Bot releases are visible (Hide)

pipeline - Tekton Pipeline release v0.61.1 "Ragdoll Data" Latest Release

Published by tekton-robot 3 months ago

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml
REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.61.x] Handle error conditions in CheckMissingResultReferences (#8105)

mproved error handling for some invalid result reference scenarios.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.61.1!

❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.56.6 "Persian Terminator"

Published by tekton-robot 3 months ago

-Docs @ v0.56.6
-Examples @ v0.56.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a05add089496f3ed6732de3f6804ba228904190bbf37d1a8c2d4c43ad6262e01e

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a05add089496f3ed6732de3f6804ba228904190bbf37d1a8c2d4c43ad6262e01e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.6/release.yaml
REKOR_UUID=24296fb24b8ad77a05add089496f3ed6732de3f6804ba228904190bbf37d1a8c2d4c43ad6262e01e

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.56.x] Handle error conditions in CheckMissingResultReferences (#8094)

mproved error handling for some invalid result reference scenarios.

🐛 [release-v0.56.x] Cleanup resolved object before validating through dry-run (#8064)

leanup resolved object before attempting to validate it through api dry-run call

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.6!

❤️ @tekton-robot
❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @tekton-robot
😍 @vdemeester

pipeline - Tekton Pipeline release v0.59.2 "Scottish Fold Sox"

Published by tekton-robot 4 months ago

-Docs @ v0.59.2
-Examples @ v0.59.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ac678677fe186a9b6d21a42b5b48289d14aa198de26de9b29caae78240eb7431a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ac678677fe186a9b6d21a42b5b48289d14aa198de26de9b29caae78240eb7431a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.2/release.yaml
REKOR_UUID=24296fb24b8ad77ac678677fe186a9b6d21a42b5b48289d14aa198de26de9b29caae78240eb7431a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.59.x] fix: resolve issue where results may not be obtained from sidecar logs (#8097)

ix: resolve issue where results may not be obtained from sidecar logs

🐛 [release-v0.59.x] Handle error conditions in CheckMissingResultReferences (#8093)

mproved error handling for some invalid result reference scenarios.

🐛 [release-v0.59.x] Cleanup resolved object before validating through dry-run (#8063)

leanup resolved object before attempting to validate it through api dry-run call

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.59.2!

❤️ @tekton-robot
❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @tekton-robot
😍 @vdemeester

pipeline - Tekton Pipeline release v0.61.0 "Ragdoll Data"

Published by tekton-robot 4 months ago

-Docs @ v0.61.0
-Examples @ v0.61.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.0/release.yaml
REKOR_UUID=24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

✨ Promote Larger Results via Sidecar Logs to Beta (#8043)

Promote Larger Results via Sidecar Logs to Beta

✨ Add a flag on controllers to configure resyncPeriod (#8023)

Binary file (standard input) matches

Fixes

🐛 Cleanup resolved object before validating through dry-run (#8051)

Cleanup resolved object before attempting to validate it through api dry-run call

🐛 fix: resolve issue where results may not be obtained from sidecar logs (#8029)

fix: resolve issue where results may not be obtained from sidecar logs

🐛 Fix Validation Error Merging StepTemplates with StepRef (#7982)

Fix Validation Error Merging StepTemplates with Step's Ref

🐛 Bundle resolver can use ServiceAccount for auth (#7969)

Fix bundle resolver so it could pull OCI image (bundle) manifest from AWS ECR private registry

🐛 Fix: Example Test point to Catalog StepAction (#8044)

Misc

🔨 Remove taskref/pipelineref deprecated bundle field (#7789)

taskRef.bundle and pipelineRef.bundle are now removed from v1beta1 API version, as they were deprecated for about a year and half. Using them will result in a error when creating an object.

action required: make sure you migrate from taskRef.bundle and pipelineRef.bundle to the bundle resolver (see https://tekton.dev/docs/pipelines/migrating-v1beta1-to-v1/#replacing-taskrefbundle-and-pipelinerefbundle-with-bundle-resolver-a-idreplacing-taskrefbundle-and-pipelinerefbundle-with-bundle-resolver-a)

🔨 Bump to go 1.22 and fixes (#8035)

ektoncd/pipeline now requires go 1.22 to be built

🔨 Update knative/pkg to release-1.14 (#7989)

he minimum Kubernetes version supported by Tekton is now 1.28.

