-Docs @ v0.52.1
-Examples @ v0.52.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.1/release.yaml
REKOR_UUID=24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.52.x] Regression: fix results with out of order tasks (#7174)

Fix regression where a different order of task definition may cause result resolution to break

Thanks

Thanks to these contributors who contributed to v0.52.1!

• ❤️ @afrittoli
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @afrittoli
• 😍 @tekton-robot

🎉 Task and Pipeline Resolver Metrics, API Specifications for pipelines-in-pipelines 🎉

-Docs @ v0.52.0
-Examples @ v0.52.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml
REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add taskrun/pipelinerun gauge metrics around resolving respective tasks/pipelines (#7094)

New gauge metrics are introduced that count the number of TaskRuns waiting for resolution of any Tasks they reference, as well as count the number of PipelineRuns waiting on Pipeline resolution, and lastly count the number of PipelineRuns waiting on Task resolution for their underlying TaskRuns.

• ✨ [TEP-0056]: Initial set of API refactors pertinent to Pipelines in Pipelines (#7055)

Added PipelineRef and PipelineSpec fields to PipelineTask, in lieu of TEP-0056

Fixes

• 🐛 fix: clean results when taskrun retries (#7126)

The taskrun will clean up the last task results before retrying.

• 🐛 Validate beta features for inline pipelines and tasks (#7079)

Bug fix: validate beta features in inline tasks/pipelines in the same way as referenced tasks/pipelines

• 🐛 Remove results annotations filtering (#7108)
• 🐛 fix an issue with InvalidMatrixParameterTypes along with updating the matrix example with additional validations (#7064)

Misc

• 🔨 Add configmap for tracing config (#6897)

Tracing endpoint configuration is now moved from environment variable to the configmap config-tracing. Tracing can be now configured dynamically without needing to restart the controller. Refer the example configuration provided as part of the ConfigMap for the configuration options and format.

• 🔨 Clean up getting substitution expressions (#7121)
• 🔨 DEVELOPMENT: missing newline escape on shell example (#7107)
• 🔨 Cleanup: Move PipelineRun Reasons to pkg/apis (#7102)
• 🔨 cleaning up provenance from pipelineRun (#7091)
• 🔨 eventForObjectWithCondition -> EventForObjectWithCondition (#7052)
• 🔨 remove GetUnsignedPipeline helper function and use var in each file (#6800)
• 🔨 Bump github.com/containerd/containerd from 1.7.3 to 1.7.6 (#7130)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.7.1 to 1.7.2 (#7129)
• 🔨 Bump k8s.io/apimachinery from 0.27.1 to 0.27.6 in /test/custom-task-ctrls/wait-task-beta (#7119)
• 🔨 Bump k8s.io/client-go from 0.27.1 to 0.27.6 in /test/custom-task-ctrls/wait-task-beta (#7118)
• 🔨 Bump k8s.io/api from 0.27.1 to 0.27.6 in /test/custom-task-ctrls/wait-task-beta (#7117)
• 🔨 Bump k8s.io/api from 0.26.7 to 0.26.9 in /test/custom-task-ctrls/wait-task-beta (#7114)
• 🔨 Bump k8s.io/client-go from 0.25.11 to 0.25.14 in /test/custom-task-ctrls/wait-task-beta (#7112)
• 🔨 Bump google.golang.org/grpc from 1.56.2 to 1.58.1 (#7111)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.13 to 1.14.14 (#7089)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.3 (#7087)
• 🔨 Bump github.com/tektoncd/pipeline from 0.49.0 to 0.51.0 in /test/custom-task-ctrls/wait-task-beta (#7061)
• 🔨 Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#6913)

Docs

• 📖 add docs for emitting object results (#7120)
• 📖 fix docs and add max-result-size optional feature flag (#7110)
• 📖 Fix the link to alpha-features in docs (#7075)

Thanks

Thanks to these contributors who contributed to v0.52.0!

• ❤️ @Yongxuanzhang
• ❤️ @bhujangr
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @gabemontero
• ❤️ @jerop
• ❤️ @khrm
• ❤️ @kmjayadeep
• ❤️ @lbernick
• ❤️ @lvnvn
• ❤️ @melnikalex
• ❤️ @pritidesai
• ❤️ @vbatts

Extra shout-out for awesome release notes:

• 😍 @bhujangr
• 😍 @cugykw
• 😍 @gabemontero
• 😍 @kmjayadeep
• 😍 @lbernick

🎉 Co-schedule option and bugfixes 🎉

-Docs @ v0.51.0
-Examples @ v0.51.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.51.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.51.0/release.yaml
REKOR_UUID=24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.51.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

With this release, the minimun Kubernetes version supported is now 1.25.

Changes

Features

• ✨ [TEP-0135] Coschedule per (Isolated) PipelineRun e2e support (#6927)

[TEP-0135]: Support coschedule: pipelineruns and coschedule: isolate-pipelinerun coschedule modes.
Users can now opt in this new feature to schedule all the pods in the same node and to optionally enforce one running pipelinerun in a node at the same time.

• ✨ Add service for Resolvers - metrics, probes and tracing (#6973)

Deprecation Notices

• 🚨 Mark disable-affinity-assistant as deprecated (#6991)

The disable-affinity-assistant feature flag is deprecated in favour of the new coschedule feature flag. The disable-affinity-assistant feature flag will be removed in 9 months.

Fixes

• 🐛 Fix release pipeline (publish-to-bucket) (#7044)

Binary file (standard input) matches

• 🐛 Make sure we use the correct namespace for remote Pipeline validation (#7017)

ix validation errors when using the cluster resolver

• 🐛 Create a separate role for Events Controller (#7016)

The role for Events Controller is now tekton-events-controller, and the Rolebinding is now tekton-pipelines-events-controller.

• 🐛 fix: add taskRunTemplate field validation (#6983)

Validate forbidden envs in TaskRunTemplate.PodTemplate.

• 🐛 Fail fast on invalid image (#6982)

The Pod reason InvalidImageName is treated now as a permanent issue, so that TaskRuns that include a step with an invalid image reference are failed immediately and the corresponding Pod is deleted.

• 🐛 Sync checksum between trusted resources and cluster resolver (#6964)

Cluster resolver now computes the checksum of the pre-processed Tekton object instead of just the spec.

• 🐛 Fix Taskrun Failure for Preempted Pod of Taskrun (#6962)

This fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.

• 🐛 fix: refine error resean with invalid pipelinename in taskrunspecs (#6957)

When the taskRunSpecs of the pipelineRun contains an invalid pipeline task name, the cause of the InvalidTaskRunSpecs error is displayed.

• 🐛 Fix enforce-nonfalsifiability feature flag in configmap (#6937)

Misc

• 🔨 Mark disable-affinity-assistant as deprecated (#6991)

action required: The disable-affinity-assistant feature flag is deprecated in favour of the new coschedule feature flag. The disable-affinity-assistant feature flag will be removed in 9 months.
The Affinity Assistant behaviour should now be configured by the coschedule feature flag.

• 🔨 Bump knative/pkg to 1.11 (#6975)

Bump knative.dev/pkg to 1.11 so the Kubernetes min version is now 1.25

• 🔨 Add webhook validation for remote Tasks (#6942)

Remote tasks are now validated by any validating admission webhooks.

• 🔨 [TEP-0135] Refactor CreatePVCsForWorkspaces (#6921)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.1 to 1.54.2 in /tools (#7057)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.0 to 1.54.1 in /tools (#7047)
• 🔨 Bump github.com/golangci/golangci-lint from 1.53.3 to 1.54.0 in /tools (#7039)
• 🔨 Bump github.com/hashicorp/golang-lru from 0.5.4 to 1.0.2 (#7031)
• 🔨 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#7026)
• 🔨 Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1 (#7021)
• 🔨 Bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7018)
• 🔨 Bump github.com/containerd/containerd from 1.6.19 to 1.7.3 (#7002)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.7.0 to 1.7.1 (#6997)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.8.1 (#6980)
• 🔨 Add E2E Testing for Matrix (#6944)

Docs

• 📖 docs: Update references to examples from v1beta1 to v1 (#7050)
• 📖 Fix typos and formatting in TaskRuns doc (#7020)
• 📖 Update Matrix Documentation for Results (#7012)
• 📖 [TEP-0135] Improve workspace related documentation (#6994)
• 📖 Remove warnings about matrix being non-functional (#6986)
• 📖 Add v0.50 to releases.md (#6967)
• 📖 [TEP-0135] Update Affinity Assistant documentation (#6892)

Thanks

Thanks to these contributors who contributed to v0.51.0!

• ❤️ @AlanGreene
• ❤️ @EmmaMunley
• ❤️ @HamzaMateen
• ❤️ @QuanZhang-William
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @khrm
• ❤️ @lbernick
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @QuanZhang-William
• 😍 @afrittoli
• 😍 @chitrangpatel
• 😍 @cugykw
• 😍 @khrm
• 😍 @lbernick
• 😍 @vdemeester

-Docs @ v0.50.1
-Examples @ v0.50.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.1/release.yaml
REKOR_UUID=24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.50.x] Make sure we use the correct namespace for remote Pipeline validation (#7023)

ix validation errors when using the cluster resolver

• 🐛 [release-v0.50.x] Fix Taskrun Failure for Preempted Pod of Taskrun (#7009)

his fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.50.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

-Docs @ v0.47.4
-Examples @ v0.47.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77abcdd5334f95a8d7faf0bed5a51a5ac970e8afe4ed889f277891aac6cc44ef3f8

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77abcdd5334f95a8d7faf0bed5a51a5ac970e8afe4ed889f277891aac6cc44ef3f8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.4/release.yaml
REKOR_UUID=24296fb24b8ad77abcdd5334f95a8d7faf0bed5a51a5ac970e8afe4ed889f277891aac6cc44ef3f8

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.47.x] Fix Taskrun Failure for Preempted Pod of Taskrun (#7011)

This fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.

• 🐛 [cherry-pick release-v0.47.x] Fix PipelineRun reconciler panic for computed timeouts (#7000)

bug fix: Avoid controller panics for computed timeouts

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.4!

• ❤️ @khrm
• ❤️ @lbernick

Extra shout-out for awesome release notes:

• 😍 @khrm
• 😍 @lbernick

🎉 v1beta1 deprecation (1 year support still) 🎉

-Docs @ v0.50.0
-Examples @ v0.50.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1665fb7556e457413b181806c513eeea26f12c0bd118bcf14912ee6bbee395d9

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1665fb7556e457413b181806c513eeea26f12c0bd118bcf14912ee6bbee395d9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.0/release.yaml
REKOR_UUID=24296fb24b8ad77a1665fb7556e457413b181806c513eeea26f12c0bd118bcf14912ee6bbee395d9

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Update Stability Level for CSI and Projected Volume Workspaces (#6954)

csi and projected volume workspaces are stable.

• ✨ [TEP-0029] Isolated steps and sidecar workspaces to beta (#6922)

The "isolated workspaces" feature allows users to share a workspace with dedicated steps and sidecars, instead of the whole TaskRun. The feature has been promoted to "beta".

• ✨ [TEP-0135] Revert PVC creation (#6893)

TEP-0135: Revert the owner of PVCs created by pipelinerun VolumeClaimTemplate back to pipelinerun. The PVCs bounded to the pipelinerun is now in bounded state when the pipelinerun is completed but not deleted.

• ✨ [TEP-0137] Add events config map (#6883)

action required: The default-cloud-events-sink setting in the config-defaults config map is deprecated. The CloudEvents sink shall be configured now through the sink settings in the new config-events config map.

• ✨ TEP-0135: Introduce coschedule feature flags (#6790)

tep-0135: introduce coschedule feature flag

• ✨ Add support for consuming whole array results in matrix (#6603)

TEP-0090: Pipeline Tasks may now reference whole array results in a Matrix. See https://github.com/tektoncd/pipeline/blob/09d422cff057f67170b4c2f76097ac6ffded33ef/docs/matrix.md?specifying-results-in-a-matrix#specifying-results-in-a-matrix docs for more information.

• ✨ [TEP-0135] Purge finalizer and delete PVC (#6940)
• ✨ [TEP-0135] coschedule isolate pipelinerun (#6929)
• ✨ TEP-0135: implement per-pipelinerun coscheduling (#6819)
• ✨ Change ordering of ResolveResultRefs/ApplyTaskResults (#6792)

Fixes

• 🐛 Add validation for feature-flags configmap to webhook (#6935)

Added validation for feature-flags configmap

• 🐛 Fix units for metric taskrun_pod_latency (#6891)

Bug fix: taskruns_pod_latency metric renamed to taskruns_pod_latency_milliseconds and units corrected

• 🐛 Perform webhook validation for remote pipelines (#6887)

bug fix: Remote Pipelines do not support propagated parameters and workspaces

• 🐛 Fix PipelineRun reconciler panic for computed timeouts (#6886)

bug fix: Avoid controller panics for computed timeouts

• 🐛 Fail PipelineRun when it can't create Runs (#6866)

bug fix: PipelineRun marked as failed when it cannot create TaskRuns or CustomRuns for a non-retryable reason

• 🐛 Use the same validation for all taskrefs (#6854)

bug fix: Disallow taskref.name with taskref.resolver in pipeline tasks

• 🐛 merge podTemplates instead of overriding (#6850)

Merge podTemplate specified in pipelineRun.spec.taskRunSpecs[].podTemplate along with pipelineRun.spec.podTemplate instead of only considering the one specified at the taskRunSpecs.

• 🐛 Fix workingdirinit step for Windows tasks (#6820)

Fixed an issue where Windows tasks would fail if one or more steps were configured with a custom working directory.

• 🐛 Fail upgrade tests when test script fails (#6871)
• 🐛 Restore Upgrade Test Scenario2 by creating simple Task and Pipeline resources (#6855)
• 🐛 Fix release pipeline (#6849)
• 🐛 Fix flake of TestPipelineTaskTimeout (#6955)
• 🐛 Fix flaky Affinity Assistant test (#6925)

Misc

• 🔨 Move feature flags testing functions into testing package (#6933)

Some exported functions moved from pkg/apis/config to pkg/apis/config/testing

• 🔨 cleaning up config-artifact-* (#6902)

config-artifact-pvc and config-artifact-bucket are deleted as resources from the tekton-pipelines-controller role.
CONFIG_ARTIFACT_PVC_NAME and CONFIG_ARTIFACT_BUCKET_NAME are deleted from the tekton-pipelines-controller deployment.

• 🔨 Bump knative/pkg to 1.10 (#6907)

native/pkg is updated to v1.10

• 🔨 [TEP-0137] Rename customrun package (#6884)

The CustomRun events controller has been moved to the pkg/reconciler/notifications package.

• 🔨 Replace redundant function CheckAlphaOrBetaFields (#6934)
• 🔨 Delete .ko.yaml (#6931)
• 🔨 Fix typo in AffinityAssistantBehavior (#6930)
• 🔨 Deduplicate examples tests between v1 and v1beta1 (#6908)
• 🔨 Reduce spam in integration test logs (#6873)
• 🔨 Remove yaml tests (#6872)
• 🔨 Add Testing: Failed Matrix PipelineRun for Out Of Bounds Array Indexing Results (#6852)
• 🔨 Refactor failure logic in pipelinerun resolution (#6801)
• 🔨 Bump k8s.io/api from 0.26.6 to 0.26.7 in /test/custom-task-ctrls/wait-task-beta (#6951)
• 🔨 Fix logger Fatalf message (#6946)
• 🔨 Do not require enable-api-fields=alpha for spire (#6939)
• 🔨 Bump github.com/sigstore/sigstore from 1.6.5 to 1.7.1 (#6912)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.6.3 to 1.7.0 (#6911)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc3 to 1.1.0-rc4 (#6910)
• 🔨 Bump google.golang.org/grpc from 1.55.0 to 1.56.2 (#6904)
• 🔨 Ignore SA in assertion (#6898)
• 🔨 Add upgrade test against previous server version to prevent regressions (#6896)
• 🔨 Bump golang.org/x/sync from 0.2.0 to 0.3.0 (#6880)
• 🔨 Bump github.com/tektoncd/pipeline from 0.48.0 to 0.49.0 in /test/custom-task-ctrls/wait-task-beta (#6853)
• 🔨 Bump k8s.io/api from 0.26.5 to 0.26.6 in /test/custom-task-ctrls/wait-task-beta (#6835)
• 🔨 Bump k8s.io/client-go from 0.25.10 to 0.25.11 in /test/custom-task-ctrls/wait-task-beta (#6834)
• 🔨 Improve taskref_test coverage with more error test cases (#6813)
• 🔨 formating error (#6795)

Docs

• 📖 [RFC] Increase support window for v1beta1 CRDs to 1 year (#6923)

Support window for beta CRDs increased to 1 year

• 📖 Mark v1beta1 apis as deprecated (#6876)

action required: v1beta1 Task, TaskRun, Pipeline, and PipelineRun APIs are deprecated and will be removed. Please migrate to the v1 versions of these APIs following the migration guide at https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1beta1-to-v1.md.

• 📖 Document that Workspaces can be unused (#6917)
• 📖 documenting the latest patch release - v0.44.4 (#6895)
• 📖 updating releases with 0.47.3 (#6875)
• 📖 Add set-security-context to feature flags docs (#6865)
• 📖 Add compatibility policy for ResolutionRequests (#6864)
• 📖 Update releases.md (#6851)
• 📖 Add instructions for picking commit in the release (#6735)

Thanks

Thanks to these contributors who contributed to v0.50.0!

• ❤️ @EmmaMunley
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @afrittoli
• ❤️ @aiden-deloryn
• ❤️ @amisskii
• ❤️ @bhujangr
• ❤️ @chuangw6
• ❤️ @dependabot[bot]
• ❤️ @imjasonh
• ❤️ @jimmyjones2
• ❤️ @lbernick
• ❤️ @piyush-garg
• ❤️ @pritidesai
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @EmmaMunley
• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @afrittoli
• 😍 @aiden-deloryn
• 😍 @lbernick
• 😍 @pritidesai
• 😍 @vdemeester

-Docs @ v0.44.4
-Examples @ v0.44.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ab58cdae71724a3f1862ded8fab661c1fd51b782380cc94208729e6c373bc73fa

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ab58cdae71724a3f1862ded8fab661c1fd51b782380cc94208729e6c373bc73fa
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.4/release.yaml
REKOR_UUID=24296fb24b8ad77ab58cdae71724a3f1862ded8fab661c1fd51b782380cc94208729e6c373bc73fa

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.44.x] merge podTemplates instead of override (#6861)

Merge podTemplate specified in pipelineRun.spec.taskRunSpecs[].podTemplate along with pipelineRun.spec.podTemplate instead of only considering the one specified at the taskRunSpecs.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.44.4!

• ❤️ @pritidesai

Extra shout-out for awesome release notes:

• 😍 @pritidesai

🎉 Resilient Affinity Assistant and podTemplate fix 🎉

-Docs @ v0.47.3
-Examples @ v0.47.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a07505f72bbd72e835bea2f95ad3134d11525204c948618e56c4a21cce6297b30

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a07505f72bbd72e835bea2f95ad3134d11525204c948618e56c4a21cce6297b30
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.3/release.yaml
REKOR_UUID=24296fb24b8ad77a07505f72bbd72e835bea2f95ad3134d11525204c948618e56c4a21cce6297b30

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.47.x] update affinity assistant creation implementation (#6863)

esilient Affinity Assistant - make sure the Affinity Assistant pod is always on a healthy node during the entire life cycle of the pipelineRun

• 🐛 [release-v0.47.x] merge podTemplates instead of overriding (#6860)

erge podTemplate specified in pipelineRun.spec.taskRunSpecs[].podTemplate along with pipelineRun.spec.podTemplate instead of only considering the one specified at the taskRunSpecs.

Thanks

Thanks to these contributors who contributed to v0.47.3!

• ❤️ @tekton-robot
• ❤️ @pritidesai
• ❤️ @lbernick
• ❤️ @afrittoli
• ❤️ @jerop

Extra shout-out for awesome release notes:

• 😍 @tekton-robot
• 😍 @pritidesai

-Docs @ v0.49.0
-Examples @ v0.49.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml
REKOR_UUID=24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.49.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [TEP-0091] support remote v1 pipeline verification (#6765)

Trusted Resources supports v1 remote tasks verification

• ✨ [TEP-0091] support remote v1 task verification (#6764)

Trusted Resources supports v1 remote tasks verification

• ✨ [TEP-0091] update taskrun and pipelinerun condition based on VerificationResult (#6757)

TrustedResourcesVerified is added to TaskRun/PipelineRun status if trusted resources is enabled, the condition indicates the result of the verification.

• ✨ add taskrun gauge metrics for k8s throttling because of defined resource quotas or k8s node constraints (#6744)

A new gauge metric for both PipelineRun and TaskRun will indicate whether underlying Pods are being throttled by Kubernetes because of either ResourceQuota policies defined in the namespace, or because the underlying node is experiencing resource constraints.

• ✨ Add more secure SecurityContext to injected pod containers (#6515)

Set new feature flag "set-security-context" to "true" to allow TaskRuns and PipelineRuns to be run in namespaces with restricted pod security admission

Backwards incompatible changes

In current release:

• 🚨 Enable beta features by default (#6732)

action required: "enable-api-fields" is set to "beta" by default. If you are using v1 APIs and would like to use only stable features, modify the "feature-flags" configmap in the "tekton-pipelines" namespace to set "enable-api-fields" to "stable". Example command: kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"stable"}}'
If you are using v1beta1 APIs, no action is needed.

Fixes

• 🐛 Conversion webhook fix for tasks with nil StepTemplate (#6825)

Conversion webhook fix for tasks with nil StepTemplate

• 🐛 Add validation for beta features in v1 remote Tasks/Pipelines (#6725)

Bug fix: Apply validation for beta features for v1 remote pipelines and tasks in the same way as already exists for pipelines and tasks created directly on cluster

• 🐛 Validate pipelineTask params usage only when explicit declaration is required (#6710)

Adds validation that parameters used in inline task specs within pipelines are declared by the pipeline.

• 🐛 fix: taskrun still fails even with onerror set to continue (#6675)

bug fix: taskrun still fails even with onerror set to continue

• 🐛 Ignore tekton reserved annotations (#6441)

Binary file (standard input) matches

• 🐛 Fix v1beta1 pipelineref bundle conversion to resolver (#6791)
• 🐛 Fix the key for Span of Tracing in pipelinerun reconciler (#6784)
• 🐛 Remove reconciler check for enable-tekton-oci-bundles flag (#6777)
• 🐛 Add Unit Tests for TestMissingResultWhenStepErrorIsIgnored and Update e2e test: TestFailingStepOnContinue (#6771)
• 🐛 Issue#6697 Fix tab formatting for documentation (#6750)

Misc

• 🔨 merge VerifyTask and VerifyPipeline into VerifyResource (#6724)

action required: VerifyTask and VerifyPipeline are now merged into 1 function VerifyResource, please update the usages if upgrade to the new release

• 🔨 Change the Storage Version to V1 Types (#6444)

action required: for custom resolver users, please update to use v1.Param and v1.RefSource

• 🔨 TEP-0135: Refactor Affinity Assistant PVC creation (#6741)

TEP-0135: Update the owner of PVCs created by pipelinerun VolumeClaimTemplate to the affinity assistant StatefulSet when affinity assistant is enabled. The PVCs bounded to the pipelinerun is now in terminating state when the pipelinerun is completed but not deleted (when affinity assistant is enabled).

• 🔨 Clean up non-functional CloudEvents Metrics in Reconciler for Deprecated CloudEvents (#6827)
• 🔨 Refactor test cases for remote PipelineRef (#6805)
• 🔨 Remove logic setting resolvers feature flag in e2e tests (#6786)
• 🔨 Fix apiVersion of Task to v1 in v1 examples (#6785)
• 🔨 Refactor TestReconcile_RemotePipelineRef bundle resolver test case (#6781)
• 🔨 Refactor test cases for remote TaskRef (#6778)
• 🔨 fix alpha propagated object params docs (#6753)
• 🔨 move tep75 tep76 and tep 107 examples from alpha to beta (#6747)
• 🔨 Cleanup outdated usage for functions in upgrade test (#6723)
• 🔨 Consolidate validation for Task/Pipeline beta features (#6719)
• 🔨 Cleanup: Use CustomRun instead of RunObject (#6718)
• 🔨 Add tests for ResolvedPipelineTask IsCancelled and IsCancelledForTimeout (#6703)
• 🔨 Cleanup: Move array indexing validation out of apis package (#6617)
• 🔨 Remove refs, HEAD symlinks in resolvers kodata (#6838)
• 🔨 Bump k8s.io/apimachinery from 0.26.5 to 0.26.6 in /test/custom-task-ctrls/wait-task-beta (#6836)
• 🔨 Bump github.com/golangci/golangci-lint from 1.53.2 to 1.53.3 in /tools (#6833)
• 🔨 TEP-0135: add affinity assistant cleanup unit tests (#6818)
• 🔨 Add apiVersions to TrustedResources Verification Helper Functions (#6803)
• 🔨 Add pod name to build_logs test output (#6796)
• 🔨 Bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5 (#6789)
• 🔨 Bump github.com/golangci/golangci-lint from 1.52.2 to 1.53.2 in /tools (#6776)
• 🔨 RFC: Update Go compatibility policy (#6768)
• 🔨 Sync V1 apis with V1beta1 changes (#6766)
• 🔨 [TEP-0091] add more no error test cases for taskrun and pipelinerun (#6754)
• 🔨 Bump golang.org/x/sync from 0.1.0 to 0.2.0 (#6745)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.5 (#6737)
• 🔨 Bump github.com/tektoncd/pipeline from 0.47.0 to 0.48.0 in /test/custom-task-ctrls/wait-task-beta (#6734)
• 🔨 Bump k8s.io/apimachinery from 0.26.4 to 0.26.5 (#6733)
• 🔨 Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#6721)
• 🔨 Bump github.com/google/go-containerregistry from 0.14.0 to 0.15.2 (#6720)
• 🔨 add missing unit test case for warn mode verification policy. (#6717)
• 🔨 Refactor PipelineRun and Run yamls in conversion_test to avoid flake (#6714)
• 🔨 Bump go.opentelemetry.io/otel from 1.14.0 to 1.16.0 (#6708)
• 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.14.0 to 1.16.0 (#6706)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.14.0 to 1.16.0 (#6705)
• 🔨 Validate beta features only when v1 Tasks and Pipelines are defined (#6701)
• 🔨 Bump k8s.io/api from 0.26.4 to 0.26.5 in /test/custom-task-ctrls/wait-task-beta (#6687)
• 🔨 Bump k8s.io/client-go from 0.25.9 to 0.25.10 in /test/custom-task-ctrls/wait-task-beta (#6686)
• 🔨 Bump k8s.io/apimachinery from 0.26.4 to 0.26.5 in /test/custom-task-ctrls/wait-task-beta (#6685)
• 🔨 Update pipelineTasks in Release-Pipeline to use Git Resolver (#6565)

Docs

• 📖 Remove cloudevent metrics from documentation (#6843)
• 📖 Update broken links in api_compatibility_policy.md (#6840)
• 📖 Updating release doc with recent releases (#6821)
• 📖 Add instructions for cherry-picking commits for patch releases (#6788)
• 📖 Added clarification and fix the Metrics doc (#6779)
• 📖 remove tep75 in alpha feature list table (#6749)
• 📖 chore: Add PROBES_PORT environment variable and update targetPorts for existing services (#6739)
• 📖 clarify in docs to not use apiVersion for taskRef for non-customtask (#6704)

Thanks

Thanks to these contributors who contributed to v0.49.0!

• ❤️ @EmmaMunley
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @chitrangpatel
• ❤️ @concaf
• ❤️ @dependabot[bot]
• ❤️ @gabemontero
• ❤️ @jsminem
• ❤️ @kahirokunn
• ❤️ @khrm
• ❤️ @l-qing
• ❤️ @lbernick
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @chitrangpatel
• 😍 @gabemontero
• 😍 @l-qing
• 😍 @lbernick
• 😍 @vdemeester

-Docs @ v0.47.2
-Examples @ v0.47.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.2/release.yaml
REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.47.x] Fix v1beta1 pipelineref bundle conversion to resolver (#6810)

bug fix: bundle resolver type param value for pipelineRef conversion

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.2!

• ❤️ @JeromeJu
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @tekton-robot

-Docs @ v0.44.3
-Examples @ v0.44.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.3/release.yaml
REKOR_UUID=24296fb24b8ad77aad9c5ad6c3a5e2b0b4c7805d432cfe8af8ac8b6bbe161ca33165d23e2dfc26e3

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.44.x] Fix v1beta1 pipelineref bundle conversion to resolver (#6808)

bug fix: bundle resolver type param value for pipelineRef conversion

Misc

• 🔨 [release-v0.44.x] Fix spammy logs (#6780)
• 🔨 [release-v0.44.x] Fix Timeouts Default in v1 PipelienRun (#6554)

Docs

Thanks

Thanks to these contributors who contributed to v0.44.3!

• ❤️ @JeromeJu
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @JeromeJu

-Docs @ v0.41.3
-Examples @ v0.41.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ac1565c644cf61337d73f9ec1057463c2dae22579280825a8c1db1641fde00202

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ac1565c644cf61337d73f9ec1057463c2dae22579280825a8c1db1641fde00202
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.3/release.yaml
REKOR_UUID=24296fb24b8ad77ac1565c644cf61337d73f9ec1057463c2dae22579280825a8c1db1641fde00202

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release v0.41.x] Fix v1beta1 pipelineref bundle conversion to resolver (#6807)

bug fix: bundle resolver type param value for pipelineRef conversion

• 🐛 [release-v0.41.x] Fix spammy logs (#6787)

bug fix: reduce log spam

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.41.3!

• ❤️ @JeromeJu
• ❤️ @lbernick

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @lbernick

-Docs @ v0.47.1
-Examples @ v0.47.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a42bb1d735f54861a476c277223dbf818082d5ea4f2ee350fdd0e2453db28625a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a42bb1d735f54861a476c277223dbf818082d5ea4f2ee350fdd0e2453db28625a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.1/release.yaml
REKOR_UUID=24296fb24b8ad77a42bb1d735f54861a476c277223dbf818082d5ea4f2ee350fdd0e2453db28625a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.47.x] don't return validation error when taskrun failed/skipped (#6688)

f taskrun fails and task results not emitted, pipelinerun fails because of taskrun fails rather than results validation error.

• 🐛 [release-v0.47.x] Don't mark done PipelineRuns as timed out (#6634)

ompleted PipelineRuns are not anymore changed to PipelineRunTimeout status

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

🎉 Provenance Beta, Resilient Affinity Assistant and Array Params in Matrix 🎉

-Docs @ v0.48.0
-Examples @ v0.48.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.48.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.48.0/release.yaml
REKOR_UUID=24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.48.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [TEP-0091] use VerificationResult in verify (#6673)

VerificationResult is the return value for instead of error for VerifyTask and VerifyPipeline.

• ✨ feat: support to produce results from a failed task (#6510)

PipelineRun can produce task results from the failed tasks, and the final task can reference those results.

• ✨ Promote the provenance field in status (#6495)

Promote provenance field to beta by setting the existing feature flag enable-provenance-in-status to be true by default with the installation of Tekton Pipeline. This feature flag will be completely removed once we consider this as a stable feature. That said, users can choose to opt out this by setting this feature flag to false.

• ✨ [TEP-0091] add VerificationResult (#6663)
• ✨ [TEP-0089] Inject SpireControllerAPIClient into the Taskrun controller and reconciler. (#6627)
• ✨ [TEP-0089] SPIRE for non-falsifiable provenance. Setup the test environment. (#6553)
• ✨ [TEP-0089] Add CSI volumes to the Pods which provide the SPIRE workload API (#6539)
• ✨ Add matrix support for using references to entire PipelineRun array parameters (#6516)

Fixes

• 🐛 Bug Fixes: Update Status for Matrixed PipelineTask (#6661)

Bug Fix: A matrixed pipelineTask will accurately reflect the status of isStarted(), isScheduled(), IsBeforeFirstTaskRun(), IsConditionStatusFalse() with the correct start time based on it's TaskRuns or custom RunObjects.

• 🐛 Sync pipelinerun validation between v1beta1 and v1 (#6656)

Sync pipelinerun validation between v1beta1 and v1

• 🐛 Split array param indexing validation between reconciler and webhook (#6652)

bug fix: always perform validation of array parameter index bounds checking

• 🐛 remove beta flag check for v1beta1 object param,results and array result (#6644)

Remove beta feature flag check for v1beta1 object param, results and array result. Object param, results and array result will be enabled if the enable-api-fields feature flag is not alpha for v1beta1 CRDs (e.g. Tasks and Pipelines)

• 🐛 Add validation for array indexing in finally when expressions (#6638)

Bug fix: add validation for out-of-bounds indexing into array parameters referenced in pipeline.spec.finally.when.inputs

• 🐛 Don't mark done PipelineRuns as timed out (#6622)

Completed PipelineRuns are not anymore changed to PipelineRunTimeout status

• 🐛 Support context variable replacements in custom tasks (#6620)

A user can now define context variables in inline pipeline specs for custom tasks.

• 🐛 check beta feature flag for v1 TaskSpec's ValidateParamArrayIndex (#6613)

check beta feature flag for v1 TaskSpec's ValidateParamArrayIndex instead of alpha flag, since array indexing is beta feature

• 🐛 Fix conversion of non-object results declared in Tasks (#6606)

Fix conversion bug preventing tasks with non-object results and parameters successfully round-tripping between api versions

• 🐛 update affinity assistant creation implementation (#6596)

Resilient Affinity Assistant - make sure the Affinity Assistant pod is always on a healthy node during the entire life cycle of the pipelineRun

• 🐛 Allow references to ClusterTasks in v1 Pipeline Tasks (#6588)

Continue to allow v1beta1 ClusterTasks (deprecated) to be referenced in v1 Pipelines

• 🐛 Custom task without api version return validation error (#6505)

Custom task without api version returns validation error

• 🐛 don't return validation error when taskrun failed/skipped (#6395)

If taskrun fails and task results not emitted, pipelinerun fails because of taskrun fails rather than results validation error.

• 🐛 Remove enable-api-fields validation for array index replacements (#6646)
• 🐛 Keeps Deprecated Fields in Step and StepTemplate When Switching Versions (#6623)
• 🐛 Refactor Sidecar Containers Construction If Script Exists (#6619)
• 🐛 Add Unit Tests for Array Results using [] notation (#6577)

Misc

• 🔨 Clean up Task parameter validation logic (#6650)

Some functions in pkg/substitution have been removed or renamed.

• 🔨 Run events controller as separate binary (#6529)

The cloudevents controller for Run has been moved to its own binary, with dedicated deployment, service, pod, service account, roles and role bindings. No functional change, no configuration change.

• 🔨 Add results-from feature flag to config-feature-flags.yaml (#6692)
• 🔨 Cleanup context-based validation of propagated params/workspaces (#6684)
• 🔨 Test refactor: separate Task validation tests for propagation (#6677)
• 🔨 Cleanup: Remove "substituted context" task validation (#6671)
• 🔨 Refactor validation of propagated parameters and workspaces (#6660)
• 🔨 Rename function that replaces variables in When Expressions (#6658)
• 🔨 Refactor substituting variables in Parameter values (#6657)
• 🔨 Split Pipeline validation tests into separate test classes (#6653)
• 🔨 Refactor ResolvedPipelineTask and remove redundant fields (#6649)
• 🔨 Refactor SequentialTasks & SequentialRuns Tests (#6648)
• 🔨 Simplify + add docstrings for PipelineRun resolution (#6643)
• 🔨 Refactor validation functions for indexing into array params (#6642)
• 🔨 Cleanp - Adding a single variable for default configmaps. (#6639)
• 🔨 Remove docstrings indicating that there is a 24h limit on timeouts (#6585)
• 🔨 Bump github.com/sigstore/sigstore from 1.6.2 to 1.6.4 (#6629)
• 🔨 move trusted resources verification after we resolve the remote resources (#6621)
• 🔨 Clean up metrics code slightly. (#6609)
• 🔨 Bump github.com/tektoncd/pipeline from 0.46.0 to 0.47.0 in /test/custom-task-ctrls/wait-task-beta (#6582)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.6.2 to 1.6.3 (#6544)

Docs

• 📖 Docs update: CSI + projected workspaces are beta (#6700)
• 📖 Fix code blocks in the Tasks page (#6676)
• 📖 Update documentation to reflect stability levels and deprecations (#6568)

Thanks

Thanks to these contributors who contributed to v0.48.0!

• ❤️ @EmmaMunley
• ❤️ @SaschaSchwarze0
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @dependabot[bot]
• ❤️ @ijschwabacher
• ❤️ @jagathprakash
• ❤️ @jerop
• ❤️ @lbernick
• ❤️ @pritidesai
• ❤️ @rh-hectormartinezdev

Extra shout-out for awesome release notes:

• 😍 @EmmaMunley
• 😍 @SaschaSchwarze0
• 😍 @Yongxuanzhang
• 😍 @afrittoli
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @lbernick
• 😍 @pritidesai

🎉 Trusted Resources, Matrix Execution and various improvements 🎉

-Docs @ v0.47.0
-Examples @ v0.47.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml
REKOR_UUID=24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• Tekton v0.47 requires Kubernetes 1.24 or newer

• v1alpha1.Run objects are no longer supported. You must upgrade to v1beta1.CustomRun before upgrading to this release. See https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1alpha1.Run-to-v1beta1.CustomRun.md for migration instructions

• Feature flag custom-task-version has been removed, tekton pipeline will stop supporting v1alpha1.Run and only use v1beta1.CustomRun.

• for trusted resources users, please change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md#enable-trusted-resources to learn how to config the new trusted-resources-verification-no-match-policy feature flag

Changes

Features

• ✨ Migrate Propagated Workspaces to Stable (#6432)

Propagated workspaces is now a stable feature.

• ✨ [TEP-0091] use verification mode in trusted resources (#6406)

The mode of VerificationPolicy determines how failing policies for trusted resources are handled. When set to warn, failing policies will log a warning but not fail the taskrun/pipelinerun. When set to enforce, failing policies will cause the taskrun/pipelinerun to fail if the policy cannot be verified.

• ✨ TEP-0118: Implement Fanning Out logic to support Matrix Include Parameters in a Task Run (#6341)

Users can now specify aPipelineTask with Matrix Include Parameters to generate explicit combinations or add
a specific combination of input values for Matrix Parameters.

• ✨ [TEP-0091] Add mode for VerificationPolicy (#6328)

Add mode field into VerificationPolicy to controls whether fail taskrun/pipelinerun or not when fails verification

• ✨ [TEP-0091] change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy (#6324)

[action required] for trusted resources users, please change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md#enable-trusted-resources to learn how to config the new trusted-resources-verification-no-match-policy feature flag

• ✨ [TEP-0089] SPIRE for non-falsifiable provenance - IsSpireEnabled (#6524)

• ✨ TEP-0118: Update TaskRun Validation for Matrix Include Params (#6418)

• ✨ [TEP-0047] add display name to pipeline spec and task spec (#6294)

Fixes

• 🐛 Fix resolutionrequest conversion (#6509)

bug fix: reduced webhook log spam related to conversion of ResolutionRequests

• 🐛 [TEP-0133] Apply default resolver to finally tasks (#6481)

TEP-0133: Apply default resolver to finally tasks

• 🐛 Make sure we pass the live config to the conversion webhook (#6450)

Make sure the conversion webhook sees the live configmaps instead of the default ones

• 🐛 Avoid occasional failures when using remote resolution (#6424)

Avoid occasional failures of TaskRun/PipelineRun execution using remote resolution.

• 🐛 Avoid retry on permanent errors in pipelinerun (#6297)

When encountering a permanent error during the creation of run resources in pipelinerun, stop retrying and set the failure reason to "CreateRunFailed".

• 🐛 Fix no logs in stdout/stderr if uses stdoutConfig (#6162)

users can still view the output through the Pod log API if stdoutConfig.path or stderrConfig.path is specified

• 🐛 Fix for PipelineRuns getting stuck in the running state in the cluster (#6095)

Fix a bug that made big PipelineRuns get stuck in the running state in the cluster

• 🐛 Fix Timeouts Default in v1 PipelienRun (#6546)
• 🐛 Fixed nil panic scenarios. (#6465)
• 🐛 fix: add PodAdmissionFailed reason to avoid confusing failed status (#6295)
• 🐛 fix taskrun failing with duplicate unique image found (#6260)
• 🐛 Added Skip Logic: Matrix parameters cannot be empty arrays (#6140)
• 🐛 test: add unit tests for pkg/resolution/resource (#6433)

Misc

• 🔨 Fix v1beta1.CustomRun GVK (#6562)

BREAKING CHANGE: v1beta1.CustomRuns GVK was changed to properly match it's type (Runs -> CustomRuns). This may break relationships that are relying on the incorrect GVK value. Clients not relying on the GVK value from the Go type are unaffected.

• 🔨 TEP-0114: Remove support for v1alpha1.Run (#6508)

action required: v1alpha1.Run objects are no longer supported. You must upgrade to v1beta1.CustomRun before upgrading to this release. See https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1alpha1.Run-to-v1beta1.CustomRun.md for migration instructions

• 🔨 [TEP-114] Remove the feature flag custom-task-version to stop supporting v1alpha1 Run (#6499)

action required: Feature flag custom-task-version is removed, tekton pipeline will stop supporting v1alpha1 Run and only use v1beta1 CustomRun.

• 🔨 [TEP-0074] Remove git-init code (#6417)

pkg/git has been removed

• 🔨 Keep securitycontext fields simple in e2e (#6547)

allow e2e tests to run on openshift using securitycontext fields simple

• 🔨 Revert removal of PipelineResources related fields (#6436)

Revert removal of client fields for PipelineResources for backwards compatibility. PipelineResources are still no longer functional and will not work with this version of Tekton.
Example command to list tasks that use PipelineResources and must be deleted before upgrading (works for other Tekton CRDs as well):
kubectl get taskruns --all-namespaces -o json | jq -r '.items[] | select(.metadata.annotations["[tekton.dev/v1beta1Resources](http://tekton.dev/v1beta1Resources)"] | (. != "{}") and (. != "") and (. != null)) | .metadata.namespace + "/" + .metadata.name + " " + .metadata.creationTimestamp'

• 🔨 Remove third_party directory (#6416)

Images built as part of releases no longer contain contents of third_party/. (Images still contain contents of vendor/.)

• 🔨 Remove RunControllerName from the Codebase (#6531)
• 🔨 TEP-0089: Refactor setting of "enforce-nonfalsifiability" feature flag (#6527)
• 🔨 6483-Step1: move validation code out of pipeline_types.go (#6526)
• 🔨 Hygiene: enabled presets and various linters. (#6518)
• 🔨 Hygiene: enable exhaustive linter. (#6484)
• 🔨 Cleanup: addressed various nolint items. 🧹 🧹 🧹 (#6477)
• 🔨 chore: cleanup unused functions in the resources (#6473)
• 🔨 Refactor Overwriting Combinations in Matrix (#6463)
• 🔨 Cleanup: move taskspec_test to resources_test pkg (#6458)
• 🔨 Split up and refactor isCustomTask (#6447)
• 🔨 Clean Up: Update []Param to the new Params type (#6446)
• 🔨 Clarify ParamValue syntax (#6445)
• 🔨 Cleanup Resolution import path (#6438)
• 🔨 Refactor Matrix Implementation (#6407)
• 🔨 Hygiene: enable errorlint. (#6340)
• 🔨 refactor getTaskRunCreations in the pipelineRun reconciler test suite (#6293)
• 🔨 Remove v1alpha1 Runs Client setup in init test (#6571)
• 🔨 Add link to examples of good release notes to template (#6564)
• 🔨 Use the system-installed version of golangci-lint. (#6560)
• 🔨 Add timeouts tests for v1beta1 PipelineRun Defaults (#6548)
• 🔨 Bump k8s.io/api from 0.25.8 to 0.25.9 (#6545)
• 🔨 Remove TaskrunMetrics Blank Identifier in CustomRun Reconciler to Avoid Redundant TaskRun Informer Register (#6542)
• 🔨 Fix serviceAccountName in v1 Examples (#6541)
• 🔨 Bump k8s.io/api from 0.26.2 to 0.26.4 in /test/custom-task-ctrls/wait-task-beta (#6537)
• 🔨 Bump k8s.io/client-go from 0.25.8 to 0.25.9 in /test/custom-task-ctrls/wait-task-beta (#6536)
• 🔨 Bump k8s.io/client-go from 0.25.8 to 0.25.9 (#6535)
• 🔨 Bump k8s.io/code-generator from 0.25.8 to 0.25.9 (#6534)
• 🔨 Bump k8s.io/apimachinery from 0.26.3 to 0.26.4 (#6533)
• 🔨 create multi-arch Wait Custom Task Controller image (#6523)
• 🔨 Bump github.com/sigstore/sigstore from 1.6.1 to 1.6.2 (#6522)
• 🔨 Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 (#6521)
• 🔨 tekton: update ko/koparse images in release pipeline (#6519)
• 🔨 Migrate v1beta1 RunResult to Unversioned Package (#6514)
• 🔨 Bump github.com/sigstore/sigstore from 1.6.0 to 1.6.1 (#6501)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.6.1 to 1.6.2 (#6500)
• 🔨 Sync v1 TaskRun StepSpecs and SidecarSpecs Merge with v1beta1 Overrides Merge (#6497)
• 🔨 Downgrade to latest k8s.io/apimachinery from beta. (#6492)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.12 to 1.13.13 (#6487)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.4 (#6480)
• 🔨 chore: add copyright header to source files (#6474)
• 🔨 chore: modify test package name (#6472)
• 🔨 Replace v1beta1.TaskObject with *v1beta1.Task in TaskRun Reconciler (#6471)
• 🔨 Replace v1beta1.PipelineObject with *v1beta1.Pipeline in PipelineRun … (#6469)
• 🔨 Bump github.com/golangci/golangci-lint from 1.52.1 to 1.52.2 in /tools (#6440)
• 🔨 Add RoundTrip to Conversion Integration Test (#6439)
• 🔨 Rename PipelineResourceResult to RunResult (#6434)
• 🔨 Bump github.com/golangci/golangci-lint from 1.52.0 to 1.52.1 in /tools (#6428)
• 🔨 Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#6427)
• 🔨 Bump k8s.io/client-go from 0.25.7 to 0.25.8 in /test/custom-task-ctrls/wait-task-beta (#6413)
• 🔨 Bump k8s.io/client-go from 0.25.7 to 0.25.8 in /test/custom-task-ctrls/wait-task-alpha (#6412)
• 🔨 Ignore k8s.io/* major/minor version in test/OWNERS test/README.md test/build_logs.go test/cancel_test.go test/clients.go test/columns.txt test/conformance_test.go test/controller.go test/controller_test.go test/conversion_test.go test/custom-task-ctrls test/custom_task_test.go test/dag_test.go test/diff test/doc.go test/duplicate_test.go test/e2e-common.sh test/e2e-tests-kind-prow-alpha.env test/e2e-tests-kind-prow-beta.env test/e2e-tests-kind-prow.env test/e2e-tests-kind.env test/e2e-tests-upgrade.sh test/e2e-tests.sh test/entrypoint_test.go test/examples_test.go test/featureflags.go test/git-resolver test/gohelloworld test/hermetic_taskrun_test.go test/ignore_step_error_test.go test/init_test.go test/kubectl.go test/larger_results_sidecar_logs_test.go test/markdown-lint-config.rc test/multiarch_utils.go test/names test/parse test/path_filtering.go test/path_filtering_test.go test/pipelinefinally_test.go test/pipelinerun_test.go test/presubmit-tests.sh test/propagated_params_test.go test/registry_test.go test/remote.go test/remote_test.go test/resolution.go test/resolvers_test.go test/resolvers_yaml test/retry_test.go test/secret.go test/serviceaccount_test.go test/sidecar_test.go test/start_time_test.go test/status_test.go test/step_output_test.go test/taskrun_test.go test/tektonbundles_test.go test/timeout_test.go test/trusted_resources_test.go test/trustedresources-keys test/trustedresources.go test/trustedresources_test.go test/wait.go test/wait_example_test.go test/windows_script_test.go test/windows_test.go test/workingdir_test.go test/workspace_test.go test/yamls go.mod (#6410)
• 🔨 Bump github.com/tektoncd/pipeline from 0.45.0 to 0.46.0 in /test/custom-task-ctrls/wait-task-alpha (#6404)
• 🔨 Bump github.com/tektoncd/pipeline from 0.45.0 to 0.46.0 in /test/custom-task-ctrls/wait-task-beta (#6401)
• 🔨 Bump github.com/golangci/golangci-lint from 1.51.2 to 1.52.0 in /tools (#6396)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.9 to 1.13.12 (#6394)
• 🔨 Bump k8s.io/client-go from 0.25.7 to 0.25.8 (#6393)
• 🔨 Bump k8s.io/api from 0.25.7 to 0.25.8 (#6392)
• 🔨 Bump k8s.io/code-generator from 0.25.7 to 0.25.8 (#6391)
• 🔨 divide ApplyTaskResultsToPipelineResults tests into success and error (#6388)
• 🔨 Bump google.golang.org/protobuf from 1.29.0 to 1.30.0 (#6371)
• 🔨 [TEP074] Tombstone ResourceResult field with the removal of PipelineResources (#6301)

Docs

• 📖 Migrate documentation to v1 API (#6414)

Migrate documentation from v1beta1 to v1 API

• 📖 Update wording for end-of-life in releases.md (#6569)
• 📖 Add developer guidance for API changes to CustomRuns (#6567)
• 📖 Update development guide on creating new CRDs (#6566)
• 📖 Update API compatibility policy for stable CRDs (#6532)
• 📖 Fixed Broken Links in Cloud Events Documentation (#6517)
• 📖 updating releases with the latest 0.41.2 (#6504)
• 📖 Update min k8s version to 1.24 (#6478)
• 📖 Small docs fix to make the timeout field value more obvious. (#6470)
• 📖 Update docstring of v1beta1.PipelineObject (#6468)
• 📖 doc: added a note on pulling task image from private repo (#6426)
• 📖 fix:inconsistent 'retries' document example fields in customrun (#6422)
• 📖 Add missing links for v0.46 release and move v0.42 to EOL section (#6421)
• 📖 updating releases.md for 0.46 (#6389)

Thanks

Thanks to these contributors who contributed to v0.47.0!

• ❤️ @AlanGreene
• ❤️ @Basavaraju-G
• ❤️ @EmmaMunley
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @RafaeLeal
• ❤️ @Tomcli
• ❤️ @Yongxuanzhang
• ❤️ @adelmoradian
• ❤️ @airycanon
• ❤️ @bendory
• ❤️ @chengjoey
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @jagathprakash
• ❤️ @jerop
• ❤️ @jsminem
• ❤️ @kinsolee
• ❤️ @l-qing
• ❤️ @lbernick
• ❤️ @nanjingfm
• ❤️ @pierretasci
• ❤️ @piyush-garg
• ❤️ @pritidesai
• ❤️ @vdemeester
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @EmmaMunley
• 😍 @QuanZhang-William
• 😍 @RafaeLeal
• 😍 @Yongxuanzhang
• 😍 @chengjoey
• 😍 @chitrangpatel
• 😍 @l-qing
• 😍 @lbernick
• 😍 @nanjingfm
• 😍 @piyush-garg
• 😍 @vdemeester
• 😍 @wlynch

-Docs @ v0.44.2
-Examples @ v0.44.2

🎉 latest knative 1.8 and conversion webhook fix 🎉

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ab75fc4e1c8817b3c2c2dad74af094e0feaeb3d9f16494dde7b30016f56a040b9

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ab75fc4e1c8817b3c2c2dad74af094e0feaeb3d9f16494dde7b30016f56a040b9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.2/release.yaml
REKOR_UUID=24296fb24b8ad77ab75fc4e1c8817b3c2c2dad74af094e0feaeb3d9f16494dde7b30016f56a040b9

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.44.x] Make sure we pass the live config to the conversion webhook (#6460)

ake sure the conversion webhook sees the live configmaps instead of the default ones

• 🐛 [release-v0.44.x] don't validate skipped task results for pipeline results (#6376)

A fix for regression issue that previously we don't fail the run when skipped task results don't emit, but failed when validation is introduced.

Misc

• 🔨 [release-v0.44.x] [TEP074] Remove git-ssh Examples (#6243)
• 🔨 [release-0.44.x] picking up latest changes in knative 1.8 (#6226)
• 🔨 [release-v0.44.x] Fixing CI for 0.44 (LTS) (#6223)

Docs

Thanks

Thanks to these contributors who contributed to v0.44.2!

• ❤️ @Yongxuanzhang
• ❤️ @pritidesai
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @Yongxuanzhang
• 😍 @tekton-robot

🎉 latest knative 1.8 and conversion webhook fix 🎉

-Docs @ v0.41.2
-Examples @ v0.41.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a407e5a4d07e1f8c2f6981364ad9b64e7cbccd7b3ee834b28e46a1caaf33b51ae

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a407e5a4d07e1f8c2f6981364ad9b64e7cbccd7b3ee834b28e46a1caaf33b51ae
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.2/release.yaml
REKOR_UUID=24296fb24b8ad77a407e5a4d07e1f8c2f6981364ad9b64e7cbccd7b3ee834b28e46a1caaf33b51ae

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 hotfix 0.41.x no logs in stdout/stderr if uses stdoutConfig (#6503)

users can still view the output through the Pod log API if stdoutConfig.path or stderrConfig.path is specified

• 🐛 [release-v0.41.x] Make sure we pass the live config to the conversion webhook (#6461)

ake sure the conversion webhook sees the live configmaps instead of the default ones

• 🐛 [release-v0.41.x] don't validate skipped task results for pipeline results (#6372)

A fix for regression issue that previously we don't fail the run when skipped task results don't emit, but failed when validation is introduced.

Misc

• 🔨 [release-v0.41.x] fix CI for LTS release (#6213)

Fixing Tekton CI for release-v0.41.x

• 🔨 [release-v0.41.x] picking up latest changes in knative 1.8 (#6201)

Bring the latest performance fix in knative/pkg which helps reduce CPU/Memory usage for huge pipelines.

• 🔨 [release-v0.41.x] [TEP074] Remove git-ssh Examples (#6241)

Docs

Thanks

Thanks to these contributors who contributed to v0.41.2!

• ❤️ @Yongxuanzhang
• ❤️ @chengjoey
• ❤️ @pritidesai
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @Yongxuanzhang
• 😍 @chengjoey
• 😍 @pritidesai
• 😍 @tekton-robot

🎉 Object Params and Results promoted to beta, context variables in pipelineRun.workspaces[].subPath 🎉

-Docs @ v0.46.0
-Examples @ v0.46.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.46.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a5430edfba7dc256e01b47fa5bde58abfa1c2c6307271140d90ce0236fbb3ca3a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a5430edfba7dc256e01b47fa5bde58abfa1c2c6307271140d90ce0236fbb3ca3a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.46.0/release.yaml
REKOR_UUID=24296fb24b8ad77a5430edfba7dc256e01b47fa5bde58abfa1c2c6307271140d90ce0236fbb3ca3a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.46.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• Tekton Pipeline v0.46.0 requires Kubernetes version 1.24 or greater.
• Release EOL: April 17th, 2023

Action Required

• Hygiene: enable linters for error conventions. (#6264)

  • resolution.ErrorRequestedResourceIsNil is deprecated; change references to resolution.ErrNilResource.
  • remote.ErrorRequestInProgress is deprecated; change references to remote.ErrRequestInProgress.
  • in package cmd/entrypoint/subcommands, SubcommandSuccessful type is deprecated, use type OK.
  • in package resolution/common, ErrorRequestInProgress is deprecated; change references to ErrRequestInProgress.
  • in package resolution/common, all errors of type Error* have been renamed to type *Error.
  • in package resolution/framework, ErrorMissingTypeSelector is deprecated; change references to ErrMissingTypeSelector

Trusted Resources are in alpha; the following breaking changes are included in this PR:

• in package trustedresources:
  • ErrorResourceVerificationFailed is replaced by ErrResourceVerificationFailed
  • ErrorEmptyVerificationConfig is replaced by ErrEmptyVerificationConfig
  • ErrorNoMatchedPolicies is replaced by ErrNoMatchedPolicies
  • ErrorRegexMatch is replaced by ErrRegexMatch
  • ErrorSignatureMissing is replaced by ErrSignatureMissing
• in package trustedresources/verifier:
  • ErrorFailedLoadKeyFile is replaced by ErrFailedLoadKeyFile
  • ErrorDecodeKey is replaced by ErrDecodeKey
  • ErrorEmptyPublicKeys is replaced by ErrEmptyPublicKeys
  • ErrorEmptySecretData is replaced by ErrEmptySecretData
  • ErrorSecretNotFound is replaced by ErrSecretNotFound
  • ErrorMultipleSecretData is replaced by ErrMultipleSecretData
  • ErrorEmptyKey is replaced by ErrEmptyKey
  • ErrorK8sSpecificationInvalid is replaced by ErrK8sSpecificationInvalid
  • ErrorLoadVerifier is replaced by ErrLoadVerifier
  • ErrorAlgorithmInvalid is replaced by ErrAlgorithmInvalid

• [TEP074] Remove Image pipelineResources (#6002)

Please migrate off of image pipelineresources as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-image-resource
imagedigestexporter image will not be built nor maintained from now on

• [TEP074] Remove Storage, Git and Generic PipelineResources (#6150)

Please migrate off of git and storage pipelineresources as they are removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-git-resource https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-storage-resource

Installing this release on a cluster with tasks and pipelines that use pipeline resources may break them. pipelineresources are removed in this release.

Changes

Features

• ✨ TEP-0118: Apply Param and Result Replacements in Matrix (#6345)

Matrix.params can have array replacements from array params or string replacements from string, array and object params.
Matrix.Include params can only have string replacements from string, array and object params

• ✨ [TEP-0133]: Configure Default Resolver (#6317)

[TEP-0133] Add "default-resolver-type" field in the "default-configs" ConfigMap to configure default resolver

• ✨ TEP-0075(object params and results) promoted to beta (#6211)

TEP-0075 promoted to beta - object params and results is now possible with enable-api-fields set to beta.

• ✨ TEP-0118: Added Matrix.Include field in preview mode (#6188)

API Change: Added Matrix.Include in preview mode (Not yet functional)

• ✨ context variables in workspaces (#6165)

Support for using pipelineRun context variables in pipelineRun.workspaces[].subPath.

• ✨ TEP-0118: Apply PipelineTask Context Replacements in Matrix Include (#6358)

• ✨ TEP-0118: Validate Matrix Include Parameters are unique in Matrix and Pipeline Task Parameters (#6349)

• ✨ TEP-0118: Update PipelineTaskResultRefs for Matrix Include Parameters (#6348)

• ✨ TEP-0118: Update Pipeline Conversion for Matrix Include Parameters (#6346)

• ✨ TEP-0118: Add validation for matrix pipeline context parameter variables (#6238)

• ✨ TEP-0118: Add validation for matrix combination count with matrix.include params (#6237)

• ✨ TEP-0118: Add validation for matrix include pipeline parameter variables (#6235)

• ✨ TEP-0118: Add validation for Matrix.Include.Params of type string (#6230)

• ✨ TEP-0118: Add exported functions for validating Matrix.Include and Matrix.Params (#6229)

Backwards incompatible changes

In current release:

• 🚨 remove config-trusted-resources (#6305)

BREAKING CHANGE: [alpha] config-trusted-resources is removed, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md for migrating public keys in VerificationPolicy

Fixes

• 🐛 validate matrix for duplicate params (#6308)

Validate matrix.params and matrix.include.params such that specifying duplicate parameters is caught by the validation.

• 🐛 Add conversion for remote tasks and pipelines to support v1 (#6254)

V1 tasks and pipelines are supported in remote resolution

• 🐛 Revert removal of embedded TaskRun status in API. (#6206)

PipelineRun Embedded TaskRun statuses reintroduced as deprecated to allow compatibility with older server versions.

• 🐛 Skip annotation when merging them. (#6161)

Skip kubectl.kubernetes.io/last-applied-configuration annotation when merging them in PipelineRun and TaskRun.

• 🐛 don't validate skipped task results for pipeline results (#6157)

A fix for regression issue that previously we don't fail the run when skipped task results don't emit, but failed when validation is introduced.

• 🐛 fix param array indexing validation error reason and error log (#6179)
• 🐛 If pod was evicted, prefer pod status message. (#6153)
• 🐛 Add exact comparison for events (#6296)

Misc

• 🔨 Hygiene: enable linters for error conventions. (#6264)

action required:

• resolution.ErrorRequestedResourceIsNil is deprecated; change references to resolution.ErrNilResource.
• remote.ErrorRequestInProgress is deprecated; change references to remote.ErrRequestInProgress.
• in package cmd/entrypoint/subcommands, SubcommandSuccessful type is deprecated, use type OK.
• in package resolution/common, ErrorRequestInProgress is deprecated; change references to ErrRequestInProgress.
• in package resolution/common, all errors of type Error* have been renamed to type *Error.
• in package resolution/framework, ErrorMissingTypeSelector is deprecated; change references to ErrMissingTypeSelector

Trusted Resources are in alpha; the following breaking changes are included in this PR:

• in package trustedresources:
  • ErrorResourceVerificationFailed is replaced by ErrResourceVerificationFailed
  • ErrorEmptyVerificationConfig is replaced by ErrEmptyVerificationConfig
  • ErrorNoMatchedPolicies is replaced by ErrNoMatchedPolicies
  • ErrorRegexMatch is replaced by ErrRegexMatch
  • ErrorSignatureMissing is replaced by ErrSignatureMissing
• in package trustedresources/verifier:
  • ErrorFailedLoadKeyFile is replaced by ErrFailedLoadKeyFile
  • ErrorDecodeKey is replaced by ErrDecodeKey
  • ErrorEmptyPublicKeys is replaced by ErrEmptyPublicKeys
  • ErrorEmptySecretData is replaced by ErrEmptySecretData
  • ErrorSecretNotFound is replaced by ErrSecretNotFound
  • ErrorMultipleSecretData is replaced by ErrMultipleSecretData
  • ErrorEmptyKey is replaced by ErrEmptyKey
  • ErrorK8sSpecificationInvalid is replaced by ErrK8sSpecificationInvalid
  • ErrorLoadVerifier is replaced by ErrLoadVerifier
  • ErrorAlgorithmInvalid is replaced by ErrAlgorithmInvalid

• 🔨 remove config-trusted-resources (#6305)

BREAKING CHANGE: [alpha] config-trusted-resources is removed, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md for migrating public keys in VerificationPolicy

• 🔨 change param array indexing validation functions to member functions (#6180)

Make ValidateParamArrayIndex as member functions for TaskSpec and PipelineSpec
Change []ParamSpec to ParamSpecs and []Param to Params

• 🔨 [TEP074] Remove Storage, Git and Generic PipelineResources (#6150)

action required: please migrate off of git and storage pipelineresources as they are removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-git-resource https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-storage-resource

installing this release on a cluster with tasks and pipelines that use pipeline resources may break them

pipelineresources are removed in this release

• 🔨 Upgrade to knative/pkg 1.9 (#6062)

Bump knative/pkg to 1.9 and update the Kubernetes minimun version to be v1.24.x

• 🔨 [TEP074] Remove Image pipelineResources (#6002)

action required: please migrate off of image pipelineresources as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-image-resource
imagedigestexporter image will not be built nor maintained from now on

• 🔨 drop git-init from the list of published images (#6378)
• 🔨 Refactor extracting parameters from a PipelineTask (#6344)
• 🔨 [TEP-0133] Refactor set default test helper (#6339)
• 🔨 Hygiene: removed unused images package variable. (#6337)
• 🔨 simplifying matrix combinations (#6312)
• 🔨 Restore timeouts default for v1 (#6311)
• 🔨 Stop populating resourceName in git-init image (#6310)
• 🔨 cleanup: deleting duplicate unit test (#6307)
• 🔨 Reorganizing Matrix Implementation (#6282)
• 🔨 Hygiene: enable goconst, dogsled linters. (#6262)
• 🔨 Hygiene: enable containedctx linter. (#6261)
• 🔨 Hygiene: enable ineffassign linter. 🧹🧹🧹 (#6259)
• 🔨 Hygiene: cleanup golangci configuration. (#6258)
• 🔨 Hygiene: enable additional lint presets. (#6247)
• 🔨 TEP-0090 Matrix: Refactor Matrix FanOut() to use the Matrix Struct (#6246)
• 🔨 Hygiene: enable additional linter presets. (#6236)
• 🔨 Add CustomRun to register.go (#6199)
• 🔨 typochanges in line 81 and 94. I have changed it to "ResourceRef" from "ResourseRef". (#6184)
• 🔨 updated spire unit test based on grpc update (#6168)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.3 (#6370)
• 🔨 Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 (#6369)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1 (#6368)
• 🔨 fix error msg in taskref.resolver.params validation (#6361)
• 🔨 fix error message for resolver params (#6360)
• 🔨 remove pipelineresources from delete_pipeline_resources (#6357)
• 🔨 Bump k8s.io/code-generator from 0.25.4 to 0.25.7 (#6338)
• 🔨 Check generated API docs during CI (#6336)
• 🔨 Bump k8s.io/apimachinery from 0.25.4 to 0.25.7 (#6334)
• 🔨 Bump k8s.io/api from 0.25.4 to 0.25.7 (#6333)
• 🔨 Bump k8s.io/client-go from 0.25.4 to 0.25.7 (#6332)
• 🔨 Fix the dependabot config (#6330)
• 🔨 refactor trusted resources get matching policies code (#6323)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.5.5 to 1.6.1 (#6321)
• 🔨 Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#6320)
• 🔨 Bump google.golang.org/protobuf from 1.28.1 to 1.29.0 (#6319)
• 🔨 Bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#6318)
• 🔨 dependabot: do not update k8s.io/* major/minor updates (#6314)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.4 to 1.13.9 (#6303)
• 🔨 Sync SpanContext field for v1 with v1beta1 API (#6300)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0 (#6289)
• 🔨 updating release instructions to include LTS suffix (#6283)
• 🔨 add missing test cases for matrix params array indexing validation (#6281)
• 🔨 Bump k8s.io/api from 0.26.1 to 0.26.2 in /test/custom-task-ctrls/wait-task-beta (#6272)
• 🔨 Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 in /test/custom-task-ctrls/wait-task-alpha (#6270)
• 🔨 Bump k8s.io/api from 0.26.1 to 0.26.2 in /test/custom-task-ctrls/wait-task-alpha (#6269)
• 🔨 Bump golang.org/x/time from 0.2.0 to 0.3.0 (#6268)
• 🔨 Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 (#6265)
• 🔨 Remove Docs for Image Resources (#6263)
• 🔨 apply latest knative.dev/pkg 1.9 (#6256)
• 🔨 Bump github.com/sigstore/sigstore from 1.5.2 to 1.6.0 (#6253)
• 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.13.0 to 1.14.0 (#6249)
• 🔨 [TEP074] Remove git-ssh Examples (#6239)
• 🔨 Bump github.com/sigstore/sigstore from 1.5.1 to 1.5.2 (#6231)
• 🔨 update go.mod to Go 1.19 (#6216)
• 🔨 Fix indent for the example of specifying Custom Task Spec (#6215)
• 🔨 [TEP074] Remove PipelineResourceResultType of PipelineResourceResult Struct (#6198)
• 🔨 Bump github.com/golangci/golangci-lint from 1.51.1 to 1.51.2 in /tools (#6196)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.2 to 1.13.4 (#6195)
• 🔨 Bump github.com/tektoncd/pipeline from 0.44.0 to 0.45.0 in /test/custom-task-ctrls/wait-task-beta (#6191)
• 🔨 Bump github.com/tektoncd/pipeline from 0.44.0 to 0.45.0 in /test/custom-task-ctrls/wait-task-alpha (#6190)
• 🔨 run codegen against latest main to update licenses and api doc (#6189)
• 🔨 Add v0.45.0 to releases.md (#6187)
• 🔨 Make SA implicit in TestPropagatedParams (#6185)
• 🔨 Bump github.com/containerd/containerd from 1.6.17 to 1.6.18 (#6183)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.5.4 to 1.5.5 (#6173)
• 🔨 update pipeline-object-results example (#6166)

Docs

• 📖 Update EOL releases (#6285)

Move v0.39 and v0.40 releases to the end-of-life section.

• 📖 Update Removal of PipelineResources in Deprecation.md (#6343)
• 📖 Fix resolution getting started docs with correct parameters (#6234)
• 📖 Update Tekton development processes section URLs (#6225)
• 📖 Create Removed Table for deprecation.md (#6209)
• 📖 Add deprecation notes for developers. (#6208)
• 📖 Fix godoc deprecated comments. (#6207)
• 📖 Updated documentation of pipelines around approvals (#6205)
• 📖 fix weight in update-reference-docs (#6200)
• 📖 Fix broken links and delete troubleshooting section (#6172)
• 📖 Clarify docs on pipelinerun timeouts (#6171)

Thanks

Thanks to these contributors who contributed to v0.46.0!

• ❤️ @Aathirajan
• ❤️ @EmmaMunley
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @SaschaSchwarze0
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @bendory
• ❤️ @concaf
• ❤️ @dependabot[bot]
• ❤️ @drewbailey
• ❤️ @ernesgonzalez33
• ❤️ @geriom
• ❤️ @jerop
• ❤️ @khrm
• ❤️ @l-qing
• ❤️ @lbernick
• ❤️ @mswiderski
• ❤️ @pavanstarmanwar
• ❤️ @pritidesai
• ❤️ @pxp928
• ❤️ @vdemeester
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @EmmaMunley
• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @afrittoli
• 😍 @bendory
• 😍 @pritidesai
• 😍 @vdemeester
• 😍 @wlynch

🎉 Propagated Parameters promoted to stable, Array Results promoted to beta, Propagated Workspaces to promoted to beta 🎉

-Docs @ v0.45.0
-Examples @ v0.45.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.45.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1081521e24e0bdb57359c801e63b84d7de2b1cd4ef8c25004336d6fc9717ec65

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1081521e24e0bdb57359c801e63b84d7de2b1cd4ef8c25004336d6fc9717ec65
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.45.0/release.yaml
REKOR_UUID=24296fb24b8ad77a1081521e24e0bdb57359c801e63b84d7de2b1cd4ef8c25004336d6fc9717ec65

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.45.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

Action Required

• Please migrate off of pullrequests pipelineresources as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-pullrequest-resource

Backwards incompatible changes

In current release:

• 🚨 pipelinerun.status.taskRuns and pipelinerun.status.runs have been removed.

The pipelinerun.status.taskRuns and pipelinerun.status.runs fields have been removed, along with the embedded-status feature flag. If you are using these fields in your own tooling, please migrate to using pipelinerun.status.childReferences instead. (#6099).

Changes

Features

• ✨ TEP-0076 (array results and indexing into array) promoted to beta 🎓 (#6103)

TEP-0076 promoted to beta - Array results and indexing into an array is now possible with enable-api-fields set to beta.

• ✨ [TEP 0122] Add FeatureFlags Field to TaskRun.Status.Provenance (#6072)

Add FeatureFlags field to TaskRun.Status.Provenance

• ✨ Propagated Parameters - Stable (#6050)

Propagated Parameters is stable. This feature enables interpolating Parameters in embedded specifications to reduce verbosity in Tekton resources.

• ✨ Beta Example Tests (#6031)

Run beta example tests when enable-api-fields: beta is set.

• ✨ Propagated Workspaces to Beta (#6030)

The feature propagated workspaces is now enabled if the feature flag, enable-api-field value is set to alpha or beta.

• ✨ Add prow env for beta integration test (#5737)

Adds pull-tekton-pipelines-beta-integration-test

• ✨ feat: support to extract init container failure message (#5646)

When an error occurs in the init container, the taskrun clearly displays the error message.

• ✨ [TEP-0089] Add a config map to support SPIRE initialization. (#5902)

Deprecation Notices

• 🚨 config-trusted-resources is deprecated

config-trusted-resources of trusted resources to store public key is deprecated and will be removed in release 0.46, please use VerificationPolicy instead (#6134).

Fixes

• 🐛 validate emit results are defined in taskspec (#6129)

Tasks results emitted in script but don't defined in taskspec will fail

• 🐛 remove results from status when type mismatched and add more logs (#6073)

taskrun results which have type mismatched are removed from taskrun status

• 🐛 Fix converted legacy bundle->remote resolver syntax to be case-insensitive for kind (#6061)

The remote bundles resolver now matches the kind value in its parameters and in bundle layers in a case-insensitive manner.

• 🐛 Increase memory limit for remote resolvers deployment (#6028)

Prevent OOM-kills of remote resolver pod when cloning large git repositories by increasing container's memory limit.

• 🐛 Add security context for example PRs using catalog git-clone (#6138)
• 🐛 Use remote resolution in release pipeline (#6027)
• 🐛 fix:the pvc creation failure does not print the success log (#5777)
• 🐛 increase the timer for reading k8s event in test (#6063)

Misc

• 🔨 Mark config-trusted-resources as deprecated (#6134)

action required: config-trusted-resources of trusted resources to store public key is deprecated and will be removed in release 0.46, please use VerificationPolicy instead

• 🔨 [TEP100] Remove and Fields for (#6099)

pipelinerun.status.taskruns and pipelinerun.status.runs are removed

• 🔨 [TEP074] Remove Pullrequest-init Image (#6078)

Pullrequest image is removed. Please migrate off the Pullrequest Image.

• 🔨 [TEP0100] Remove Feature Flag (#6049)

embedded-status feature flag is removed. TaskRun and Run status will be populated only in pipelineRun.status.childReferences.

• 🔨 [TEP074] Remove Pullrequest pipelineResources (#6011)

action required: please migrate off of pullrquests pipelineresources as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-an-pullrequest-resource

• 🔨 cleaning up examples to avoid writing to results using path (#6098)
• 🔨 Migrate Kaniko Task off ImageDigestExporter (#6094)
• 🔨 [pkg/reconciler] clean up io/ioutil package (#6069)
• 🔨 Clean up cloudevents package (#6065)
• 🔨 Fix example customrun.yaml (#6041)
• 🔨 TEP-0114: Switch to use FilterCustomRunRef - Wait Custom Task Beta (#6040)
• 🔨 update object-param-result example (#6170)
• 🔨 update pipeline-object-param-and-result example (#6169)
• 🔨 [TEP074] Cleanup variables.md after Removal of PipelineResources (#6158)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.1 to 1.13.2 (#6156)
• 🔨 Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#6149)
• 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.12.0 to 1.13.0 (#6148)
• 🔨 Bump github.com/containerd/containerd from 1.6.16 to 1.6.17 (#6147)
• 🔨 Bump github.com/emicklei/go-restful from 2.15.0+incompatible to 2.16.0+incompatible in /test/custom-task-ctrls/wait-task-beta (#6146)
• 🔨 Bump github.com/go-git/go-billy/v5 from 5.4.0 to 5.4.1 (#6132)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.12.0 to 1.13.0 (#6131)
• 🔨 Include CustomRuns in failed integration test YAML dump (#6124)
• 🔨 Replace hardcoded value (#6122)
• 🔨 add more error messages for results validation (#6119)
• 🔨 Bump github.com/golangci/golangci-lint from 1.50.1 to 1.51.1 in /tools (#6115)
• 🔨 Bump github.com/containerd/containerd from 1.6.15 to 1.6.16 (#6113)
• 🔨 Bumb up dependency versions for wait-task custom controllers (#6108)
• 🔨 Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 (#6106)
• 🔨 unit test added for task result type mismatch (#6104)
• 🔨 Switch the release pipeline to use GitHub API for task resolution (#6100)
• 🔨 Bump github.com/tektoncd/pipeline from 0.43.2 to 0.44.0 in /test/custom-task-ctrls/wait-task-beta (#6087)
• 🔨 matrix with array results indexing (#6077)
• 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.11.1 to 1.12.0 (#6074)
• 🔨 Add dependabot workflows for submodules. (#6068)
• 🔨 updating an example pipelinerun with array indexing (#6060)
• 🔨 updating an existing example pipelinerun with array results (#6055)
• 🔨 Fix spammy logs (#6051)
• 🔨 Adds label kind/misc to dependentbot (#6047)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.12.3 to 1.13.1 (#6043)
• 🔨 Increase timeout in Conversion Integration Test to Prevent Flake (#6026)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.5.2 to 1.5.4 (#5992)

Docs

• 📖 when expressions with array results (doc and example) (#6092)

Doc update for - How to refer to an array result in when expressions?

• 📖 Add details about deprecating feature flags and (#6070)

Deprecation Notice: the feature flag custom-task-version will be removed in release v0.47.0.

• 📖 updating the list of beta features (#6181)
• 📖 Remove PipelineRunStatus from deprecation.md (#6164)
• 📖 Move Propagated Workspaces to list of beta features (#6163)
• 📖 chore: add link to tekton v0.40 version (#6151)
• 📖 Add release info for v0.41.1 (#6126)
• 📖 update pre-requsites to include checking docker is installed (#6121)
• 📖 Pipelines Docs Cleanup (#6117)
• 📖 Fix outdated remote resolution documentation (#6059)
• 📖 updating an example taskrun with array parameters (#6057)
• 📖 Update task-level compute resources docs (#6052)
• 📖 adding section for emitting array results (#6039)
• 📖 minor doc update for array and object results (#6038)
• 📖 Add v0.44.0 to releases.md (#6035)
• 📖 Update git resolver documentation (#6029)
• 📖 Update pipelineResources deprecation (#6022)
• 📖 Document behavior of feature-flag flips (#6017)
• 📖 Refactor installation documentation (#5806)

Thanks

Thanks to these contributors who contributed to v0.45.0!

• ❤️ @Abirdcfly
• ❤️ @JeromeJu
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @geriom
• ❤️ @jagathprakash
• ❤️ @jerop
• ❤️ @lbernick
• ❤️ @my-git9
• ❤️ @pavanstarmanwar
• ❤️ @pritidesai
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @XinruZhang
• 😍 @Yongxuanzhang
• 😍 @abayer
• 😍 @chitrangpatel
• 😍 @cugykw
• 😍 @jerop
• 😍 @pritidesai

-Docs @ v0.41.1
-Examples @ v0.41.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a92c34840a015d42f5a142140f22d291dce815726d3f0ee022c102fdc046a6d2d

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a92c34840a015d42f5a142140f22d291dce815726d3f0ee022c102fdc046a6d2d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.1/release.yaml
REKOR_UUID=24296fb24b8ad77a92c34840a015d42f5a142140f22d291dce815726d3f0ee022c102fdc046a6d2d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.41.x] Add conversion config to ResolutionRequest CRD (#5748)

properly configures conversion from v1alpha1.ResolutionRequest to v1beta1.ResolutionRequest

• 🐛 [release-v0.41.x] tekton: fix KO_CONFIG_PATH on release pipeline (#5960)

windows support

• 🐛 [release-v0.41.x] Fix task parameter value substitution error due to propagateParams (#6032)

Fix bug where pipeline parameter values are incorrectly mapped to task outputs

Misc

• 🔨 [release-v0.41.x] Use the golangci-lint configured in Makefile in build tests (#5953)

Thanks

Thanks to these contributors who contributed to v0.41.1!

• ❤️ @vdemeester
• ❤️ @chengjoey
• ❤️ @abayer

Extra shout-out for awesome release notes:

• 😍 @vdemeester
• 😍 @chengjoey
• 😍 @abayer