Bot releases are visible (Hide)

pipeline - Tekton Pipeline release v0.37.1 "Foldex Frost"

Published by tekton-robot over 2 years ago

🎉 Allow for untyped results - backward compatibility fix 🎉

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.1/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.1/release.yaml
REKOR_UUID=362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 Relax result type validation to avoid nightly build failure (#5065)

Relax the validation of result type: allow for no type specified to support resources created before result types were introduced.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.1!

❤️ @Yongxuanzhang
❤️ @afrittoli

Extra shout-out for awesome release notes:

😍 @Yongxuanzhang
😍 @afrittoli

pipeline - Tekton Pipeline release v0.37.0 "Foldex Frost"

Published by tekton-robot over 2 years ago

🎉 TaskRun Matrices, Indexing of Array Results and many fixes and improvements! 🎉

-Docs @ v0.37.0
-Examples @ v0.37.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.0/release.yaml

Attestation

The Rekor UUID for this release is c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d

🚨 There is a temporary issue with Rekor, which means the attestation cannot be retrieved from Rekor right now. The attestation is available in the OCI registry 🚨

Obtain the attestation:

cosign download attestation gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller@sha256:2a5239e0e458134870db8541008f358618a35d24247044a0041ab9ecb9ab2413 | jq -r .payload | base64 -D | jq .

Upgrade Notices

🚨 Action required: Deprecated Conditions has been removed. Existing pipelines using Conditions will need to be updated.
⚠️ The nightly git-init base image is no longer build, it is deprecated in favor of ghcr.io/distroless/git.

Changes

Features

✨ TEP-0090: Fan Out (#4990)

A PipelineTask with a Matrix is fanned out into parallel TaskRuns which are executed in parallel.

✨ Complete implementation of image pull failure handling (#4952)

The TaskRunImagePullFailed logic now covers sidecars, and the error message includes the step name and the image

✨ TEP-0090: Matrix - Concurrency Control (#4947)

The default maximum count of TaskRuns or Runs from a given Matrix is 256. Users can configure this value for their installations.

✨ TEP-0090: Add Matrix Package (#4934)
✨ [TEP-0076]Support Results Array Indexing (#4911)

Support indexing array results substitution as an alpha feature.

A task can specify a type to produce array result, such as:

results:
- name: array-results
type: array
description: The array results

And the task script can populate result in an array form with:

echo -n "["hello","world"]" | tee $(results.array-results.path)

and we can refer to the array results elements via index in param like:
params:
- name: foo
value: "$(tasks.task1.results.array-results[1])"

This feature is part of the TEP-0076.

✨ [TEP-0075] Validate task result variable of object type (#4878)
✨ [TEP-0075] Validate against using the whole object in task steps (#4861)
✨ TEP-0090: Matrix - Implement isRunning (#4981)
✨ TEP-0090: Matrix - Implement isSuccessful (#4980)
✨ TEP-0090: Failure Strategies - Remove Fail Fast (#4972)
✨ TEP-0090: Get Names of TaskRuns (#4958)
✨ TEP-0090: Add TaskRuns to ResolvedPipelineRunTask and implement isFailure (#4951)
✨ TEP-0090: Indicate Resolved PipelineRunTask is Matrixed (#4945)
✨ TEP-0090: Split up ResolvePipelineRunTask (#4943)

Backwards incompatible changes

In current release:

🚨 Remove deprecated field. (#4988)

Removes deprecated PipelineRun.Spec.ServiceAccountNames field; use PipelineRun.Spec.TaskRunSpecs instead.

🚨 Remove deprecated field (#4977)

Removes deprecated TaskRun.Status.ResourceResults.ResourceRef field; use TaskRun.Status.ResourceResults.ResourceName instead.

🚨 Remove deprecated Conditions CRD/functionality (#4942)

action required: Deprecated conditions in pipelines removed. Existing pipelines using conditions will need to be updated.

Fixes

🐛 LimitRange calculation should only split Requests for Step Containers (#4996)

Only use step containers for limitrange default request calculations

🐛 Validation for invalid Task Result expressions in Pipeline Result (#4956)

Fixed a bug where invalid expressions were not invalidated in Pipeline Results.

🐛 Validation for Task Result expressions in Pipeline Result (#4941)

Fixed a bug where static strings where not invalidated in Pipeline Results.

🐛 Cleanup: remove potential goroutine leakages in taskrun (#4936)
🐛 Terminate TaskRun when Pod fails due to ImagePullBackOff. (#4921)
🐛 Assume task not skipped if the run is associated (#4583)

Fixes controller with the high value of ThreadsPerController to report the correct status of PipelineRun, which contains Finally tasks.

Misc

🔨 TEP-0090: Refactor GetChildReferences (#4940)
🔨 TEP-0090: Refactor GetTaskRunsStatus (#4939)
🔨 TEP-0090: Refactor ResolvePipelineRunTask (#4938)
🔨 Clean up the git-init base Dockerfile and Task. (#4765)

The nightly git-init base image is no longer build, it is deprecated in favor of ghcr.io/distroless/git.

🔨 Add dependabot config. (#4915)
🔨 Fix test cases for validatePipelineParameterVariables function (#4901)
🔨 Use informer for pod get/list instead of talking to API server. (#4740)

Use informer instead of API server for Pod Get/List.

