.0, `ksops install` always copied both `ksops` and `kustomize` from hardcoded paths. This release makes two improvements based on community feedback ([#&#8203;327](https://github.com/viaduct-ai/kustomize-sops/pull/327)): 1. **`ksops install` now uses `os.Executable()`** to resolve its own binary path instead of hardcoding `/usr/local/bin/ksops`. This makes the install command work regardless of where the binary is located. 2. **Kustomize copying is now opt-in via `--with-kustomize`.** Since ArgoCD already ships with kustomize, `ksops install` now only copies the `ksops` binary by default. Pass `--with-kustomize` to also copy kustomize. #### How to upgrade Add `--with-kustomize` to your `ksops install` command if you want to continue overriding ArgoCD's built-in kustomize (the previous default behavior). Before: ```yaml initContainers: - name: install-ksops image: viaductoss/ksops:v4.5.0 command: ["/usr/local/bin/ksops", "install", "/custom-tools"] volumeMounts: - mountPath: /custom-tools name: custom-tools ``` After: ```yaml initContainers: - name: install-ksops image: viaductoss/ksops:v4.5.1 command: ["/usr/local/bin/ksops", "install", "--with-kustomize", "/custom-tools"] volumeMounts: - mountPath: /custom-tools name: custom-tools ``` If you don't need to override ArgoCD's kustomize, you can drop `--with-kustomize` and remove the kustomize volume mount: ```yaml initContainers: - name: install-ksops image: viaductoss/ksops:v4.5.1 command: ["/usr/local/bin/ksops", "install", "/custom-tools"] volumeMounts: - mountPath: /custom-tools name: custom-tools ``` #### Changelog - [`fd75a70`](https://github.com/viaduct-ai/kustomize-sops/commit/fd75a708c8321d54fa65e47209850eb37ec10b69) fix: use os.Executable() for install and make kustomize opt-in ([#&#8203;330](https://github.com/viaduct-ai/kustomize-sops/issues/330)) - [`d9442dc`](https://github.com/viaduct-ai/kustomize-sops/commit/d9442dc3153d9c16e517a68ce8926c9507386429) v4.5.1 ### [`v4.5.0`](https://github.com/viaduct-ai/kustomize-sops/releases/tag/v4.5.0) [Compare Source](https://github.com/viaduct-ai/kustomize-sops/compare/v4.4.0...v4.5.0) Upgrade Guide: ArgoCD Init Container What changed Starting in v4.4.0, the ksops Docker image uses a distroless base image, which does not include /bin/sh, mv, or other shell utilities. This broke the documented ArgoCD init container pattern that relied on shell commands to copy binaries into a shared volume. This release adds a built-in ksops install subcommand that copies the ksops and kustomize binaries to a target directory — no shell required. How to upgrade Replace the command and args in your init container. The volume mounts stay the same. Before: ```yml initContainers: - name: install-ksops image: viaductoss/ksops:v4.4.0 command: ["/bin/sh", "-c"] args: - echo "Installing KSOPS..."; mv ksops /custom-tools/; mv kustomize /custom-tools/; echo "Done."; volumeMounts: - mountPath: /custom-tools name: custom-tools ``` After: ```yml initContainers: - name: install-ksops image: viaductoss/ksops:vX.Y.Z command: ["/usr/local/bin/ksops", "install", "/custom-tools"] volumeMounts: - mountPath: /custom-tools name: custom-tools ``` That's it. No other changes to your volumes, volume mounts, or container definitions are needed. Affected configurations This applies to all three documented ArgoCD integration methods: - Strategic merge patch (argo-cd-repo-server-ksops-patch.yaml) - ArgoCD CRD (OKD4/OCP4 kind: ArgoCD spec) - Argo CD Helm chart (repoServer.initContainers values) Workarounds no longer needed If you were using any of these workarounds, you can remove them: - Using alpine as the init container image to curl and extract the release tarball - Building a custom container image that bundles ksops into the ArgoCD repo server - Pinning to a version before v4.4.0 #### Changelog - [`92bc163`](https://github.com/viaduct-ai/kustomize-sops/commit/92bc16314aeabbd1181f95db90358c102e6f3c07) chore(deps): bump actions/checkout from 5 to 6 ([#&#8203;307](https://github.com/viaduct-ai/kustomize-sops/issues/307)) - [`42d7795`](https://github.com/viaduct-ai/kustomize-sops/commit/42d77958a8ce21021db428c65410b98278381634) chore(deps): bump actions/setup-go from 5 to 6 ([#&#8203;302](https://github.com/viaduct-ai/kustomize-sops/issues/302)) - [`cfb835c`](https://github.com/viaduct-ai/kustomize-sops/commit/cfb835c070c470fe7cf50ae01d9ec023f6a0dc86) chore(deps): bump