Charm Tech pulse 2025#15

Charm Tech has been busy this past sprint with secondments, releases, and a bunch of other goodies. Among other things, we released new versions of Ops, Pebble, Jubilant, and Concierge, we did lots of SSDLC work, added new features to Pebble, and continued work to improve charm libraries and charm relation interfaces. Dima completed his secondment with the Platform Engineering team, and James with the Telco/TLS team.

Ops

• Released ops 2.23.1 and 3.1.0 and the corresponding ops-scenario and ops-tracing versions. Version 3.1.0 exposes the app name and unit ID in the testing Context and fixes a number of bugs.
• SBOM generation and security vulnerability scanning is now automated as part of the ops[testing,tracing] publishing workflow (#1906, #1916).
• Added security event logging (for charm crashes, hook tool authentication failures, and so on) to ops (#1905).
• Exposed the app name and (mocked) unit ID in testing.Context (#1920).
• Fixed issues with exposing the departed unit relation data (#1918, #1925, #1928).
• Refactored the event collection mechanism in ops.testing (#1907).

Charming

• Released Jubilant v1.3.0, which adds secret management commands and the consume command, as well as several minor new features.
• Released Concierge v1.0.4, which builds with Go 1.24 (#77), and includes a snap for the s390x and ppc64le architectures.
• Hosted a Charm Tech AMA with the Commercial Systems team.
• Continued work on spec and draft implementation for updates to the Charmhub public listing review process.
• Worked on threat modelling for ops, ops-scenario, ops-tracing, Jubilant, and Concierge.
• Opened a PR to enrol the Ubuntu charm repo in the Canonical repo automation.
• Added support for multiple controllers in Jubilant (#165).
• Moved the TIOBE workflows to self-hosted runners (#167, #169, #660, #661, #1912).
• The snap charm library is now traced (#164).

Pebble

• Released Pebble v1.23.0, which supports in-memory state, adds a successes field for health checks, and prunes old logs for inactive services.
• Finished and merged the feature to prune service logs (#539, #653). Now the services log buffers are pruned, keeping only 100 maximum inactive services’ logs from the past 7 days.
• Added a new environment variable PEBBLE_PERSIST, which if set to never, means Pebble won’t write its state to a file to disk, but keep it in memory only (#590, #658). This feature is useful for running Pebble with read-only filesystems.
• Working on adding another log target type opentelemetry, allowing Pebble to send logs in OpenTelemetry format to an OpenTelemetry collector (in-progress PR: #663).
• Fixing a bug where the check failure details don’t show in pebble checks command output when failures count is at the threshold (in-progress PR: #634).
• Added security event logging to Pebble (#666, how ominous!).

Documentation

• Added a Security explanation doc covering use of cryptographic technology, hardening, good practice, and so forth – for both Ops[…] and Jubilant (and a draft for Concierge). Charmers should find this useful when doing their own security risk analysis and documentation.
• Wrote a security vulnerability response document for ops, ops-scenario, ops-tracing, Jubilant, and Concierge.
• Moved some content from expiring Juju documentation into the Ops storage how-to guide (#1915).
• Moved Ops docs to https://documentation.ubuntu.com/ops/latest/ and Jubilant docs to https://documentation.ubuntu.com/jubilant/.