Stout Releases
- document wildcard ingress upgrade behavior
Existing installs should mostly auto-heal after upgrading because Stout
reconciles stored domain ingresses on startup and reapplies the current
wildcard/external-dns behavior.
No manual action is needed if the desired domains already exist in Stout.
If an install expects both a wildcard and its root domain, both domains must
exist in Stout so external-dns can be updated for the pair.
The new wildcard root-domain behavior is now controlled by a system setting.
Admins should review that setting after upgrade if they want wildcard-only
behavior or wildcard+root behavior for future reconciliations.
- add system-level wildcard ingress domains
- Fix self-upgrade not triggering a pod rollout because reused Helm values kept the old image tag
- Extract canvas dialogs into standalone components, reducing project page from 2162 to 781 lines
- add versioned self-upgrade with Helm-managed detection and manual update check
- Add versioned self-upgrade system
- Ensure app Service is created immediately upon app creation
- Reconcile registry pull secrets and platform service config on startup, restart Zot on config change via checksum annotation
- Fix registry auth: support OAuth2 token exchange for BuildKit, use OCI manifest format, inject imagePullSecrets on deploy, re-apply platform service Helm values on startup
- Fix registry auth: add TokenReview RBAC permission and scope credential helper to stout registry hosts only
- Replace static registry credentials with Kubernetes ServiceAccount token authentication
- Fix 401 on image push by including external registry hostname in build job docker config
- Refactor app detail page into section components, fix env var remote commands, add domain/build/deploy remotes
- Fix registry authentication in build process
- Add environment variable management for apps
- Support deleting apps, services, and volumes via the changeset system
- Migrate all hand-written SQL to sqlc
- Fix registry ListImages 401: create stout-registry internal user at startup and use it for the zotClient instead of empty registry_config credentials
- Persist build logs to SQLite for 14-day retention; serve logs from DB after pod GC; fix init container (check/setup) log support in handler and frontend
- Require REGISTRY_HOSTNAME; fix Zot bearer token auth in zotClient and build job credential lookup; remove unauthenticated in-cluster registry code paths
- Remove SPIFFE/SPIRE integration in favour of Kubernetes-native service account authentication; upgrade CI workflow actions and fix Go module caching; add Go build cache to CI; fix release image tag generation; drop go-spiffe dependency