🔨 Bump k8s.io/code-generator from 0.29.2 to 0.29.6 (#8067)
🔨 Bump k8s.io/client-go from 0.29.2 to 0.29.6 (#8066)
🔨 Bump github/codeql-action from 3.25.8 to 3.25.10 (#8061)
🔨 Bump actions/checkout from 4.1.6 to 4.1.7 (#8060)
🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.2.0 to 2.3.0 (#8059)
🔨 Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (#8058)
🔨 Bump the all group in /tekton with 4 updates (#8057)
🔨 Bump k8s.io/client-go from 0.27.14 to 0.27.15 in /test/custom-task-ctrls/wait-task-beta (#8049)
🔨 Bump k8s.io/apimachinery from 0.27.14 to 0.27.15 in /test/custom-task-ctrls/wait-task-beta (#8048)
🔨 Remove bobcatfish and lbernick from OWNERS 😿 (#8047)
🔨 Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#8046)
🔨 Tests before promoting LargerResults via Sidecarlogs to Beta (#8041)
🔨 Bump the all group across 1 directory with 4 updates (#8040)
🔨 Bump actions/dependency-review-action from 4.3.2 to 4.3.3 (#8039)
🔨 Bump github/codeql-action from 3.25.7 to 3.25.8 (#8038)
🔨 Bump step-security/harden-runner from 2.8.0 to 2.8.1 (#8037)
🔨 Bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /tools (#8036)
🔨 README.md: fix Kubernetes min version (#8030)
🔨 Bump github.com/containerd/containerd from 1.7.17 to 1.7.18 (#8026)
🔨 Bump tj-actions/changed-files from 44.5.1 to 44.5.2 (#8014)
🔨 Bump actions/dependency-review-action from 2.5.1 to 4.3.2 (#8013)
🔨 Bump step-security/harden-runner from 2.7.0 to 2.8.0 (#8012)
🔨 Bump github/codeql-action from 3.25.6 to 3.25.7 (#8011)
🔨 Bump actions/checkout from 3.6.0 to 4.1.6 (#8010)
🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.3 to 1.8.4 (#8007)
🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.3 to 1.8.4 (#8001)
🔨 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#8000)
🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.3 to 1.8.4 (#7999)
🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.3 to 1.8.4 (#7998)
🔨 Bump the all group across 1 directory with 4 updates (#7995)
🔨 Bump step-security/harden-runner from 2.7.1 to 2.8.0 (#7993)
🔨 Bump tj-actions/changed-files from 44.4.0 to 44.5.1 (#7992)
🔨 Bump github.com/golangci/golangci-lint from 1.58.2 to 1.59.0 in /tools (#7991)
🔨 Bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#7985)
🔨 Update releases.md for v0.60 (#7976)
🔨 TEP0152 - Complete V1 conformance test suite (#7913)
🔨 .github/workflows: add a dependency-review workflow (#7846)

Docs

📖 Document that task results are not enforced (#8053)
📖 Fix the document: Task Level Comp Res is beta (#8004)
📖 Patch release v0.60.1 (#7997)

Thanks

Thanks to these contributors who contributed to v0.61.0!

❤️ @JeromeJu
❤️ @afrittoli
❤️ @chitrangpatel
❤️ @dependabot[bot]
❤️ @khrm
❤️ @l-qing
❤️ @vdemeester
❤️ @wilstdu

Extra shout-out for awesome release notes:

😍 @chitrangpatel
😍 @l-qing
😍 @vdemeester
😍 @wilstdu

pipeline - Tekton Pipeline release v0.53.7 "Chartreux Rachael"

Published by tekton-robot 4 months ago

-Docs @ v0.53.7
-Examples @ v0.53.7

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.7/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a5e6c5b801847e38adbef6f904f009e88e04197f4ea8b1c264d904ee4a80332b1

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a5e6c5b801847e38adbef6f904f009e88e04197f4ea8b1c264d904ee4a80332b1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.7/release.yaml
REKOR_UUID=24296fb24b8ad77a5e6c5b801847e38adbef6f904f009e88e04197f4ea8b1c264d904ee4a80332b1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.7@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.53.x] Fix: Identify workspace usage in a Task (#8020)

Fix: Identify workspace usage in a Task

🐛 [release-v0.53.x] fix: when using remote resources, the related metrics tag name is wrong (#7957)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.53.7!

❤️ @chitrangpatel
❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @chitrangpatel

pipeline - Tekton Pipeline release v0.56.5 "Persian Terminator"

Published by tekton-robot 4 months ago

-Docs @ v0.56.5
-Examples @ v0.56.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a2f09bf689d71d460727a65204008bb91c9b764039990958e155058c4234aaecd

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a2f09bf689d71d460727a65204008bb91c9b764039990958e155058c4234aaecd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.5/release.yaml
REKOR_UUID=24296fb24b8ad77a2f09bf689d71d460727a65204008bb91c9b764039990958e155058c4234aaecd

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.56.x] fix: stepresult intepolations does not accept multiple matches (#7875)
fix: cannot use multiple step results at the same time for interpolation.
🐛 [release-v0.56.x] fix: when using remote resources, the related metrics tag name is wrong (#7956)
[release-v0.56.x] Fix: Identify workspace usage in a Task (#8018)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.5!

❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.60.2 "Chinchilla Tobor"

Published by tekton-robot 4 months ago

-Docs @ v0.60.2
-Examples @ v0.60.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml
REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.60.x] Fix: Identify workspace usage in a Task (#8021)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.2!

❤️ @tekton-robot, @chitrangpatel

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.59.1 "Scottish Fold Sox"

Published by tekton-robot 4 months ago

-Docs @ v0.59.1
-Examples @ v0.59.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.1/release.yaml
REKOR_UUID=24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.59.x] fix: when using remote resources, the related metrics tag name is wrong (#7955)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.59.1!

❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.60.1 "Chinchilla Tobor"

Published by tekton-robot 5 months ago

-Docs @ v0.60.1
-Examples @ v0.60.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml
REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.60.x] Fix: Allow less strict validation of the Resolver Name during Webhook. (#7996)
🐛 [release-v0.60.x] Fix: Update GetNameAndNamespace Parameters (#7994)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.1!

❤️ @tekton-robot, @Aleromerog

Extra shout-out for awesome release notes:
@Aleromerog

pipeline - Tekton Pipeline release v0.60.0 "Chinchilla Tobor"

Published by tekton-robot 5 months ago

🎉 Artifacts through Sidecar Logs and Concise Resolver Syntax(Stage I)🎉

-Docs @ v0.60.0
-Examples @ v0.60.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

✨ feat: Surface artifacts through sidecar container logs. (#7883)

Surface artifacts through sidecar container logs.

✨ add namespace label/tag to non-deprecated throttle metrics (#7879)

Add 'namespace' label/tag to the 'tekton_pipelines_controller_running_taskruns_throttled_by_quota' and 'tekton_pipelines_controller_running_taskruns_throttled_by_node' metrics, as kubernetes quota definitions are namespace scoped, hence certain namespaces may be more susceptible to quota throttling than others, and in a multi-node environment, not all namespaces are necessarily on the same node.

To enable this new label/tag, set 'metrics.taskrun.throttle.enable-namespace' to 'true' in the 'config-observability' ConfigMap

✨ TEP-0154: Enable concise resolver syntax - stage 1 (#7845)

TEP-0154: Enable concise resolver syntax

✨ Add reason tag to duration metrics (#7812)

The reason tag has been added to the duration metrics of taskrun and pipelinerun.

Fixes

🐛 Propagate params in pipelines (#7930)

Enable propagating params in Pipelines.

🐛 Fix version mismatch of aws-sdk-go-v2 (#7921)

Fixing "401 Not Authorized" using Image from private AWS ECR without specifying "command" or "script" in Task.

🐛 allow for retry on typically transient k8s errors in both core controller and resolver for remote resolution (#7894)

This fix address the lack of retry on transient kubernetes errors during remote resolution for tasks, etc.

🐛 Fix: Faulty Remote Resource Accepted by Remote Resolution (#7952)
🐛 minor followup to PR 7894 (#7950)
🐛 fix: prevent repeated setting of pipeline name label (#7732)
🐛 fix: when using remote resources, the related metrics tag name is wrong (#7731)

Misc

🔨 Deprecate current resolution framework (#7945)

Mark current resolver framework as deprecated. Note: we are not removing the interface to be compatible with our Go policy.

🔨 misc: promote stepAction to beta (#7920)

promote StepActions to beta

🔨 fix: artifactsFlag (#7914)

fix defaultEnableArtifacts flag uses wrong name

🔨 Upgraded Remote Resolution Framework (#7910)

Upgraded remote resolution framework.

🔨 Bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 (#7975)
🔨 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.26.0 to 1.27.0 (#7972)
🔨 chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#7968)
🔨 chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#7967)
🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.58.1 to 1.58.2 in /tools (#7966)
🔨 chore(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17 (#7961)
🔨 chore(deps): bump k8s.io/client-go from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#7949)
🔨 chore(deps): bump k8s.io/api from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#7948)
🔨 chore(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#7947)
🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.4 to 1.9.6 (#7946)
🔨 chore(deps): bump the all group in /tekton with 3 updates (#7944)
🔨 chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#7943)
🔨 chore(deps): bump github/codeql-action from 3.25.3 to 3.25.5 (#7942)
🔨 chore(deps): bump tj-actions/changed-files from 44.3.0 to 44.4.0 (#7941)
🔨 Add image replacement for amd64 specific image for entrypoint-resolution test and update docker-in-docker test image for Power. (#7937)
🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /tools (#7936)
🔨 chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 (#7934)
🔨 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#7933)
🔨 chore(deps): bump the all group in /tekton with 4 updates (#7932)
🔨 chore(deps): bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#7931)
🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.30 to 1.14.34 (#7928)
🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.57.2 to 1.58.0 in /tools (#7927)
🔨 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#7926)
🔨 chore(deps): bump the all group in /tekton with 2 updates (#7925)
🔨 chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#7924)
🔨 chore(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#7923)

Docs

📖 Update releases.md for v0.59 (#7917)
📖 v1beta1 fields updated to v1 in docs and examples (#7873)

Thanks

Thanks to these contributors who contributed to v0.60.0!

❤️ @Sachin-Itagi
❤️ @afrittoli
❤️ @chitrangpatel
❤️ @cugykw
❤️ @dependabot[bot]
❤️ @ericzzzzzzz
❤️ @gabemontero
❤️ @khrm
❤️ @ppitonak
❤️ @seternate

Extra shout-out for awesome release notes:

😍 @chitrangpatel
😍 @ericzzzzzzz
😍 @gabemontero
😍 @khrm
😍 @seternate

pipeline - Tekton Pipeline release v0.59.0 "Scottish Fold Sox" LTS

Published by tekton-robot 6 months ago

🎉 Artifact Metadata, Improved StepActions and Improved Stability 🎉

-Docs @ v0.59.0
-Examples @ v0.59.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

Tekton v0.59 minimum Kubernetes version is 1.27.

Changes

Features

✨ Add a feature flag to disable inline spec (#7844)

Add a feature flag disable-inline-spec to disable embedded spec in Pipeline(PipelineSpec/TaskSpec), Taskrun(TaskSpec), and Pipelinerun. (PipelineSpec) By default, the inline specs will be enabled. Only if the flag is set to "pipeline", "pipelinerun" and "taskrun" or a combination like "pipeline,pipelinerun" would the inline spec be disabled for Pipeline, PipelineRun, or TaskRun.

✨ Add description to StepActions (#7831)

Add description to StepActions

✨ kind/feat: Surface artifacts through termination message (#7714)

Surface artifact metadata through termination message

Fixes

🐛 fix: resolve pod creation failure on retry when using (#7887)

fix: resolve pod creation failure on retry when using workspace.<name>.volume

🐛 Fix ImagePullTimeout to use Initialized (#7882)

Fix ImagePullTimeout to use "PodInitialized" or "PodReadyToStartContainers" PodCondition transition time

🐛 Enable Param Substitution in StepAction resolver reference params (#7872)

Enable Param Substitution in StepAction resolver reference params

🐛 validate TaskRun retries in TestRunSpec is greater than or equal to zero (#7836)

fix: the retries value has not been verified

🐛 fix: stepresult intepolations does not accept multiple matches (#7830)

fix: cannot use multiple step results at the same time for interpolation.

🐛 Fix the naming for Metrics as per convention (#7810)

We introduce new metrics with compliant naming.
Gauge metrics: Gauge metrics shouldn't end with count as it implies a counter.
Counter metrics: Counter metrics shouldn't end with count as it implies a counter from the histogram. Instead, we should use total.

Previous Metrics are deprecated because they don't satisfy the Prometheus naming convention. Consult https://github.com/tektoncd/pipeline/blob/main/docs/metrics.md to know the updated names and tags.

🐛 Remove conversion configuration for (#7796)

Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

🐛 Do not register for conversion (#7795)

Removed StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.

🐛 fix: ensure default type for params in remote tasks to prevent pipeline failures (#7776)

fix: resolve issues that may cause pipeline failures when using remote resources

🐛 fix: do not set default kind when taskRef resolver is present (#7763)

fix: do not set default kind when taskRef resolver is present

🐛 fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing (#7761)

fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing

🐛 Fix: Merge StepTemplate with Step containing Results and Params (#7757)

Fix: Merge StepTemplate with Step containing Results and Params

🐛 fix: the params in step replace other fields in step that are not in stepaction (#7755)

Pass only the fields in stepaction and replace these fields with the params in step.

🐛 Fix bugfix-release.sh behavior when there is nothing to release (#7860)
🐛 [StepActions] when using a stepTemplate the ref gets removed (#7813)

Misc

🔨 Update docker/docker to v26.0.0 (#7842)

Update docker/docker dependency to v26.0.0

🔨 Bump knative/pkg to 1.13 and k8s.io to 0.28.5 (#7808)

knative/pkg dependency is now 1.13 and k8s.io dependencies are 0.28.x.
In addition, this makes the minimum kubernetes version supported by tektoncd/pipeline to be 1.27.

🔨 Update golangci version and configuration, and fix errors (#7832)
🔨 Fix: add notes for why not to import the dependency pkg for OptimisticLockErrorMsg (#7780)
🔨 Fix shell for tag-images step (#7912)
🔨 Fix the shell in crane image (#7911)
🔨 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.25.0 to 1.26.0 (#7908)
🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 (#7905)
🔨 chore(deps): bump the all group in /tekton with 4 updates (#7900)
🔨 chore(deps): bump tj-actions/changed-files from 44.0.1 to 44.3.0 (#7899)
🔨 chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#7898)
🔨 chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#7897)
🔨 chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 (#7896)
🔨 chore(deps): bump k8s.io/client-go from 0.27.11 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#7891)
🔨 chore(deps): bump k8s.io/api from 0.27.12 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#7890)
🔨 chore(deps): bump code.gitea.io/sdk/gitea from 0.17.1 to 0.18.0 (#7889)
🔨 chore(deps): bump the all group in /tekton with 4 updates (#7885)
🔨 chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 (#7884)
🔨 kind/misc: add error log (#7874)
🔨 chore(deps): bump the all group in /tekton with 4 updates (#7868)
🔨 chore(deps): bump tj-actions/changed-files from 44.0.0 to 44.0.1 (#7867)
🔨 chore(deps): bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#7866)
🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.3 to 1.9.4 (#7862)
🔨 chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 (#7861)
🔨 release: add a small script to "automate" bugfix releases (#7855)
🔨 chore: fix function names in comment (#7853)
🔨 chore(deps): bump github.com/containerd/containerd from 1.7.14 to 1.7.15 (#7849)
🔨 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.25.0 (#7848)
🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.2 to 1.9.3 (#7847)
🔨 .github/workflow: update (and harden) codeql workflow (#7843)
🔨 chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#7835)
🔨 chore(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#7834)
🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.29 to 1.14.30 (#7829)
🔨 Initiate Conformance Test Suite (#7826)
🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.2 to 1.8.3 (#7825)
🔨 chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 (#7824)
🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.2 to 1.8.3 (#7823)
🔨 chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.3 (#7821)
🔨 chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#7820)
🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.2 to 1.8.3 (#7819)
🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.2 to 1.8.3 (#7818)
🔨 chore(deps): bump tj-actions/changed-files from 43.0.1 to 44.0.0 (#7817)
🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.57.1 to 1.57.2 in /tools (#7816)
🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.26 to 1.14.29 (#7815)
🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.1 to 1.9.2 (#7806)
🔨 chore(deps): bump tj-actions/changed-files from 43.0.0 to 43.0.1 (#7803)
🔨 chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 (#7802)
🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.56.2 to 1.57.1 in /tools (#7785)
🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.0 to 1.9.1 (#7784)
🔨 chore(deps): bump github.com/google/cel-go from 0.20.0 to 0.20.1 (#7783)
🔨 chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.1 to 2.15.2 (#7782)
🔨 chore(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 (#7781)
🔨 chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7750)
🔨 .github/workflows: make codeql a bit quicker (#7728)
🔨 Replace out of date publish images with cgr.dev equivalents. (#7359)
🔨 Update golang/x/net to handle GO-2024-2687 (#7841)

Docs

📖 fix(docs): correct closing bracket in CEL expressions (#7903)
📖 remove ref release-pipeline-nightly.yaml (#7864)
📖 Fix: update golangci-lint docs link (#7790)
📖 Documenting latest release - 0.58 (#7786)
📖 updating releases file to include 0.53.4 and 0.56.2 (#7741)
📖 fix imagePullBackOff doc (#7679)

Thanks

Thanks to these contributors who contributed to v0.59.0!

❤️ @JeromeJu
❤️ @Ma-YuXin
❤️ @afrittoli
❤️ @chitrangpatel
❤️ @cugykw
❤️ @dependabot[bot]
❤️ @ericzzzzzzz
❤️ @garethjevans
❤️ @isibeni
❤️ @kgcarr
❤️ @khrm
❤️ @l-qing
❤️ @lunarwhite
❤️ @lvyaoting
❤️ @pritidesai
❤️ @skaegi
❤️ @vdemeester
❤️ @wlynch

Extra shout-out for awesome release notes:

😍 @Ma-YuXin
😍 @chitrangpatel
😍 @cugykw
😍 @ericzzzzzzz
😍 @khrm
😍 @l-qing
😍 @skaegi
😍 @vdemeester

pipeline - Tekton Pipeline release v0.50.6 "Russian Blue Daneel Olivaw"

Published by tekton-robot 6 months ago

-Docs @ v0.50.6
-Examples @ v0.50.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.6/release.yaml
REKOR_UUID=24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.50.x] Remove conversion configuration for (#7798)

emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

🐛 [release-v0.50.x] fix: ensure clustertask annotations are synced to taskrun (#7656)

ix: ensure ClusterTask annotations and labels are synced to TaskRun

🐛 [release-v0.50.x] Fix validations for Sidecars to be consistent (#7451)

idecars are now validated at admission webhook

🐛 [release-v0.50.x] don't return validation error when final tasks failed/skipped (#7485)

[release-v0.50.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7858)
[release-v0.50.x] Update go-git/v5 for CVE-2023-49569 (#7839)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.50.6!

❤️ @tekton-robot
❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @tekton-robot
😍 @vdemeester

pipeline - Tekton Pipeline release v0.47.9 "Chartreux Rachael"

Published by tekton-robot 6 months ago

-Docs @ v0.47.9
-Examples @ v0.47.9

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.9/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.9/release.yaml
REKOR_UUID=24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.9@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

[release-v0.47.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7859)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.9!

❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @vdemeester

pipeline - Tekton Pipeline release v0.56.4 "Persian Terminator"

Published by tekton-robot 6 months ago

-Docs @ v0.56.4
-Examples @ v0.56.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.4/release.yaml
REKOR_UUID=24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.56.x] [StepActions] when using a stepTemplate the ref gets removed (#7814)
[release-v0.56.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7856)
[release-v0.56.x] Update go-git/v5 for CVE-2023-49569 (#7837)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.4!

❤️ @tekton-robot
❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @vdemeester

pipeline - Tekton Pipeline release v0.53.6 "Chartreux Rachael"

Published by tekton-robot 6 months ago

-Docs @ v0.53.6
-Examples @ v0.53.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.6/release.yaml
REKOR_UUID=24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

[release-v0.53.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7857)
[release-v0.53.x] Update go-git/v5 for CVE-2023-49569 (#7838)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.53.6!

❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @vdemeester

pipeline - Tekton Pipeline release v0.47.8 "Chartreux Rachael"

Published by tekton-robot 7 months ago

-Docs @ v0.47.8
-Examples @ v0.47.8

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.8/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.8/release.yaml
REKOR_UUID=24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.8@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

[release-v0.47.x] Update go-git/v5 for CVE-2023-49569 (#7840)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.8!

❤️ @vdemeester

Extra shout-out for awesome release notes:

😍 @vdemeester

pipeline - Tekton Pipeline release v0.56.3 "Persian Terminator"

Published by tekton-robot 7 months ago

-Docs @ v0.56.3
-Examples @ v0.56.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.3/release.yaml
REKOR_UUID=24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.56.x] Fix: Merge StepTemplate with Step containing Results and Params (#7809)

ix: Merge StepTemplate with Step containing Results and Params

🐛 [release-v0.56.x] Do not register for conversion (#7801)

emoved StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.

🐛 [release-v0.56.x] Remove conversion configuration for (#7800)

emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.3!

❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.47.7 "Chartreux Rachael"

Published by tekton-robot 7 months ago

-Docs @ v0.47.7
-Examples @ v0.47.7

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.7/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.7/release.yaml
REKOR_UUID=24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.7@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.47.x] Remove conversion configuration for (#7799)

emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.7!

❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.53.5 "Munchkin Maschinenmensch"

Published by tekton-robot 7 months ago

-Docs @ v0.53.5
-Examples @ v0.53.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.5/release.yaml
REKOR_UUID=24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [release-v0.53.x] Remove conversion configuration for ClusterTask (#7797)

Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.53.5!

❤️ @tekton-robot

Extra shout-out for awesome release notes:

😍 @tekton-robot

pipeline - Tekton Pipeline release v0.58.0 "Bombay Robbie"

Published by tekton-robot 7 months ago

🎉 `displayName` in `childReferences` and dynamic specifications of `secrets` and `configmaps` in `workspaces` 🎉

-Docs @ v0.58.0
-Examples @ v0.58.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.58.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.58.0/release.yaml
REKOR_UUID=24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.58.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

✨ TEP-0147: introduce feature flag to guard artifacts feature (#7705)

Introduces a feature flag enable-artifacts.

✨ TEP 0147: add inputs/outputs to stepState (#7703)

introduce inputs/outputs to stepState for future artifacts work

✨ implementing TEP-0150 - in (#7683)

A fully resolved displayName is now available in childReferences along with the pipelineTaskName. This is mainly beneficial to parameterize and easily distinguish matrix instances of the task.

✨ feat: support for variable interpolation in workspace.* (in PipelineRun and TaskRun) (#7671)

feat: support for variable interpolation in workspace.* (in PipelineRun and TaskRun)

Fixes

🐛 fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task (#7722)

fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task

🐛 fix: pipeline execution status test case index error (#7742)
🐛 Migrate jaeger to otel API (#7547)

Misc

🔨 chore(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 (#7774)
🔨 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#7773)
🔨 chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#7772)
🔨 chore(deps): bump tj-actions/changed-files from 42.1.0 to 43.0.0 (#7771)
🔨 chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14 (#7770)
🔨 chore(deps): bump github/codeql-action from 3.24.6 to 3.24.8 (#7769)
🔨 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#7768)
🔨 chore(deps): bump k8s.io/api from 0.27.11 to 0.27.12 in /test/custom-task-ctrls/wait-task-beta (#7767)
🔨 chore(deps): bump tj-actions/changed-files from 42.0.5 to 42.1.0 (#7747)
🔨 chore(deps): bump github/codeql-action from 3.24.5 to 3.24.6 (#7735)
🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.1 to 1.8.2 (#7727)
🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to 1.8.2 (#7723)
🔨 chore(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#7719)
🔨 chore(deps): bump tj-actions/changed-files from 42.0.4 to 42.0.5 (#7718)
🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.8.7 to 1.9.0 (#7712)
🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.23.1 to 1.24.0 (#7710)
🔨 chore(deps): bump go.opentelemetry.io/otel from 1.23.1 to 1.24.0 (#7709)
🔨 chore(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 (#7702)
🔨 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#7696)
🔨 chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.1 (#7695)
🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.56.1 to 1.56.2 in /tools (#7676)
🔨 fix: reduce warnings caused by woke scan results (#7558)
🔨 Bump github.com/docker/docker from 24.0.0+incompatible to 24.0.7+incompatible (#7526)