🔨 Fix typo in embedded statuses listing in alpha features (#4995)
🔨 Add details to isFailure docstring (#4970)
🔨 Sort slice of TaskRunNames in tests (#4969)
🔨 TaskRunName is not used in getTaskRunStatus (#4967)
🔨 GetTaskRunName/GetRunName: Use constants to check Kind (#4959)
🔨 Clarify naming in resolution tests (#4950)
🔨 Unexport RPRT member functions used within resources pkg only (#4949)
🔨 Remove Conditions from deprecations table (#4946)
🔨 Fix the release pipeline (#5004)
🔨 Add wlynch to entrypoint OWNERS (#4999)
🔨 Add the release-note-none to dependabot (#4997)
🔨 Propagated Parameters replaced Implicit Parameters (#4994)
🔨 PipelineRun timeouts is in Beta (#4993)
🔨 Add Andrew Bayer as a Pipeline Maintainer (Welcome Back!) (#4991)
🔨 Test isRunning (#4975)
🔨 Test isSuccessful (#4974)
🔨 isFailure includes isCancelled (#4973)
🔨 dependabot: remove vendor keys (#4948)
🔨 Fix TestTaskRunRetry for k8s 1.22.9 and later (#4944)
🔨 Add label dependabot PRs ok-to-test… (#4935)
🔨 tekton: remove build-base-image from pipeline (#4932)
🔨 .github: update pull-request template (#4929)
🔨 Add tests for failing remote resolution of Pipelines and Tasks (#4886)
🔨 Remove duplicate code for validating params types and defaults (#4872)
🔨 [TEP-0075] Extract out the validation of object keys (#4867)

Docs

📖 Add local private registry setup doc with kind (#4606)

Thanks

Thanks to these contributors who contributed to v0.37.0!

❤️ @SaschaSchwarze0
❤️ @Yongxuanzhang
❤️ @abayer
❤️ @afrittoli
❤️ @chitrangpatel
❤️ @chuangw6
❤️ @devholic
❤️ @jerop
❤️ @kerthcet
❤️ @lbernick
❤️ @mattmoor
❤️ @skaegi
❤️ @vaikas
❤️ @vdemeester
❤️ @vsinghai
❤️ @wlynch

Extra shout-out for awesome release notes:

😍 @SaschaSchwarze0
😍 @Yongxuanzhang
😍 @abayer
😍 @chitrangpatel
😍 @chuangw6
😍 @devholic
😍 @jerop
😍 @kerthcet
😍 @mattmoor
😍 @skaegi
😍 @vaikas
😍 @vsinghai
😍 @wlynch

pipeline - Tekton Pipeline release v0.36.0 "Turkish-Angora Tony"

Published by tekton-robot over 2 years ago

🎉 Params and Workspace propagation, Task Remote resolution, Dictionary in Params, Array in Results and Minimal status 🎉

-Docs @ v0.36.0
-Examples @ v0.36.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.0/release.yaml

Attestation

The Rekor UUID for this release is 0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2

Obtain the attestation:

REKOR_UUID=0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.0/release.yaml
REKOR_UUID=0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.36.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

✨ TEP-0108: Mapping Workspaces (#4887)

Users can specify the Workspace to use for PipelineTask in the name label to reduce verbosity when the names of the Workspaces declared in the Pipeline and PipelineTask are the same. Users can continue to explicitly map Workspaces.

✨ Add taskRef remote resolution support (#4859)

Allow taskRefs to be resolved directly from public git repos, using the tektoncd/resolution project.

✨ [TEP-0100] Add status helper functions for minimal embedded status (#4850)

Added helper functions for retrieving full TaskRun and Run statuses when using embedded-status=minimal.

✨ TEP-0107: Implement Parameter Propagation (#4845)

Parameters are propagated in embedded specifications without mutations.

✨ TEP-0106: Support Specifying Metadata per Task in Runtime (#4834)

Support Specifying Metadata per Task in Runtime (PipelineRun)

✨ [TEP-0075] Support Dictionary in Params (#4786)

Add support for dictionary in Params values (and Results as well). This should affect backward compatibilities but it will break forward compatibilities in some cases (a.k.a. old client with new pipeline version)
action required: This changes the ArrayOrStruct structure, which will have effect on project using the go API as a library.

✨ Extract full parameter name when using dots in bracket notation. (#4880)

Extract full parameter name when using dots inside single/double quotes.

✨ Added validation for parameters with bracket notation (#4833)

Added validation for parameters with bracket notation

✨ TEP-0103: Skipping Reason - Add SkippingReason to SkippedTasks field of PipelineRunStatus (#4829)

Add SkippingReason to SkippedTasks field of PipelineRunStatus. This enables users to know the exact reason why a given PipelineTask was skipped.

✨ [TEP-0076] Add array support for emitting results (#4818)

Support array type for emitting results from a task as an alpha feature.

The type of the result is changed from string to ArrayOrString.

A task can specify a type to produce array result, such as:

  results:
    - name: array-results
      type: array
      description: The array results

And the task script can populate result in an array form with:

echo -n "[\"hello\",\"world\"]" | tee $(results.array-results.path)

This feature is part of the TEP-0076 and its in progress to index into the array result while consuming that result.

✨ Add validation for duplicated param names in TaskSpec (#4806)

Add validation for duplicated param names in TaskSpec.

✨ [TEP-0076]Add type for results (#4779)

Add Type for TaskRunResult and TaskResult.

Deprecation Notices

🚨 Deprecate timeout and promote timeouts in PR (#4813)

Deprecate timeout field in PipelineRuns and promote PipelineRun.Timeouts field from alpha to stable

Backwards incompatible changes

🚨 TEP-0107: Deprecated implicit parameters (#4906)

Implicit Parameters is deprecated and removed. A replacement feature will be included in the same release. This only affect users who enable alpha api feature gate

Fixes

🐛 Allow PipelineTaskRunSpec.Metadata to be optional. (#4914)
🐛 Update PipelineSpec and TaskSpec fields of PipelineRun and TaskRun Status fields (#4891)
🐛 Fix the potential data race with RWLock (#4876)
🐛 Stop using GO111MODULE=off in builds (#4868)

SBOM generated during the release process now works and is available along with released images.
SBOM can be retrieved for instance using "cosign download bom "

🐛 Don't PATCH Ready annotation if it's already marked ready (#4865)

Pods will not be unconditionally PATCHed to set the ready annotation, avoiding some API server traffic.

🐛 Resolve Entrypoint and Cmd if there is no command and no args (#4832)

he entrypoint resolve will now reslove Entrypoint and Cmd in case
the steps has no command and no args specified.

🐛 Merge place-tools and step-init together (#4826)

place-tools and step-init init containers are merged together to reduce the number of container in each Task's Pod.

🐛 Fix variable interpolation on (#4803)

Variable are now correctly interpolated on stepTemplate field for Task

🐛 fix: debug scripts are not mounted to steps with no scripts (#4776)
🐛 Omit init containers from limitrange default request calculations (#4769)

Omit init containers from limitrange default request calculations

🐛 Add constant backoff for TaskRun retry (#4881)
🐛 Add singular to Tekton CRDs. (#4875)
🐛 Bubble up the image related error reason to taskrun status (#4846)
🐛 Set explicit parallelism for e2e tests, increase Kaniko e2e test timeouts (#4871)
🐛 Fix validateNoDuplicateNames (#4815)
🐛 Validate parameter name format (#4799)
🐛 Fix Metric tekton_pipelines_controller_pipelinerun_count (#4468)

Fix tekton_pipelines_controller_pipelinerun_count which was increasing without any new addition of pipelinerun.

Misc

🔨 Rename deprecated Step and StepTemplate fields (#4866)

Add deprecated Step/StepTemplate fields to deprecation table

🔨 Deprecate unusable Step/StepTemplate fields (#4851)

Deprecate unusable/unsupported fields of Step and StepTemplate

🔨 Refactor duplicate code in task_validation_test.go (#4836)
🔨 Enable automatic SBOM creation with spdx format (#4848)

SBOM built by "ko" in SPDX format is published along Tekton container images

🔨 Add Tekton-owned Step, StepTemplate, and Sidecar (#4778)

[Change to Go libraries]: Task.Step, Task.StepTemplate, and Task.Sidecar use Container fields directly instead of embedding the Container struct

🔨 Update gopkg.in/yaml.v3 to v3.0.1 (#4919)
🔨 Update gopkg.in/yaml.v3 to v3.0.0 (#4905)
🔨 double MaximumBundleObjects and update tests (#4899)
🔨 Add @lbernick to pipeline approvers list (#4843)
🔨 Create codeql-analysis.yml (#4591)

Docs

📖 fix typo about ths I think maybe it should be this (#4775)
📖 Add missing field to pipelineruns doc (#4853)
📖 adding latest release - 0.35 (#4796)
📖 Revamp compute resources documentation (#4770)

Thanks

Thanks to these contributors who contributed to v0.36.0!

❤️ @Aleromerog
❤️ @SaschaSchwarze0
❤️ @Yongxuanzhang
❤️ @abayer
❤️ @afrittoli
❤️ @austinzhao-go
❤️ @chitrangpatel
❤️ @chuangw6
❤️ @dibyom
❤️ @dprotaso
❤️ @imjasonh
❤️ @jerop
❤️ @kerthcet
❤️ @khrm
❤️ @lbernick
❤️ @mattmoor
❤️ @pritidesai
❤️ @vdemeester
❤️ @vinamra28
❤️ @vsinghai
❤️ @williamlfish
❤️ @wlynch
❤️ @yhil
❤️ @yuzp1996

Extra shout-out for awesome release notes:

😍 @Aleromerog
😍 @Yongxuanzhang
😍 @abayer
😍 @afrittoli
😍 @austinzhao-go
😍 @chitrangpatel
😍 @chuangw6
😍 @imjasonh
😍 @jerop
😍 @kerthcet
😍 @khrm
😍 @lbernick
😍 @vdemeester
😍 @vinamra28
😍 @wlynch
😍 @yuzp1996

pipeline - Tekton Pipeline release v0.35.1 "Wirehair Elio"

Published by tekton-robot over 2 years ago

-Docs @ v0.35.1
-Examples @ v0.35.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.1/release.yaml

Attestation

The Rekor UUID for this release is de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10

Obtain the attestation:

REKOR_UUID=de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.1/release.yaml
REKOR_UUID=de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

🐛 [PATCH] Patch knative/pkg to fix HA via StatefulSet (#4864)

Restores the HA Setup via StatefulSet which was broken in v0.35.0

🐛 Fix bug where PipelineRun hangs after task failure (#4854)

[Bug fix] Prevent PipelineRun from hanging when a PipelineTask fails and another PipelineTask depends on it

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.35.1!

❤️ @lbernick
❤️ @afrittoli

Extra shout-out for awesome release notes:

😍 @lbernick
😍 @afrittoli

pipeline - Tekton Pipeline release v0.35.0 "Wirehair Elio"

Published by tekton-robot over 2 years ago

🎉 Minimal PipelineRun Status, Graceful Termination Graduation, and Referencing Remote Pipelines 🎉

-Docs @ v0.35.0
-Examples @ v0.35.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml

Attestation

The Rekor UUID for this release is b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791

Obtain the attestation:

REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml
REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

✨ [TEP-0100] Implementation for embedded TaskRun and Run statuses in PipelineRuns (#4739)

Added implementation for minimal TaskRun and Run statuses within PipelineRun statuses.

✨ TEP-0090: - (#4707)

Consuming Results in Matrix is invalid - will be supported soon to allow dynamic fan out.
Consuming Results from fanned out PipelineTasks is invalid - will be revisited soon after array and object Results are supported.

✨ TEP-0090: - (#4704)

Parameters in Matrix:

must be of type Array
must not be in Params field as well
must be declared in the Parameters in Pipeline specification

Note that Matrix is not yet fully functional.

✨ Promote Graceful termination to stable (#4668)

Promoting graceful termination of pipelinerun to beta and keeping PipelineRunCancelled as deprecated, it will be removed after 3 releases

✨ Add pipelineRef remote resolution (#4596)

Initial integration with tektoncd/resolution project, allowing pipelineRefs to be resolved directly from public git repos.

✨ Use fields from PodTemplate when creating affinity-assistant pod (#4348)

A default pod template for affinity-assistant pods can now be set by the default-affinity-assistant-pod-template field in config-defaults ConfigMap. Template merge rules is the same as the generic Pod templates (the template specified in the PipelineRun or TaskRun takes precedence over the one in the defaults).
The affinity-assistant Pod template now supports ImagePullSecrets.

✨ [TEP-0100] Add new updatePipelineRunStatusFromChildRefs function (#4760)
✨ [TEP-0100] Add functionality to be used in supporting minimal embedded status (#4757)

Deprecation Notices

🚨 Deprecating full embedded status in pipelineRun

The PipelineRun.Status.TaskRuns and PipelineRun.Status.Runs fields are deprecated and will be removed in January, 2023. Please find more details in the proposal - TEP-0100.

🚨 pipelineRunCancelled will be removed in v0.38

With 0.35, graceful termination of PipelineRuns is now a stable feature and is no longer behind alpha feature flag. For more information related to graceful cancellation, you can refer to TEP-0058. Now, what this means is that the existing status PipelineRunCancelled which was deprecated in 0.25.0 release of Tekton Pipelines will be removed after 3 releases, i.e., in 0.38.0 release it will be removed completely and replaced by Cancelled in case of completely cancelling the PipelineRuns.

No changes need to be made to your Pipelines and Tasks. If you have tools to cancel the running pipeline, those tools will have to be updated in 0.38.0. This change also affects the tools such as Dashboard, CLI, IDE extensions, etc. as they now need to start supporting the new PipelineRun statuses. Tekton CLI has already made the following changes and will be available in the new release 0.24.0.

Backwards incompatible changes

In current release:

🚨 Removed feature flag - scope-when-expressions-to-task (#4715)

In TEP-0007: Conditions Beta, we introduced when expressions to guard execution of Tasks in Pipelines. To align with Conditions, we set scope of when expressions to the guarded Task and its dependent Tasks.

In TEP-0059: Skipping Strategies, we proposed changing the scope of when expressions to the guarded Task only. This was implemented in https://github.com/tektoncd/pipeline/pull/4085. We provided a feature flag, scope-when-expressions-to-task, to support migration. It defaulted to false for 9 months per our Beta API compatibility policy, meaning that we continued to guard the Task and its dependent Tasks. Then in https://github.com/tektoncd/pipeline/pull/4580, we flipped the flag to true to guard the Task only by default.

In this change, we remove the scope-when-expressions-to-task flag and complete the migration.

🚨 Removed pullrequest-init-build-base (#4709)

The pullrequest-init-build-base seemed to include a root and nonroot user to account for the fact that PR directories and files may have been written by a different (possibly non-root) user, and needed to be read by the pullrequest-init container image.

In order to achieve this, the image no longer needed to be based on a custom-built base image -- it seems like the rootful gcr.io/distroless/static base image is sufficient so removing pullrequest-init-build-base.

Fixes

🐛 Fix git-init for Git 2.35.2 (#4756)

Fixed git-init behavior to work with Git 2.35.2 changes.

🐛 Avoid panic in PipelineRun reconciler for Runs with no owner refs (#4733)

Fix panic when reconciling PipelineRun with indirectly-created custom tasks.

🐛 Allow tasks to retry when PipelineRun stops (#4651)

[Bug fix]: Allow TaskRuns/Runs to complete retries when PipelineRun is stopped, including graceful stopping

🐛 Add listType annotations (#4402)
🐛 Don't wait for TaskRun to be observed Running. (#4773)
🐛 Fix TestReconcileOnCompletedTaskRun (#4695)

Misc

🔨 Switch the franken-image to use for linux images. (#4763)

Linux builds for windows-compatible images now use gcr.io/distroless/static:nonroot instead of gcr.io/distroless/base:debug-nonroot (drops glibc and busybox)

🔨 Switch to for (#4762)

The default shell image is now nonroot by default, and much smaller.

🔨 Use a new base image for the image. (#4758)

The git-init image is now based on ghcr.io/distroless/git with fewer unused packages installed! 🎉

🔨 Bump to K8s 23 libs. (#4712)

Tekton Pipelines now uses k8s 23 libs

🔨 migrate yaml package to sigs.k8s.io/yaml (#4754)
🔨 PullRequest PipelineResource expects root (#4718)

The pullrequest PipelineResource is updated to explicitly set its runAsUser to 0. PipelineResources aren't tested as anything other than the root user and this change makes that explicit.

The pullrequest-init base image also no longer uses the root user by default. It now defaults to using UID 65532.

🔨 Update build pipeline to golang 1.17.8 (#4700)

Tekton build with golang 1.17.8

🔨 A few minor cleanups in pkg/reconciler/pipelinerun/pipelinerun_test.go (#4785)
🔨 Instrument e2e pipelinerun_test.go files for logstream (#4782)
🔨 Instrument the kaniko test for logstream. (#4774)
🔨 Consolidate more pipelinerun_test.go reconciler tests (#4768)
🔨 Switch to YAML parsing in much of taskrun_test.go (#4751)
🔨 Switch (almost all of) the rest of pipelinerun_test.go to YAML parsing (#4749)
🔨 Update a number of PipelineRun reconciler tests with parsed YAML (#4748)
🔨 Clean up usages of config maps in pipelinerun_test (#4736)
🔨 test: use t.TempDir to create temporary test directory (#4727)
🔨 Move go.mod to Go 1.17 (#4726)
🔨 Fix existing LGTM issues (#4592)
🔨 Instrument (almost all of) e2e tests for logstream (#4780)
🔨 Switch ApplyTaskResultsToPipelineResults to not use status maps (#4753)
🔨 Add Go libraries compatibility policy (#4750)
🔨 Consolidate TestReconcilePropagate* PipelineRun tests (#4745)
🔨 Consolidate TestReconcileOnStopped* PipelineRun tests (#4744)
🔨 Exclude the third_party directory from PKGS in Makefile (#4735)
🔨 Update PR template to clarify release notes policy (#4732)
🔨 Fix gofmt failure on go 1.17.8 (#4714)
🔨 Fix the xml report generation for kind e2e jobs (#4713)
🔨 [V1] Add new API versions to /config (#4702)
🔨 Add some switches to the e2e script ⚙️ (#4400)

Docs

📖 k8s 1.21 is the minimum required (#4719)
📖 Add example for PipelineRun namespace context variable (#4703)
📖 Add v0.34.0 and v0.33.3 to the README (#4698)
📖 Update tutorial links (#4789)
📖 Update date of removal of PipelineRunCancelled (#4783)
📖 Add links to readme and docs for several minor releases (#4724)
📖 Add example and docs for array param with defaults 📜 (#4518)

Thanks

Thanks to these contributors who contributed to v0.35.0!

❤️ @Juneezee
❤️ @abayer
❤️ @afrittoli
❤️ @bobcatfish
❤️ @chenbh
❤️ @geriom
❤️ @imjasonh
❤️ @jerop
❤️ @lbernick
❤️ @lumjjb
❤️ @mattmoor
❤️ @sbwsg
❤️ @timonwong
❤️ @vinamra28

Extra shout-out for awesome release notes:

😍 @abayer
😍 @afrittoli
😍 @chenbh
😍 @imjasonh
😍 @jerop
😍 @lbernick
😍 @mattmoor
😍 @sbwsg
😍 @timonwong
😍 @vinamra28

pipeline - Tekton Pipeline release v0.31.4 "Birman Bors"

Published by tekton-robot over 2 years ago

-Docs @ v0.31.4
-Examples @ v0.31.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.4/release.yaml

Attestation

The Rekor UUID for this release is 34c51da902ac3809cabe793c88a66863eff038a74275ee9f51c83e47d6f0b9b1

Obtain the attestation:

REKOR_UUID=34c51da902ac3809cabe793c88a66863eff038a74275ee9f51c83e47d6f0b9b1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.4/release.yaml
REKOR_UUID=34c51da902ac3809cabe793c88a66863eff038a74275ee9f51c83e47d6f0b9b1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.31.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Tekton Pipeline v0.32.4 rebuilt with golang 1.17.8

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.31.4!

Extra shout-out for awesome release notes:

pipeline - Tekton Pipeline release v0.32.4 "Pixie-bob Prima"

Published by tekton-robot over 2 years ago

-Docs @ v0.32.4
-Examples @ v0.32.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.4/release.yaml

Attestation

The Rekor UUID for this release is 569c1fade99997a8cedffb696408ee5e0dceb0f02daf1fdadecc5c5e0d42b662

Obtain the attestation:

REKOR_UUID=569c1fade99997a8cedffb696408ee5e0dceb0f02daf1fdadecc5c5e0d42b662
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.4/release.yaml
REKOR_UUID=569c1fade99997a8cedffb696408ee5e0dceb0f02daf1fdadecc5c5e0d42b662

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.32.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Tekton Pipeline v0.32.4 rebuilt with golang 1.17.8

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.32.4!

Extra shout-out for awesome release notes:

pipeline - Tekton Pipeline release v0.30.4 "Serval Viv"

Published by tekton-robot over 2 years ago

-Docs @ v0.30.4
-Examples @ v0.30.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.4/release.yaml

Attestation

The Rekor UUID for this release is 08691ed5de578de9fb4570c5dd4f7c0e3ee061dc7f34f708de8b276bc9377744

Obtain the attestation:

REKOR_UUID=08691ed5de578de9fb4570c5dd4f7c0e3ee061dc7f34f708de8b276bc9377744
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.4/release.yaml
REKOR_UUID=08691ed5de578de9fb4570c5dd4f7c0e3ee061dc7f34f708de8b276bc9377744

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.30.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Tekton Pipeline v0.33.4 rebuilt with golang 1.17.8

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.30.4!

Extra shout-out for awesome release notes:

pipeline - Tekton Pipeline release v0.34.1 "Caracal Ruby"

Published by tekton-robot over 2 years ago

-Docs @ v0.34.1
-Examples @ v0.34.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.1/release.yaml

Attestation

The Rekor UUID for this release is 95e22c05299c9a60e2b4e8bc6a18017b0a8b4da3bc222fd945f7b407979108d1

Obtain the attestation:

REKOR_UUID=95e22c05299c9a60e2b4e8bc6a18017b0a8b4da3bc222fd945f7b407979108d1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.1/release.yaml
REKOR_UUID=95e22c05299c9a60e2b4e8bc6a18017b0a8b4da3bc222fd945f7b407979108d1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.34.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Tekton Pipelines v0.34.0 rebuilt on golang v1.17.8

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.34.1!

Extra shout-out for awesome release notes:

pipeline - Tekton Pipeline release v0.33.4 "Highlander HAL"

Published by tekton-robot over 2 years ago

-Docs @ v0.33.4
-Examples @ v0.33.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.4/release.yaml

Attestation

The Rekor UUID for this release is d77c1b4c638f50249c5dcba385b4600d0f2759a50b7af5f9374101207d4f6797

Obtain the attestation:

REKOR_UUID=d77c1b4c638f50249c5dcba385b4600d0f2759a50b7af5f9374101207d4f6797
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.4/release.yaml
REKOR_UUID=d77c1b4c638f50249c5dcba385b4600d0f2759a50b7af5f9374101207d4f6797

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Tekton Pipeline release v0.33.3 rebuilt on golang v1.17.8

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.33.4!

Extra shout-out for awesome release notes:

pipeline - Tekton Pipeline release v0.34.0 "Caracal Ruby"

Published by tekton-robot over 2 years ago

🎉 Cloud Events for Runs, Overrides for TaskRuns, and lots of fixes 🎉

-Docs @ v0.34.0
-Examples @ v0.34.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.0/release.yaml

Attestation

The Rekor UUID for this release is 1a84bc03f5f849d177185512d5578da724982ad33457852a1da2e93f259e7fb7

Obtain the attestation:

REKOR_UUID=1a84bc03f5f849d177185512d5578da724982ad33457852a1da2e93f259e7fb7
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.0/release.yaml
REKOR_UUID=1a84bc03f5f849d177185512d5578da724982ad33457852a1da2e93f259e7fb7

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.34.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

✨ TEP-0090: Matrix - Context Variables (#4689)

Parameters in Matrix support Context Variables. Note that Matrix is not yet fully functional.
✨ Implement CloudEvents for Runs (#4663)

Tekton Pipelines can now generate CloudEvents for Runs.
This feature is disabled by default. It can by enable by setting a sink URL and flipping the new feature flag "send-cloudevents-for-runs" to "true"
✨ Add CloudEvents for Run definitions (#4659)

CloudEvents for Run have been defined, but they are not sent yet.
✨ TEP-0090: Matrix - API Change and Feature Flag (#4600)

Added syntax support for Matrix as an alpha feature. It is still in a very early stage of development and is not yet fully functional.
✨ Implement Step and Sidecar Overrides for TaskRun (#4598)
✨ Add functions to merge step/sidecar overrides (#4617)

Backwards incompatible changes

In current release:

🚨 Change Default Metrics Level for Taskrun and Pipelinerun (#4630)

The Level for taskrun and pipelinerun metrics will change in this release. By default, taskrun and pipelinerun metrics have these values:
```
 metrics.taskrun.level: "task"
 metrics.taskrun.duration-type: "histogram"
 metrics.pipelinerun.level: "pipeline"
 metrics.pipelinerun.duration-type: "histogram"
```
🚨 If an annotation or label is present in both Pipeline and PipelineRun, the value in the Run type takes precedence (same for Task and TaskRun) (#4638)

Fixes

🐛 TEP-0090: Add validation for PipelineTask context variables (#4684)
🐛 Update getNextTasks to support Run retries (#4647)

schedule Runs with remaining retries
🐛 Update IsFailure method to reflect Run retries (#4625)

Runs that have remaining retries are not failed
🐛 set the param type based on the default value (#4608)

Set the type of the param based on the default value when the type is not specified or cannot be inferred from the default value.
🐛 workspace-in-sidecar flakey test fix (#4634)
🐛 Add log line to debg workspace-in-sidecar example (#4646)
🐛 Fix Task(Run)/Pipeline(Run) metadata propagation (#4638)
Fix Task(Run)/Pipeline(Run) metadata propagation, If an annotation or label is present in both Pipeline and PipelineRun, the value in the
Run type takes precedence (same for Task and TaskRun)
🐛 Change Default Metrics Level for Taskrun and Pipelinerun (#4630)

The Level for taskrun and pipelinerun metrics will change in this release. By default, taskrun and pipelinerun metrics have these values:
```
 metrics.taskrun.level: "task"
 metrics.taskrun.duration-type: "histogram"
 metrics.pipelinerun.level: "pipeline"
 metrics.pipelinerun.duration-type: "histogram"
```

Misc

🔨 refactor reconcile pipeline TaskSpecMetadata test (#4693)
🔨 refactor create helpers in reconcile pr tests (#4682)
🔨 TEP-0090: Refactor Pipeline Workspaces Validation (#4670)
🔨 clean up reconcile unit test to use YAML parser (#4637)
🔨 test reconcile on cancelled refactor (#4628)
🔨 refactor TestReconcile_PipelineSpecTaskSpec result (#4627)
🔨 TEP-0058: Graceful Termination - is deprecated (#4612)

Reminder that PipelineRunCancelled was deprecated in v0.25. Earliest removal date is March 2022.
🔨 Build tekton pipelines with golang 1.17 (#4639)

Tekton is now built using golang 1.17.7
🔨 PipelineRunState cleanup: tests + comments (#4667)
🔨 Remove unused windows dockerfiles (#4644)
🔨 cleanup - refactor taskRunStatus and runStatus unit tests (#4632)
🔨 Replace remaining implementations of TestClock (#4624)
🔨 refactor TestReconcile_PipelineSpecTaskSpec objects (#4622)
🔨 clean up TestReconcile_CloudEvents YAML parsing (#4619)
🔨 cleaning up a unit test InvalidPipelineRuns to use YAML parser (#4616)
🔨 Replace Clock package with k8s Clock package (#4607)
🔨 Remove broken link in development doc (#4602)
🔨 Add GetStatusCondition for Run (#4658)
🔨 TEP-0090: Pipeline Context Variables - Fix Validation Tests (#4685)
🔨 Add hostAliases to podTemplate doc (#4683)
🔨 go.mod: bump containerd dependency to 1.5.10 (#4649)
🔨 TEP-0090: Refactor execution status validation (#4635)
🔨 Remove lengthly operations from hermetic tests 🧪 (#4590)

Docs

📖 TEP-0090: Matrix - Update API definition (#4601)
📖 Update the release cheatsheet to the new release drafter (#4677)
📖 Update API reference docs for TaskRun (#4662)
📖 Add links to docs and examples for 4 minor releases (#4650)
📖 Add links to docs and examples for v0.33.0 (#4595)
📖 Update taskrun code example links in the documentation (#4692)

Thanks

Thanks to these contributors who contributed to v0.34.0!

❤️ @Yongxuanzhang
❤️ @afrittoli
❤️ @arshchimni
❤️ @bobcatfish
❤️ @jbpratt
❤️ @jerop
❤️ @khrm
❤️ @lbernick
❤️ @pritidesai
❤️ @sbwsg
❤️ @vdemeester
❤️ @xchapter7x

Extra shout-out for awesome release notes:

😍 @afrittoli
😍 @arshchimni
😍 @jbpratt
😍 @jerop
😍 @khrm
😍 @lbernick
😍 @pritidesai
😍 @sbwsg
😍 @vdemeester
😍 @xchapter7x

pipeline - Tekton Pipeline release v0.31.3 "Birman Bors"

Published by tekton-robot over 2 years ago

-Docs @ v0.31.3
-Examples @ v0.31.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.3/release.yaml

Attestation

The Rekor UUID for this release is a738563a98478da2c67936408825a60e8e67502e462938be8e42535f97ff9bfd

Obtain the attestation:

REKOR_UUID=a738563a98478da2c67936408825a60e8e67502e462938be8e42535f97ff9bfd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.3/release.yaml
REKOR_UUID=a738563a98478da2c67936408825a60e8e67502e462938be8e42535f97ff9bfd

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.31.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

There are no code changes in this release.
Tekton Pipeline release v0.31.3 is identical to v0.31.2, but rebuilt with golang v1.17.7.

Features

Fixes

Misc

🔨 Fix incorrect format specifier in test files (#4679)

Docs

Thanks

Thanks to these contributors who contributed to v0.31.3!

❤️ @Yongxuanzhang
❤️ @afrittoli

pipeline - Tekton Pipeline release v0.32.3 "Pixie-bob Prima"

Published by tekton-robot over 2 years ago

-Docs @ v0.32.3
-Examples @ v0.32.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.3/release.yaml

Attestation

The Rekor UUID for this release is db07ee76eae2ae06792990fde3c18e2551a5a820b242d5766dff8af5b7ee632b

Obtain the attestation:

REKOR_UUID=db07ee76eae2ae06792990fde3c18e2551a5a820b242d5766dff8af5b7ee632b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.3/release.yaml
REKOR_UUID=db07ee76eae2ae06792990fde3c18e2551a5a820b242d5766dff8af5b7ee632b

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.32.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

There are no code changes in this release.
Tekton Pipeline release v0.32.3 is identical to v0.32.2, but rebuilt with golang v1.17.7.

Features

Fixes

Misc

🔨 Fix incorrect format specifier in test files (#4678)

Docs

Thanks

Thanks to these contributors who contributed to v0.32.3!

❤️ @Yongxuanzhang
❤️ @afrittoli

pipeline - Tekton Pipeline release v0.30.3 "Serval Viv"

Published by tekton-robot over 2 years ago

-Docs @ v0.30.3
-Examples @ v0.30.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.3/release.yaml

Attestation

The Rekor UUID for this release is bed8ac13a06cc1367ce7e7ba8f24a4ae912722abe0645a1bbcd8b4e3be340715

Obtain the attestation:

REKOR_UUID=bed8ac13a06cc1367ce7e7ba8f24a4ae912722abe0645a1bbcd8b4e3be340715
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.3/release.yaml
REKOR_UUID=bed8ac13a06cc1367ce7e7ba8f24a4ae912722abe0645a1bbcd8b4e3be340715

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.30.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

There are no code changes in this release.
Tekton Pipeline release v0.30.3 is identical to v0.30.2, but rebuilt with golang v1.17.7.

Features

Fixes

Misc

🔨 Fix incorrect format specifier in test files (#4680)

Docs

Thanks

Thanks to these contributors who contributed to v0.30.3!

❤️ @Yongxuanzhang
❤️ @afrittoli

pipeline - Tekton Pipeline release v0.33.3 "Highlander HAL"

Published by tekton-robot over 2 years ago

-Docs @ v0.33.3
-Examples @ v0.33.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.3/release.yaml

Attestation

The Rekor UUID for this release is 58a9cc1653c98f726dbce1683b3052d7a5d8efe967636429412d5fe8c13ce7bf

Obtain the attestation:

REKOR_UUID=58a9cc1653c98f726dbce1683b3052d7a5d8efe967636429412d5fe8c13ce7bf
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.3/release.yaml 
REKOR_UUID=58a9cc1653c98f726dbce1683b3052d7a5d8efe967636429412d5fe8c13ce7bf

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

There are no code changes in this release.
Tekton Pipeline release v0.33.3 is identical to v0.33.2, but rebuilt with golang v1.17.7.

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.33.3!

Extra shout-out for awesome release notes:

pipeline - Tekton Pipeline release v0.30.2 "Serval Viv"

Published by tekton-robot over 2 years ago

-Docs @ v0.30.2
-Examples @ v0.30.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.2/release.yaml

Attestation

The Rekor UUID for this release is 344bfcaf7c5aa70754672a0da6ea9d61f0cdc8e8589a2c58e44fb82e02d1a8a6

Obtain the attestation:

REKOR_UUID=344bfcaf7c5aa70754672a0da6ea9d61f0cdc8e8589a2c58e44fb82e02d1a8a6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.2/release.yaml 
REKOR_UUID=344bfcaf7c5aa70754672a0da6ea9d61f0cdc8e8589a2c58e44fb82e02d1a8a6

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.30.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

This release is the same as v0.30.1, but rebuilt using golang v1.17.7.

Docs

📖 Fix links to Why Aren't PipelineResources in Beta? v0.30.x (#4577)

Thanks

Thanks to these contributors who contributed to v0.30.2!

❤️ @AlanGreene
❤️ @afrittoli

Extra shout-out for awesome release notes:

😍 @AlanGreene
😍 @afrittoli

pipeline - Tekton Pipeline release v0.31.2 "Birman Bors"

Published by tekton-robot over 2 years ago

-Docs @ v0.31.2
-Examples @ v0.31.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.2/release.yaml

Attestation

The Rekor UUID for this release is 92ea7e8a8b5343fc6e84d7cc29d9ed02d2f4e4170e51bf4f5a568e92ccd1a62c

Obtain the attestation:

REKOR_UUID=92ea7e8a8b5343fc6e84d7cc29d9ed02d2f4e4170e51bf4f5a568e92ccd1a62c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.2/release.yaml 
REKOR_UUID=92ea7e8a8b5343fc6e84d7cc29d9ed02d2f4e4170e51bf4f5a568e92ccd1a62c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.31.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

This release is the same as v0.31.1, but rebuilt using golang v1.17.7.

Docs

📖 Fix links to Why Aren't PipelineResources in Beta? v0.31.x (#4578)

Thanks

Thanks to these contributors who contributed to v0.31.2!

❤️ @AlanGreene
❤️ @afrittoli

Extra shout-out for awesome release notes:

😍 @AlanGreene
😍 @afrittoli

pipeline - Tekton Pipeline release v0.32.2 "Pixie-bob Prima"

Published by tekton-robot over 2 years ago

-Docs @ v0.32.2
-Examples @ v0.32.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.2/release.yaml

Attestation

The Rekor UUID for this release is 4468a40e9152007916ffb200c5ad6852a7c7d6f064efec515af2e9f9ad95005b

Obtain the attestation:

REKOR_UUID=4468a40e9152007916ffb200c5ad6852a7c7d6f064efec515af2e9f9ad95005b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.2/release.yaml 
REKOR_UUID=4468a40e9152007916ffb200c5ad6852a7c7d6f064efec515af2e9f9ad95005b

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.32.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

This release is the same as v0.32.1, but rebuilt using golang v1.17.7.

Docs

📖 Fix links to Why Aren't PipelineResources in Beta? v0.32.x (#4579)

Thanks

Thanks to these contributors who contributed to release-v0.32.2!

❤️ @AlanGreene
❤️ @afrittoli

Extra shout-out for awesome release notes:

😍 @AlanGreene
😍 @afrittoli

pipeline - Tekton Pipeline release v0.33.2 "Highlander HAL"

Published by tekton-robot over 2 years ago

-Docs @ v0.33.2
-Examples @ v0.33.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.2/release.yaml

Attestation

The Rekor UUID for this release is 54dfb92e4adb988fcba9d78f15b73c5a31ce560100f1e72fc6fed0a399c7c611

Obtain the attestation:

REKOR_UUID=54dfb92e4adb988fcba9d78f15b73c5a31ce560100f1e72fc6fed0a399c7c611
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.2/release.yaml 
REKOR_UUID=54dfb92e4adb988fcba9d78f15b73c5a31ce560100f1e72fc6fed0a399c7c611

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Deprecation Notices

Same as v0.33.0:

The scope-when-expressions-to-task flag will be removed in the next release.
We recommend migrating Pipelines to using when expressions scoped to the guarded Task only.

Upgrade Notices

Same as v0.33.0:

🚨 Tekton v0.33.2 requires Kubernetes v1.21+ 🚨

The configuration flags disable-working-dir-overwrite and disable-home-env-overwrite and associated features are not available anymore. Users that rely on automatic workingDir and HOME overwrite must update their Tasks to explicitly them before updating to
this release.

The when expressions in a given Task are scoped to guard the Task only by default. Users that rely the Branch scope can use the scope-when-expressions-to-task to continue guarding the Task and its dependent Tasks.

Changes

There a no new commits in v0.33.2 compared to v0.33.1 - the only change is that the release has been rebuilt using golang v1.17.7.

Thanks

Thanks to these contributors who contributed to v0.33.2!

@afrittoli

Extra shout-out for awesome release notes:

@afrittoli

pipeline - Tekton Pipeline release v0.33.1 "Highlander HAL"

Published by tekton-robot over 2 years ago

-Docs @ v0.33.1
-Examples @ v0.33.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.1/release.yaml

Attestation

The Rekor UUID for this release is 18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb

Obtain the attestation:

REKOR_UUID=18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.1/release.yaml 
REKOR_UUID=18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Deprecation Notices

Same as v0.33.0:

The scope-when-expressions-to-task flag will be removed in the next release.
We recommend migrating Pipelines to using when expressions scoped to the guarded Task only.

Upgrade Notices

Same as v0.33.0:

🚨 Tekton v0.33.1 requires Kubernetes v1.21+ 🚨

Changes

Fixes

🐛 Bump ggcr's pkg/authn/kubernetes and k8schain (#4620)

#4599: Reduce some spammy logs when resolving images not on ECR.
#4616: Pick up a fix in a dependency affecting Docker registry auth configs stored in Secrets where the registry string included the URL scheme ("https://", "http://"), or a registry path component ("/v1/" or "/v2/").