Download Latest Version
v1.7.2 source code.tar.gz (27.9 MB)
Get an email when there's a new version of Kargo
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| akuity-kargo_v1_7_0.spdx.json | 2025-08-05 | 1.2 MB | |
| kargo-cli.intoto.jsonl | 2025-08-05 | 33.7 kB | |
| kargo-windows-arm64.exe | 2025-08-05 | 97.8 MB | |
| kargo-linux-arm64 | 2025-08-05 | 97.8 MB | |
| kargo-darwin-amd64 | 2025-08-05 | 100.8 MB | |
| kargo-darwin-arm64 | 2025-08-05 | 99.0 MB | |
| kargo-windows-amd64.exe | 2025-08-05 | 101.1 MB | |
| kargo-linux-amd64 | 2025-08-05 | 100.2 MB | |
| README.md | 2025-08-05 | 8.0 kB | |
| v1.7.0 source code.tar.gz | 2025-08-05 | 27.9 MB | |
| v1.7.0 source code.zip | 2025-08-05 | 28.7 MB | |
| Totals: 11 Items | 654.6 MB | 0 | |
🚀 The Kargo team is excited to bring you v1.7.0, which expands Kargo's integration capabilities with new webhook receivers and Promotion steps!
⚠️ Breaking Changes
As announced in our v1.5.0 release notes, several deprecated features have been removed in this release.
- The
specfield has been removed from the Project CRD in favor of the ProjectConfig CRD. - The
secretsmap has been removed from the Promotion variables. The better performingsecret()function should be used instead. - The
git-open-prstep no longer produces output with the keyprNumber. The same information is available in thepr.idoutput, with other information about the PR available in theprobject. - The
gitRepoURLfield has been removed from a Warehouse's container image subscription. This information is now retrieved from OCI annotations instead of being specified directly by the user.
Other breaking changes:
- The
httpstep's determination of success / failure / indeterminate (retry) is now more intuitive. It aligns with how people thought it worked before, but is a change from how it actually worked. Refer to the documentation for more details. - The validation of Promotion steps referencing a PromotionTask have been made more strict. The change is non-breaking unless you have existing configuration that is invalid and you were unaware. This breakage will help you to avoid much worse surprises!
⚠️ New Deprecations
The Warehouse's container image subscription's semverConstraint field is now deprecated and scheduled for removal in the v1.9.0 release. Use the new, more generic constraint field. It will accept a semantic version constraint string if the image selection strategy is SemVer (the default).
✨ New Features
🪝 Webhook Receivers
The webhook receivers introduced in v1.6.0 have been enhanced in this release to improve their performance. From now on, webhook receivers will not unnecessarily refresh a Warehouse (triggering artifact discovery) if the tag, version or references extracted from the payload would be ignored by the Warehouse's subscription.
Additionally, support for the following webhook receivers has been added:
- Artifactory
- Azure (Azure DevOps and ACR)
- Gitea
⚠️ Webhook support remains in beta, meaning the Kargo maintainers caution that your mileage may vary and that breaking changes to this feature in upcoming releases remain a possibility.
🪜 New and Updated Promotion Steps
To allow Promotions to work with more types of artifacts, two new Promotion steps have been added in this release:
oci-download: With this step, you can download an OCI artifact from a remote registry and use it in your Promotion. This is for example useful to download a Helm chart from a remote OCI registry and use it with thehelm-templatestep.http-download: This step allows you to download any file from a remote HTTP server and use it in your Promotion.
Additionally, the following improvements have been made to existing Promotion steps:
helm-templatenow supports configuring anoutLayoutto control the output directory structure of rendered Helm charts. By setting it toflat, the rendered chart will be output in a flat directory structure instead of Helm's default nested structure.helm-update-chartdoes not require thechartsfield to be set anymore. If it is not set, the chart dependencies will be updated according to the SemVer constraints specified in theChart.yamlfile.
🖥️ UI Improvements
- Cluster-level secrets can now be managed through the UI.
- Cluster-level webhook receivers can now be managed through the UI.
- A pipeline view "minimap" has been added, making it easier to navigate large pipelines.
- The image history section has been redesigned to provide a more intuitive and cleaner view.
- The step alias defined for a Promotion step is now displayed more prominently in the UI, making it easier to identify steps in a Promotion.
🛠️ Other Notable Changes
- When a discovered container image has a
org.opencontainers.image.createdororg.label-schema.build-dateannotation set, Kargo will now use that date as the image's creation date instead of the creation time set on the image itself. This resolves issues where layer caching could cause newer images to appear older than they actually are, leading to inconsistent image selection behavior. (Thanks to @bmbferreira for this contribution!) - Git commit discovery performance has been significantly improved, particularly for Warehouses that need to scan deep into repository history to find matching commits. (Thank you, @boh-dan, for this contribution!)
- Project creation and deletion can now be self-serviced by users through a new
kargo-project-creatorServiceAccount that automatically grants Project creators admin permissions on their created Projects. This enables users to create, manage, and delete their own Projects without requiring manual admin intervention for permission setup. - A controller for a specific shard can now also be configured to handle all objects that have no shard assigned to them, effectively configuring it as the "default" controller. This is controlled by a new
controller.isDefaultconfiguration option that allows a single controller instance to process both shard-specific resources and unassigned resources simultaneously, providing more flexibility in multi-controller deployments. - A new
kargo-promoterrole is now automatically created in each Project namespace, enabling a "release manager" pattern where users can control the timing of releases without having the ability to modify pipelines. The promoter role grants permissions to promote Stages and create Promotions while restricting access to create, update, or delete core pipeline resources like Stages and Warehouses. - SSO with Okta now works without Dex as a middleman through improved OIDC compatibility, including proper state parameter handling in PKCE flows, configurable scope management that no longer forces the
offline_accessscope, and tolerance for trailing slashes in OIDC issuer URLs. (Thanks to @02strich for this contribution!)
🙏 New Contributors
As always, we would love to thank all first-time community contributors for their efforts! This release includes contributions from:
- @02strich
- @boh-dan
- @bmbferreira
Full Changelog: https://github.com/akuity/kargo/compare/v1.6.2...v1.7.0