docker/login-action from 3 to 4 ([#&#8203;315](https://github.com/viaduct-ai/kustomize-sops/issues/315)) - [`a25bfcd`](https://github.com/viaduct-ai/kustomize-sops/commit/a25bfcd3045e8093b802cf206425a571e1dcf7ab) chore(deps): bump docker/setup-buildx-action from 3 to 4 ([#&#8203;316](https://github.com/viaduct-ai/kustomize-sops/issues/316)) - [`2aee20e`](https://github.com/viaduct-ai/kustomize-sops/commit/2aee20ef569d9c0c1c6e8c38f508fa7ef64c8310) chore(deps): bump docker/setup-qemu-action from 3 to 4 ([#&#8203;317](https://github.com/viaduct-ai/kustomize-sops/issues/317)) - [`061495f`](https://github.com/viaduct-ai/kustomize-sops/commit/061495f4cdcc22db42fe48001904531d1cdb302b) chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 ([#&#8203;309](https://github.com/viaduct-ai/kustomize-sops/issues/309)) - [`845389a`](https://github.com/viaduct-ai/kustomize-sops/commit/845389afeee55dabd1b4736517c9e93c1a6b0cac) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 ([#&#8203;325](https://github.com/viaduct-ai/kustomize-sops/issues/325)) - [`d70b62e`](https://github.com/viaduct-ai/kustomize-sops/commit/d70b62e9cf2e71620fbb14b28264d28a16645d01) chore(deps): bump github.com/getsops/sops/v3 from 3.11.0 to 3.12.2 ([#&#8203;319](https://github.com/viaduct-ai/kustomize-sops/issues/319)) - [`98fe884`](https://github.com/viaduct-ai/kustomize-sops/commit/98fe8847ad4b3032425023e3170faf5d045a5d92) chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.1 to 4.1.4 ([#&#8203;323](https://github.com/viaduct-ai/kustomize-sops/issues/323)) - [`80616de`](https://github.com/viaduct-ai/kustomize-sops/commit/80616de877349ea641bd06246d5e06ecf7dca330) chore(deps): bump github/codeql-action from 3 to 4 ([#&#8203;305](https://github.com/viaduct-ai/kustomize-sops/issues/305)) - [`eb80fe6`](https://github.com/viaduct-ai/kustomize-sops/commit/eb80fe6e8b58ae36e45362b90e664c6789bdb2d1) chore(deps): bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.43.0 ([#&#8203;326](https://github.com/viaduct-ai/kustomize-sops/issues/326)) - [`dd0987e`](https://github.com/viaduct-ai/kustomize-sops/commit/dd0987e378379cfe02ec15c4a7d5f6a9ab4b1883) chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 ([#&#8203;306](https://github.com/viaduct-ai/kustomize-sops/issues/306)) - [`31dfb4e`](https://github.com/viaduct-ai/kustomize-sops/commit/31dfb4e0de437c97999da532c251aa9005d72dd3) chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.79.3 ([#&#8203;318](https://github.com/viaduct-ai/kustomize-sops/issues/318)) - [`d4c8c13`](https://github.com/viaduct-ai/kustomize-sops/commit/d4c8c13ac119fa8842328251216e56c82e245a1c) chore(deps): bump goreleaser/goreleaser-action from 6 to 7 ([#&#8203;312](https://github.com/viaduct-ai/kustomize-sops/issues/312)) - [`dfeab3f`](https://github.com/viaduct-ai/kustomize-sops/commit/dfeab3f1971da441f36a4f806a445a32a27ed34c) chore: v4.5.0 ([#&#8203;329](https://github.com/viaduct-ai/kustomize-sops/issues/329)) - [`8f3b8d1`](https://github.com/viaduct-ai/kustomize-sops/commit/8f3b8d1cf431c383f2638d82b987d20c2cb64545) feat: add `ksops install` subcommand for distroless compatibility ([#&#8203;327](https://github.com/viaduct-ai/kustomize-sops/issues/327)) - [`50ad78f`](https://github.com/viaduct-ai/kustomize-sops/commit/50ad78fed0fb14d520b5a76968bb35c08697c6a2) feat: concurrent secret decryption ([#&#8203;328](https://github.com/viaduct-ai/kustomize-sops/issues/328)) - [`4345f5f`](https://github.com/viaduct-ai/kustomize-sops/commit/4345f5f73a5894d8771dd19f3928b02a5e1c1ba7) fix: pin to 1.25.0 - [`8624cb3`](https://github.com/viaduct-ai/kustomize-sops/commit/8624cb33f220b6609f1420cd0e9ffa89aae19717) update(sops): 3.10.2 -> 3.11.0 ([#&#8203;304](https://github.com/viaduct-ai/kustomize-sops/issues/304)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS43My4wIiwidXBkYXRlZEluVmVyIjoiNDEuNzMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
chore(deps): update dependency viaduct-ai/kustomize-sops to v4.5.1
All checks were successful
Notify Mattermost on Renovate PR Merge / notify (pull_request) Successful in 1s
Details
5f8bbbf1c9
renovatebot scheduled this pull request to auto merge when all checks succeed 2026-04-14 00:04:53 -04:00
renovatebot deleted branch renovate/viaduct-ai-kustomize-sops-4.x 2026-04-17 00:05:52 -04:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
smig/nuc-talos!35
No description provided.