Update docs release to v1.15.2

- Built changelog from towncrier fragments [skip ci]
2026-03-30 17:48:40 -07:00 · 2026-03-30 17:48:40 -07:00 · 2b7b21dc9b
commit 2b7b21dc9b
parent 4059b3d27b
12 changed files with 23 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 <!-- towncrier release notes start -->

+## [v1.15.2] - 2026-03-30
+
+### Features
+
+- Build custom Kingfisher container from sporked deploy branch, replacing upstream image with locally-built version including --clone-url-base patch.
+- Add Kingfisher secret scanner as a weekly CronJob scanning all Forgejo repos, with HTML and JSON reports written to sifaka NFS.
+- Add MongoDB Kingfisher secret scanner as a prek hook alongside TruffleHog for comparative coverage evaluation.
+- Add spork strategy: floating-branch soft-fork tooling (`mise run spork-create`) and documentation for maintaining local patches against upstream projects.
+
+### Infrastructure
+
+- Add compensating controls framework: tracking file, review mise task, and how-to doc. Map all Prowler mutelist entries to named controls with CC: prefixes.
+- Add Prowler mutelist to suppress expected findings from system components, operator-managed pods, and accepted operational needs. Fix missing seccomp profile on kube-state-metrics.
+- Borgmatic photos backup: restrict to library/ and upload/ (skip regenerable dirs), add SSH keepalives and checkpoint interval to prevent broken pipe failures on large initial syncs.
+- Upgrade forgejo-runner from 12.7.0 to 12.7.3 (bug fixes, security dep update). Add service reference card.
+
+### Documentation
+
+- Add service reference documentation for Kingfisher secret scanner.
+- Review and update Ansible reference doc: add missing roles, sibling playbooks, and clarify Ansible's role in the IaC stack.
+
+
 ## [v1.15.1] - 2026-03-28

 ### Features
--- a/argocd/manifests/docs/deployment.yaml
+++ b/argocd/manifests/docs/deployment.yaml
@ -30,7 +30,7 @@ spec:
              name: http
          env:
            - name: DOCS_RELEASE_URL
-              value: "https://forge.eblu.me/eblume/blumeops/releases/download/v1.15.1/docs-v1.15.1.tar.gz"
+              value: "https://forge.eblu.me/eblume/blumeops/releases/download/v1.15.2/docs-v1.15.2.tar.gz"
          resources:
            requests:
              memory: "64Mi"
--- a/docs/changelog.d/+ansible-doc-review.doc.md
+++ b/docs/changelog.d/+ansible-doc-review.doc.md
@ -1 +0,0 @@
-Review and update Ansible reference doc: add missing roles, sibling playbooks, and clarify Ansible's role in the IaC stack.
--- a/docs/changelog.d/+borgmatic-photos-hardening.infra.md
+++ b/docs/changelog.d/+borgmatic-photos-hardening.infra.md
@ -1 +0,0 @@
-Borgmatic photos backup: restrict to library/ and upload/ (skip regenerable dirs), add SSH keepalives and checkpoint interval to prevent broken pipe failures on large initial syncs.
--- a/docs/changelog.d/+forgejo-runner-12.7.3.infra.md
+++ b/docs/changelog.d/+forgejo-runner-12.7.3.infra.md
@ -1 +0,0 @@
-Upgrade forgejo-runner from 12.7.0 to 12.7.3 (bug fixes, security dep update). Add service reference card.
--- a/docs/changelog.d/+kingfisher-docs.doc.md
+++ b/docs/changelog.d/+kingfisher-docs.doc.md
@ -1 +0,0 @@
-Add service reference documentation for Kingfisher secret scanner.
--- a/docs/changelog.d/+kingfisher-prek.feature.md
+++ b/docs/changelog.d/+kingfisher-prek.feature.md
@ -1 +0,0 @@
-Add MongoDB Kingfisher secret scanner as a prek hook alongside TruffleHog for comparative coverage evaluation.
--- a/docs/changelog.d/+spork-strategy.feature.md
+++ b/docs/changelog.d/+spork-strategy.feature.md
@ -1 +0,0 @@
-Add spork strategy: floating-branch soft-fork tooling (`mise run spork-create`) and documentation for maintaining local patches against upstream projects.
--- a/docs/changelog.d/compensating-controls.infra.md
+++ b/docs/changelog.d/compensating-controls.infra.md
@ -1 +0,0 @@
-Add compensating controls framework: tracking file, review mise task, and how-to doc. Map all Prowler mutelist entries to named controls with CC: prefixes.
--- a/docs/changelog.d/feature-kingfisher-container.feature.md
+++ b/docs/changelog.d/feature-kingfisher-container.feature.md
@ -1 +0,0 @@
-Build custom Kingfisher container from sporked deploy branch, replacing upstream image with locally-built version including --clone-url-base patch.
--- a/docs/changelog.d/feature-kingfisher-cronjob.feature.md
+++ b/docs/changelog.d/feature-kingfisher-cronjob.feature.md
@ -1 +0,0 @@
-Add Kingfisher secret scanner as a weekly CronJob scanning all Forgejo repos, with HTML and JSON reports written to sifaka NFS.
--- a/docs/changelog.d/prowler-mutelist.infra.md
+++ b/docs/changelog.d/prowler-mutelist.infra.md
@ -1 +0,0 @@
-Add Prowler mutelist to suppress expected findings from system components, operator-managed pods, and accepted operational needs. Fix missing seccomp profile on kube-state-metrics.
				`@ -1 +0,0 @@`
				`Review and update Ansible reference doc: add missing roles, sibling playbooks, and clarify Ansible's role in the IaC stack.`
				`@ -1 +0,0 @@`
				`Borgmatic photos backup: restrict to library/ and upload/ (skip regenerable dirs), add SSH keepalives and checkpoint interval to prevent broken pipe failures on large initial syncs.`
				`@ -1 +0,0 @@`
				`Upgrade forgejo-runner from 12.7.0 to 12.7.3 (bug fixes, security dep update). Add service reference card.`
				`@ -1 +0,0 @@`
				`Add service reference documentation for Kingfisher secret scanner.`
				`@ -1 +0,0 @@`
				`Add MongoDB Kingfisher secret scanner as a prek hook alongside TruffleHog for comparative coverage evaluation.`
				`@ -1 +0,0 @@`
				Add spork strategy: floating-branch soft-fork tooling (`mise run spork-create`) and documentation for maintaining local patches against upstream projects.
				`@ -1 +0,0 @@`
				`Add compensating controls framework: tracking file, review mise task, and how-to doc. Map all Prowler mutelist entries to named controls with CC: prefixes.`
				`@ -1 +0,0 @@`
				`Build custom Kingfisher container from sporked deploy branch, replacing upstream image with locally-built version including --clone-url-base patch.`
				`@ -1 +0,0 @@`
				`Add Kingfisher secret scanner as a weekly CronJob scanning all Forgejo repos, with HTML and JSON reports written to sifaka NFS.`
				`@ -1 +0,0 @@`
				`Add Prowler mutelist to suppress expected findings from system components, operator-managed pods, and accepted operational needs. Fix missing seccomp profile on kube-state-metrics.`