A cloud-native Pipeline resource.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by tekton-robot 8 months ago
-Docs @ v0.56.2
-Examples @ v0.56.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.2/release.yaml
REKOR_UUID=24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
onfigure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.
ix: avoid panic when used pipelineRef or pipelineSpec in pipeline task
Thanks to these contributors who contributed to v0.56.2!
Extra shout-out for awesome release notes:
Published by tekton-robot 8 months ago
-Docs @ v0.53.4
-Examples @ v0.53.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.4/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aad9dedd9e0cad28c97e14d3e1ac5b0a41089a1a91534321af5585f876bb41074
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aad9dedd9e0cad28c97e14d3e1ac5b0a41089a1a91534321af5585f876bb41074
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.4/release.yaml
REKOR_UUID=24296fb24b8ad77aad9dedd9e0cad28c97e14d3e1ac5b0a41089a1a91534321af5585f876bb41074
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Configure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.
ix: avoid panic when used pipelineRef or pipelineSpec in pipeline task
ix: ensure ClusterTask
annotations and labels are synced to TaskRun
Thanks to these contributors who contributed to v0.53.4!
Extra shout-out for awesome release notes:
Published by tekton-robot 8 months ago
-Docs @ v0.57.0
-Examples @ v0.57.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.57.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.57.0/release.yaml
REKOR_UUID=24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.57.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Configure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.
Steps in a TaskRun will have more granular termination reasons indicating what exactly happened in new terminationReason field: Completed, Continued, Error, TimeoutExceeded, Skipped, TaskRunCancelled
fix: correct warning path for duplicate param name in pipeline tasks
The status of the referenced ordinary task is replaced before calculating the final task when.cel
.
fix: the pipeline controller will no longer modify any annotation it has set on completed pipelineruns
PipelineRuns that timeout will no longer be blocked on reaching a terminal, cancelled state if their underlying TaskRuns or CustomRuns were deleted beforehand.
Created v0.56 LTS release.
taskRun names updated to end with the instance count for all fan out instances of matrix.
Release v0.44 LTS is EOL
Thanks to these contributors who contributed to v0.57.0!
Extra shout-out for awesome release notes:
Published by tekton-robot 8 months ago
-Docs @ v0.56.1
-Examples @ v0.56.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ad1e4c68a476e6b180257b4a6715315a2d40370f46ce4f36ce311c893d7bef2ba
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ad1e4c68a476e6b180257b4a6715315a2d40370f46ce4f36ce311c893d7bef2ba
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.1/release.yaml
REKOR_UUID=24296fb24b8ad77ad1e4c68a476e6b180257b4a6715315a2d40370f46ce4f36ce311c893d7bef2ba
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
he status of the referenced ordinary task is replaced before calculating the final task when.cel
.
ix: correct warning path for duplicate param name in pipeline tasks
ix: ensure ClusterTask
annotations and labels are synced to TaskRun
ipelineRuns and TaskRuns that disable timeouts will no longer experience rapid requeue reconciliations
Thanks to these contributors who contributed to v0.56.1!
Extra shout-out for awesome release notes:
Published by tekton-robot 9 months ago
-Docs @ v0.56.0
-Examples @ v0.56.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
StepResults
between Steps
in a `Task.Merge the env
and volumes
from the podTemplate in the pipelineRun or TaskRun with the global defaults, instead of only considering the specified in the Run's.
restore conversion functions from taskRun and taskRunStatus resources for backwards compatibility
[Bug fix]: takes default values of a resource requirements from a config map and updates to a init-container and container resource requirements value, if the value is not present
user error attributions can now be seen via PipelineRunStatus condition messages
Thanks to these contributors who contributed to v0.56.0!
Extra shout-out for awesome release notes:
Published by tekton-robot 9 months ago
-Docs @ v0.47.6
-Examples @ v0.47.6
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.6/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.6/release.yaml
REKOR_UUID=24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.6@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Thanks to these contributors who contributed to v0.47.6!
