-Docs @ v0.56.2
-Examples @ v0.56.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.2/release.yaml
REKOR_UUID=24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [release-v0.56.x] Allow for the specified duration (#7678)

onfigure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.

Fixes

• 🐛 [release-v0.56.x] fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task (#7733)

ix: avoid panic when used pipelineRef or pipelineSpec in pipeline task

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.2!

• ❤️ @l-qing
• ❤️ @pritidesai
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @l-qing
• 😍 @pritidesai
• 😍 @tekton-robot

-Docs @ v0.53.4
-Examples @ v0.53.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aad9dedd9e0cad28c97e14d3e1ac5b0a41089a1a91534321af5585f876bb41074

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aad9dedd9e0cad28c97e14d3e1ac5b0a41089a1a91534321af5585f876bb41074
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.4/release.yaml
REKOR_UUID=24296fb24b8ad77aad9dedd9e0cad28c97e14d3e1ac5b0a41089a1a91534321af5585f876bb41074

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [release-v0.53.x] wait for a given duration in case of imagePullBackOff (#7677)

Configure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.

Fixes

• 🐛 [release-v0.53.x] fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task (#7734)

ix: avoid panic when used pipelineRef or pipelineSpec in pipeline task

• 🐛 [release-v0.53.x] fix: ensure clustertask annotations are synced to taskrun (#7655)

ix: ensure ClusterTask annotations and labels are synced to TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.53.4!

• ❤️ @l-qing
• ❤️ @pritidesai
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @l-qing
• 😍 @pritidesai
• 😍 @tekton-robot

-Docs @ v0.57.0
-Examples @ v0.57.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.57.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.57.0/release.yaml
REKOR_UUID=24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.57.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Allow for the specified duration (#7666)

Configure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.

• ✨ Add granular termination reason in container termination message (#7565)

Steps in a TaskRun will have more granular termination reasons indicating what exactly happened in new terminationReason field: Completed, Continued, Error, TimeoutExceeded, Skipped, TaskRunCancelled

Fixes

• 🐛 fix(pipeline): correct warning path for duplicate param name in pipeline tasks (#7651)

fix: correct warning path for duplicate param name in pipeline tasks

• 🐛 The field in Final Task cannot parse ordinary Task status information. (#7637)

The status of the referenced ordinary task is replaced before calculating the final task when.cel.

• 🐛 fix: prevent modification of annotations on completed TaskRuns (#7603)

fix: the pipeline controller will no longer modify any annotation it has set on completed pipelineruns

• 🐛 allow pipeline runs whose task/custom runs have been deleted still timeout (#7557)

PipelineRuns that timeout will no longer be blocked on reaching a terminal, cancelled state if their underlying TaskRuns or CustomRuns were deleted beforehand.

• 🐛 update docker-in-docker testimage for s390x (#7652)

Misc

• 🔨 Update releases.md (#7587)

Created v0.56 LTS release.

• 🔨 matrix name updated to end with the instance count (#7563)

taskRun names updated to end with the instance count for all fan out instances of matrix.

• 🔨 Isolate new env nightly feature flag test (#7686)
• 🔨 chore(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#7685)
• 🔨 chore(deps): bump tj-actions/changed-files from 42.0.2 to 42.0.4 (#7684)
• 🔨 chore(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 (#7682)
• 🔨 chore(deps): bump github.com/google/cel-go from 0.19.0 to 0.20.0 (#7681)
• 🔨 chore(deps): bump k8s.io/client-go from 0.27.8 to 0.27.11 in /test/custom-task-ctrls/wait-task-beta (#7673)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 (#7670)
• 🔨 Patch Release v0.56.1 (#7665)
• 🔨 Patch Release v0.56.1 (#7663)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.22.0 to 1.23.1 (#7659)
• 🔨 chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#7658)
• 🔨 Update e2e-test script for per-feature flag test (#7657)
• 🔨 Fix typo in publish task (#7648)
• 🔨 Bump github.com/golangci/golangci-lint from 1.55.1 to 1.56.1 in /tools (#7646)
• 🔨 Bump go.opentelemetry.io/otel from 1.22.0 to 1.23.1 (#7645)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc3 to 1.1.0-rc6 (#7635)
• 🔨 Bump github/codeql-action from 3.23.1 to 3.24.0 (#7634)
• 🔨 TEP-0138 New features to use Per-feature flag struct (#7633)
• 🔨 Bump github.com/containerd/containerd from 1.6.19 to 1.7.13 (#7628)
• 🔨 Per-feature Flag Test Suite (#7627)
• 🔨 Bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0 (#7624)
• 🔨 Bump tj-actions/changed-files from 42.0.0 to 42.0.2 (#7622)
• 🔨 Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#7620)
• 🔨 Bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0 (#7616)
• 🔨 Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#7612)
• 🔨 Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#7611)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc3 to 1.1.0-rc.6 (#7610)
• 🔨 Bump github.com/containerd/containerd from 1.6.19 to 1.7.12 (#7609)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.21.0 to 1.22.0 (#7606)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.25 to 1.14.26 (#7605)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc.6 (#7604)
• 🔨 Bump code.gitea.io/sdk/gitea from 0.16.0 to 0.17.1 (#7597)
• 🔨 Bump github.com/containerd/containerd from 1.7.11 to 1.7.12 (#7596)
• 🔨 Bump github.com/google/cel-go from 0.18.1 to 0.19.0 (#7594)
• 🔨 Bump tj-actions/changed-files from 41.1.1 to 42.0.0 (#7593)
• 🔨 Bump github/codeql-action from 3.23.0 to 3.23.1 (#7592)
• 🔨 Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#7591)
• 🔨 Bump go.opentelemetry.io/otel from 1.21.0 to 1.22.0 (#7586)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.24 to 1.14.25 (#7585)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.7 (#7584)
• 🔨 Bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0 (#7583)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 (#7582)
• 🔨 Error sweep: fix error messages for timing out Runs (#7572)
• 🔨 Label user error for failed TaskRunStatus message (#7543)
• 🔨 Add pre-commit rules (#7367)

Docs

• 📖 Pipeline v0.44.x LTS End of Life (#7613)

Release v0.44 LTS is EOL

Thanks

Thanks to these contributors who contributed to v0.57.0!

• ❤️ @AlanGreene
• ❤️ @Basavaraju-G
• ❤️ @JeromeJu
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @gabemontero
• ❤️ @l-qing
• ❤️ @pritidesai
• ❤️ @renzodavid9
• ❤️ @roman-kiselenko

Extra shout-out for awesome release notes:

• 😍 @afrittoli
• 😍 @chitrangpatel
• 😍 @cugykw
• 😍 @gabemontero
• 😍 @l-qing
• 😍 @pritidesai
• 😍 @renzodavid9

-Docs @ v0.56.1
-Examples @ v0.56.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ad1e4c68a476e6b180257b4a6715315a2d40370f46ce4f36ce311c893d7bef2ba

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ad1e4c68a476e6b180257b4a6715315a2d40370f46ce4f36ce311c893d7bef2ba
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.1/release.yaml
REKOR_UUID=24296fb24b8ad77ad1e4c68a476e6b180257b4a6715315a2d40370f46ce4f36ce311c893d7bef2ba

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.56.x] The field in Final Task cannot parse ordinary Task status information. (#7661)

he status of the referenced ordinary task is replaced before calculating the final task when.cel.

• 🐛 [release-v0.56.x] fix(pipeline): correct warning path for duplicate param name in pipeline tasks (#7660)

ix: correct warning path for duplicate param name in pipeline tasks

• 🐛 [release-v0.56.x] fix: ensure clustertask annotations are synced to taskrun (#7654)

ix: ensure ClusterTask annotations and labels are synced to TaskRun

• 🐛 [release-v0.56.x] do not allow negative requeue times (#7638)

ipelineRuns and TaskRuns that disable timeouts will no longer experience rapid requeue reconciliations

• 🐛 [release-v0.56.x] Exclude stopped injected sidecars from TaskRun status (#7653)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

-Docs @ v0.56.0
-Examples @ v0.56.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Support overriding the SCM type and server URL (#7450)
  User are now able to override the global server URL when using the git resolver to allow fetching from multiple git providers.
• ✨ TEP-0142: Introduce WorkingDir in StepActions (#7461)
• ✨ TEP-0075(object params and results) promoted to stable (#7544)
  TEP-0075 promoted to stable - object params and results is now possible with enable-api-fields set to stable.
• ✨ kind/feature : populate-params-and-results-to-workspace-bindings (#7503)
• ✨ TEP-0142: Passing StepResults between Steps (#7458)
  Enable passing StepResults between Steps in a `Task.
• ✨ param substitutions not allowed in StepAction's script (#7459)
  Param substitutions not allowed directly in StepAction's script

Fixes

• 🐛 fix: ensure global podTemplate configuration is merged correctly (#7552)

Merge the env and volumes from the podTemplate in the pipelineRun or TaskRun with the global defaults, instead of only considering the specified in the Run's.

• 🐛 Add back conversion for TaskRunStatus Resources (#7507)

restore conversion functions from taskRun and taskRunStatus resources for backwards compatibility

• 🐛 add default resource requirements to init-containers and containers of a pod (#7003)

[Bug fix]: takes default values of a resource requirements from a config map and updates to a init-container and container resource requirements value, if the value is not present

• 🐛 kind/bug allowExecution evaluation for when expression returns early when CEL is defined (#7569)
• 🐛 Fix broken import of go.opentelemetry.io/otel to v1.21.0 (#7465)

Misc

• 🔨 Label for failure PipelineRun Status Message (#7475)

user error attributions can now be seen via PipelineRunStatus condition messages

• 🔨 Error sweep: correct InvalidPipelineResultReference failure reason (#7459)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.5 to 1.8.1 (#7575)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.5 to 1.8.7 (#7570)
• 🔨 Bump tj-actions/changed-files from 41.0.1 to 41.1.1 (#7567)
• 🔨 Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#7566)
• 🔨 Bump github/codeql-action from 3.22.12 to 3.23.0 (#7548)
• 🔨 Bump actions/checkout from 3.1.0 to 4.1.1 (#7537)
• 🔨 Bump ossf/scorecard-action from 2.1.2 to 2.3.1 (#7536)
• 🔨 Bump tj-actions/changed-files from 40.2.3 to 41.0.1 (#7535)
• 🔨 Bump actions/upload-artifact from 3.1.0 to 4.0.0 (#7534)
• 🔨 Bump github/codeql-action from 2.2.4 to 3.22.12 (#7533)
• 🔨 Bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#7529)
• 🔨 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#7527)
• 🔨 Hardened GitHub workflows a little bit (#7524)
• 🔨 Bump k8s.io/api from 0.27.8 to 0.27.9 in /test/custom-task-ctrls/wait-task-beta (#7518)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.20 to 1.14.24 (#7515)
• 🔨 Bump google.golang.org/grpc from 1.59.0 to 1.60.1 (#7506)
• 🔨 Bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#7462)

Docs

Thanks

Thanks to these contributors who contributed to v0.56.0!

• ❤️ @JeromeJu
• ❤️ @Yongxuanzhang
• ❤️ @chitrangpatel
• ❤️ @dependabot[bot]
• ❤️ @ericzzzzzzz
• ❤️ @jkandasa
• ❤️ @l-qing
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @Yongxuanzhang
• 😍 @chitrangpatel
• 😍 @ericzzzzzzz
• 😍 @jkandasa
• 😍 @l-qing

-Docs @ v0.47.6
-Examples @ v0.47.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.6/release.yaml
REKOR_UUID=24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.47.x] don't return validation error when final tasks failed/skipped (#7487)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.6!

• ❤️ @vdemeester

Extra shout-out for awesome release notes:

🎉 PipelineTask.OnError and bugfixes 🎉

-Docs @ v0.55.0
-Examples @ v0.55.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.55.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.55.0/release.yaml
REKOR_UUID=24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.55.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0142: Introduce WorkingDir in StepActions (#7461)

Introduce WorkingDir in StepActions

• ✨ Support overriding the SCM type and server URL (#7450)

User are now able to override the global server URL when using the git resolver to allow fetching from multiple git providers.

• ✨ [TEP-0050] Implement PipelineTask OnError (#7422)

Implement "Ignore Task Failure" with new "PipelineTask.OnError" API field (TEP-0050). User can now set pipelineTask.onError: continue to ignore failure

Fixes

• 🐛 Fix enum validation with multiple param references (#7481)

bug fix: allow task-level param references multiple pipeline-level params with enum

• 🐛 Fix: do not fail TaskRun for concurrent modification errors (#7467)

fix: taskRuns will not fail for concurrent modification errors when stopping sideCars

• 🐛 Fix validations for Sidecars to be consistent (#7443)

sidecars are now validated at admission webhook

• 🐛 fix: resolve issue where resolutionrequest defaulted to v1alpha1 vs v1beta1 (#7438)

Resolved issue where resolutionrequest defaulted to v1alpha1 when it should be v1beta1

• 🐛 Do not require for entrypoint cancellation (#7430)

ntrypoint cancellation only requires keep-pod-on-cancel: true feature-flag.

• 🐛 Freeze image sha for dind-sidecar example test. (#7498)
• 🐛 FIX: Prevent panic on parameter evaluation (#7488)
• 🐛 change ResultRef.ResultsIndex from int to *int (#7460)
• 🐛 don't return validation error when final tasks failed/skipped (#7407)

Misc

• 🔨 Tracing: Add credentialsSecret for basic authentication to remote endpoint (#7238)

Tracing config now includes an additional optional field credentialsSecret where users can specify the name of a secret. The username and password fields from the secret will be used to authenticate against Tracing collector endpoint.

• 🔨 [TEP-0131] Update Conformance Spec for v1 api types (#7224)

Updates the conformance api spec with v1 api types in line with TEP-131

• 🔨 Error sweep: complete user-facing error messages formats (#7474)
• 🔨 Replace PipelineRunReasonFailedValidation with more granular reasons (#7417)
• 🔨 Error sweep: Move TaskRun Reasons in pkg/pod to pkg/apis (#7406)
• 🔨 Cleanup error message for Step container status (#7405)
• 🔨 Error sweep: add more context for PipelineRunCouldntGetPipeline error message (#7403)
• 🔨 Error sweep: refactor steps termination when failing TaskRun (#7386)
• 🔨 Refactor common util functions for /test (#7369)
• 🔨 Fix showing error message when validation fail (#7509)
• 🔨 Git resolver: validate repo URL (#7482)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.4 to 1.8.5 (#7463)
• 🔨 Fix some spelling in stepactions.md (#7432)
• 🔨 Remove .envrc and show an example in .envrc.sample (#7429)
• 🔨 Create scorecard.yml (#7409)
• 🔨 Add @jeromeJu as a pipelines maintainer (#7327)
• 🔨 Bump github.com/google/uuid from 1.3.1 to 1.4.0 (#7308)

Docs

• 📖 Add stdoutConfig and stderrConfig to alpha features table (#7494)
• 📖 Fix step actions documentation (#7492)
• 📖 [TEP-0050] Add Ignore Task Failure to alpha table (#7468)
• 📖 Update Feature Flags Documentation (#7445)
• 📖 Update StepActions Documentation (#7441)
• 📖 Fix typos and broken links in StepActions doc (#7431)
• 📖 Make git resolver label explicit (#7428)
• 📖 Update release with v0.54.0 (#7427)
• 📖 Update release cheat sheet (#7425)

Thanks

Thanks to these contributors who contributed to v0.55.0!

• ❤️ @AlanGreene
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @aaron-prindle
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chmouel
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @jerop
• ❤️ @joaosilva15
• ❤️ @kmjayadeep
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @aaron-prindle
• 😍 @chitrangpatel
• 😍 @chmouel
• 😍 @dibyom
• 😍 @kmjayadeep
• 😍 @vdemeester

-Docs @ v0.54.2
-Examples @ v0.54.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.2/release.yaml
REKOR_UUID=24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.54.x] FIX: Prevent panic on parameter evaluation (#7512)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.54.2!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

-Docs @ v0.54.1
-Examples @ v0.54.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.1/release.yaml

Attestation

The Rekor UUID for this release is ``

Obtain the attestation:

REKOR_UUID=
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.1/release.yaml
REKOR_UUID=

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.54.x] don't return validation error when final tasks failed/skipped (#7510)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.54.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

-Docs @ v0.53.3
-Examples @ v0.53.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.3/release.yaml
REKOR_UUID=24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.53.x] Fix: do not fail TaskRun for concurrent modification errors (#7479)

ix: taskRuns will not fail for concurrent modification errors when stopping sideCars

• 🐛 [release-v0.53.x] Do not require for entrypoint cancellation (#7457)

Entrypoint cancellation only requires keep-pod-on-cancel: true feature-flag.

• 🐛 [release-v0.53.x] Fix validations for Sidecars to be consistent (#7446)

idecars are now validated at admission webhook

• 🐛 [release-v0.53.x] FIX: Prevent panic on parameter evaluation (#7491)
• 🐛 [release-v0.53.x] don't return validation error when final tasks failed/skipped (#7486)

Misc

• 🔨 [release-v0.53.x] Use a maintained action for "changed files" (#7490)
• 🔨 [v0.53.x] bump knative version to get a CVE fix (#7372)

Docs

Thanks

Thanks to these contributors who contributed to v0.53.3!

• ❤️ @JeromeJu
• ❤️ @jkandasa
• ❤️ @tekton-robot
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @tekton-robot
• 😍 @vdemeester

🎉 Reusable Steps via StepActions, Param Enums, HTTP Resolver! 🎉

-Docs @ v0.54.0
-Examples @ v0.54.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0142: Surface step results via sidecar logs (#7414)

  Surface step results via sidecar logs

• ✨ TEP-0142: Introduce StepResults in Steps, StepActions (#7382)

  Introduce StepResults in Steps for StepAction's Result storage.

• ✨ TEP-0142: Surface step results via termination message (#7349)

  Surface step results via termination message

• ✨ TEP-0142: Introduce Value in TaskResults (#7347)

  StepActions: Introduce Value in TaskResults

• ✨ [TEP-0142] Add VolumeMounts to StepAction (#7340)

  Users can define VolumeMounts in StepAction, the VolumeMounts Name should use string param reference to the params passed to the StepAction.

• ✨ [TEP-0144] Validate PipelineRun for Param Enum (#7338)

  Implement Param Enum validation for PipelineRuns. Param Enum is supported per TEP-0144

• ✨ [TEP-0142] Add SecurityContext (#7337)

  Users can declare SecurityContext in StepAction.

• ✨ TEP-0142: Add support for params between Step and StepActions (#7332)

  Completes support for params in StepActions.

• ✨ [TEP-0144] Validate TaskRun for Param Enum (#7326)

  Implement Param Enum validation for TaskRuns

• ✨ [TEP-0142] Remote Resolution for StepAction (#7321)

  Support Remote Resolution for StepAction

• ✨ TEP-0142: Introduce Params and Results into StepActions CRD (#7317)

  Introduces params and results into the StepAction CRD.

• ✨ Add credentials to HTTP resolver (#7315)

  The http resolver supports passing username and password for fetching URLs with basic credentials

• ✨ [TEP-0144] Add enum API field (#7289)

  Add Enum API field

• ✨ TEP-0142: Introduce StepAction referencing syntax in Steps (#7284)

  Introduces referencing syntax for StepAction in Steps

• ✨ [TEP-0144] Add feature flag and doc placeholder (#7279)

  Add enable-param-enum feature flag to gate the use of Param.Enum API field

• ✨ TEP-0142: Referencing StepActions in Steps (#7271)

  Enables referencing of StepActions in Steps if the feature flag "enable-step-actions: true" is set.

• ✨ Add a simple HTTP resolver (#7250)

  A new HTTP resolver is now available, it will let you resolve a http(s) URL to fetch a task or pipeline from.

• ✨ Let the user pass a secret via a parameter for SCM API operations when using the git API resolver (#7239)

  User are now able to pass a secret referencing token (or a tokenKey) for a SCM operation on the git resolver instead of using the global one from the configmap.

• ✨ [TEP-0142] Support default resolver for Ref to remote StepAction (#7345)

• ✨ TEP-0142: Add syntax for providing params to StepActions (#7334)

• ✨ [TEP-0142] Add ResolverRef to Ref (#7322)

Fixes

• 🐛 change bundle resolver to use secret instead of service account (#7331)

  action required: Bundle resolve uses secret to pull bundle Tasks/Pipelines from private registry instead of Service Account. Please update your bundle resolver ref to use secret.

• 🐛 fix: the pr may lose finallyStartTime when pipeline controller is not synchronized to all current state (#7186)

  Reset the finallyStartTime field when one or more final tasks have been created and the current finallyStartTime is empty.

• 🐛 fix: panic may occur when calculating the final task timeout waiting time (#7188)

Misc

• 🔨 Cleanup v1beta1 reference in pipelinerun reconciler (#7395)
• 🔨 fix: move getFeatureFlagsBaseOnAPIFlag from custom_task_test to another file (#7393)
• 🔨 chore: pkg import only once (#7348)
• 🔨 [TEP-0142] Refactor extractStepActions (#7328)
• 🔨 Fix capitalization inconsistency in reconciler (#7318)
• 🔨 remove GetUnsignedTask helper function and use var in each file (#6799)
• 🔨 Bump k8s.io/client-go from 0.27.7 to 0.27.8 in /test/custom-task-ctrls/wait-task-beta (#7377)
• 🔨 Bump github.com/tektoncd/pipeline from 0.53.0 to 0.53.1 in /test/custom-task-ctrls/wait-task-beta (#7368)
• 🔨 Use a maintained action for "changed files" (#7364)
• 🔨 Replace ubi9/ubi-minimal with busybox image (#7363)
• 🔨 Add direnv support with boilerplate (#7344)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.1 to 1.8.4 (#7343)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.14 to 1.14.20 (#7339)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#7311)
• 🔨 Bump github.com/tektoncd/pipeline from 0.52.1 to 0.53.0 in /test/custom-task-ctrls/wait-task-beta (#7305)
• 🔨 Bump github.com/containerd/containerd from 1.7.7 to 1.7.8 (#7303)
• 🔨 removed repeated word how-to-write-a-resolver.md (#7302)
• 🔨 Fix git resolver example (#7299)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.4 to 1.7.5 (#7288)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.2 to 1.55.1 in /tools (#7283)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#7281)
• 🔨 Bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 (#7280)
• 🔨 Bump github.com/google/cel-go from 0.12.6 to 0.18.1 (#7253)
• 🔨 Update ko to go 1.20 in release task (#7341)
• 🔨 Disable HTTP/2 by updating knative/pkg (#7324)

Docs

• 📖 Improve migration documentation (#7389)
• 📖 docs: update upper limit for layers in a bundle (#7355)
• 📖 fixed issue #7282 changed broken link from release-pipeline-nightly.yaml to release-pipeline.yaml (#7306)
• 📖 Update release with v0.53.0 LTS (#7301)

Thanks

Thanks to these contributors who contributed to v0.54.0!

• ❤️ @Dhruval7878
• ❤️ @Exar04
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chmouel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @khrm
• ❤️ @mlschmithorst
• ❤️ @pratap0007
• ❤️ @testwill
• ❤️ @vdemeester
• ❤️ @vivekBoii

Extra shout-out for awesome release notes:

• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @chitrangpatel
• 😍 @chmouel
• 😍 @cugykw
• 😍 @khrm

-Docs @ v0.50.5
-Examples @ v0.50.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.5/release.yaml
REKOR_UUID=24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.50.x] Fix the controller and webhook images to use stable alpine (#7370)

The Tekton controller images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.50.5!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

-Docs @ v0.53.2
-Examples @ v0.53.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.2/release.yaml
REKOR_UUID=24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.53.x] Fix the controller and webhook images to use stable alpine (#7371)

The Tekton controller images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.53.2!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

-Docs @ v0.50.4
-Examples @ v0.50.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.4/release.yaml
REKOR_UUID=24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.50.x] Pin the distroless base image to a stable alpine (#7362)

The Tekton images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.50.4!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

-Docs @ v0.53.1
-Examples @ v0.53.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.1/release.yaml
REKOR_UUID=24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.53.x] Pin the distroless base image to a stable alpine (#7361)

The Tekton images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.53.1!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

🎉 CEL-based when expressions, Results from Matrices, beta promotions and more 🎉

-Docs @ v0.53.0
-Examples @ v0.53.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• [TEP-0104] Task-level Resource Requirements in now beta
• Matrix is now beta
• Starting with this release, all new API driven features will be controlled by individual feature flags, and the enable-api-fields flag will be eventually phased out, once all API features currently in alpha/beta reach stability (or are removed)

Changes

Features

• ✨ parameterize pipelineTask (#7273)

displayName can now accept params, task result references, or context variables.

• ✨ Hub resolver: add version constraints (#7257)

hub resolver can now specify a version constraint to choose a version (example: version: ">=0.2.0,< 1.0.0")

• ✨ Set public Tekton Hub API as default catalog (#7256)

tekton resolver now uses hub.tekton.dev by default.

• ✨ [TEP-0145] Add CEL field to WhenExpression

  • ✨ [TEP-0145] Add CEL field to WhenExpression, and feature flag to guard the field (#7247)
  • ✨ [TEP-0145] Add sanity check for CEL expression (#7251)
  • ✨ [TEP-0145] Add CEL evaluation (#7255)
    Support CEL expression in WhenExpression to guard the execution of Tasks

• ✨ Add a setting disallowing access to all namespaces (#7237)

Add special value * to the blocked-namespace setting for the cluster-resolver to disallow by default all namespaces and only allow the namespaces explicitly listed in allowed-namespace setting.

• ✨ [TEP-0104] Task-level Resource Requirements to beta (#7225)

The task-level resource requirements feature allows the user to set computeResources at runtime i.e. on TaskRun. This is now enabled as part of the beta API.

• ✨ TEP-140: Produce Results in Matrix (#7167)

Pipeline authors can now produce results from a Matrixed PipelineTask as an aggregated array and consume them in an array params. Two context variables are introduced as part of this feature, $(tasks..matrix.length) to get the length of a matrix combinations and $(tasks..matrix..length) to get a length of aggregated result.

• ✨ Promoting Matrix to Beta 🎉 🎓 (#7164)

Matrix feature is promoted to beta and possible to utilize with enable-api-fields set to beta.

• ✨ TEP-0107: propagate results to embedded task spec (#7100)

Results are propagated in embedded specifications without mutations.

• ✨ [TEP0138] Add Per-feature Flag Struct for New Features (#7090)

Please use per feature flags for new API-driven feature gating.

• ✨ feat: add ability to include reason in count metrics (#7060)

Add ability to include reason along with status in TaskRun and PipelineRun count metrics

Backwards incompatible changes

In the current release:

• 🚨 The behaviour of the enable-api-field flag has been fixed, resulting in a slight behaviour change: when using the v1beta1 API, API features in beta are only available when the enable-api-field is set to beta or alpha. Beta features used to be enabled on the v1beta1 API regardless of the value of enable-api-field.
  Note that:

  • The default value for enable-api-field is beta
  • Users that have the flag set to alpha or beta will continue to have access to beta features on v1beta1 and v1 APIs
  • Users that have the flag set to stable will continue to not have access to beta features on the v1 API

  So in practice, there is no breaking change for users. Users of the v1beta1 API may now disable beta features, should they wish to do so, which was not possible before.

Work-in-progress

• 🚧 TEP-0142: Introduce feature flag (#7277)

[WIP] Introduces a new feature flag "enable-step-actions: true/false" to gate the use of step actions.

• 🚧 TEP-0142: Introducing the StepAction CRD (#7260)

Introduced the StepAction CRD as designed in https://github.com/tektoncd/community/blob/main/teps/0142-enable-step-reusability.md. The implementation is still ongoing; feature is not yet functional.

• 🚧 [TEP-0050] Add OnError field (#7162)

Fixes

• 🐛 Regression: fix results with out of order tasks (#7169)

Fix regression where a different order of task definition may cause result resolution to break

• 🐛 Fix race condition in PVC deletion (#7149)

Bug fix: delete PVCs created by VolumeClaimTemplates when the owning PipelineRun is completed

• 🐛 Recover Conversion Functions from Pipeline Resources for backwards compatibility (#7109)

Recover Conversion Functions from Pipeline Resources for backwards compatibility

• 🐛 Different configmap for Leader Election per deployment (#7014)

Change configmap for LeaderElection of webhook to config-leader-election-webhook, event controller to config-leader-election-event and resolvers to config-leader-election-resolvers

• 🐛 fix wait entrypoint cancellation error log output. (#7272)
• 🐛 Flake Test fix: Sort TaskRunResults (#7254)
• 🐛 fix waiter test is flaky (#7227)
• 🐛 🔒 Update knative/pkg 1.11 to address CVE-2023-44487 (#7210)

Misc

• 🔨 Refactor version.ValidateEnabledAPIFields to config pkg (#7206)

refactor: version.ValidateEnabledAPIFields has been moved to the config package

• 🔨 [TEP0138] Decouple v1beta1 beta feature validation (#6941)

v1beta1 CRDs with beta features now requires beta enable-api-fields. More specifically, users who have been accidentally using beta features resolvers, object array params and results with enable-api-fields set to stable now needs to change to enable-api-fields=beta

• 🔨 #7027 Cleanup cmp.Diff(want, got) for all diff.PrintWantGot() (#7209)
• 🔨 Avoid unnecessary scans for codeql on non code (#7286)
• 🔨 Bump k8s.io/client-go from 0.27.6 to 0.27.7 in /test/custom-task-ctrls/wait-task-beta (#7261)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#7246)
• 🔨 [TEP-0145] Pull in cel-go to vendor (#7245)
• 🔨 Bump github.com/tektoncd/pipeline from 0.52.0 to 0.52.1 in /test/custom-task-ctrls/wait-task-beta (#7219)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.3 to 1.7.4 (#7213)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.0 to 1.8.1 (#7204)
• 🔨 Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#7203)
• 🔨 #6614 Add inclusive source scanning (#7199)
• 🔨 Rename test cases for beta feature validations (#7198)
• 🔨 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#7197)
• 🔨 Bump github.com/containerd/containerd from 1.7.6 to 1.7.7 (#7196)
• 🔨 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 in /test/custom-task-ctrls/wait-task-beta (#7195)
• 🔨 Add reviewers section to OWNERS file. (#7193)
• 🔨 Add @chitrangpatel as an pipelines maintainer (#7181)
• 🔨 Bump golang.org/x/sync from 0.3.0 to 0.4.0 (#7178)
• 🔨 update perl docker image with multi-arch tag (#7171)
• 🔨 Add @Yongxuanzhang as a pipelines maintainer (#7168)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.16.0 to 1.19.0 (#7163)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 (#7161)
• 🔨 Increase the publish timeout (#7160)
• 🔨 Bump google.golang.org/grpc from 1.58.1 to 1.58.2 (#7158)
• 🔨 Increase the publish task timeout (#7156)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#7154)
• 🔨 Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#7151)
• 🔨 Fix latest folder in releases (#7146)
• 🔨 updating an example - results using sidecar logs (#7145)
• 🔨 Bump github.com/tektoncd/pipeline from 0.51.0 to 0.52.0 in /test/custom-task-ctrls/wait-task-beta (#7142)
• 🔨 Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#7141)
• 🔨 Bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 (#7140)
• 🔨 documenting 0.51 and 0.52 releases (#7139)
• 🔨 Bump gomodules.xyz/jsonpatch/v2 from 2.2.0 to 2.4.0 (#7137)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.7.2 to 1.8.0 (#7136)
• 🔨 Bump code.gitea.io/sdk/gitea from 0.15.1 to 0.16.0 (#7135)
• 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.16.0 to 1.17.0 (#7134)
• 🔨 Bump go.opentelemetry.io/otel/trace from 1.16.0 to 1.18.0 (#7133)

Docs

• 📖 Fix typos in DEVELOPMENT.md file (#7233)
• 📖 Extend release timeouts in release cheatsheet (#7212)
• 📖 #7190 display name link fixed in pipelines.md (#7205)
• 📖 Added note to install.md to use tektoncd/operator for production installs (#7194)
• 📖 Fix typo in documentation (#7176)
• 📖 Add V1 Migration Guide Link in tektoncd/pipeline Readme (#7157)
• 📖 Docs: Add TaskRun Status documentation section (#7147)
• 📖 Fix typo in v0.52 EOL date (#7143)
• 📖 [TEP0138] RFC: Add feature graduation process documentation (#7076)

Thanks

Thanks to these contributors who contributed to v0.53.0!

• ❤️ @AlanGreene
• ❤️ @Areadrill
• ❤️ @AverageMarcus
• ❤️ @Basavaraju-G
• ❤️ @EmmaMunley
• ❤️ @HamzaMateen
• ❤️ @JGustafsonIII
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @afrittoli
• ❤️ @chengjoey
• ❤️ @chitrangpatel
• ❤️ @chmouel
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @khrm
• ❤️ @minhoryang
• ❤️ @prestonvasquez
• ❤️ @pritidesai
• ❤️ @shankarpentyala07
• ❤️ @vavrajosef
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @AverageMarcus
• 😍 @EmmaMunley
• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @afrittoli
• 😍 @chengjoey
• 😍 @chitrangpatel
• 😍 @chmouel
• 😍 @khrm
• 😍 @pritidesai

-Docs @ v0.44.5
-Examples @ v0.44.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml
REKOR_UUID=24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [cherry-pick-v0.44.x] Fix PipelineRun reconciler panic for computed timeouts (#6999)

bug fix: Avoid controller panics for computed timeouts

• [v0.44.x] Bump golang.org/x/net to 0.17.0 (#7222)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.44.5!

• ❤️ @khrm
• ❤️ @lbernick

Extra shout-out for awesome release notes:

• 😍 @lbernick

-Docs @ v0.47.5
-Examples @ v0.47.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.5/release.yaml
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• [0.47.x] Bump GRPC to v1.56.3 (#7240)
• [v0.47.x] Bump golang.org/x/net from 0.11.0 to 0.17.0 (#7221)

These addresse https://github.com/advisories/GHSA-qppj-fm5r-hxr3 by not allowing more server handlers to be run than the HTTP/2 MAX_CONCURRENT_STREAMS setting.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.5!

• ❤️ @khrm

Extra shout-out for awesome release notes:

• 😍 @khrm

-Docs @ v0.50.3
-Examples @ v0.50.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.3/release.yaml
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• [v0.50.x] Bump GRPC Go to 1.56.3 to fix CVE (#7234)

This addresses https://github.com/advisories/GHSA-qppj-fm5r-hxr3 by not allowing more server handlers to be run than the HTTP/2 MAX_CONCURRENT_STREAMS setting.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.50.3!

• ❤️ @khrm

Extra shout-out for awesome release notes:

• 😍 @khrm

-Docs @ v0.50.2
-Examples @ v0.50.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.2/release.yaml
REKOR_UUID=24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.50.x] Regression: fix results with out of order tasks (#7173)

Fix regression where a different order of task definition may cause result resolution to break

• 🐛 [release-v0.50.x] Validate beta features for inline pipelines and tasks (#7080)

Bug fix: validate beta features in inline tasks/pipelines in the same way as referenced tasks/pipelines

• 🐛 [release-v0.50.x] Fix release pipeline (publish-to-bucket) (#7045)

Fixed the release pipeline invalid spec.

• 🐛 [release-v0.50.x] Remove results annotations filtering (#7131)

• 🐛 [v0.50.x] Update knative/pkg 1.10 to address CVE-2023-44487 (#7211)

Misc

• 🔨 Increase the publish timeout (#7215)

Docs

• 📖 [release-v0.50.x] docs: Update references to examples from v1beta1 to v1 (#7202)

Thanks

Thanks to these contributors who contributed to v0.50.2!

• ❤️ @afrittoli
• ❤️ @khrm
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot