A cloud-native Pipeline resource.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by tekton-robot about 1 year ago
-Docs @ v0.52.1
-Examples @ v0.52.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.1/release.yaml
REKOR_UUID=24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Fix regression where a different order of task definition may cause result resolution to break
Thanks to these contributors who contributed to v0.52.1!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.52.0
-Examples @ v0.52.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml
REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
New gauge metrics are introduced that count the number of TaskRuns waiting for resolution of any Tasks they reference, as well as count the number of PipelineRuns waiting on Pipeline resolution, and lastly count the number of PipelineRuns waiting on Task resolution for their underlying TaskRuns.
Added PipelineRef and PipelineSpec fields to PipelineTask, in lieu of TEP-0056
The taskrun will clean up the last task results before retrying.
Bug fix: validate beta features in inline tasks/pipelines in the same way as referenced tasks/pipelines
InvalidMatrixParameterTypes
along with updating the matrix example with additional validations (#7064)Tracing endpoint configuration is now moved from environment variable to the configmap config-tracing
. Tracing can be now configured dynamically without needing to restart the controller. Refer the example configuration provided as part of the ConfigMap for the configuration options and format.
Thanks to these contributors who contributed to v0.52.0!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.51.0
-Examples @ v0.51.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.51.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.51.0/release.yaml
REKOR_UUID=24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.51.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
With this release, the minimun Kubernetes version supported is now 1.25.
[TEP-0135]: Support coschedule: pipelineruns
and coschedule: isolate-pipelinerun
coschedule modes.
Users can now opt in this new feature to schedule all the pods in the same node and to optionally enforce one running pipelinerun in a node at the same time.
The disable-affinity-assistant
feature flag is deprecated in favour of the new coschedule
feature flag. The disable-affinity-assistant
feature flag will be removed in 9 months.
Binary file (standard input) matches
ix validation errors when using the cluster resolver
The role for Events Controller is now tekton-events-controller
, and the Rolebinding is now tekton-pipelines-events-controller.
Validate forbidden envs in TaskRunTemplate.PodTemplate.
The Pod reason InvalidImageName is treated now as a permanent issue, so that TaskRuns that include a step with an invalid image reference are failed immediately and the corresponding Pod is deleted.
Cluster resolver now computes the checksum of the pre-processed Tekton object instead of just the spec.
This fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.
When the taskRunSpecs of the pipelineRun contains an invalid pipeline task name, the cause of the InvalidTaskRunSpecs
error is displayed.
action required: The disable-affinity-assistant
feature flag is deprecated in favour of the new coschedule
feature flag. The disable-affinity-assistant
feature flag will be removed in 9 months.
The Affinity Assistant behaviour should now be configured by the coschedule
feature flag.
Bump knative.dev/pkg to 1.11 so the Kubernetes min version is now 1.25
Remote tasks are now validated by any validating admission webhooks.
Thanks to these contributors who contributed to v0.51.0!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.50.1
-Examples @ v0.50.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.1/release.yaml
REKOR_UUID=24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
ix validation errors when using the cluster resolver
his fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.
Thanks to these contributors who contributed to v0.50.1!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.47.4
-Examples @ v0.47.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.4/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77abcdd5334f95a8d7faf0bed5a51a5ac970e8afe4ed889f277891aac6cc44ef3f8
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77abcdd5334f95a8d7faf0bed5a51a5ac970e8afe4ed889f277891aac6cc44ef3f8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.4/release.yaml
REKOR_UUID=24296fb24b8ad77abcdd5334f95a8d7faf0bed5a51a5ac970e8afe4ed889f277891aac6cc44ef3f8
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
This fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.
bug fix: Avoid controller panics for computed timeouts
Thanks to these contributors who contributed to v0.47.4!
Extra shout-out for awesome release notes:
Published by tekton-robot about 1 year ago
-Docs @ v0.50.0
-Examples @ v0.50.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a1665fb7556e457413b181806c513eeea26f12c0bd118bcf14912ee6bbee395d9
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a1665fb7556e457413b181806c513eeea26f12c0bd118bcf14912ee6bbee395d9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.0/release.yaml
REKOR_UUID=24296fb24b8ad77a1665fb7556e457413b181806c513eeea26f12c0bd118bcf14912ee6bbee395d9
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
csi and projected volume workspaces are stable.
The "isolated workspaces" feature allows users to share a workspace with dedicated steps and sidecars, instead of the whole TaskRun. The feature has been promoted to "beta".
TEP-0135: Revert the owner of PVCs
created by pipelinerun VolumeClaimTemplate
back to pipelinerun
. The PVCs
bounded to the pipelinerun
is now in bounded
state when the pipelinerun
is completed but not deleted.
action required: The default-cloud-events-sink
setting in the config-defaults
config map is deprecated. The CloudEvents sink shall be configured now through the sink
settings in the new config-events
config map.
tep-0135: introduce coschedule
feature flag
TEP-0090: Pipeline Tasks may now reference whole array results in a Matrix. See https://github.com/tektoncd/pipeline/blob/09d422cff057f67170b4c2f76097ac6ffded33ef/docs/matrix.md?specifying-results-in-a-matrix#specifying-results-in-a-matrix docs for more information.
Added validation for feature-flags configmap
Bug fix: taskruns_pod_latency metric renamed to taskruns_pod_latency_milliseconds and units corrected
bug fix: Remote Pipelines do not support propagated parameters and workspaces
bug fix: Avoid controller panics for computed timeouts
bug fix: PipelineRun marked as failed when it cannot create TaskRuns or CustomRuns for a non-retryable reason
bug fix: Disallow taskref.name with taskref.resolver in pipeline tasks
Merge podTemplate specified in pipelineRun.spec.taskRunSpecs[].podTemplate along with pipelineRun.spec.podTemplate instead of only considering the one specified at the taskRunSpecs.
Fixed an issue where Windows tasks would fail if one or more steps were configured with a custom working directory.
Some exported functions moved from pkg/apis/config to pkg/apis/config/testing
config-artifact-pvc and config-artifact-bucket are deleted as resources from the tekton-pipelines-controller role.
CONFIG_ARTIFACT_PVC_NAME and CONFIG_ARTIFACT_BUCKET_NAME are deleted from the tekton-pipelines-controller deployment.
native/pkg is updated to v1.10
The CustomRun
events controller has been moved to the pkg/reconciler/notifications
package.
Support window for beta CRDs increased to 1 year
action required: v1beta1 Task, TaskRun, Pipeline, and PipelineRun APIs are deprecated and will be removed. Please migrate to the v1 versions of these APIs following the migration guide at https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1beta1-to-v1.md.
Thanks to these contributors who contributed to v0.50.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.44.4
-Examples @ v0.44.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.4/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ab58cdae71724a3f1862ded8fab661c1fd51b782380cc94208729e6c373bc73fa
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ab58cdae71724a3f1862ded8fab661c1fd51b782380cc94208729e6c373bc73fa
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.4/release.yaml
REKOR_UUID=24296fb24b8ad77ab58cdae71724a3f1862ded8fab661c1fd51b782380cc94208729e6c373bc73fa
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Merge podTemplate specified in pipelineRun.spec.taskRunSpecs[].podTemplate along with pipelineRun.spec.podTemplate instead of only considering the one specified at the taskRunSpecs.
Thanks to these contributors who contributed to v0.44.4!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.47.3
-Examples @ v0.47.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.3/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a07505f72bbd72e835bea2f95ad3134d11525204c948618e56c4a21cce6297b30
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a07505f72bbd72e835bea2f95ad3134d11525204c948618e56c4a21cce6297b30
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.3/release.yaml
REKOR_UUID=24296fb24b8ad77a07505f72bbd72e835bea2f95ad3134d11525204c948618e56c4a21cce6297b30
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
esilient Affinity Assistant - make sure the Affinity Assistant pod is always on a healthy node during the entire life cycle of the pipelineRun
erge podTemplate specified in pipelineRun.spec.taskRunSpecs[].podTemplate along with pipelineRun.spec.podTemplate instead of only considering the one specified at the taskRunSpecs.
Thanks to these contributors who contributed to v0.47.3!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.49.0
-Examples @ v0.49.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml
REKOR_UUID=24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.49.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Trusted Resources supports v1 remote tasks verification
Trusted Resources supports v1 remote tasks verification
TrustedResourcesVerified is added to TaskRun/PipelineRun status if trusted resources is enabled, the condition indicates the result of the verification.
A new gauge metric for both PipelineRun and TaskRun will indicate whether underlying Pods are being throttled by Kubernetes because of either ResourceQuota policies defined in the namespace, or because the underlying node is experiencing resource constraints.
Set new feature flag "set-security-context" to "true" to allow TaskRuns and PipelineRuns to be run in namespaces with restricted pod security admission
In current release:
action required: "enable-api-fields" is set to "beta" by default. If you are using v1 APIs and would like to use only stable features, modify the "feature-flags" configmap in the "tekton-pipelines" namespace to set "enable-api-fields" to "stable". Example command: kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"stable"}}'
If you are using v1beta1 APIs, no action is needed.
Conversion webhook fix for tasks with nil StepTemplate
Bug fix: Apply validation for beta features for v1 remote pipelines and tasks in the same way as already exists for pipelines and tasks created directly on cluster
Adds validation that parameters used in inline task specs within pipelines are declared by the pipeline.
bug fix: taskrun still fails even with onerror set to continue
Binary file (standard input) matches
action required: VerifyTask and VerifyPipeline are now merged into 1 function VerifyResource, please update the usages if upgrade to the new release
action required: for custom resolver users, please update to use v1.Param and v1.RefSource
TEP-0135: Update the owner of PVCs
created by pipelinerun VolumeClaimTemplate
to the affinity assistant StatefulSet
when affinity assistant is enabled. The PVCs
bounded to the pipelinerun
is now in terminating
state when the pipelinerun
is completed but not deleted (when affinity assistant is enabled).
Thanks to these contributors who contributed to v0.49.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.47.2
-Examples @ v0.47.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.2/release.yaml
REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
bug fix: bundle resolver type param value for pipelineRef conversion
Thanks to these contributors who contributed to v0.47.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.44.3
-Examples @ v0.44.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.3/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.3/release.yaml
REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
bug fix: bundle resolver type param value for pipelineRef conversion
Thanks to these contributors who contributed to v0.44.3!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.41.3
-Examples @ v0.41.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.3/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ac1565c644cf61337d73f9ec1057463c2dae22579280825a8c1db1641fde00202
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ac1565c644cf61337d73f9ec1057463c2dae22579280825a8c1db1641fde00202
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.3/release.yaml
REKOR_UUID=24296fb24b8ad77ac1565c644cf61337d73f9ec1057463c2dae22579280825a8c1db1641fde00202
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
bug fix: bundle resolver type param value for pipelineRef conversion
bug fix: reduce log spam
Thanks to these contributors who contributed to v0.41.3!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.47.1
-Examples @ v0.47.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a42bb1d735f54861a476c277223dbf818082d5ea4f2ee350fdd0e2453db28625a
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a42bb1d735f54861a476c277223dbf818082d5ea4f2ee350fdd0e2453db28625a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.1/release.yaml
REKOR_UUID=24296fb24b8ad77a42bb1d735f54861a476c277223dbf818082d5ea4f2ee350fdd0e2453db28625a
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
f taskrun fails and task results not emitted, pipelinerun fails because of taskrun fails rather than results validation error.
ompleted PipelineRuns are not anymore changed to PipelineRunTimeout status
Thanks to these contributors who contributed to v0.47.1!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.48.0
-Examples @ v0.48.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.48.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.48.0/release.yaml
REKOR_UUID=24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.48.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
VerificationResult is the return value for instead of error for VerifyTask and VerifyPipeline.
PipelineRun can produce task results from the failed tasks, and the final task can reference those results.
Promote provenance
field to beta by setting the existing feature flag enable-provenance-in-status
to be true by default with the installation of Tekton Pipeline. This feature flag will be completely removed once we consider this as a stable feature. That said, users can choose to opt out this by setting this feature flag to false.
Bug Fix: A matrixed pipelineTask will accurately reflect the status of isStarted(), isScheduled(), IsBeforeFirstTaskRun(), IsConditionStatusFalse() with the correct start time based on it's TaskRuns or custom RunObjects.
Sync pipelinerun validation between v1beta1 and v1
bug fix: always perform validation of array parameter index bounds checking
Remove beta feature flag check for v1beta1 object param, results and array result. Object param, results and array result will be enabled if the enable-api-fields feature flag is not alpha for v1beta1 CRDs (e.g. Tasks and Pipelines)
Bug fix: add validation for out-of-bounds indexing into array parameters referenced in pipeline.spec.finally.when.inputs
Completed PipelineRuns are not anymore changed to PipelineRunTimeout status
A user can now define context variables in inline pipeline specs for custom tasks.
check beta feature flag for v1 TaskSpec's ValidateParamArrayIndex instead of alpha flag, since array indexing is beta feature
Fix conversion bug preventing tasks with non-object results and parameters successfully round-tripping between api versions
Resilient Affinity Assistant - make sure the Affinity Assistant pod is always on a healthy node during the entire life cycle of the pipelineRun
Continue to allow v1beta1 ClusterTasks (deprecated) to be referenced in v1 Pipelines
Custom task without api version returns validation error
If taskrun fails and task results not emitted, pipelinerun fails because of taskrun fails rather than results validation error.
Some functions in pkg/substitution have been removed or renamed.
The cloudevents controller for Run
has been moved to its own binary, with dedicated deployment, service, pod, service account, roles and role bindings. No functional change, no configuration change.
Thanks to these contributors who contributed to v0.48.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
π Trusted Resources, Matrix Execution and various improvements π
-Docs @ v0.47.0
-Examples @ v0.47.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml
REKOR_UUID=24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton v0.47 requires Kubernetes 1.24 or newer
v1alpha1.Run objects are no longer supported. You must upgrade to v1beta1.CustomRun before upgrading to this release. See https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1alpha1.Run-to-v1beta1.CustomRun.md for migration instructions
Feature flag custom-task-version
has been removed, tekton pipeline will stop supporting v1alpha1.Run
and only use v1beta1.CustomRun
.
for trusted resources users, please change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md#enable-trusted-resources to learn how to config the new trusted-resources-verification-no-match-policy feature flag
Propagated workspaces is now a stable feature.
The mode of VerificationPolicy determines how failing policies for trusted resources are handled. When set to warn, failing policies will log a warning but not fail the taskrun/pipelinerun. When set to enforce, failing policies will cause the taskrun/pipelinerun to fail if the policy cannot be verified.
Users can now specify aPipelineTask
with Matrix Include Parameters
to generate explicit combinations or add
a specific combination of input values for Matrix Parameters.
Add mode field into VerificationPolicy to controls whether fail taskrun/pipelinerun or not when fails verification
[action required] for trusted resources users, please change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md#enable-trusted-resources to learn how to config the new trusted-resources-verification-no-match-policy feature flag
β¨ [TEP-0089] SPIRE for non-falsifiable provenance - IsSpireEnabled (#6524)
β¨ TEP-0118: Update TaskRun Validation for Matrix Include Params (#6418)
β¨ [TEP-0047] add display name to pipeline spec and task spec (#6294)
bug fix: reduced webhook log spam related to conversion of ResolutionRequests
TEP-0133: Apply default resolver to finally tasks
Make sure the conversion webhook sees the live configmaps instead of the default ones
Avoid occasional failures of TaskRun/PipelineRun execution using remote resolution.
When encountering a permanent error during the creation of run resources in pipelinerun, stop retrying and set the failure reason to "CreateRunFailed".
users can still view the output through the Pod log API if stdoutConfig.path or stderrConfig.path is specified
Fix a bug that made big PipelineRuns get stuck in the running state in the cluster
pkg/resolution/resource
(#6433)BREAKING CHANGE: v1beta1.CustomRuns GVK was changed to properly match it's type (Runs -> CustomRuns). This may break relationships that are relying on the incorrect GVK value. Clients not relying on the GVK value from the Go type are unaffected.
action required: v1alpha1.Run objects are no longer supported. You must upgrade to v1beta1.CustomRun before upgrading to this release. See https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1alpha1.Run-to-v1beta1.CustomRun.md for migration instructions
action required: Feature flag custom-task-version is removed, tekton pipeline will stop supporting v1alpha1 Run and only use v1beta1 CustomRun.
pkg/git has been removed
allow e2e tests to run on openshift using securitycontext fields simple
Revert removal of client fields for PipelineResources for backwards compatibility. PipelineResources are still no longer functional and will not work with this version of Tekton.
Example command to list tasks that use PipelineResources and must be deleted before upgrading (works for other Tekton CRDs as well):
kubectl get taskruns --all-namespaces -o json | jq -r '.items[] | select(.metadata.annotations["[tekton.dev/v1beta1Resources](http://tekton.dev/v1beta1Resources)"] | (. != "{}") and (. != "") and (. != null)) | .metadata.namespace + "/" + .metadata.name + " " + .metadata.creationTimestamp'
Images built as part of releases no longer contain contents of third_party/. (Images still contain contents of vendor/.)
exhaustive
linter. (#6484)nolint
items. π§Ή π§Ή π§Ή (#6477)isCustomTask
(#6447)[]Param
to the new Params
type (#6446)errorlint
. (#6340)Migrate documentation from v1beta1 to v1 API
Thanks to these contributors who contributed to v0.47.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.44.2
-Examples @ v0.44.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ab75fc4e1c8817b3c2c2dad74af094e0feaeb3d9f16494dde7b30016f56a040b9
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ab75fc4e1c8817b3c2c2dad74af094e0feaeb3d9f16494dde7b30016f56a040b9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.2/release.yaml
REKOR_UUID=24296fb24b8ad77ab75fc4e1c8817b3c2c2dad74af094e0feaeb3d9f16494dde7b30016f56a040b9
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
ake sure the conversion webhook sees the live configmaps instead of the default ones
A fix for regression issue that previously we don't fail the run when skipped task results don't emit, but failed when validation is introduced.
Thanks to these contributors who contributed to v0.44.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.41.2
-Examples @ v0.41.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a407e5a4d07e1f8c2f6981364ad9b64e7cbccd7b3ee834b28e46a1caaf33b51ae
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a407e5a4d07e1f8c2f6981364ad9b64e7cbccd7b3ee834b28e46a1caaf33b51ae
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.2/release.yaml
REKOR_UUID=24296fb24b8ad77a407e5a4d07e1f8c2f6981364ad9b64e7cbccd7b3ee834b28e46a1caaf33b51ae
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
users can still view the output through the Pod log API if stdoutConfig.path or stderrConfig.path is specified
ake sure the conversion webhook sees the live configmaps instead of the default ones
A fix for regression issue that previously we don't fail the run when skipped task results don't emit, but failed when validation is introduced.
Fixing Tekton CI for release-v0.41.x
Bring the latest performance fix in knative/pkg which helps reduce CPU/Memory usage for huge pipelines.
Thanks to these contributors who contributed to v0.41.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
pipelineRun.workspaces[].subPath
π-Docs @ v0.46.0
-Examples @ v0.46.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.46.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a5430edfba7dc256e01b47fa5bde58abfa1c2c6307271140d90ce0236fbb3ca3a
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a5430edfba7dc256e01b47fa5bde58abfa1c2c6307271140d90ce0236fbb3ca3a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.46.0/release.yaml
REKOR_UUID=24296fb24b8ad77a5430edfba7dc256e01b47fa5bde58abfa1c2c6307271140d90ce0236fbb3ca3a
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.46.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Hygiene: enable linters for error conventions. (#6264)
resolution.ErrorRequestedResourceIsNil
is deprecated; change references to resolution.ErrNilResource
.remote.ErrorRequestInProgress
is deprecated; change references to remote.ErrRequestInProgress
.cmd/entrypoint/subcommands
, SubcommandSuccessful
type is deprecated, use type OK
.resolution/common
, ErrorRequestInProgress
is deprecated; change references to ErrRequestInProgress
.resolution/common
, all errors of type Error*
have been renamed to type *Error
.resolution/framework
, ErrorMissingTypeSelector
is deprecated; change references to ErrMissingTypeSelector
Trusted Resources are in alpha; the following breaking changes are included in this PR:
trustedresources
:
ErrorResourceVerificationFailed
is replaced by ErrResourceVerificationFailed
ErrorEmptyVerificationConfig
is replaced by ErrEmptyVerificationConfig
ErrorNoMatchedPolicies
is replaced by ErrNoMatchedPolicies
ErrorRegexMatch
is replaced by ErrRegexMatch
ErrorSignatureMissing
is replaced by ErrSignatureMissing
trustedresources/verifier
:
ErrorFailedLoadKeyFile
is replaced by ErrFailedLoadKeyFile
ErrorDecodeKey
is replaced by ErrDecodeKey
ErrorEmptyPublicKeys
is replaced by ErrEmptyPublicKeys
ErrorEmptySecretData
is replaced by ErrEmptySecretData
ErrorSecretNotFound
is replaced by ErrSecretNotFound
ErrorMultipleSecretData
is replaced by ErrMultipleSecretData
ErrorEmptyKey
is replaced by ErrEmptyKey
ErrorK8sSpecificationInvalid
is replaced by ErrK8sSpecificationInvalid
ErrorLoadVerifier
is replaced by ErrLoadVerifier
ErrorAlgorithmInvalid
is replaced by ErrAlgorithmInvalid
Please migrate off of image
pipelineresources
as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-image-resource
imagedigestexporter
image will not be built nor maintained from now on
Please migrate off of git
and storage
pipelineresources
as they are removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-git-resource https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-storage-resource
Installing this release on a cluster with tasks and pipelines that use pipeline resources may break them. pipelineresources
are removed in this release.
Matrix.params can have array replacements from array params or string replacements from string, array and object params.
Matrix.Include params can only have string replacements from string, array and object params
[TEP-0133] Add "default-resolver-type" field in the "default-configs" ConfigMap to configure default resolver
TEP-0075 promoted to beta - object params and results is now possible with enable-api-fields set to beta.
API Change: Added Matrix.Include in preview mode (Not yet functional)
Support for using pipelineRun context variables in pipelineRun.workspaces[].subPath.
β¨ TEP-0118: Apply PipelineTask Context Replacements in Matrix Include (#6358)
β¨ TEP-0118: Validate Matrix Include Parameters are unique in Matrix and Pipeline Task Parameters (#6349)
β¨ TEP-0118: Update PipelineTaskResultRefs for Matrix Include Parameters (#6348)
β¨ TEP-0118: Update Pipeline Conversion for Matrix Include Parameters (#6346)
β¨ TEP-0118: Add validation for matrix pipeline context parameter variables (#6238)
β¨ TEP-0118: Add validation for matrix combination count with matrix.include params (#6237)
β¨ TEP-0118: Add validation for matrix include pipeline parameter variables (#6235)
β¨ TEP-0118: Add validation for Matrix.Include.Params of type string (#6230)
β¨ TEP-0118: Add exported functions for validating Matrix.Include and Matrix.Params (#6229)
In current release:
BREAKING CHANGE: [alpha] config-trusted-resources is removed, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md for migrating public keys in VerificationPolicy
Validate matrix.params and matrix.include.params such that specifying duplicate parameters is caught by the validation.
V1 tasks and pipelines are supported in remote resolution
PipelineRun Embedded TaskRun statuses reintroduced as deprecated to allow compatibility with older server versions.
Skip kubectl.kubernetes.io/last-applied-configuration
annotation when merging them in PipelineRun
and TaskRun
.
A fix for regression issue that previously we don't fail the run when skipped task results don't emit, but failed when validation is introduced.
action required:
resolution.ErrorRequestedResourceIsNil
is deprecated; change references to resolution.ErrNilResource
.remote.ErrorRequestInProgress
is deprecated; change references to remote.ErrRequestInProgress
.cmd/entrypoint/subcommands
, SubcommandSuccessful
type is deprecated, use type OK
.resolution/common
, ErrorRequestInProgress
is deprecated; change references to ErrRequestInProgress
.resolution/common
, all errors of type Error*
have been renamed to type *Error
.resolution/framework
, ErrorMissingTypeSelector
is deprecated; change references to ErrMissingTypeSelector
Trusted Resources are in alpha; the following breaking changes are included in this PR:
trustedresources
:
ErrorResourceVerificationFailed
is replaced by ErrResourceVerificationFailed
ErrorEmptyVerificationConfig
is replaced by ErrEmptyVerificationConfig
ErrorNoMatchedPolicies
is replaced by ErrNoMatchedPolicies
ErrorRegexMatch
is replaced by ErrRegexMatch
ErrorSignatureMissing
is replaced by ErrSignatureMissing
trustedresources/verifier
:
ErrorFailedLoadKeyFile
is replaced by ErrFailedLoadKeyFile
ErrorDecodeKey
is replaced by ErrDecodeKey
ErrorEmptyPublicKeys
is replaced by ErrEmptyPublicKeys
ErrorEmptySecretData
is replaced by ErrEmptySecretData
ErrorSecretNotFound
is replaced by ErrSecretNotFound
ErrorMultipleSecretData
is replaced by ErrMultipleSecretData
ErrorEmptyKey
is replaced by ErrEmptyKey
ErrorK8sSpecificationInvalid
is replaced by ErrK8sSpecificationInvalid
ErrorLoadVerifier
is replaced by ErrLoadVerifier
ErrorAlgorithmInvalid
is replaced by ErrAlgorithmInvalid
BREAKING CHANGE: [alpha] config-trusted-resources is removed, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md for migrating public keys in VerificationPolicy
Make ValidateParamArrayIndex as member functions for TaskSpec and PipelineSpec
Change []ParamSpec to ParamSpecs and []Param to Params
action required: please migrate off of git
and storage
pipelineresources
as they are removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-git-resource https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-storage-resource
installing this release on a cluster with tasks and pipelines that use pipeline resources may break them
pipelineresources are removed in this release
Bump knative/pkg to 1.9 and update the Kubernetes minimun version to be v1.24.x
action required: please migrate off of image
pipelineresources
as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-image-resource
imagedigestexporter
image will not be built nor maintained from now on
images
package variable. (#6337)goconst
, dogsled
linters. (#6262)containedctx
linter. (#6261)ineffassign
linter. π§Ήπ§Ήπ§Ή (#6259)golangci
configuration. (#6258)Move v0.39 and v0.40 releases to the end-of-life section.
Thanks to these contributors who contributed to v0.46.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.45.0
-Examples @ v0.45.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.45.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a1081521e24e0bdb57359c801e63b84d7de2b1cd4ef8c25004336d6fc9717ec65
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a1081521e24e0bdb57359c801e63b84d7de2b1cd4ef8c25004336d6fc9717ec65
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.45.0/release.yaml
REKOR_UUID=24296fb24b8ad77a1081521e24e0bdb57359c801e63b84d7de2b1cd4ef8c25004336d6fc9717ec65
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.45.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
pullrequests
pipelineresources
as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-pullrequest-resource
In current release:
pipelinerun.status.taskRuns
and pipelinerun.status.runs
have been removed.The pipelinerun.status.taskRuns
and pipelinerun.status.runs
fields have been removed, along with the embedded-status
feature flag. If you are using these fields in your own tooling, please migrate to using pipelinerun.status.childReferences
instead. (#6099).
TEP-0076 promoted to beta - Array results and indexing into an array is now possible with enable-api-fields set to beta.
Add FeatureFlags field to TaskRun.Status.Provenance
Propagated Parameters is stable. This feature enables interpolating Parameters in embedded specifications to reduce verbosity in Tekton resources.
Run beta example tests when enable-api-fields: beta
is set.
The feature propagated workspaces is now enabled if the feature flag, enable-api-field value is set to alpha or beta.
Adds pull-tekton-pipelines-beta-integration-test
When an error occurs in the init container, the taskrun clearly displays the error message.
config-trusted-resources
is deprecatedconfig-trusted-resources of trusted resources to store public key is deprecated and will be removed in release 0.46, please use VerificationPolicy instead (#6134).
Tasks results emitted in script but don't defined in taskspec will fail
taskrun results which have type mismatched are removed from taskrun status
The remote bundles resolver now matches the kind value in its parameters and in bundle layers in a case-insensitive manner.
Prevent OOM-kills of remote resolver pod when cloning large git repositories by increasing container's memory limit.
action required: config-trusted-resources of trusted resources to store public key is deprecated and will be removed in release 0.46, please use VerificationPolicy instead
pipelinerun.status.taskruns
and pipelinerun.status.runs
are removed
Pullrequest image is removed. Please migrate off the Pullrequest Image.
embedded-status
feature flag is removed. TaskRun and Run status will be populated only in pipelineRun.status.childReferences
.
action required: please migrate off of pullrquests
pipelineresources
as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-pullrequest-resource
timeout
in Conversion Integration Test to Prevent Flake (#6026)Doc update for - How to refer to an array result in when expressions?
Deprecation Notice: the feature flag custom-task-version
will be removed in release v0.47.0.
Thanks to these contributors who contributed to v0.45.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 1 year ago
-Docs @ v0.41.1
-Examples @ v0.41.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a92c34840a015d42f5a142140f22d291dce815726d3f0ee022c102fdc046a6d2d
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a92c34840a015d42f5a142140f22d291dce815726d3f0ee022c102fdc046a6d2d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.1/release.yaml
REKOR_UUID=24296fb24b8ad77a92c34840a015d42f5a142140f22d291dce815726d3f0ee022c102fdc046a6d2d
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
properly configures conversion from v1alpha1.ResolutionRequest to v1beta1.ResolutionRequest
windows support
propagateParams
(#6032)Fix bug where pipeline parameter values are incorrectly mapped to task outputs
Thanks to these contributors who contributed to v0.41.1!
Extra shout-out for awesome release notes: