-Docs @ v0.44.0
-Examples @ v0.44.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aef37f64a4b4a1f8feb128277e9de47fc1ce4ec75e99229c3447da52e951cb8bd

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aef37f64a4b4a1f8feb128277e9de47fc1ce4ec75e99229c3447da52e951cb8bd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.0/release.yaml
REKOR_UUID=24296fb24b8ad77aef37f64a4b4a1f8feb128277e9de47fc1ce4ec75e99229c3447da52e951cb8bd

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ make the webhook controller name configurable (#6007)

The webhook controller name can be configured using WEBHOOK_ADMISSION_CONTROLLER_NAME environment variable in webhook deployment.

• ✨ [TEP-0091] Trusted Resources

  • enable KMS in VerificationPolicy for trusted resources (#5965)
  • Add KMS filed into v1alpha1.VerificationPolicy (#5891)
  • add KMS libraries (#5890)

• ✨ [TEP-0124] implement opentelemetry Jaeger tracing (#5746)

Added support for tracing using Jaeger and OpenTelemetry. It can be enabled by adding the following environment variables to controller manifest

• OTEL_EXPORTER_JAEGER_ENDPOINT is the HTTP endpoint for sending spans directly to a collector.
• OTEL_EXPORTER_JAEGER_USER is the username to be sent as authentication to the collector endpoint. (optional)
• OTEL_EXPORTER_JAEGER_PASSWORD is the password to be sent as authentication to the collector endpoint. (optional)

Backwards incompatible changes

In current release:

• 🚨 "embedded-status" now defaults to "minimal" (#5934)
• 🚨 Cluster PipelineResources have been removed (#5996)
• 🚨 CloudEvent PipelineResources have been removed (#5995)

Fixes

• 🐛 Fix PipelineRunStatus Reconciler for EmbeddedStatus Switch (#5989)

fixes updates for reconciling pipelinerunstatus when switching the embeddedstatus feature flag. it resets the status.runs and status.taskruns to nil with minimal EmbeddedStatus and status.childReferences to nil with full embeddedstatus.

• 🐛 Fix task parameter value substitution error due to propagateParams (#6004)

Misc

• 🔨 Cleanup resources of ClusterTask (#5977)

remove GetClusterTask func

• 🔨 [TEP074] Remove Cluster pipelineResources (#5996)

action required: please migrate off of cluster pipelineresources as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-a-cluster-resource
kubeconfigwriter image are not built nor maintained from now on

• 🔨 [TEP074] Remove CloudEvent pipelineResources (#5995)

action required: please migrate off of cloudevent pipelineresources as it is removed, please refer to the doc at https://github.com/tektoncd/pipeline/blob/main/docs/pipelineresources.md#replacing-a-cloudevent-resource

• 🔨 TEP-0114: Remove Feature Flag (#5975)

Removed the feature flag enable-custom-tasks.

• 🔨 Switch the Default Value of Feature Flag to (#5961)

The default value of custom-task-version is changed from v1alpha1 to v1beta1, which means v1beta1.CustomRun will be created out of a Custom Task PipelineTask instead of v1alpha1.Run.

Deprecation Notice: v1alpha1.Run will be removed in release v0.47.0.

• 🔨 [TEP0100] Default to minimal embedded-status (#5934)

switch the default value of embedded-status to minimal
the embedded-status flag along with the both and full functionalities are deprecated, and will be removed in v0.45.

• 🔨 Correct required v.s. optional fields in run status (#5819)

Remove optional tag for startTime and completionTime in TaskRun/PipelineRun status, and add option tag for provenance field in TaskRun/PipelineRun status.

• 🔨 Fully remove kubeconfigwriter image (#6018)
• 🔨 Add sidecarlogresults to images in release pipeline (#5912)

Docs

• 📖 Update releases.md for v0.43 patch releases (#5982)
• 📖 [docs] Added go-licenses to development setup. (#5929)
• 📖 Update releases for v0.43.0 (#5917)

Thanks

Thanks to these contributors who contributed to v0.44.0!

• ❤️ @AlanGreene
• ❤️ @JeromeJu
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @bendory
• ❤️ @chengjoey
• ❤️ @chuangw6
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @jerop
• ❤️ @kmjayadeep
• ❤️ @lbernick
• ❤️ @my-git9
• ❤️ @pritidesai
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @XinruZhang
• 😍 @Yongxuanzhang
• 😍 @chuangw6
• 😍 @kmjayadeep
• 😍 @pritidesai

-Docs @ v0.43.2
-Examples @ v0.43.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ac03a9e9a1de2842d68ade2674937db60c0150c990bf5e0347dec1edcad393407

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ac03a9e9a1de2842d68ade2674937db60c0150c990bf5e0347dec1edcad393407
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.2/release.yaml
REKOR_UUID=24296fb24b8ad77ac03a9e9a1de2842d68ade2674937db60c0150c990bf5e0347dec1edcad393407

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.43.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.43.x] Fix embedded-status conversion for PipelineRuns (#5974)

Update PipelineRun conversion between API versions to account for embedded-status feature flag

Thanks

Thanks to these contributors who contributed to v0.43.2!

• ❤️ @lbernick

Extra shout-out for awesome release notes:

• 😍 @lbernick

-Docs @ v0.43.1
-Examples @ v0.43.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aafc26483b3dd67610086643ab88bb7166bfd137136fbdf182dc3bc8d76987194

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aafc26483b3dd67610086643ab88bb7166bfd137136fbdf182dc3bc8d76987194
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.1/release.yaml
REKOR_UUID=24296fb24b8ad77aafc26483b3dd67610086643ab88bb7166bfd137136fbdf182dc3bc8d76987194

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.43.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.43.x] Register informers for v1 TaskRun and PipelineRun (#5948)

bug fix: register informers for v1 TaskRun and PipelineRun

• 🐛 [release-v0.43.x] ChildReference status helper functions should support both CustomRuns and Runs (#5941)

Status helper functions now properly support both CustomRuns and Runs.

• 🐛 [release-v0.43.x] tekton: fix KO_CONFIG_PATH on release pipeline (#5958)

Windows support.

Misc

• 🔨 [release-v0.43.x] Use the golangci-lint configured in Makefile in build tests (#5951)

Thanks

Thanks to these contributors who contributed to v0.43.1!

• ❤️ @vdemeester
• ❤️ @abayer
• ❤️ @lbernick

Extra shout-out for awesome release notes:

• 😍 @vdemeester
• 😍 @abayer
• 😍 @lbernick

🎉 Larger Results, Custom Tasks Beta, V1 CRDs, Improved Retries, and Environment Variables in PodTemplate 🎉

-Docs @ v0.43.0
-Examples @ v0.43.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ab5c2fccf5d8344332332d06ae5cc99d8daa86744b122e3a4a875b8842315d884

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ab5c2fccf5d8344332332d06ae5cc99d8daa86744b122e3a4a875b8842315d884
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.0/release.yaml
REKOR_UUID=24296fb24b8ad77ab5c2fccf5d8344332332d06ae5cc99d8daa86744b122e3a4a875b8842315d884

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.43.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0127-: Larger results using sidecar logs - Always enforce ReservedSidecarName validation (#5877)
  Always enforce ReservedSidecarName validation check regardless of what the results-from feature flag is set to.

• ✨ TEP-0114: Enable Custom Tasks in Pipelines by Default (#5858)
  Custom Tasks in Pipelines are enabled by default. To disable, set enable-custom-tasks feature flag "false".

• ✨ TEP-0121: Adds a new field for TaskRun (#5842)
  API change: new Retries field in v1beta1.TaskRun and v1.TaskRun.

• ✨ TEP-0127: Larger results using sidecar logs - parsing sidecar logs to extract results (#5840)
  Parsing sidecar logs to extract results into the task run CRD.

• ✨ TEP-0127: make stdout and stderror paths readable (#5838)
  Make stdout and stderr files readable by all.

• ✨ TEP-0127: Larger results using sidecar logs - entrypoint, sidecar binary and injecting results sidecar (#5834)
  Implemented sidecar binary and entrypoint related changes.

• ✨ TEP-0114: Add support for PipelineRun reconciler to create CustomRuns (#5832)
  Custom task runs created from PipelineRuns can now be v1beta1.CustomRuns instead of v1alpha1.Runs, if the "custom-task-version" feature flag is set to "v1beta1", instead of the default "v1alpha1". Note that custom task controllers would need to be updated to listen for *v1beta1.CustomRun instead of *v1alpha1.Run in order to respond to v1beta1.CustomRuns.

• ✨ TEP-0127: Larger results using sidecar logs - feature flags and cluster-roles (#5828)
  Implemented feature flags to enable larger results using sidecar logs.

• ✨ [TEP-0091] Add VerificationPolicy types to configure public keys (#5714)
  VerificationPolicy is added as a v1alpha1 type to enable users to config public keys for trusted resources.
  Please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md for more details

• ✨ TEP-0101 PodTemplate should support environment variables. (#5699)
  PodTemplate can be used to update environment variables globally as well as PipelineRun and TaskRun level.
  Added new configuration option default-forbidden-env to disallow specified environment variables from being updated via podTemplate.

• ✨ TEP-0127: Larger results using sidecar logs: Validation, documentation and examples (#5695)
  Admission webhook validation to ensure that the reserved sidecar name is not used by the user, user documentation and larger results TaskRun and PipelineRun examples.

• ✨ Add a PipelineRun Example for Creating a Wait CustomRun (#5906)

• ✨ TEP-0121: Retries - Reconciler Implementation (#5844)

• ✨ TEP-0114: Migrate the testing Wait Task to reconcile on v1beta1.CustomRun (#5815)

Fixes

• 🐛 string results that can be parsed as json should not fail (#5814)

  Task can emit string type results that can be parsed as json.

• 🐛 Fix apiVersion assignment in ChildReference Conversion (#5854)

• 🐛 TEP-0121: Modify metrics recorder for TaskRun Retries (#5853)

• 🐛 Add v1 clients for examples_test (#5799)

• 🐛 Add PipelineRunStatus Conversion (#5797)

• 🐛 ref: prompt for specific error fields (#5682)

Misc

• 🔨 TEP-0127: Larger Results via Sidecar Logs - Cleanup (#5843)
  Moved config to enable access to sidecar logs into a different folder.

• 🔨 TEP-0114: Add FilterFuncs for CustomRun (#5822)
  Add FilterFuncs for custom task controllers using CustomRuns

• 🔨 Change all ducktype status to v1 (#5809)
  API changes: swap all duckv1beta1 status to duckv1 status

• 🔨 V1 CRD release (#5579)
  Releases v1 CRD for task, taskrun, pipeline and pipelinerun. Served v1 CRDs are included in this release for users as a preview, and also for users to start preparing for the migration. v1 is served but CLI, Dashboard, Chains etc support won't be available until the following release. v1 will be the official version starting with the next release when it has been released as the storage version.

• 🔨 Fix Wrong Condition Reason When Fails to Stop Sidecars for A Finished TaskRun (#5901)

• 🔨 Sorted linters -- because neatness counts. (#5898)

• 🔨 [pkg/remote] clean up ioutil (#5895)

• 🔨 Enabled the whitespace linter. (#5889)

• 🔨 [pkg/termination] cleanup io/ioutil (#5885)

• 🔨 Replaced deadcode linter with unused linter. (#5881)

• 🔨 [pkg/pullrequest] cleanup ioutil for new go version (#5880)

• 🔨 [pkg/credentials] clean up io/ioutil package (#5879)

• 🔨 [pkg/entrypoint] remove ioutil for new go version (#5878)

• 🔨 Stop Metric Recorder Listing TaskRuns When Records Data (#5876)

• 🔨 Added govet to our Golang linter suite (#5871)

• 🔨 Increases Test Coverage on GetSkippedTasks() (#5856)

• 🔨 Align the naming when referring to a TaskRun in comments in taskrun_types.go (#5847)

• 🔨 Remove return error in GetTaskFunc and GetPipelineFunc (#5826)

• 🔨 Refactor events to decouple k8s event and cloud event (#5817)

• 🔨 Bump github.com/containerd/containerd from 1.6.12 to 1.6.14 (#5908)

• 🔨 Bump github.com/jenkins-x/go-scm from 1.11.35 to 1.12.3 (#5905)

• 🔨 Bump github.com/containerd/containerd from 1.6.10 to 1.6.12 (#5855)

• 🔨 Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#5845)

• 🔨 Bump golang.org/x/oauth2 from 0.2.0 to 0.3.0 (#5839)

• 🔨 Add embedded-status to config-feature-flags.yaml (#5825)

• 🔨 Bump go.uber.org/zap from 1.23.0 to 1.24.0 (#5816)

• 🔨 Add TaskRunStatus Conversion (#5794)

• 🔨 Bump github.com/sigstore/sigstore from 1.4.5 to 1.4.6 (#5792)

• 🔨 Bump google.golang.org/grpc from 1.50.1 to 1.51.0 (#5774)

• 🔨 Skip TestGitResolver_API on other archs (#5713)

• 🔨 [test] clean up io/ioutil package (#5894)

Docs

• 📖 Update releases for v0.42.0 (#5789)
  Update releases file for v0.42.0

• 📖 Fix typo (#5787)
  Fix typo

• 📖 docs: fixing wrong matrix syntax in some places (#5911)

• 📖 Added documentation for local golangci-lint use. (#5900)

• 📖 TEP-0127: Add "Larger Results via Sidecar Logs" to alpha features (#5888)

• 📖 fix errant backtick in TOC link (#5860)

• 📖 TEP-0114: Migration Doc for Custom Task Beta Promotion (#5850)

• 📖 Add TaskRuns and Runs Status migration deprecation fields (#5811)

• 📖 TEP-0114: Clarify that CustomRun is the beta version of Run (#5801)

Thanks

Thanks to these contributors who contributed to v0.43.0!

• ❤️ @HonkingGoose
• ❤️ @JeromeJu
• ❤️ @ScrapCodes
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @bendory
• ❤️ @chitrangpatel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @dlbewley
• ❤️ @jerop
• ❤️ @my-git9
• ❤️ @pritidesai
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @HonkingGoose
• 😍 @JeromeJu
• 😍 @ScrapCodes
• 😍 @XinruZhang
• 😍 @Yongxuanzhang
• 😍 @abayer
• 😍 @chitrangpatel
• 😍 @jerop
• 😍 @pritidesai

🎉 Enforce resource verification, GA policy documented and Custom Task Beta 🎉

-Docs @ v0.42.0
-Examples @ v0.42.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml
REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.42.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Make the webhook port number configurable (#5696)

The port on which the webhook server listens may be configured via the WEBHOOK_PORT environment variable.

• ✨ Set ConfigSource in clusterresolver (#5687)

Set source value for cluster resource to link back its origin i.e. url and checksum.

• ✨ Set ConfigSource in bundleresolver (#5684)

ociresolver captures correct source information about where remote image came from.

• ✨ Feature flag for provenance field in status (#5670)

Added a new boolean feature flag named "enable-provenance-in-status" in feature-flags configmap to enable the provenance field in status to be populated. This field in status aims to record authenticated metadata about how a software artifact was built i.e. the source where remote resource came from.

• ✨ Set ConfigSource in gitresolver (#5664)

Set ConfigSource value for gitresolver to record the source where the remote resource came from.

• ✨ TEP-0114: Reconciler, event, config, webhook support for CustomRuns (#5662)

Reconciler, event, config, and webhook support for CustomRuns

• ✨ [TEP-0091] Add Verification at reconciler (#5581)

Trusted Resource feature enable tekton pipeline to verify the resources resolved from resolver. With trusted resource feature, users can configure public keys in configmap and choose to turn on/off this feature via feature flag resource-verification-mode. This commit enables mount public key files as secrets into Pipeline and used for verification. Taskrun/Pipelinerun that fail the verification will be marked as failed and be stopped from execution if resource-verification-mode is set to enforce

• ✨ Populate the field (#5397)

Populate the TaskRun/PipelineRun's Status.Provenance.ConfigSource field with the value from the remote ResolutionRequest Status.

Note: the feature flag enable-provenance-in-status needs to be set to "true" to enable this provenance field to be populated & available in *Run.Status.

• ✨ Bring Retries and RetriesStatus back (#5765)

Fixes

• 🐛 Add conversion config to ResolutionRequest CRD (#5742)

Properly configures conversion from v1alpha1.ResolutionRequest to v1beta1.ResolutionRequest

• 🐛 fix: the pipelinerun never done due to repeated workspace (#5724)

Check for duplicate workspaces of pipeline task.

• 🐛 Remove logging.request-log-template from resolvers config-observability CM (#5717)

Clean up example configuration in config-observability configmap for tekton-pipelines-resolvers namespace

• 🐛 Fixes default value for enabling resolvers (#5725)
• 🐛 Fix TaskRef and PipelineRef name with Resolver Conversion (#5702)

Misc

• 🔨 TEP-0114 Serve Custom Task Beta (#5780)

Custom Task Beta is available.

• 🔨 Use SchemeGroupVersion for tekton objects in cluster resolver (#5705)

Use v1beta1.SchemeGroupVersion.String() for the APIVersion field in the tekton object retrieved by cluster resolver.

• 🔨 fix cloud event flaky unit tests by adding waitgroup to fakeclient (#5690)

Fix cloud event flacky unit tests by adding EventSender

• 🔨 Add unit tests for bundle resolver (#5704)

Add unit test for bundle resolver

• 🔨 Add GA API policy and describe feature gates (#5634)

Updates API compatibility policy for the V1 api version

• 🔨 main branch's codegen is out of sync. (#5764)
• 🔨 fix knative downstream tests (#5763)
• 🔨 TEP-0114: Stop serving v1beta1.CustomRun until we align on Retries (#5736)
• 🔨 Order methods to appear next to their receiving types (#5733)
• 🔨 [upgrade test] Change to Kind cluster and Unfixed upgrade test release version (#5726)
• 🔨 Remove retriesStatus from CustomRunStatus (#5719)
• 🔨 Add RunReason and CustomRunReason (#5718)
• 🔨 Stop using copy-paste of old git-clone catalog task in examples/tests (#5712)
• 🔨 Bump k8s.io/code-generator from 0.25.2 to 0.25.4 (#5762)
• 🔨 Bump k8s.io/client-go from 0.25.3 to 0.25.4 (#5761)
• 🔨 Bump k8s.io/api from 0.25.3 to 0.25.4 (#5759)
• 🔨 Bump github.com/containerd/containerd from 1.6.9 to 1.6.10 (#5758)
• 🔨 Bump k8s.io/apimachinery from 0.25.3 to 0.25.4 (#5745)
• 🔨 Bump github.com/google/go-containerregistry from 0.12.0 to 0.12.1 (#5743)
• 🔨 Bump golang.org/x/oauth2 from 0.1.0 to 0.2.0 (#5739)
• 🔨 Bump golang.org/x/crypto from 0.1.0 to 0.2.0 (#5738)
• 🔨 Bump go.opencensus.io from 0.23.0 to 0.24.0 (#5731)
• 🔨 Rename v1beta1 clients for test (#5701)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.11.29 to 1.11.35 (#5642)

Docs

• 📖 Update Roadmap with link to project board (#5735)
• 📖 Add finallystarttime to PipelineRun status docs (#5729)
• 📖 Update README and releases for v0.41.0 (#5698)
• 📖 TEP-0114: Custom Task Beta - User Guide (#5677)

Thanks

Thanks to these contributors who contributed to v0.42.0!

• ❤️ @JeromeJu
• ❤️ @ScrapCodes
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @chuangw6
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @imjasonh
• ❤️ @jerop
• ❤️ @lbernick
• ❤️ @sel
• ❤️ @sm43
• ❤️ @urbanikb

Extra shout-out for awesome release notes:

• 😍 @XinruZhang
• 😍 @Yongxuanzhang
• 😍 @abayer
• 😍 @chuangw6
• 😍 @cugykw
• 😍 @dibyom
• 😍 @sel

🎉 First LTS Release, many features promoted to beta and a new Artifact Hub Resolver !🎉

Remote Resolution, Propagated Parameters, CSI and Projected Workspaces promoted to Beta!

-Docs @ v0.41.0
-Examples @ v0.41.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a0f387ec5597ae094fc78efb152ca50f4bc02f99149e5d324261f4fc32d28f92f

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a0f387ec5597ae094fc78efb152ca50f4bc02f99149e5d324261f4fc32d28f92f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0f387ec5597ae094fc78efb152ca50f4bc02f99149e5d324261f4fc32d28f92f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.41.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• Tekton Pipeline v0.41.0 requires Kubernetes version 1.23 or greater.
• Release EOL: Oct 30th, 2023.

Actions Required

• To allow PodSecurityAdmission to take effect, please set PodSecurity flag as Beta in kubernetes 1.23-1.24. See kubernetes feature gates for more information. (#5652)

Deprecation Notices

• 🚨 ClusterTasks are deprecated. Please use the cluster resolver instead. (#5545)

Backwards incompatible changes

• Any resolvers being used other than built-in resolvers will need to be updated to use ResolutionRequest v1beta1 (#5515)
• Starting from this release, Custom Task Runs controllers need to implement the Timeout on their own, PipelineRun reconciler would not set Run.Spec.Status == RunCancelled upon Run timeout. (#5658)

Changes

Features

• ✨ [TEP-0115] Support Artifact Hub in Hub Resolver (#5666)

The Hub Resolver will have a new type field to indicate the type of Hub from where to pull the resource. The default hub type is updated from the Tekton Hub to the Artifact Hub. Please see more details in TEP-0115

• ✨ CSI workspace to Beta (#5628)

CSI workspaces are promoted to beta/stable API

• ✨ Add extra display columns for resource resolution (#5602)

Add more details (start time, end time, owner) in the default view of resource resolutions

• ✨ Propagated Parameters for Finally Tasks (#5593)

Propagated Parameters extended to Finally tasks.

• ✨ Add Provenance field in TaskRun&PipelineRun status (#5580)

Add Provenance field in TaskRun&PipelineRun status that wraps all the information we might need from pipeline side.

It only contains ConfigSource at the moment, but it can be extended to have more subfields in future.

• ✨ Add ConfigSource field in (#5551)

Add provenance-related field in ResolutionRequest.status.

• ✨ Propagated parameters to beta (#5540)

Promote propagated parameters to beta.

• ✨ Remove alpha feature gate from projected workspaces (#5530)

Projected workspaces are promoted to beta/stable API

• ✨ Move remote resolution out of alpha (#5515)

action required: Any resolvers being used other than built-in resolvers will need to be updated to use ResolutionRequest v1beta1. Remote resolution of Pipelines and Tasks promoted to beta, and ResolutionRequest v1beta1 introduced to support array and object parameters for resolvers.

• ✨ resolution/framework : inject the request name in the context (#5678)
• ✨ [TEP-0089] Modify entrypoint to sign the results. (#5676)
• ✨ [TEP-0089] Apis to handle SPIRE signing and verification. (#5647)
• ✨ Propagated Parameters e2e tests (#5599)
• ✨ [TEP-0091] Trusted resources alpha add sigstore packages (#5552)
• ✨ TEP-0114: Tests Wait Custom Task Retries and TimeOut (#5523)

Fixes

• 🐛 Resolve PodSecurityAdmission restrictions on 1.23+ for deprecated PodSecurityPolicy (#5652)

Action required: If using Kubernetes 1.22, set PodSecurity flag to true to enforce a restricted pod security level in Tekton namespaces. See https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features for more information.

• 🐛 Remove webhook validation on delete (#5610)

Bug fix: skip validation of CRDs on deletion

• 🐛 Merge Labels and Annotations instead of override (#5597)

The PipelineRun and TaskRun controller will not override label set by other tools during the reconciler loop, and will merge them instead

• 🐛 Write TaskRun.Status.TaskSpec with replaced spec on every reconcile run (#5576)

Fix TaskRun parameter etc replacement logic to persist in the TaskRun's Status properly

• 🐛 fix 5569 pipelinerun hang on Unknown status due to duplicated task parameters (#5575)

Fix PipelineRun hang on Unknown status when duplicated params are defined in a PipelineTask

• 🐛 Apply replacements to workspace subpath for finally tasks (#5572)

Variable replacement is now properly performed for workspace sub-paths in finally tasks.

• 🐛 Fix taskrun not working with workspace having volumeClaimTemplate (#5559)

Fix taskrun not working with workspace having volumeClaimTemplate

• 🐛 Replace deprecated PodSecurityPolicy with PodSecurityAdmission enforcement (#5536)

action required: To allow PodSecurityAdmission to take effect, please set PodSecurity flag as Beta in 1.23-1.24. See https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features for more information.

• 🐛 Resolve the Flaky Test - TestWaitCustomTask_PipelineRun (#5658)

ACTION REQUIRED: Starting from this release, Custom Task Runs controllers need to implement the Timeout on your own, PipelineRun reconciler would not set Run.Spec.Status == RunCancelled upon Run timeout.

• 🐛 Add Beta feature gate for v1 Projected Workspace (#5640)
• 🐛 Fix paramValue Type for bundle conversion to resolver (#5625)
• 🐛 Fix v1 PipelineRun CRD conversionReviewVersions and conversion typo (#5619)
• 🐛 Revert PSP migration to PSA (#5605)
• 🐛 Fix empty paramValueType conversion (#5506)
• 🐛 Increase timeout for entrypoint waiter tests (#5626)

Misc

• 🔨 Remove minimal-release.yaml and resolvers.yaml (#5671)

Separate resolvers.yaml manifest removed because resolvers are now included in release.yaml

• 🔨 Mark pipelineRef.bundle and taskRef.bundle as deprecated (#5656)

pipelineRef.bundle and taskRef.bundle are deprecated in favor of using the bundles resolver

• 🔨 bump knative.dev/pkg dep to latest (#5643)

Update knative.dev/pkg dependency for support of k8s 1.25.x

• 🔨 tekton: make sure the git workingdir is not dirty… (#5573)

Binary file (standard input) matches

• 🔨 Change image refs: distroless.dev -> cgr.dev/chainguard (#5542)

Images are based on cgr.dev/chainguard/* instead of the exactly equivalent distroless.dev/* image references.

• 🔨 Update ClusterRoles (#5596)

Update aggregate ClusterRoles to include Run resources used for custom tasks and remove references to Condition which was removed in v0.37.0

• 🔨 Deprecate ClusterTasks (#5545)

Action required: ClusterTasks are deprecated. Please use the cluster resolver instead.

• 🔨 TEP-096 - Rename 'resources' to 'computeResources' in v1 taskRun (#5493)

Renames the resources to computeResources of task.spec.steps[].resources, task.spec.stepTemplate.resources, task.spec.sidecars[].resources, taskRun.spec.stepOverrides[].resources, taskrun.spec.sidecarOverrides[].resources. Renames stepOverrides and sidecarOverrides to stepSpecs and sidecarSpecs.

• 🔨 Bump HorizontalPodAutoscaler apiVersion to v2 (#5130)

Webhook HPA uses autoscaling/v2 instead of the deprecated autoscaling/v2beta1. This also brings the minimum kubernetes version to v1.23.0

• 🔨 More places to use kmap.Union to merge maps (#5665)
• 🔨 Use kmap.Union to merge two maps (#5660)
• 🔨 Ensure resource defaulting is always done regardless of ref type. (#5651)
• 🔨 migrate PipelineRun to use YAMLParser Reconciler_TestReconcileTaskResolutionError (#5644)
• 🔨 refactor test Test_storePipelineSpec to use yml parser (#5561)
• 🔨 Refactor ensureConfigurationConfigMapsExist to reduce duplicate code (#5508)
• 🔨 Bump github.com/sigstore/sigstore from 1.4.4 to 1.4.5 (#5686)
• 🔨 Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#5685)
• 🔨 Bump github.com/containerd/containerd from 1.6.8 to 1.6.9 (#5680)
• 🔨 Bump github.com/google/go-containerregistry from 0.11.0 to 0.12.0 (#5674)
• 🔨 fix tekton documentation contributor`s guide link (#5669)
• 🔨 Pin knative/pkg to 1.8 (#5661)
• 🔨 Bump k8s.io/client-go from 0.25.2 to 0.25.3 (#5657)
• 🔨 Bump k8s.io/api from 0.25.2 to 0.25.3 (#5655)
• 🔨 Bump k8s.io/apimachinery from 0.25.2 to 0.25.3 (#5654)
• 🔨 Bump google.golang.org/grpc from 1.50.0 to 1.50.1 (#5648)
• 🔨 preallocate memory (#5638)
• 🔨 Bump github.com/sigstore/sigstore from 1.4.3 to 1.4.4 (#5630)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.4.2 to 1.4.4 (#5618)
• 🔨 Bump github.com/sigstore/sigstore from 1.4.2 to 1.4.3 (#5617)
• 🔨 Bump google.golang.org/grpc from 1.49.0 to 1.50.0 (#5615)
• 🔨 tekton: using golang 1.18.7 on release publish tasks (#5612)
• 🔨 Minor Fix - There's An Error in The Example of Using Resources in Task (#5609)
• 🔨 Add git-resolver/PipelineTask example to tests (#5604)
• 🔨 tekton: do not fail on git status -s (#5587)
• 🔨 V1: sync v1beta1 changes for pipeline CRDs (#5578)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.11.19 to 1.11.29 (#5577)
• 🔨 OWNERS: move dlorenc to alumni (#5547)
• 🔨 Update ko to v0.12.0 (#5539)
• 🔨 Bump github.com/cloudevents/sdk-go/v2 from 2.11.0 to 2.12.0 (#5535)
• 🔨 Add the ability to mock more SCM data for git resolver tests (#5531)
• 🔨 Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#5519)
• 🔨 Bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 (#5518)
• 🔨 Bump google.golang.org/grpc from 1.46.0 to 1.49.0 (#5517)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.3.1 to 1.4.2 (#5516)
• 🔨 Add "beta" value to enable-api-fields (#5325)
• 🔨 fix PR template (#5308)

Docs

• 📖 Add missing links in releases.md (#5624)
• 📖 Refactor developer documentation (#5622)
• 📖 Clarify API policy for CustomRuns (#5621)
• 📖 Fix kind value type in bundle-resolver docs (#5614)
• 📖 Simplify and consolidate release specific docs (#5608)
• 📖 Fix Hub Resolver doc typo (#5598)
• 📖 Add contacts for security in topical ownership (#5589)
• 📖 Add release documentation for Pipeline (#5586)
• 📖 Add the openssf badge to the main README (#5570)
• 📖 Update how-to-write-a-resolver doc (#5544)
• 📖 Fix gcloud config syntax for e2e test setup (#5543)
• 📖 README.md: update with latest release (v0.40.0) (#5526)
• 📖 Update API spec doc to reflect the new fields introduced from TEP75&76 (#5511)
• 📖 Update alpha features table (#5510)
• 📖 Add developer documentation on k8s controllers (#5503)

Thanks

Thanks to these contributors who contributed to v0.41.0!

• ❤️ @0xFelix
• ❤️ @AlanGreene
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @chengjoey
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @dependabot[bot]
• ❤️ @florianl
• ❤️ @imjasonh
• ❤️ @jagathprakash
• ❤️ @k4leung4
• ❤️ @khrm
• ❤️ @lbernick
• ❤️ @lcarva
• ❤️ @my-git9
• ❤️ @piyush-garg
• ❤️ @pritidesai
• ❤️ @vdemeester
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @0xFelix
• 😍 @AlanGreene
• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @XinruZhang
• 😍 @abayer
• 😍 @afrittoli
• 😍 @chengjoey
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @imjasonh
• 😍 @k4leung4
• 😍 @lbernick
• 😍 @piyush-garg
• 😍 @vdemeester

Many thanks to 🐱 purr programmer Gigi too!

Gigi says "congratulation on the graduation, Tekton!"

-Docs @ v0.40.2
-Examples @ v0.40.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a2573afa5bfbd4582c0eb8c844009ee685a7e9abf6ae42b4d00b20c7485096315

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a2573afa5bfbd4582c0eb8c844009ee685a7e9abf6ae42b4d00b20c7485096315
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.2/release.yaml
REKOR_UUID=24296fb24b8ad77a2573afa5bfbd4582c0eb8c844009ee685a7e9abf6ae42b4d00b20c7485096315

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.40.x] Write TaskRun.Status.TaskSpec with replaced spec on every reconcile run (#5584)

ix TaskRun parameter etc replacement logic to persist in the TaskRun's Status properly

Misc

• 🔨 [release-v0.40.x] tekton: make sure the git workingdir is not dirty… (#5583)

ix the -dirty suffix in pipeline.tekton.dev/release annotation

• 🔨 [release-v0.40.x] Update ko to v0.12.0 (#5567)

Docs

Thanks

Thanks to these contributors who contributed to v0.40.2!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

-Docs @ v0.40.1
-Examples @ v0.40.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.1/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f432643c8fc44b910556818f9aac401493abdd08da44a05e8c0c10a7122ef17aaf447

Obtain the attestation:

REKOR_UUID=362f8ecba72f432643c8fc44b910556818f9aac401493abdd08da44a05e8c0c10a7122ef17aaf447
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.1/release.yaml
REKOR_UUID=362f8ecba72f432643c8fc44b910556818f9aac401493abdd08da44a05e8c0c10a7122ef17aaf447

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.40.x] Fix taskrun not working with workspace having volumeClaimTemplate (#5562)

ix taskrun not working with workspace having volumeClaimTemplate

• 🐛 [release-v0.40.x] Fix empty paramValueType conversion (#5513)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.40.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

-Docs @ v0.38.4
-Examples @ v0.38.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.4/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326fa5b24a3cce6792d794726e3efd6e3c151eaa96ef7dfdc1ccf8ffc2230201d18

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326fa5b24a3cce6792d794726e3efd6e3c151eaa96ef7dfdc1ccf8ffc2230201d18
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.4/release.yaml
REKOR_UUID=362f8ecba72f4326fa5b24a3cce6792d794726e3efd6e3c151eaa96ef7dfdc1ccf8ffc2230201d18

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.38.x] de-dupe order and resource dependencies (#5483)

De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.

• 🐛 [release-v0.38.x] Improve DAG validation for pipelines with hundreds of tasks (#5431)

Fixes https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)

Misc

• 🔨 [release-v0.38.x] Fix TestYamls for change in ko create (#5439)

Docs

Thanks

Thanks to these contributors who contributed to v0.38.4!

• ❤️ @abayer
• ❤️ @pritidesai
• ❤️ @rafalbigaj

Extra shout-out for awesome release notes:

• 😍 @pritidesai
• 😍 @rafalbigaj

-Docs @ v0.37.5
-Examples @ v0.37.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.5/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43263b14ba88ed3003f2038017cca2b180c14ad3e3263321a6a92ea4977c465b526d

Obtain the attestation:

REKOR_UUID=362f8ecba72f43263b14ba88ed3003f2038017cca2b180c14ad3e3263321a6a92ea4977c465b526d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.5/release.yaml
REKOR_UUID=362f8ecba72f43263b14ba88ed3003f2038017cca2b180c14ad3e3263321a6a92ea4977c465b526d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.37.x] de-dupe order and resource dependencies (#5482)

De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.

• 🐛 [release-v0.37.x] Improve DAG validation for pipelines with hundreds of tasks (#5430)

Fixes https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)

• 🐛 [release-v0.37.x] Fix the issue with empty array replacement (#5394)

After the replacement with an empty array, the original array will be empty.

Example:

params:
  - name: myarray
     value: "$(params.anEmptyArray[*])"

Misc

• 🔨 [release-v0.37.x] Fix TestYamls for change in ko create (#5438)

Docs

Thanks

Thanks to these contributors who contributed to v0.37.5!

• ❤️ @rafalbigaj
• ❤️ @abayer
• ❤️ @pritidesai
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @rafalbigaj
• 😍 @pritidesai
• 😍 @vdemeester

-Docs @ v0.36.1
-Examples @ v0.36.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.1/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326ba7c696af10c9c634aa17d43f9ffc6e7c877d332b0e0f634434f09904b654e8c

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326ba7c696af10c9c634aa17d43f9ffc6e7c877d332b0e0f634434f09904b654e8c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.1/release.yaml
REKOR_UUID=362f8ecba72f4326ba7c696af10c9c634aa17d43f9ffc6e7c877d332b0e0f634434f09904b654e8c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.36.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.36.x] de-dupe order and resource dependencies (#5479)

De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.

• 🐛 [release-v0.36.x] Improve DAG validation for pipelines with hundreds of tasks (#5461)

bug fixes:

• https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)

• 🐛 [release-v0.36.x] Fix the issue with empty array replacement (#5442)

After the replacement with an empty array, the original array will be empty.
Example:

params:
  - name: myarray
     value: "$(params.anEmptyArray[*])"

• 🐛 [0.36: cherry-pick] cmd/entrypoint: do not interpret anything after (#5096)

Binary file (standard input) matches

• 🐛 Relax result type validation to avoid nightly build failure (#5068)

Relax the validation of result type: allow for no type specified to support resources created before result types were introduced.

Misc

• 🔨 [release-v0.36.x] Fix TestYamls for change in ko create (#5445)
• 🔨 [0.36: cherry-pick] Fix TestTaskRunRetry for k8s 1.22.9 and later (#5148)

Docs

Thanks

Thanks to these contributors who contributed to v0.36.1!

• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @pritidesai
• ❤️ @rafalbigaj
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @afrittoli
• 😍 @pritidesai
• 😍 @rafalbigaj
• 😍 @vdemeester

🎉 Remote resolution integrated in tektoncd/pipeline with built-in resolvers, Object params and workspace propagation 🎉

-Docs @ v0.40.0
-Examples @ v0.40.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277

Obtain the attestation:

REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml
REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-119 - Add TaskRun Template in v1 PipelineRun (#5491)

Add pipelineRun.spec.pipelineTaskRunTemplate with serviceAccountName and podTemplate.

• ✨ TEP-0111 - Propagating workspaces in pipelinerun (#5463)

Workspaces are propagated in embedded specifications of pipelinerun without mutations.

• ✨ Add support for git remote resolution using provider APIs with an API token (#5450)

Adds new behavior to the git remote resolver to fetch Tasks and Pipelines from GitHub, Gitlab, BitBucket via their APIs using API tokens.

• ✨ TEP-0075: More flexible ways to provide values for object param keys (#5427)

More flexible ways to provide values for object param keys: a subset of keys can be provided from default, and the rest is provided at runtime.

• ✨ Add cluster remote resolver (#5405)

Add a cluster resolver for referencing Pipeline and Task resources in other namespaces

• ✨ Add resolvers deployment, with release and e2e integration (#5395)

action required: The separate Resolutions project has been folded into Pipeline. If currently using Resolution, remove the tekton-remote-resolution namespace before upgrading and installing the new "resolvers.yaml".

• ✨ TEP-0118: matrix: add field (#5383)

action required: matrixed params must be moved under matrix.params

• ✨ Propagating object params (#5371)

Propagating object params

• ✨ Merge affinity from podtemplate and affinity-assistant (#5306)

If the user provide affinity in podtemplate it will merge with affinity-assistant's affinity

action required: Need to check podtemplate make sure the change will not cause unexpected behaviour

• ✨ Add types and client for Resolution (#5200)

action required: Remote resolver resource field has changed to params.

• ✨ TEP-0111 - Propagating workspaces in taskruns (#5081)

Workspaces are propagated in embedded specifications without mutations.

• ✨ Add ResolutionRequest v1beta1, without serving yet (#5495)
• ✨ Avoid Duplicate Reconcile Logic in Testing Wait Custom Run Controller (#5462)
• ✨ Move the remote resolvers deployment to a separate namespace (#5436)
• ✨ TEP-0114: Implements Retries in The Testing Wait Custom Task (#5435)
• ✨ TEP-0114: Added CustomRun references and specifications to v1beta1 (#5403)
• ✨ Add combined remote resolvers binary (#5391)
• ✨ TEP-0114: Timeout the Testing Wait Custom Task (#5389)
• ✨ Support parameter substitution for resolver params (#5387)
• ✨ Add ResolutionRequest to webhook and controller, add resolution docs (#5385)
• ✨ Move Resolution bundle, git, and hub resolver pkgs over (#5384)
• ✨ Move over the resolver framework from Resolution. (#5380)
• ✨ Add baseimage for windows 1809 to support AKS (#5361)
• ✨ TEP-0114: Tests Wait Custom Task without CRD in PipelineRun (#5356)
• ✨ TEP-0114: Custom Task E2E Test with A Controller Installed (#5332)

Backwards incompatible changes

In current release:

• 🚨 Switch PipelineRun timeout -> TaskRun logic to instead signal the TaskRuns to stop (#5134)

Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.
Previously, the timeout of a TaskRun would be calculated from the time remaining in a PipelineRun's timeouts.tasks. Now, it is set
to the default timeout (unless otherwise specified in pipeline.spec.tasks[].timeout), and the PipelineRun controller will cancel
TaskRuns after timeouts.tasks has elapsed. If timeouts.tasks is greater than the default timeout, tasks will time out at the default timeout instead of when they previously timed out.

[Detailed change description] (#Number).

[Fill list here]

Fixes

• 🐛 fix regexp for ssh (#5496)

Fix regexp for ssh.

• 🐛 Allow user to specify only tasks or finally timeout (#5460)

Bug fix: allow specifying only timeouts.tasks or timeouts.finally

• 🐛 de-dupe order and resource dependencies (#5446)

De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.

• 🐛 Improve DAG validation for pipelines with hundreds of tasks (#5421)

bug fixes:

• https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)

• 🐛 Fix docs and remove redundant code for LimitRanges (#5351)

[Bug fix] Clarify limitrange documentation and remove functionality that's provided by k8s anyway

• 🐛 Fail validation for PipelineRun params with results in value (#5350)

PipelineRuns will now fail validation for duplicate parameter names or task result references in parameter values

• 🐛 Fix for ResourceQuotaConflictError (#5252)

Tekton will retry the creation of the Pod if it fails due to a conflict and results in ResourceQuotaConflictError while updating a ResourceQuota.

• 🐛 Switch PipelineRun timeout -> TaskRun logic to instead signal the TaskRuns to stop (#5134)

Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.

• 🐛 Fix the value for APISecretNamespaceKey (#5492)
• 🐛 Replace $(context...) values in resolver parameters (#5476)
• 🐛 Restore results dependencies in v1 Pipeline (#5424)
• 🐛 Metrics: Nil Derefence when TR/PR not found (#5388)
• 🐛 Fix taskrun_validation_test Version (#5386)
• 🐛 Check and/or add to sent cloud event cache in one operation (#5313)

Misc

• 🔨 petite DAG - introduce key to identify node instead of holding a (#5468)

Replace holding a Task in dag.Node with a unique string identifier.

• 🔨 hardening - params and when expressions (#5465)

Hardening looksLikeResultRef to only report a valid result references, "tasks..results." and "tasks..results..". Any other invalid look-a-like-result-references are treated as constants.

• 🔨 Log namespaces left in place after e2e testing. (#5370)

e2e tests log when a namespace is not deleted at test completion.

• 🔨 chore: change ghcr.io/distroless/* to distroless.dev/* (#5341)

Images are based on distroless.dev/* instead of the (equivalent) ghcr.io/distroless/* -- no effective behavior change

• 🔨 Adding template for a promotion request (#5486)

Developers - Please file a promotion request using this new template.

• 🔨 readable error message - double quote an invalid value in (#5425)

Updating error message - when step.onError is set to an invalid value, the error message now double quotes that value to easily spot it.

• 🔨 Add more unit tests for using non-exist key of an object in task step (#5411)

Add more unit tests to cover the case where non-exist individual keys of an object are used in task step.

• 🔨 Revert "Add baseimage for windows 1809" (#5502)
• 🔨 Improve DAG validation - v1beta1 tests (#5434)
• 🔨 Bump github.com/emicklei/go-restful from v2.15.0+incompatible to v2.16.0+incompatible (#5422)
• 🔨 Updated clock to use k8s.io/utils/clock (#5413)
• 🔨 test: use T.Setenv to set env vars in tests (#5398)
• 🔨 Get rid 'pipelienrun' (#5382)
• 🔨 Move bespoke functionality out of TaskRun API (#5377)
• 🔨 Remove @sbwsg -- account deleted. (#5367)
• 🔨 Fail linting if k8s.io/apimachinery/pkg/util/clock is imported (#5498)
• 🔨 Update location of clock (#5494)
• 🔨 Bump code.gitea.io/sdk/gitea from 0.14.0 to 0.15.1 (#5488)
• 🔨 V1: add conversion for PipelineRunSpec.PipelineRef.Bundle (#5477)
• 🔨 Remove a stray println from resolvers main (#5469)
• 🔨 Bump codeql-action to v2 (#5467)
• 🔨 Add V1 version of PipelineRun CRD (#5464)
• 🔨 Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#5458)
• 🔨 Add examples for some resolvers (#5451)
• 🔨 Switch remaining clock references to k8s.io/utils/clock (#5448)
• 🔨 Add successful git resolver e2e test (#5428)
• 🔨 Add conversion for v1 PipelineRun (#5426)
• 🔨 Add docs/pipeline-api.md.backup to .gitignore (#5418)
• 🔨 git-resolver.md should refer to default-revision, not default-branch (#5410)
• 🔨 Fix TestYamls for change in ko create (#5396)
• 🔨 V1: Add conversion for TaskRunSpec.TaskRef.Bundle (#5381)
• 🔨 Add V1 version of TaskRun CRD (#5379)
• 🔨 V1: Add conversion for TaskRun.Resources (#5378)
• 🔨 Move over Resolution's reconciler-related code, update existing code to point to it (#5372)
• 🔨 Bump go.uber.org/zap from 1.22.0 to 1.23.0 (#5368)
• 🔨 knative/pkg: bump to release-1.7. (#5360)
• 🔨 Add CSI and Projected Workspace to V1 (#5354)
• 🔨 Add V1 version of Pipeline CRD (#5349)
• 🔨 Update go.mod to go 1.18 (#5338)
• 🔨 V1: Add conversion for Pipeline.Resources (#5331)
• 🔨 Add V1 PipelineRun Golang struct (#5324)
• 🔨 Bump github.com/containerd/containerd from 1.5.13 to 1.6.8 (#5285)
• 🔨 Add conversion for v1 TaskRun (#5274)
• 🔨 Add V1 TaskRun Golang structs (#5264)
• 🔨 Clarify error message for verify-codegen.sh (#5256)

Docs

• 📖 Move and update v1beta1 to v1 migration doc from Indexed (#5466)

The document has been added that describes the changes needed when migrating from v1beta1 to v1.

• 📖 Doc about migrating from v1beta1 to v1 (#5415)

The document has been added that describes the changes needed when migrating from v1beta1 to v1.

• 📖 updating readme with the last two releases (#5347)

Updating README to include last two releases details - 0.39 and 0.38.3.

• 📖 Update releases in deprecations table (#5473)
• 📖 Fix alpha features and alpha release links for remote resolution (#5472)
• 📖 Describe Runtime Envs of E2E Tests (#5449)
• 📖 Update docs for testing and enabling alpha features (#5437)
• 📖 Add the enable-*-resolver flags to the Pipeline controller customization docs (#5419)
• 📖 Add instructions for enabling alpha features (#5406)
• 📖 Update the release cheatsheet to include release resources (#5366)

Thanks

Thanks to these contributors who contributed to v0.40.0!

• ❤️ @Jefftree
• ❤️ @JeromeJu
• ❤️ @Juneezee
• ❤️ @SaschaSchwarze0
• ❤️ @Transmitt0r
• ❤️ @XinruZhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @bendory
• ❤️ @chengjoey
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @cleverhu
• ❤️ @dependabot[bot]
• ❤️ @imjasonh
• ❤️ @khrm
• ❤️ @lbernick
• ❤️ @perithompson
• ❤️ @pritidesai
• ❤️ @rafalbigaj
• ❤️ @vdemeester
• ❤️ @vsinghai
• ❤️ @xchapter7x
• ❤️ @yachna
• ❤️ @yuzp1996

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @abayer
• 😍 @bendory
• 😍 @chengjoey
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @cleverhu
• 😍 @imjasonh
• 😍 @lbernick
• 😍 @pritidesai
• 😍 @rafalbigaj
• 😍 @yachna
• 😍 @yuzp1996

🎉 Parameterize onError, finally task results in pipeline results, and many more 🎉

-Docs @ v0.39.0
-Examples @ v0.39.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.39.0/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43268e217c4700290e118237bd958b73e4b539da850cfacd12ff6719e20dcde99540

Obtain the attestation:

REKOR_UUID=362f8ecba72f43268e217c4700290e118237bd958b73e4b539da850cfacd12ff6719e20dcde99540
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.39.0/release.yaml
REKOR_UUID=362f8ecba72f43268e217c4700290e118237bd958b73e4b539da850cfacd12ff6719e20dcde99540

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.39.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ build entrypoint image for Windows ltsc2019 and ltsc2022 (#5333)

Tekton support for Windows includes support for ltsc2019 in addition to ltsc2022

• ✨ support parameterization in onError (#5307)

Support variables in steps[].onError, for example, $(params.CONTINUE)

• ✨ Make pipeline cancel robust to missing resources (#5288)

A PipelineRun can be cancelled even if some of its owned resources have been deleted.

• ✨ Add TopologySpreadConstraints in PodTemplate (#5204)

Added TopologySpreadConstraints in PodTemplate to enable spread Pods across clusters among topology domains.

• ✨ TEP-0116: Referencing Finally Task Results in Pipeline Results (#5170)

Allow users to use results from finally in PipelineResults using $(finally.<pipelinetask-name>.results.<result-name>)

• ✨ [TEP-0075]Add more setdefaults features for taskresults (#5142)

taskresults is inferred as object if Properties is set, and Properties's value by default is string

• ✨ [TEP-0104] Populate Task-level Resource Requirements from PipelineRun to TaskRun (#5212)

• ✨ Add validation for results object properties types (#5169)

• ✨ [TEP-0104] Update Pod with Task-level Resource Requirements (#5082)

Deprecation Notices

• 🚨 Rename ArrayOrString to ParamValues (#5304)

Rename ArrayOrString to ParamValues, NewArrayOrString to NewStructuredValues

This deprecation notice is applicable to the projects such CLI, Dashboard, Chains, etc which are dependent on the go types defined in the Pipeline.

Fixes

• 🐛 TEP-0090: Matrix - Retries (#5305)

Each retry for each matrixed TaskRun is completed before it is reattempted; failure in one matrixed TaskRun no longer affects retries for other matrixed TaskRuns from the same PipelineTask.

• 🐛 Move validation from to when propagating parameters (#5291)

Move parameter validation from pipelinespec to pipelinerunspec when propagating parameters

• 🐛 Add a status_msg field to fix issue 5150. (#5224)

Users can now differentiate if a TaskRun was cancelled by the user or by cancellation of a PipelineRun of which the TaskRun was a part of, by looking at the TaskRun's spec.StatusMessage field.

• 🐛 Fix the Tekton controller panic for Metrics (#5166)

Fix the Tekton controller panic for Metrics.

• 🐛 Move parameter validation from to when propagating parameters (#5143)

Move parameter validation from taskspec to taskrunspec when propagating parameters

• 🐛 Make update-reference-docs.sh OSX compatible. (#5326)
• 🐛 Uncomment tests in v1 task_validation_test.go (#5323)
• 🐛 Modified test to allow for validation (#5284)
• 🐛 Skip validation for deletion of v1 task (#5231)
• 🐛 Fail taskrun when results validation fails (#5198)
• 🐛 Fix ApplyTaskResultsToPipelineResults missing object validation (#5167)
• 🐛 Implement stderr/stdout copying with exec pipes. (#5261)
• 🐛 Bump TestSidecarTaskSupport test timeout to 2m. (#5260)

Misc

• 🔨 Convert Step OnError from string to OnErrorType type (#5322)

Convert step.OnError from string to type: OnErrorType

• 🔨 Determine changeset from build information (#5311)

Version informaiton added to workload labels is determined from information embedded by Go, instead of relying on symlinks to Git information in our build process.

• 🔨 Rename ArrayOrString to ParamValues (#5304)

Rename ArrayOrString to ParamValues, NewArrayOrString to NewStructuredValues

• 🔨 [TEP-0075] Add variable usage and links to examples in docs (#5222)

Update docs

• 🔨 Do not validate anything on delete ✂ (#5210)

Do not try to convert object on deletion, and do not validate names on deletion as well.

• 🔨 TEP-0075: Add a pipeline run example with both object param and result (#5197)

Add a pipeline run example with both object param and result

• 🔨 Bump knative/pkg to release-1.6 (#4928)

Bump knative/pkg dependency to 1.15.
action required: this will bring up the minimum version for Kubernetes to 1.22

• 🔨 Move pod template to pod package (#5329)
• 🔨 Move version validation tests into separate package (#5319)
• 🔨 Reformat CustomTask within Test (#5314)
• 🔨 Refactor compute resources compare functions (#5257)
• 🔨 Bump github.com/cloudevents/sdk-go/v2 from 2.10.1 to 2.11.0 (#5321)
• 🔨 Test feature flags (#5312)
• 🔨 Bump golangci-lint to v1.47.2 to support Go 1.18.x (#5310)
• 🔨 Fix typo in tekton/publish.yaml (#5301)
• 🔨 Bump go.uber.org/zap from 1.21.0 to 1.22.0 (#5293)
• 🔨 Add tests for limitrange transformer (#5279)
• 🔨 Fix task conversion test typo (#5277)
• 🔨 Fix a typo in 5080-entrypoint-init-regression.yaml (#5276)
• 🔨 Fix conversion related typos (#5272)
• 🔨 Add conversion for v1 Pipeline (#5258)
• 🔨 V1: Add conversion for Task.Resources (#5253)
• 🔨 TEP-0115: Update Git Resolver example to use revision and pathInRepo fields (#5238)
• 🔨 Make sure that OpenAPI rules violations errors show up in Prow build logs (#5237)
• 🔨 Add V1 version to Task CRD (#5234)
• 🔨 Rename tests in TestPipelineTaskList_Deps (#5228)
• 🔨 Add V1 Pipeline Golang structs (#5219)
• 🔨 Bump go-scm to 1.11.19 (#5213)
• 🔨 Bump containerd to 1.5.13 (#5209)
• 🔨 Update docs with matrix csi workspace release number (#5207)
• 🔨 Add conversion for v1 Task (#5202)

Docs

• 📖 Results Lifecycle (#5070)

Documenting the results lifecycle.

• 📖 Update a few missing versions in the README (#5299)
• 📖 Updates Default Fields When Creating a GKE Cluster (#5273)
• 📖 Docs: Updated installation customizations link (#5244)
• 📖 Add instructions for creating a new API version (#5235)
• 📖 Remove not supported results and params variables doc (#5227)
• 📖 Add Tep 75&76 to install doc (#5216)
• 📖 Add v0.38.0, v0.37.1, and v0.37.2 to README (#5206)
• 📖 Update release cheat sheet (#5205)
• 📖 Make container docs more tailored to Tekton (#5124)

Thanks

Thanks to these contributors who contributed to v0.39.0!

• ❤️ @JeromeJu
• ❤️ @PrajwalBorkar
• ❤️ @QuanZhang-William
• ❤️ @XinruZhang
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @austinzhao-go
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @dependabot[bot]
• ❤️ @imjasonh
• ❤️ @jagathprakash
• ❤️ @jerop
• ❤️ @khrm
• ❤️ @lbernick
• ❤️ @pritidesai
• ❤️ @seongpyoHong
• ❤️ @vdemeester
• ❤️ @vsinghai
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @afrittoli
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @imjasonh
• 😍 @jagathprakash
• 😍 @jerop
• 😍 @khrm
• 😍 @pritidesai
• 😍 @seongpyoHong
• 😍 @vdemeester
• 😍 @vsinghai

-Docs @ v0.38.3
-Examples @ v0.38.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.3/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326a418baaecb593233a0d4ac99b5f9657b66533bd25da323933e8994b6d424c6f1

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326a418baaecb593233a0d4ac99b5f9657b66533bd25da323933e8994b6d424c6f1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.3/release.yaml
REKOR_UUID=362f8ecba72f4326a418baaecb593233a0d4ac99b5f9657b66533bd25da323933e8994b6d424c6f1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 Unscheduled Runs shouldn't be included in full status (#5296)

Fix cancellation of PipelineRuns with unscheduled custom tasks.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.38.3!

• ❤️ @abayer
• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @abayer
• 😍 @afrittoli

-Docs @ v0.37.4
-Examples @ v0.37.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.4/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326045502405ac43703acea4ee07f7e2bee7fc0892a3fe86e71f19eb7434dfbcf40

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326045502405ac43703acea4ee07f7e2bee7fc0892a3fe86e71f19eb7434dfbcf40
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.4/release.yaml
REKOR_UUID=362f8ecba72f4326045502405ac43703acea4ee07f7e2bee7fc0892a3fe86e71f19eb7434dfbcf40

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 v0.37.x: Unscheduled Runs shouldn't be included in full status (#5295)

Fix cancellation of PipelineRuns with unscheduled custom tasks.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.4!

• ❤️ @abayer

Extra shout-out for awesome release notes:

• 😍 @abayer

-Docs @ v0.38.2
-Examples @ v0.38.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.2/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.2/release.yaml
REKOR_UUID=362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [0.38: cherry-pick] Use step.ImageID instead of looking into status.TaskSpec (#5246)

Do not panic on ImagePullBackOff in case of status being not fully populated yet

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.38.2!

• ❤️ @piyush-garg

Extra shout-out for awesome release notes:

• 😍 @piyush-garg

-Docs @ v0.37.3
-Examples @ v0.37.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.3/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.3/release.yaml
REKOR_UUID=362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [0.37: cherry-pick] Use step.ImageID instead of looking into status.TaskSpec (#5245)

Do not panic on ImagePullBackOff in case of status being not fully populated yet

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.3!

• ❤️ @piyush-garg

Extra shout-out for awesome release notes:

• 😍 @piyush-garg

-Docs @ v0.38.1
-Examples @ v0.38.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.1/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4

Obtain the attestation:

REKOR_UUID=362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.1/release.yaml
REKOR_UUID=362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [cherry-pick: v0.38] Do not serve v1alpha1 for CRDs that do not exists anymore (#5220)

Do not serve removed object from v1alpha1 (Task, ClusterTask, Pipeline, TaskRun and PipelineRun)

• 🐛 [cherry-pick: v0.38] Add SetDefaults for pipelineSpec in reconciler (#5217)

Fix an issue with parameters without types specified in pre-existing Pipelines and Tasks.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.38.1!

• ❤️ @abayer

Extra shout-out for awesome release notes:

• 😍 @abayer

-Docs @ v0.38.0
-Examples @ v0.38.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.0/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885

Obtain the attestation:

REKOR_UUID=362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.0/release.yaml
REKOR_UUID=362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• Action required: v1alpha1 versions of Task, ClusterTask, TaskRun, Pipeline, and PipelineRun have been removed. Please use v1beta1 versions of these CRDs instead.

Changes

Features

• ✨ [TEP-0075] Object Params and Results

  • [TEP-0075]Pipeline results support object (#5088)
    Support object results and object element reference for pipeline level as an alpha feature.
    A pipeline can specify a type to create object result, and the task script can populate result in an array form. The pipeline results can refer to task results to collect them.
  • [TEP-0075] Support Object Results substitution (#5083)
    Support object results substitution as an alpha feature.
    A task can specify a type to produce array result, and the task script can populate result in an object form. We can refer to the object results in params.
  • TEP-0075: Implement object var replacement on task&taskrun level (#4904)
    Added implementation for object variables replacement on task/taskrun level where only individual object keys can be referenced in the format of $(params.<param_name>.<key_name>)
    Users need to enabled alpha feature flag to have this pr's change applied.

• ✨ [TEP-0076] Array Params and Results

  • [TEP-0076] Add indexing into array for taskrun params reference (#5132)
    Indexing into array for taskrun params is now an alpha feature, element of array params can be accessed via $(params.param-name[i]).
  • [TEP-0076]Validate Pipeline results array index (#5139)
    pipelinerun will fail if pipelineresults array index is out of bound
  • [TEP-0076]Pipeline results support array (#4965)
    Support array results and indexing array for pipeline level as an alpha feature.
    A pipeline can specify a type to create array result, and the task script can populate result in an array form. The pipeline results can refer to task results to collect them.
    *[TEP-0076]Validate Results type and object properties (#4920)
    Add Properties for TaskResult so user can define what keys are needed for object type TaskResult and leverage this Properties for validation.
  • [TEP-0076]Support Array Results substitution (#4908)
    Support array results substitution as an alpha feature.
    A task can specify a type to produce array result, and the task script can populate result in an array form. We can refer to the array results in params.
    *[TEP-0076] Add indexing into array for pipeline params reference (#4855)
    Indexing into array for pipeline params is now an alpha feature, element of array params can be accessed via $(params.param-name[i]).

• ✨ Add support for projected volumes as workspace type (#5085)

Add support for projected volumes as workspace type

• ✨ Publish Pipeline Results from successful TaskRuns in Failed PipelineRuns (#5060)

Pipeline results are now initialized even when a pipelineRun fails. The task results from all the successful tasks are propagated to the pipelineRun.

• ✨ Add support for the CSI workspace type (#5030)

Add support to use any CSI volume driver as a workspace

• ✨ TEP-0090: Matrix

  • TEP-0090: Matrix - Consume Results (#5063)
    Matrix supports Results of type String.
  • TEP-0090: Support both matrix and params in a PipelineTask (#5050)
    Users can specify both matrix and params fields. The matrix is used to fan out the PipelineTask and the params are the same in all the TaskRuns.
  • TEP-0090: Fan Out (#5049)
    A PipelineTask with a Matrix and Custom Task is fanned out into parallel Runs which are executed in parallel.
  • TEP-0090: Matrix - Implement isSuccessful for Runs (#5035)
    Matrixed PipelineTasks with Custom Tasks are successful when all Runs have completed successfully.
  • TEP-0090: Matrix - Minimal Status is Required (#5019)
    The embedded-status feature flag must be set to "minimal" to specify Matrix in a PipelineTask.
  • TEP-0090: Matrix - Max Matrix Combinations Count is 256 (#5012)
    The default maximum count of TaskRuns or Runs from a given Matrix is 256.
  • TEP-0090: Matrix - Get Names of Runs (#5037)
  • TEP-0090: Matrix - ChildReferences for TaskRuns (#5008)

• ✨ Only create & mount Downward API volume when necessary (#4953)

Added an await-sidecar-readiness feature flag, which can be used to remove the of DownwardAPI volumes in TaskRun pods. (#4953, @hWorblehat)

• ✨ TEP-0011: Add StdoutConfig and StderrConfig to steps. (#4882)

Users can specify stdoutConfig and stderrConfig in steps to capture steps' stdout and stderr to local files. This feature can be used to capture stdout and stderr into task results.

• ✨ [TEP-0104] Support Task-level Resource Requirements for TaskRun: Part #1 Fields Addition & Validation w/ Docs Updates (#4877)

Fixes

• 🐛 Add TerminationMessagePolicy in container conversion (#5201)

Apply the TerminationMessagePolicy field for container types

• 🐛 Fix the issue with empty array replacement (#5162)

After the replacement with an empty array, the original array will be empty.
Example:

params:
  - name: myarray
     value: "$(params.anEmptyArray[*])"

• 🐛 Update log keys to match logstream (#5159)

Binary file (standard input) matches

• 🐛 Reject embedded s with and/or specified (#5018)

Fail PipelineTask validation if a normal, non-custom embedded task is specified along with apiVersion and/or kind

• 🐛 Validation for Finally Task Results referenced in Pipeline Results (#5000)

Fixed a bug where Finally Task Result's where being referenced in Pipeline Result's.

Fixed a bug where Finally Task Result's are being referenced in Pipeline Result's.

• 🐛 remove spec.replicas from tekton-pipelines-webhook Deployment (#4894)

Unset replicas:1 in the webhook Deployment; HPA will autoscale the deployment (1-5 replicas by default). First reapplication after this change will cause scaling down to 1 replica, but subsequent reapplications will not change the HPA-set replica number.

• 🐛 Fix task pod creation failure with duplicate serviceaccount secrets (#4743)

Fix task pod creation failure when duplicate secrets present in service account.

• 🐛 Non terminal pod exists (#4742)

If for some reason between getting the pod with a list and creation it already exists, do not
treat it as a terminal failure.

• 🐛 Fail steps on Windows with StdoutPath or StderrPath set (#5180)
• 🐛 Include Windows image builds in CI build tests (#5178)
• 🐛 Fix context.background() in workspaceBinding validation (#5101)
• 🐛 Clarify error message for PipelineRun alpha fields (#5045)
• 🐛 Fix flaky test by sorting slices (#5171)
• 🐛 TEP-0090: Sort ChildReferences in tests (#5020)

Misc

• 🔨 TEP-0075: Validate object name and key name have no dots (#5090)

Dots are not allowed in object param names and key names.

• 🔨 Remove deprecated (#5022)

Deprecated PipelineRunCancelled status string removed; use Cancelled instead.

• 🔨 Remove v1alpha1 Pipeline, PipelineRun, Task, TaskRun, and ClusterTask (#5005)

action required: v1alpha1 Pipeline, PipelineRun, Task, TaskRun removed. Please switch to v1beta1 for those types.

• 🔨 TEP-0075: Add examples with object params and results (#5144)

Add taskrun & pipelinerun examples that use object param and result.

• 🔨 Export ValidateObjectKeys function (#5073)

ValidateObjectKeys function is now available for usage outside the v1beta1 package.

• 🔨 TEP-0090: Matrix - Add example and document expected PipelineRun status (#5033)

Fanning out PipelineTasks into parallel TaskRuns with substitutions from combinations of Parameters in a Matrix is fully supported. The ChildReferences of the fanned out TaskRuns will be added to the PipelineRun status.

• 🔨 Use ghcr.io/distroless/static as base image (#5009)

Images are based on ghcr.io/distroless/static, and the entrypoint image is updated to use nanoserver:ltsc2022 instead of :1809

• 🔨 Bump github.com/cloudevents/sdk-go/v2 from 2.5.0 to 2.10.1 (#4968)

Binary file (standard input) matches

• 🔨 TEP-0075: Validate Pipeline object variables in value, matrix and when (#4902)

• 🔨 [TEP-0075] Validate object keys, PipelineRunSpec -> PipelineSpec (#4883)

Make sure keys of an object param declared in PipelineSpec are all provided with a value when the PipelineRunSpec provides values for the object param. In other words, the value provider - PipelineRunSpec can't miss keys. i.e. the following example will be invalid since the key commit is missed.
Example:

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: test-case
spec:
  params:
  - name: myObject
    value:
      url: "abc.com"
  pipelineSpec:
    params:
    - name: myObject
      properties:
        url: {}
        commit: {}

• 🔨 Extract parameter name without any pattern. (#4857)
• 🔨 Move step and sidecar replacements to new package (#5179)
• 🔨 Prepare tests for impending knative/pkg version bump (#5145)
• 🔨 Move two feature flag related functions to config pkg (#5113)
• 🔨 Move pipelinespec functions into a separate package (#5079)
• 🔨 TEP-0075: Remove log statement (#5057)
• 🔨 Move API version validation into separate package (#5053)
• 🔨 Clean up validation for task and pipeline refs (#5046)
• 🔨 TEP-0090: Get Names of TaskRuns from ChildReferences only (#5036)
• 🔨 ResolvePipelineRunTask to ResolvePipelineTask 🧹 (#5029)
• 🔨 Cleanup unused arguments - mostly removing unused ctx 🧹 (#5028)
• 🔨 Finish up removal of Conditions 🧹 (#5027)
• 🔨 TEP-0090: Use Constants in ChildReferences (#5026)
• 🔨 ResolvedPipelineRunTask to ResolvedPipelineTask (#5025)
• 🔨 Fix formatting of deprecation table (#5017)
• 🔨 TEP-0090: GetChildReferences checks for non-nil TaskRuns (#5016)
• 🔨 TEP-0090: Check for non-nil TaskRun in GetTaskRunsResults (#5015)
• 🔨 TEP-0090: Refactor GetChildReferences (#5006)
• 🔨 Refactor LimitRange package (#4992)
• 🔨 Add StdoutConfig and StderrorConfig to v1 Step (#5199)
• 🔨 Update GCR IAM settings in Tekton development doc (#5195)
• 🔨 Add V1 Task Golang structs (#5125)
• 🔨 Exclude managed fields from e2e test failure object YAML dumps (#5119)
• 🔨 Document leader-election configuration (#5104)
• 🔨 Simplify Release Notes section of the PR checklist (#5094)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.10.10 to 1.11.16 (#5089)
• 🔨 Add env files for Kind-in-Prow integration test jobs (#5077)
• 🔨 TEP-0090: Matrix - implement isRunning for Runs (#5062)
• 🔨 TEP-0090: Matrix - implement getNextTasks (#5061)
• 🔨 Add almost-empty v1 package (#5055)
• 🔨 TEP-0090: Resolve PipelineTask with Custom Task (#5048)
• 🔨 TEP-0090: Get ChildReferences for Runs (#5047)
• 🔨 TEP-0090: Matrix - Implement isFailure for Runs (#5042)
• 🔨 TEP-0090: Allow setting embedded status feature flag to minimal in tests (#5032)
• 🔨 TEP-0090: Test reconciled PipelineRun from Pipeline with Matrix (#5031)
• 🔨 Switch to cmpopts.SortSlices rather than explicitly sorting in tests when possible (#5023)
• 🔨 TEP-0090: Update PipelineRun Status from Child Refs (#5014)
• 🔨 Bump github.com/hashicorp/errwrap from 1.0.0 to 1.1.0 (#4963)

Docs

• 📖 Update docs for ResourceQuota and QoS (#5051)
• 📖 Add links to docs and examples for v36 and v37 (#5011)
• 📖 Cut PipelineResources from some examples (#4971)

Thanks

Thanks to these contributors who contributed to v0.38.0!

• ❤️ @0xFelix
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @austinzhao-go
• ❤️ @bradbeck
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @hWorblehat
• ❤️ @imjasonh
• ❤️ @jerop
• ❤️ @lbernick
• ❤️ @manojbison
• ❤️ @sellitforcache
• ❤️ @timonwong
• ❤️ @vaikas
• ❤️ @vsinghai

Extra shout-out for awesome release notes:

• 😍 @0xFelix
• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @abayer
• 😍 @austinzhao-go
• 😍 @bradbeck
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @dependabot[bot]
• 😍 @hWorblehat
• 😍 @imjasonh
• 😍 @jerop
• 😍 @lbernick
• 😍 @sellitforcache
• 😍 @timonwong
• 😍 @vaikas
• 😍 @vsinghai

-Docs @ v0.37.2
-Examples @ v0.37.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.2/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26

Obtain the attestation:

REKOR_UUID=362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.2/release.yaml
REKOR_UUID=362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [0.37: cherry-pick] cmd/entrypoint: do not interpret anything after -- (#5095)

Fix the entrypoint potentially not executing the right command due to flag parsing

Binary file (standard input) matches

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.2!

• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @vdemeester