Extra shout-out for awesome release notes:
Published by tekton-robot 10 months ago
-Docs @ v0.55.0
-Examples @ v0.55.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.55.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.55.0/release.yaml
REKOR_UUID=24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.55.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Introduce WorkingDir in StepActions
User are now able to override the global server URL when using the git resolver to allow fetching from multiple git providers.
Implement "Ignore Task Failure" with new "PipelineTask.OnError" API field (TEP-0050). User can now set pipelineTask.onError: continue
to ignore failure
bug fix: allow task-level param references multiple pipeline-level params with enum
fix: taskRuns will not fail for concurrent modification errors when stopping sideCars
sidecars are now validated at admission webhook
Resolved issue where resolutionrequest defaulted to v1alpha1 when it should be v1beta1
ntrypoint cancellation only requires keep-pod-on-cancel: true
feature-flag.
Tracing config now includes an additional optional field credentialsSecret
where users can specify the name of a secret. The username and password fields from the secret will be used to authenticate against Tracing collector endpoint.
Updates the conformance api spec with v1 api types in line with TEP-131
stdoutConfig
and stderrConfig
to alpha features table (#7494)Thanks to these contributors who contributed to v0.55.0!
Extra shout-out for awesome release notes:
Published by tekton-robot 10 months ago
-Docs @ v0.54.2
-Examples @ v0.54.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.2/release.yaml
REKOR_UUID=24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Thanks to these contributors who contributed to v0.54.2!
Extra shout-out for awesome release notes:
Published by tekton-robot 10 months ago
-Docs @ v0.54.1
-Examples @ v0.54.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.1/release.yaml
The Rekor UUID for this release is ``
Obtain the attestation:
REKOR_UUID=
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.1/release.yaml
REKOR_UUID=
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Thanks to these contributors who contributed to v0.54.1!
Extra shout-out for awesome release notes:
Published by tekton-robot 10 months ago
-Docs @ v0.53.3
-Examples @ v0.53.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.3/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.3/release.yaml
REKOR_UUID=24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
ix: taskRuns will not fail for concurrent modification errors when stopping sideCars
Entrypoint cancellation only requires keep-pod-on-cancel: true
feature-flag.
idecars are now validated at admission webhook
Thanks to these contributors who contributed to v0.53.3!
Extra shout-out for awesome release notes:
Published by tekton-robot 11 months ago
-Docs @ v0.54.0
-Examples @ v0.54.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
β¨ TEP-0142: Surface step results via sidecar logs (#7414)
Surface step results via sidecar logs
β¨ TEP-0142: Introduce StepResults in Steps, StepActions (#7382)
Introduce StepResults in Steps for StepAction's Result storage.
β¨ TEP-0142: Surface step results via termination message (#7349)
Surface step results via termination message
β¨ TEP-0142: Introduce Value in TaskResults (#7347)
StepActions: Introduce Value in TaskResults
β¨ [TEP-0142] Add VolumeMounts to StepAction (#7340)
Users can define VolumeMounts in StepAction, the VolumeMounts Name should use string param reference to the params passed to the StepAction.
β¨ [TEP-0144] Validate PipelineRun for Param Enum (#7338)
Implement Param Enum validation for PipelineRuns. Param Enum is supported per TEP-0144
β¨ [TEP-0142] Add SecurityContext (#7337)
Users can declare SecurityContext in StepAction.
β¨ TEP-0142: Add support for params between Step and StepActions (#7332)
Completes support for params in StepActions.
β¨ [TEP-0144] Validate TaskRun for Param Enum (#7326)
Implement Param Enum validation for TaskRuns
β¨ [TEP-0142] Remote Resolution for StepAction (#7321)
Support Remote Resolution for StepAction
β¨ TEP-0142: Introduce Params and Results into StepActions CRD (#7317)
Introduces params and results into the StepAction CRD.
β¨ Add credentials to HTTP resolver (#7315)
The http resolver supports passing username and password for fetching URLs with basic credentials
β¨ [TEP-0144] Add enum API field (#7289)
Add Enum
API field
β¨ TEP-0142: Introduce StepAction referencing syntax in Steps (#7284)
Introduces referencing syntax for StepAction in Steps
β¨ [TEP-0144] Add feature flag and doc placeholder (#7279)
Add enable-param-enum
feature flag to gate the use of Param.Enum
API field
β¨ TEP-0142: Referencing StepActions in Steps (#7271)
Enables referencing of StepActions in Steps if the feature flag "enable-step-actions: true" is set.
β¨ Add a simple HTTP resolver (#7250)
A new HTTP resolver is now available, it will let you resolve a http(s) URL to fetch a task or pipeline from.
β¨ Let the user pass a secret via a parameter for SCM API operations when using the git API resolver (#7239)
User are now able to pass a secret referencing token (or a tokenKey) for a SCM operation on the git resolver instead of using the global one from the configmap.
β¨ [TEP-0142] Support default resolver for Ref to remote StepAction (#7345)
β¨ TEP-0142: Add syntax for providing params to StepActions (#7334)
β¨ [TEP-0142] Add ResolverRef to Ref (#7322)
π change bundle resolver to use secret instead of service account (#7331)
action required: Bundle resolve uses secret to pull bundle Tasks/Pipelines from private registry instead of Service Account. Please update your bundle resolver ref to use secret.
π fix: the pr may lose finallyStartTime when pipeline controller is not synchronized to all current state (#7186)
Reset the finallyStartTime field when one or more final tasks have been created and the current finallyStartTime is empty.
π fix: panic may occur when calculating the final task timeout waiting time (#7188)
Thanks to these contributors who contributed to v0.54.0!
Extra shout-out for awesome release notes:
Published by tekton-robot 11 months ago
-Docs @ v0.50.5
-Examples @ v0.50.5
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.5/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.5/release.yaml
REKOR_UUID=24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.5@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The Tekton controller images are now based on a distroless base image which is built on top of Alpine 3.18
Thanks to these contributors who contributed to v0.50.5!
Extra shout-out for awesome release notes:
Published by tekton-robot 11 months ago
-Docs @ v0.53.2
-Examples @ v0.53.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.2/release.yaml
REKOR_UUID=24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The Tekton controller images are now based on a distroless base image which is built on top of Alpine 3.18
Thanks to these contributors who contributed to v0.53.2!
Extra shout-out for awesome release notes:
Published by tekton-robot 11 months ago
-Docs @ v0.50.4
-Examples @ v0.50.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.4/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.4/release.yaml
REKOR_UUID=24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The Tekton images are now based on a distroless base image which is built on top of Alpine 3.18
Thanks to these contributors who contributed to v0.50.4!
Extra shout-out for awesome release notes:
Published by tekton-robot 11 months ago
-Docs @ v0.53.1
-Examples @ v0.53.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.1/release.yaml
REKOR_UUID=24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The Tekton images are now based on a distroless base image which is built on top of Alpine 3.18
Thanks to these contributors who contributed to v0.53.1!
Extra shout-out for awesome release notes:
Published by tekton-robot 12 months ago
-Docs @ v0.53.0
-Examples @ v0.53.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
enable-api-fields
flag will be eventually phased out, once all API features currently in alpha/beta reach stability (or are removed)displayName
can now accept params, task result references, or context variables.
hub resolver can now specify a version constraint to choose a version (example: version: ">=0.2.0,< 1.0.0")
tekton resolver now uses hub.tekton.dev by default.
β¨ [TEP-0145] Add CEL field to WhenExpression
β¨ Add a setting disallowing access to all namespaces (#7237)
Add special value *
to the blocked-namespace setting for the cluster-resolver to disallow by default all namespaces and only allow the namespaces explicitly listed in allowed-namespace
setting.
The task-level resource requirements feature allows the user to set computeResources at runtime i.e. on TaskRun. This is now enabled as part of the beta API.
Pipeline authors can now produce results from a Matrixed PipelineTask as an aggregated array and consume them in an array params. Two context variables are introduced as part of this feature, $(tasks..matrix.length) to get the length of a matrix combinations and $(tasks..matrix..length) to get a length of aggregated result.
Matrix feature is promoted to beta and possible to utilize with enable-api-fields set to beta.
Results are propagated in embedded specifications without mutations.
Please use per feature flags for new API-driven feature gating.
Add ability to include reason
along with status
in TaskRun and PipelineRun count metrics
In the current release:
π¨ The behaviour of the enable-api-field
flag has been fixed, resulting in a slight behaviour change: when using the v1beta1
API, API features in beta are only available when the enable-api-field
is set to beta
or alpha
. Beta features used to be enabled on the v1beta1
API regardless of the value of enable-api-field
.
Note that:
enable-api-field
is beta
alpha
or beta
will continue to have access to beta
features on v1beta1
and v1
APIsstable
will continue to not have access to beta
features on the v1
APISo in practice, there is no breaking change for users. Users of the v1beta1
API may now disable beta
features, should they wish to do so, which was not possible before.
[WIP] Introduces a new feature flag "enable-step-actions: true/false" to gate the use of step actions.
Introduced the StepAction CRD as designed in https://github.com/tektoncd/community/blob/main/teps/0142-enable-step-reusability.md. The implementation is still ongoing; feature is not yet functional.
Fix regression where a different order of task definition may cause result resolution to break
Bug fix: delete PVCs created by VolumeClaimTemplates when the owning PipelineRun is completed
Recover Conversion Functions from Pipeline Resources for backwards compatibility
Change configmap for LeaderElection of webhook to config-leader-election-webhook, event controller to config-leader-election-event and resolvers to config-leader-election-resolvers
refactor: version.ValidateEnabledAPIFields has been moved to the config package
v1beta1 CRDs with beta features now requires beta
enable-api-fields
. More specifically, users who have been accidentally using beta features resolvers, object array params and results with enable-api-fields
set to stable
now needs to change to enable-api-fields=beta
cmp.Diff(want, got)
for all diff.PrintWantGot()
(#7209)Thanks to these contributors who contributed to v0.53.0!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.44.5
-Examples @ v0.44.5
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml
REKOR_UUID=24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.5@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
bug fix: Avoid controller panics for computed timeouts
Thanks to these contributors who contributed to v0.44.5!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.47.5
-Examples @ v0.47.5
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.5/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.5/release.yaml
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.5@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
These addresse https://github.com/advisories/GHSA-qppj-fm5r-hxr3 by not allowing more server handlers to be run than the HTTP/2 MAX_CONCURRENT_STREAMS setting.
Thanks to these contributors who contributed to v0.47.5!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.50.3
-Examples @ v0.50.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.3/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.3/release.yaml
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
This addresses https://github.com/advisories/GHSA-qppj-fm5r-hxr3 by not allowing more server handlers to be run than the HTTP/2 MAX_CONCURRENT_STREAMS setting.
Thanks to these contributors who contributed to v0.50.3!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.50.2
-Examples @ v0.50.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.2/release.yaml
REKOR_UUID=24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Fix regression where a different order of task definition may cause result resolution to break
Bug fix: validate beta features in inline tasks/pipelines in the same way as referenced tasks/pipelines
Fixed the release pipeline invalid spec.
π [release-v0.50.x] Remove results annotations filtering (#7131)
π [v0.50.x] Update knative/pkg 1.10 to address CVE-2023-44487 (#7211)
Thanks to these contributors who contributed to v0.50.2!
Extra shout-out for awesome release notes: