A cloud-native Pipeline resource.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by tekton-robot over 1 year ago
-Docs @ v0.44.0
-Examples @ v0.44.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aef37f64a4b4a1f8feb128277e9de47fc1ce4ec75e99229c3447da52e951cb8bd
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aef37f64a4b4a1f8feb128277e9de47fc1ce4ec75e99229c3447da52e951cb8bd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.0/release.yaml
REKOR_UUID=24296fb24b8ad77aef37f64a4b4a1f8feb128277e9de47fc1ce4ec75e99229c3447da52e951cb8bd
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The webhook controller name can be configured using WEBHOOK_ADMISSION_CONTROLLER_NAME environment variable in webhook deployment.
β¨ [TEP-0091] Trusted Resources
β¨ [TEP-0124] implement opentelemetry Jaeger tracing (#5746)
Added support for tracing using Jaeger and OpenTelemetry. It can be enabled by adding the following environment variables to controller manifest
OTEL_EXPORTER_JAEGER_ENDPOINT
is the HTTP endpoint for sending spans directly to a collector.OTEL_EXPORTER_JAEGER_USER
is the username to be sent as authentication to the collector endpoint. (optional)OTEL_EXPORTER_JAEGER_PASSWORD
is the password to be sent as authentication to the collector endpoint. (optional)In current release:
fixes updates for reconciling pipelinerunstatus when switching the embeddedstatus feature flag. it resets the status.runs
and status.taskruns
to nil
with minimal
EmbeddedStatus and status.childReferences
to nil
with full
embeddedstatus.
propagateParams
(#6004)remove GetClusterTask
func
action required: please migrate off of cluster
pipelineresources
as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-a-cluster-resource
kubeconfigwriter
image are not built nor maintained from now on
action required: please migrate off of cloudevent
pipelineresources
as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-a-cloudevent-resource
Removed the feature flag enable-custom-tasks
.
The default value of custom-task-version
is changed from v1alpha1
to v1beta1
, which means v1beta1.CustomRun
will be created out of a Custom Task PipelineTask
instead of v1alpha1.Run
.
Deprecation Notice: v1alpha1.Run
will be removed in release v0.47.0.
switch the default value of embedded-status
to minimal
the embedded-status
flag along with the both
and full
functionalities are deprecated, and will be removed in v0.45.
Remove optional tag for startTime
and completionTime
in TaskRun/PipelineRun status, and add option tag for provenance
field in TaskRun/PipelineRun status.
go-licenses
to development setup. (#5929)Thanks to these contributors who contributed to v0.44.0!
Extra shout-out for awesome release notes:
Published by tekton-robot almost 2 years ago
-Docs @ v0.43.2
-Examples @ v0.43.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ac03a9e9a1de2842d68ade2674937db60c0150c990bf5e0347dec1edcad393407
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ac03a9e9a1de2842d68ade2674937db60c0150c990bf5e0347dec1edcad393407
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.2/release.yaml
REKOR_UUID=24296fb24b8ad77ac03a9e9a1de2842d68ade2674937db60c0150c990bf5e0347dec1edcad393407
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.43.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Update PipelineRun conversion between API versions to account for embedded-status feature flag
Thanks to these contributors who contributed to v0.43.2!
Extra shout-out for awesome release notes:
Published by tekton-robot almost 2 years ago
-Docs @ v0.43.1
-Examples @ v0.43.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.1/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77aafc26483b3dd67610086643ab88bb7166bfd137136fbdf182dc3bc8d76987194
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aafc26483b3dd67610086643ab88bb7166bfd137136fbdf182dc3bc8d76987194
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.1/release.yaml
REKOR_UUID=24296fb24b8ad77aafc26483b3dd67610086643ab88bb7166bfd137136fbdf182dc3bc8d76987194
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.43.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
bug fix: register informers for v1 TaskRun and PipelineRun
Status helper functions now properly support both CustomRuns and Runs.
Windows support.
Thanks to these contributors who contributed to v0.43.1!
Extra shout-out for awesome release notes:
Published by tekton-robot almost 2 years ago
-Docs @ v0.43.0
-Examples @ v0.43.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77ab5c2fccf5d8344332332d06ae5cc99d8daa86744b122e3a4a875b8842315d884
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ab5c2fccf5d8344332332d06ae5cc99d8daa86744b122e3a4a875b8842315d884
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.0/release.yaml
REKOR_UUID=24296fb24b8ad77ab5c2fccf5d8344332332d06ae5cc99d8daa86744b122e3a4a875b8842315d884
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.43.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
β¨ TEP-0127-: Larger results using sidecar logs - Always enforce ReservedSidecarName validation (#5877)
Always enforce ReservedSidecarName validation check regardless of what the results-from
feature flag is set to.
β¨ TEP-0114: Enable Custom Tasks in Pipelines by Default (#5858)
Custom Tasks in Pipelines are enabled by default. To disable, set enable-custom-tasks
feature flag "false"
.
β¨ TEP-0121: Adds a new field for TaskRun (#5842)
API change: new Retries
field in v1beta1.TaskRun
and v1.TaskRun
.
β¨ TEP-0127: Larger results using sidecar logs - parsing sidecar logs to extract results (#5840)
Parsing sidecar logs to extract results into the task run CRD.
β¨ TEP-0127: make stdout and stderror paths readable (#5838)
Make stdout and stderr files readable by all.
β¨ TEP-0127: Larger results using sidecar logs - entrypoint, sidecar binary and injecting results sidecar (#5834)
Implemented sidecar binary and entrypoint related changes.
β¨ TEP-0114: Add support for PipelineRun reconciler to create CustomRuns (#5832)
Custom task runs created from PipelineRuns can now be v1beta1.CustomRuns instead of v1alpha1.Runs, if the "custom-task-version" feature flag is set to "v1beta1", instead of the default "v1alpha1". Note that custom task controllers would need to be updated to listen for *v1beta1.CustomRun instead of *v1alpha1.Run in order to respond to v1beta1.CustomRuns.
β¨ TEP-0127: Larger results using sidecar logs - feature flags and cluster-roles (#5828)
Implemented feature flags to enable larger results using sidecar logs.
β¨ [TEP-0091] Add VerificationPolicy types to configure public keys (#5714)
VerificationPolicy is added as a v1alpha1 type to enable users to config public keys for trusted resources.
Please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md for more details
β¨ TEP-0101 PodTemplate should support environment variables. (#5699)
PodTemplate can be used to update environment variables globally as well as PipelineRun and TaskRun level.
Added new configuration option default-forbidden-env to disallow specified environment variables from being updated via podTemplate.
β¨ TEP-0127: Larger results using sidecar logs: Validation, documentation and examples (#5695)
Admission webhook validation to ensure that the reserved sidecar name is not used by the user, user documentation and larger results TaskRun and PipelineRun examples.
β¨ Add a PipelineRun Example for Creating a Wait CustomRun (#5906)
β¨ TEP-0121: Retries - Reconciler Implementation (#5844)
β¨ TEP-0114: Migrate the testing Wait Task to reconcile on v1beta1.CustomRun (#5815)
π string results that can be parsed as json should not fail (#5814)
Task can emit string type results that can be parsed as json.
π Fix apiVersion assignment in ChildReference Conversion (#5854)
π TEP-0121: Modify metrics recorder for TaskRun Retries (#5853)
π Add v1 clients for examples_test (#5799)
π Add PipelineRunStatus Conversion (#5797)
π ref: prompt for specific error fields (#5682)
π¨ TEP-0127: Larger Results via Sidecar Logs - Cleanup (#5843)
Moved config to enable access to sidecar logs into a different folder.
π¨ TEP-0114: Add FilterFuncs for CustomRun (#5822)
Add FilterFuncs for custom task controllers using CustomRuns
π¨ Change all ducktype status to v1 (#5809)
API changes: swap all duckv1beta1 status to duckv1 status
π¨ V1 CRD release (#5579)
Releases v1 CRD for task, taskrun, pipeline and pipelinerun. Served v1 CRDs are included in this release for users as a preview, and also for users to start preparing for the migration. v1 is served but CLI, Dashboard, Chains etc support won't be available until the following release. v1 will be the official version starting with the next release when it has been released as the storage version.
π¨ Fix Wrong Condition Reason When Fails to Stop Sidecars for A Finished TaskRun (#5901)
π¨ Sorted linters -- because neatness counts. (#5898)
π¨ [pkg/remote] clean up ioutil (#5895)
π¨ Enabled the whitespace
linter. (#5889)
π¨ [pkg/termination] cleanup io/ioutil (#5885)
π¨ Replaced deadcode
linter with unused
linter. (#5881)
π¨ [pkg/pullrequest] cleanup ioutil for new go version (#5880)
π¨ [pkg/credentials] clean up io/ioutil package (#5879)
π¨ [pkg/entrypoint] remove ioutil for new go version (#5878)
π¨ Stop Metric Recorder Listing TaskRuns When Records Data (#5876)
π¨ Added govet to our Golang linter suite (#5871)
π¨ Increases Test Coverage on GetSkippedTasks() (#5856)
π¨ Align the naming when referring to a TaskRun in comments in taskrun_types.go (#5847)
π¨ Remove return error in GetTaskFunc and GetPipelineFunc (#5826)
π¨ Refactor events to decouple k8s event and cloud event (#5817)
π¨ Bump github.com/containerd/containerd from 1.6.12 to 1.6.14 (#5908)
π¨ Bump github.com/jenkins-x/go-scm from 1.11.35 to 1.12.3 (#5905)
π¨ Bump github.com/containerd/containerd from 1.6.10 to 1.6.12 (#5855)
π¨ Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#5845)
π¨ Bump golang.org/x/oauth2 from 0.2.0 to 0.3.0 (#5839)
π¨ Add embedded-status to config-feature-flags.yaml (#5825)
π¨ Bump go.uber.org/zap from 1.23.0 to 1.24.0 (#5816)
π¨ Add TaskRunStatus Conversion (#5794)
π¨ Bump github.com/sigstore/sigstore from 1.4.5 to 1.4.6 (#5792)
π¨ Bump google.golang.org/grpc from 1.50.1 to 1.51.0 (#5774)
π¨ Skip TestGitResolver_API on other archs (#5713)
π¨ [test] clean up io/ioutil package (#5894)
π Update releases for v0.42.0 (#5789)
Update releases file for v0.42.0
π Fix typo (#5787)
Fix typo
π docs: fixing wrong matrix syntax in some places (#5911)
π Added documentation for local golangci-lint use. (#5900)
π TEP-0127: Add "Larger Results via Sidecar Logs" to alpha features (#5888)
π fix errant backtick in TOC link (#5860)
π TEP-0114: Migration Doc for Custom Task Beta Promotion (#5850)
π Add TaskRuns and Runs Status migration deprecation fields (#5811)
π TEP-0114: Clarify that CustomRun
is the beta version of Run
(#5801)
Thanks to these contributors who contributed to v0.43.0!
Extra shout-out for awesome release notes:
Published by tekton-robot almost 2 years ago
-Docs @ v0.42.0
-Examples @ v0.42.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml
REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.42.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The port on which the webhook server listens may be configured via the WEBHOOK_PORT environment variable.
Set source value for cluster resource to link back its origin i.e. url and checksum.
ociresolver captures correct source information about where remote image came from.
Added a new boolean feature flag named "enable-provenance-in-status" in feature-flags configmap to enable the provenance field in status to be populated. This field in status aims to record authenticated metadata about how a software artifact was built i.e. the source where remote resource came from.
Set ConfigSource value for gitresolver to record the source where the remote resource came from.
Reconciler, event, config, and webhook support for CustomRuns
Trusted Resource feature enable tekton pipeline to verify the resources resolved from resolver. With trusted resource feature, users can configure public keys in configmap and choose to turn on/off this feature via feature flag resource-verification-mode
. This commit enables mount public key files as secrets into Pipeline and used for verification. Taskrun/Pipelinerun that fail the verification will be marked as failed
and be stopped from execution if resource-verification-mode
is set to enforce
Populate the TaskRun/PipelineRun's Status.Provenance.ConfigSource field with the value from the remote ResolutionRequest Status.
Note: the feature flag enable-provenance-in-status
needs to be set to "true" to enable this provenance field to be populated & available in *Run.Status.
Retries
and RetriesStatus
back (#5765)Properly configures conversion from v1alpha1.ResolutionRequest to v1beta1.ResolutionRequest
Check for duplicate workspaces of pipeline task.
Clean up example configuration in config-observability configmap for tekton-pipelines-resolvers namespace
Custom Task Beta is available.
Use v1beta1.SchemeGroupVersion.String() for the APIVersion field in the tekton object retrieved by cluster resolver.
Fix cloud event flacky unit tests by adding EventSender
Add unit test for bundle resolver
Updates API compatibility policy for the V1 api version
retriesStatus
from CustomRunStatus
(#5719)Thanks to these contributors who contributed to v0.42.0!
Extra shout-out for awesome release notes:
Published by tekton-robot almost 2 years ago
Remote Resolution, Propagated Parameters, CSI and Projected Workspaces promoted to Beta!
-Docs @ v0.41.0
-Examples @ v0.41.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.0/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a0f387ec5597ae094fc78efb152ca50f4bc02f99149e5d324261f4fc32d28f92f
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a0f387ec5597ae094fc78efb152ca50f4bc02f99149e5d324261f4fc32d28f92f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0f387ec5597ae094fc78efb152ca50f4bc02f99149e5d324261f4fc32d28f92f
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Beta
in kubernetes 1.23-1.24. See kubernetes feature gates for more information. (#5652)Timeout
on their own, PipelineRun reconciler would not set Run.Spec.Status == RunCancelled
upon Run timeout. (#5658)The Hub Resolver will have a new type
field to indicate the type of Hub from where to pull the resource. The default hub type is updated from the Tekton Hub to the Artifact Hub. Please see more details in TEP-0115
CSI workspaces are promoted to beta/stable API
Add more details (start time, end time, owner) in the default view of resource resolutions
Propagated Parameters extended to Finally
tasks.
Add Provenance field in TaskRun&PipelineRun status that wraps all the information we might need from pipeline side.
It only contains ConfigSource at the moment, but it can be extended to have more subfields in future.
Add provenance-related field in ResolutionRequest.status.
Promote propagated parameters to beta.
Projected workspaces are promoted to beta/stable API
action required: Any resolvers being used other than built-in resolvers will need to be updated to use ResolutionRequest v1beta1. Remote resolution of Pipelines and Tasks promoted to beta, and ResolutionRequest v1beta1 introduced to support array and object parameters for resolvers.
Action required: If using Kubernetes 1.22, set PodSecurity flag to true to enforce a restricted pod security level in Tekton namespaces. See https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features for more information.
Bug fix: skip validation of CRDs on deletion
The PipelineRun
and TaskRun
controller will not override label set by other tools during the reconciler loop, and will merge them instead
Fix TaskRun parameter etc replacement logic to persist in the TaskRun's Status properly
Fix PipelineRun hang on Unknown status when duplicated params are defined in a PipelineTask
Variable replacement is now properly performed for workspace sub-paths in finally tasks.
Fix taskrun not working with workspace having volumeClaimTemplate
action required: To allow PodSecurityAdmission to take effect, please set PodSecurity flag as Beta
in 1.23-1.24. See https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features for more information.
ACTION REQUIRED: Starting from this release, Custom Task Runs controllers need to implement the Timeout
on your own, PipelineRun reconciler would not set Run.Spec.Status == RunCancelled
upon Run timeout.
Separate resolvers.yaml manifest removed because resolvers are now included in release.yaml
pipelineRef.bundle and taskRef.bundle are deprecated in favor of using the bundles resolver
Update knative.dev/pkg dependency for support of k8s 1.25.x
Binary file (standard input) matches
Images are based on cgr.dev/chainguard/* instead of the exactly equivalent distroless.dev/* image references.
Update aggregate ClusterRoles to include Run resources used for custom tasks and remove references to Condition which was removed in v0.37.0
Action required: ClusterTasks are deprecated. Please use the cluster resolver instead.
Renames the resources
to computeResources
of task.spec.steps[].resources
, task.spec.stepTemplate.resources
, task.spec.sidecars[].resources
, taskRun.spec.stepOverrides[].resources
, taskrun.spec.sidecarOverrides[].resources
. Renames stepOverrides
and sidecarOverrides
to stepSpecs
and sidecarSpecs
.
Webhook HPA uses autoscaling/v2 instead of the deprecated autoscaling/v2beta1. This also brings the minimum kubernetes version to v1.23.0
Test_storePipelineSpec
to use yml parser (#5561)git status -s
(#5587)enable-api-fields
(#5325)Thanks to these contributors who contributed to v0.41.0!
Extra shout-out for awesome release notes:
Many thanks to π± purr programmer Gigi too!
Gigi says "congratulation on the graduation, Tekton!"
Published by tekton-robot about 2 years ago
-Docs @ v0.40.2
-Examples @ v0.40.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.2/release.yaml
The Rekor UUID for this release is 24296fb24b8ad77a2573afa5bfbd4582c0eb8c844009ee685a7e9abf6ae42b4d00b20c7485096315
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a2573afa5bfbd4582c0eb8c844009ee685a7e9abf6ae42b4d00b20c7485096315
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.2/release.yaml
REKOR_UUID=24296fb24b8ad77a2573afa5bfbd4582c0eb8c844009ee685a7e9abf6ae42b4d00b20c7485096315
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
ix TaskRun parameter etc replacement logic to persist in the TaskRun's Status properly
ix the -dirty
suffix in pipeline.tekton.dev/release
annotation
Thanks to these contributors who contributed to v0.40.2!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.40.1
-Examples @ v0.40.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.1/release.yaml
The Rekor UUID for this release is 362f8ecba72f432643c8fc44b910556818f9aac401493abdd08da44a05e8c0c10a7122ef17aaf447
Obtain the attestation:
REKOR_UUID=362f8ecba72f432643c8fc44b910556818f9aac401493abdd08da44a05e8c0c10a7122ef17aaf447
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.1/release.yaml
REKOR_UUID=362f8ecba72f432643c8fc44b910556818f9aac401493abdd08da44a05e8c0c10a7122ef17aaf447
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
ix taskrun not working with workspace having volumeClaimTemplate
Thanks to these contributors who contributed to v0.40.1!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.38.4
-Examples @ v0.38.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.4/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326fa5b24a3cce6792d794726e3efd6e3c151eaa96ef7dfdc1ccf8ffc2230201d18
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326fa5b24a3cce6792d794726e3efd6e3c151eaa96ef7dfdc1ccf8ffc2230201d18
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.4/release.yaml
REKOR_UUID=362f8ecba72f4326fa5b24a3cce6792d794726e3efd6e3c151eaa96ef7dfdc1ccf8ffc2230201d18
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.
Fixes https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)
ko create
(#5439)Thanks to these contributors who contributed to v0.38.4!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.37.5
-Examples @ v0.37.5
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.5/release.yaml
The Rekor UUID for this release is 362f8ecba72f43263b14ba88ed3003f2038017cca2b180c14ad3e3263321a6a92ea4977c465b526d
Obtain the attestation:
REKOR_UUID=362f8ecba72f43263b14ba88ed3003f2038017cca2b180c14ad3e3263321a6a92ea4977c465b526d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.5/release.yaml
REKOR_UUID=362f8ecba72f43263b14ba88ed3003f2038017cca2b180c14ad3e3263321a6a92ea4977c465b526d
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.5@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.
Fixes https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)
After the replacement with an empty array, the original array will be empty.
Example:
params:
- name: myarray
value: "$(params.anEmptyArray[*])"
ko create
(#5438)Thanks to these contributors who contributed to v0.37.5!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.36.1
-Examples @ v0.36.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.1/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326ba7c696af10c9c634aa17d43f9ffc6e7c877d332b0e0f634434f09904b654e8c
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326ba7c696af10c9c634aa17d43f9ffc6e7c877d332b0e0f634434f09904b654e8c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.1/release.yaml
REKOR_UUID=362f8ecba72f4326ba7c696af10c9c634aa17d43f9ffc6e7c877d332b0e0f634434f09904b654e8c
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.36.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.
bug fixes:
After the replacement with an empty array, the original array will be empty.
Example:
params:
- name: myarray
value: "$(params.anEmptyArray[*])"
Binary file (standard input) matches
Relax the validation of result type: allow for no type specified to support resources created before result types were introduced.
ko create
(#5445)Thanks to these contributors who contributed to v0.36.1!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.40.0
-Examples @ v0.40.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml
The Rekor UUID for this release is 362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277
Obtain the attestation:
REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml
REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Add pipelineRun.spec.pipelineTaskRunTemplate
with serviceAccountName
and podTemplate
.
Workspaces are propagated in embedded specifications of pipelinerun without mutations.
Adds new behavior to the git remote resolver to fetch Tasks and Pipelines from GitHub, Gitlab, BitBucket via their APIs using API tokens.
More flexible ways to provide values for object param keys: a subset of keys can be provided from default, and the rest is provided at runtime.
Add a cluster resolver for referencing Pipeline and Task resources in other namespaces
action required: The separate Resolutions project has been folded into Pipeline. If currently using Resolution, remove the tekton-remote-resolution namespace before upgrading and installing the new "resolvers.yaml".
action required: matrixed params must be moved under matrix.params
Propagating object params
If the user provide affinity in podtemplate it will merge with affinity-assistant's affinity
action required: Need to check podtemplate make sure the change will not cause unexpected behaviour
action required: Remote resolver resource
field has changed to params
.
Workspaces are propagated in embedded specifications without mutations.
In current release:
Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.
Previously, the timeout of a TaskRun would be calculated from the time remaining in a PipelineRun's timeouts.tasks
. Now, it is set
to the default timeout (unless otherwise specified in pipeline.spec.tasks[].timeout
), and the PipelineRun controller will cancel
TaskRuns after timeouts.tasks
has elapsed. If timeouts.tasks
is greater than the default timeout, tasks will time out at the default timeout instead of when they previously timed out.
[Detailed change description] (#Number).
[Fill list here]
Fix regexp for ssh.
Bug fix: allow specifying only timeouts.tasks or timeouts.finally
De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.
bug fixes:
[Bug fix] Clarify limitrange documentation and remove functionality that's provided by k8s anyway
PipelineRuns will now fail validation for duplicate parameter names or task result references in parameter values
Tekton will retry the creation of the Pod if it fails due to a conflict and results in ResourceQuotaConflictError while updating a ResourceQuota.
Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.
APISecretNamespaceKey
(#5492)$(context...)
values in resolver parameters (#5476)Replace holding a Task
in dag.Node
with a unique string identifier.
Hardening looksLikeResultRef to only report a valid result references, "tasks..results." and "tasks..results..". Any other invalid look-a-like-result-references are treated as constants.
e2e tests log when a namespace is not deleted at test completion.
Images are based on distroless.dev/* instead of the (equivalent) ghcr.io/distroless/* -- no effective behavior change
Developers - Please file a promotion request using this new template.
Updating error message - when step.onError is set to an invalid value, the error message now double quotes that value to easily spot it.
Add more unit tests to cover the case where non-exist individual keys of an object are used in task step.
T.Setenv
to set env vars in tests (#5398)default-revision
, not default-branch
(#5410)ko create
(#5396)The document has been added that describes the changes needed when migrating from v1beta1 to v1.
The document has been added that describes the changes needed when migrating from v1beta1 to v1.
Updating README to include last two releases details - 0.39 and 0.38.3.
enable-*-resolver
flags to the Pipeline controller customization docs (#5419)Thanks to these contributors who contributed to v0.40.0!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.39.0
-Examples @ v0.39.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.39.0/release.yaml
The Rekor UUID for this release is 362f8ecba72f43268e217c4700290e118237bd958b73e4b539da850cfacd12ff6719e20dcde99540
Obtain the attestation:
REKOR_UUID=362f8ecba72f43268e217c4700290e118237bd958b73e4b539da850cfacd12ff6719e20dcde99540
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.39.0/release.yaml
REKOR_UUID=362f8ecba72f43268e217c4700290e118237bd958b73e4b539da850cfacd12ff6719e20dcde99540
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.39.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton support for Windows includes support for ltsc2019 in addition to ltsc2022
onError
(#5307)Support variables in steps[].onError, for example, $(params.CONTINUE)
A PipelineRun can be cancelled even if some of its owned resources have been deleted.
Added TopologySpreadConstraints in PodTemplate to enable spread Pods across clusters among topology domains.
Allow users to use results
from finally
in PipelineResults
using $(finally.<pipelinetask-name>.results.<result-name>)
taskresults is inferred as object if Properties is set, and Properties's value by default is string
β¨ [TEP-0104] Populate Task-level Resource Requirements from PipelineRun to TaskRun (#5212)
β¨ Add validation for results object properties types (#5169)
β¨ [TEP-0104] Update Pod with Task-level Resource Requirements (#5082)
Rename ArrayOrString to ParamValues, NewArrayOrString to NewStructuredValues
This deprecation notice is applicable to the projects such CLI, Dashboard, Chains, etc which are dependent on the go types defined in the Pipeline.
Each retry for each matrixed TaskRun
is completed before it is reattempted; failure in one matrixed TaskRun
no longer affects retries for other matrixed TaskRuns
from the same PipelineTask
.
Move parameter validation from pipelinespec
to pipelinerunspec
when propagating parameters
Users can now differentiate if a TaskRun was cancelled by the user or by cancellation of a PipelineRun of which the TaskRun was a part of, by looking at the TaskRun's spec.StatusMessage field.
Fix the Tekton controller panic for Metrics.
Move parameter validation from taskspec
to taskrunspec
when propagating parameters
Convert step.OnError from string to type: OnErrorType
Version informaiton added to workload labels is determined from information embedded by Go, instead of relying on symlinks to Git information in our build process.
Rename ArrayOrString to ParamValues, NewArrayOrString to NewStructuredValues
Update docs
Do not try to convert object on deletion, and do not validate names on deletion as well.
Add a pipeline run example with both object param and result
Bump knative/pkg dependency to 1.15.
action required: this will bring up the minimum version for Kubernetes to 1.22
Documenting the results lifecycle.
Thanks to these contributors who contributed to v0.39.0!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.38.3
-Examples @ v0.38.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.3/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326a418baaecb593233a0d4ac99b5f9657b66533bd25da323933e8994b6d424c6f1
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326a418baaecb593233a0d4ac99b5f9657b66533bd25da323933e8994b6d424c6f1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.3/release.yaml
REKOR_UUID=362f8ecba72f4326a418baaecb593233a0d4ac99b5f9657b66533bd25da323933e8994b6d424c6f1
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Fix cancellation of PipelineRuns with unscheduled custom tasks.
Thanks to these contributors who contributed to v0.38.3!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.37.4
-Examples @ v0.37.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.4/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326045502405ac43703acea4ee07f7e2bee7fc0892a3fe86e71f19eb7434dfbcf40
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326045502405ac43703acea4ee07f7e2bee7fc0892a3fe86e71f19eb7434dfbcf40
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.4/release.yaml
REKOR_UUID=362f8ecba72f4326045502405ac43703acea4ee07f7e2bee7fc0892a3fe86e71f19eb7434dfbcf40
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Fix cancellation of PipelineRuns with unscheduled custom tasks.
Thanks to these contributors who contributed to v0.37.4!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.38.2
-Examples @ v0.38.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.2/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.2/release.yaml
REKOR_UUID=362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Do not panic on ImagePullBackOff
in case of status being not fully populated yet
Thanks to these contributors who contributed to v0.38.2!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.37.3
-Examples @ v0.37.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.3/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.3/release.yaml
REKOR_UUID=362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Do not panic on ImagePullBackOff
in case of status being not fully populated yet
Thanks to these contributors who contributed to v0.37.3!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.38.1
-Examples @ v0.38.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.1/release.yaml
The Rekor UUID for this release is 362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4
Obtain the attestation:
REKOR_UUID=362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.1/release.yaml
REKOR_UUID=362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Do not serve removed object from v1alpha1 (Task, ClusterTask, Pipeline, TaskRun and PipelineRun)
Fix an issue with parameters without types specified in pre-existing Pipeline
s and Task
s.
Thanks to these contributors who contributed to v0.38.1!
Extra shout-out for awesome release notes:
Published by tekton-robot about 2 years ago
-Docs @ v0.38.0
-Examples @ v0.38.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.0/release.yaml
The Rekor UUID for this release is 362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885
Obtain the attestation:
REKOR_UUID=362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.0/release.yaml
REKOR_UUID=362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
β¨ [TEP-0075] Object Params and Results
$(params.<param_name>.<key_name>)
β¨ [TEP-0076] Array Params and Results
$(params.param-name[i]
).β¨ Add support for projected volumes as workspace type (#5085)
Add support for projected volumes as workspace type
Pipeline results are now initialized even when a pipelineRun fails. The task results from all the successful tasks are propagated to the pipelineRun.
Add support to use any CSI volume driver as a workspace
β¨ TEP-0090: Matrix
Matrix
supports Results of type String.matrix
and params
in a PipelineTask
(#5050)matrix
and params
fields. The matrix
is used to fan out the PipelineTask
and the params
are the same in all the TaskRuns
.PipelineTask
with a Matrix
and Custom Task
is fanned out into parallel Runs
which are executed in parallel.isSuccessful
for Runs
(#5035)PipelineTasks
with Custom Tasks
are successful when all Runs
have completed successfully.embedded-status
feature flag must be set to "minimal"
to specify Matrix
in a PipelineTask
.TaskRuns
or Runs
from a given Matrix
is 256.Runs
(#5037)ChildReferences
for TaskRuns
(#5008)β¨ Only create & mount Downward API volume when necessary (#4953)
Added an await-sidecar-readiness
feature flag, which can be used to remove the of DownwardAPI volumes in TaskRun pods. (#4953, @hWorblehat)
Users can specify stdoutConfig
and stderrConfig
in steps to capture steps' stdout and stderr to local files. This feature can be used to capture stdout and stderr into task results.
Apply the TerminationMessagePolicy field for container types
After the replacement with an empty array, the original array will be empty.
Example:
params:
- name: myarray
value: "$(params.anEmptyArray[*])"
Binary file (standard input) matches
Fail PipelineTask validation if a normal, non-custom embedded task is specified along with apiVersion
and/or kind
Fixed a bug where Finally
Task
Result
's where being referenced in Pipeline
Result
's.
Fixed a bug where Finally Task Result's are being referenced in Pipeline Result's.
Unset replicas:1 in the webhook Deployment; HPA will autoscale the deployment (1-5 replicas by default). First reapplication after this change will cause scaling down to 1 replica, but subsequent reapplications will not change the HPA-set replica number.
Fix task pod creation failure when duplicate secrets present in service account.
If for some reason between getting the pod with a list and creation it already exists, do not
treat it as a terminal failure.
ChildReferences
in tests (#5020)Dots are not allowed in object param names and key names.
Deprecated PipelineRunCancelled
status string removed; use Cancelled
instead.
action required: v1alpha1
Pipeline
, PipelineRun
, Task
, TaskRun
removed. Please switch to v1beta1
for those types.
Add taskrun & pipelinerun examples that use object param and result.
ValidateObjectKeys function is now available for usage outside the v1beta1 package.
Fanning out PipelineTasks
into parallel TaskRuns
with substitutions from combinations of Parameters
in a Matrix
is fully supported. The ChildReferences
of the fanned out TaskRuns
will be added to the PipelineRun
status.
Images are based on ghcr.io/distroless/static, and the entrypoint image is updated to use nanoserver:ltsc2022 instead of :1809
Binary file (standard input) matches
π¨ TEP-0075: Validate Pipeline object variables in value, matrix and when (#4902)
π¨ [TEP-0075] Validate object keys, PipelineRunSpec -> PipelineSpec (#4883)
Make sure keys of an object param declared in PipelineSpec are all provided with a value when the PipelineRunSpec provides values for the object param. In other words, the value provider - PipelineRunSpec can't miss keys. i.e. the following example will be invalid since the key commit
is missed.
Example:
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: test-case
spec:
params:
- name: myObject
value:
url: "abc.com"
pipelineSpec:
params:
- name: myObject
properties:
url: {}
commit: {}
Conditions
π§Ή (#5027)ResolvedPipelineRunTask
to ResolvedPipelineTask
(#5025)GetChildReferences
checks for non-nil TaskRuns
(#5016)TaskRun
in GetTaskRunsResults
(#5015)GetChildReferences
(#5006)isRunning
for Runs
(#5062)getNextTasks
(#5061)PipelineTask
with Custom Task
(#5048)ChildReferences
for Runs
(#5047)isFailure
for Runs
(#5042)PipelineRun
from Pipeline
with Matrix
(#5031)cmpopts.SortSlices
rather than explicitly sorting in tests when possible (#5023)Thanks to these contributors who contributed to v0.38.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.37.2
-Examples @ v0.37.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.2/release.yaml
The Rekor UUID for this release is 362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26
Obtain the attestation:
REKOR_UUID=362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.2/release.yaml
REKOR_UUID=362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Fix the entrypoint potentially not executing the right command due to flag parsing
Binary file (standard input) matches
Thanks to these contributors who contributed to v0.37.2!
Extra shout-out for awesome release notes: