Berglas reporting wrong version or release process stuck?

[LeDominik]

Hey, so first of all, berglas is an awesome piece of software that really really eases our life to get secrets securely into all kinds of software where fully integrating with the libraries is not feasible and/or possible!

However it seems that the release/versioning is a bit off, everything's working but when integrating berglas into a docker container properly with SHA sums and everything I noticed something was off. I download berglas in various fashions and it seems consistent (not only the linux amd64 version), via the main URL, a version specific one, on Linux or Mac, or via homebrew berglas --version always reports 0.5.3

➜  ~ brew install berglas
Updating Homebrew...
==> Downloading https://ghcr.io/v2/homebrew/core/berglas/manifests/0.6.1
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/berglas/blobs/sha256:3ad3b597268182525c38548ace467d29e38a3a321792b20ad6549818c2b36dc6
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:3ad3b597268182525c38548ace467d29e38a3a321792b20ad6549818c2b36dc6?
######################################################################## 100.0%
==> Pouring berglas--0.6.1.big_sur.bottle.tar.gz
🍺  /usr/local/Cellar/berglas/0.6.1: 7 files, 18.1MB
➜  ~ berglas --version
0.5.3

Additionally the comment on the readme

This will download the latest version built against the main branch. To download a specific version, specify a git tag in place of "main" in the URL.

isn't really the case. So:

https://storage.googleapis.com/berglas/main/linux_amd64/berglas --> main link, works 👍
https://storage.googleapis.com/berglas/v0.6.1/linux_amd64/berglas --> valid tag name, doesn't work
https://storage.googleapis.com/berglas/0.6.1/linux_amd64/berglas --> invalid tag name, valid version, doesn't work
https://storage.googleapis.com/berglas/v0.6.0/linux_amd64/berglas --> valid tag name, doesn't work
https://storage.googleapis.com/berglas/0.6.0/linux_amd64/berglas --> INVALID tag name, valid version, works 👍

However generally the 0.6.1 release doesn't seem to have provided new binaries, see the SHA512 sums of the main and 0.6.0 links from above:

sha512sum berglas-*
973cb20e9a4b25a9348889f5af38fcd40f73230c53be95e6dd80d181265fd47891aba0eee2fff1c235e6c94a086b13890aa74761dfced6808dc0f021ee3d2130  berglas-0.6.0
973cb20e9a4b25a9348889f5af38fcd40f73230c53be95e6dd80d181265fd47891aba0eee2fff1c235e6c94a086b13890aa74761dfced6808dc0f021ee3d2130  berglas-main

[sethvargo]

Hi @LeDominik

Yea, it's a manual process and sometimes I forget 😦. Fixed in https://github.com/GoogleCloudPlatform/berglas/commit/4a5d98a6dd86f9c40a1dddca07166875e6b14c4

As for the URLs... something changed and now there's a build directory. I'll keep debugging why that's the case.

9.

[sethvargo]

Okay, fixed.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.