A cloud-native Pipeline resource.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by tekton-robot over 2 years ago
-Docs @ v0.37.1
-Examples @ v0.37.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.1/release.yaml
The Rekor UUID for this release is 362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.1/release.yaml
REKOR_UUID=362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Relax the validation of result type: allow for no type specified to support resources created before result types were introduced.
Thanks to these contributors who contributed to v0.37.1!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.37.0
-Examples @ v0.37.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.0/release.yaml
The Rekor UUID for this release is c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d
π¨ There is a temporary issue with Rekor, which means the attestation cannot be retrieved from Rekor right now. The attestation is available in the OCI registry π¨
Obtain the attestation:
cosign download attestation gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller@sha256:2a5239e0e458134870db8541008f358618a35d24247044a0041ab9ecb9ab2413 | jq -r .payload | base64 -D | jq .
π¨ Action required: Deprecated Conditions
has been removed. Existing pipelines using Conditions
will need to be updated.
β οΈ The nightly git-init base image is no longer build, it is deprecated in favor of ghcr.io/distroless/git.
A PipelineTask
with a Matrix
is fanned out into parallel TaskRuns
which are executed in parallel.
The TaskRunImagePullFailed logic now covers sidecars, and the error message includes the step name and the image
The default maximum count of TaskRuns
or Runs
from a given Matrix
is 256. Users can configure this value for their installations.
β¨ TEP-0090: Add Matrix Package (#4934)
β¨ [TEP-0076]Support Results Array Indexing (#4911)
Support indexing array results substitution as an alpha feature.
A task can specify a type to produce array result, such as:
results:
- name: array-results
type: array
description: The array results
And the task script can populate result in an array form with:
echo -n "["hello","world"]" | tee $(results.array-results.path)
and we can refer to the array results elements via index in param like:
params:
- name: foo
value: "$(tasks.task1.results.array-results[1])"
This feature is part of the TEP-0076.
β¨ [TEP-0075] Validate task result variable of object type (#4878)
β¨ [TEP-0075] Validate against using the whole object in task steps (#4861)
β¨ TEP-0090: Matrix - Implement isRunning
(#4981)
β¨ TEP-0090: Matrix - Implement isSuccessful
(#4980)
β¨ TEP-0090: Failure Strategies - Remove Fail Fast (#4972)
β¨ TEP-0090: Get Names of TaskRuns
(#4958)
β¨ TEP-0090: Add TaskRuns
to ResolvedPipelineRunTask
and implement isFailure
(#4951)
β¨ TEP-0090: Indicate Resolved PipelineRunTask is Matrixed (#4945)
β¨ TEP-0090: Split up ResolvePipelineRunTask (#4943)
In current release:
Removes deprecated PipelineRun.Spec.ServiceAccountNames
field; use PipelineRun.Spec.TaskRunSpecs
instead.
Removes deprecated TaskRun.Status.ResourceResults.ResourceRef
field; use TaskRun.Status.ResourceResults.ResourceName
instead.
action required: Deprecated conditions
in pipelines removed. Existing pipelines using conditions
will need to be updated.
Only use step containers for limitrange default request calculations
Fixed a bug where invalid expressions were not invalidated in Pipeline Results
.
Fixed a bug where static strings where not invalidated in Pipeline Results
.
π Cleanup: remove potential goroutine leakages in taskrun (#4936)
π Terminate TaskRun when Pod fails due to ImagePullBackOff. (#4921)
π Assume task not skipped if the run is associated (#4583)
Fixes controller with the high value of ThreadsPerController
to report the correct status of PipelineRun, which contains Finally tasks.
π¨ TEP-0090: Refactor GetChildReferences (#4940)
π¨ TEP-0090: Refactor GetTaskRunsStatus (#4939)
π¨ TEP-0090: Refactor ResolvePipelineRunTask (#4938)
π¨ Clean up the git-init base Dockerfile and Task. (#4765)
The nightly git-init base image is no longer build, it is deprecated in favor of ghcr.io/distroless/git.
π¨ Add dependabot config. (#4915)
π¨ Fix test cases for validatePipelineParameterVariables function (#4901)
π¨ Use informer for pod get/list instead of talking to API server. (#4740)
Use informer instead of API server for Pod Get/List.
isFailure
docstring (#4970)TaskRunNames
in tests (#4969)TaskRunName
is not used in getTaskRunStatus
(#4967)Conditions
from deprecations table (#4946)Parameters
replaced Implicit Parameters
(#4994)PipelineRun
timeouts is in Beta (#4993)isRunning
(#4975)isSuccessful
(#4974)isFailure
includes isCancelled
(#4973)Thanks to these contributors who contributed to v0.37.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.36.0
-Examples @ v0.36.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.0/release.yaml
The Rekor UUID for this release is 0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2
Obtain the attestation:
REKOR_UUID=0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.0/release.yaml
REKOR_UUID=0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.36.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Users can specify the Workspace to use for PipelineTask in the name label to reduce verbosity when the names of the Workspaces declared in the Pipeline and PipelineTask are the same. Users can continue to explicitly map Workspaces.
Allow taskRefs to be resolved directly from public git repos, using the tektoncd/resolution project.
Added helper functions for retrieving full TaskRun
and Run
statuses when using embedded-status=minimal
.
Parameters are propagated in embedded specifications without mutations.
Support Specifying Metadata per Task in Runtime (PipelineRun)
Add support for dictionary in Params values (and Results as well). This should affect backward compatibilities but it will break forward compatibilities in some cases (a.k.a. old client with new pipeline version)
action required: This changes the ArrayOrStruct
structure, which will have effect on project using the go API as a library.
Extract full parameter name when using dots inside single/double quotes.
Added validation for parameters with bracket notation
Add SkippingReason to SkippedTasks field of PipelineRunStatus. This enables users to know the exact reason why a given PipelineTask was skipped.
Support array type for emitting results from a task as an alpha feature.
The type of the result is changed from string to ArrayOrString.
A task can specify a type to produce array result, such as:
results:
- name: array-results
type: array
description: The array results
And the task script can populate result in an array form with:
echo -n "[\"hello\",\"world\"]" | tee $(results.array-results.path)
This feature is part of the TEP-0076 and its in progress to index into the array result while consuming that result.
Add validation for duplicated param names in TaskSpec.
Add Type for TaskRunResult and TaskResult.
Deprecate timeout field in PipelineRuns and promote PipelineRun.Timeouts field from alpha to stable
Implicit Parameters is deprecated and removed. A replacement feature will be included in the same release. This only affect users who enable alpha api feature gate
π Allow PipelineTaskRunSpec.Metadata to be optional. (#4914)
π Update PipelineSpec and TaskSpec fields of PipelineRun and TaskRun Status fields (#4891)
π Fix the potential data race with RWLock (#4876)
π Stop using GO111MODULE=off in builds (#4868)
SBOM generated during the release process now works and is available along with released images.
SBOM can be retrieved for instance using "cosign download bom "
Pods will not be unconditionally PATCHed to set the ready annotation, avoiding some API server traffic.
he entrypoint resolve will now reslove Entrypoint
and Cmd
in case
the steps has no command and no args specified.
place-tools and step-init init containers are merged together to reduce the number of container in each Task
's Pod.
Variable are now correctly interpolated on stepTemplate
field for Task
π fix: debug scripts are not mounted to steps with no scripts (#4776)
π Omit init containers from limitrange default request calculations (#4769)
Omit init containers from limitrange default request calculations
Fix tekton_pipelines_controller_pipelinerun_count
which was increasing without any new addition of pipelinerun.
Add deprecated Step/StepTemplate fields to deprecation table
Deprecate unusable/unsupported fields of Step and StepTemplate
SBOM built by "ko" in SPDX format is published along Tekton container images
[Change to Go libraries]: Task.Step, Task.StepTemplate, and Task.Sidecar use Container fields directly instead of embedding the Container struct
Thanks to these contributors who contributed to v0.36.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.35.1
-Examples @ v0.35.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.1/release.yaml
The Rekor UUID for this release is de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10
Obtain the attestation:
REKOR_UUID=de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.1/release.yaml
REKOR_UUID=de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Restores the HA Setup via StatefulSet which was broken in v0.35.0
[Bug fix] Prevent PipelineRun from hanging when a PipelineTask fails and another PipelineTask depends on it
Thanks to these contributors who contributed to v0.35.1!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.35.0
-Examples @ v0.35.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml
The Rekor UUID for this release is b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791
Obtain the attestation:
REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml
REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Added implementation for minimal TaskRun
and Run
statuses within PipelineRun
statuses.
Results
in Matrix
is invalid - will be supported soon to allow dynamic fan out.Results
from fanned out PipelineTasks
is invalid - will be revisited soon after array and object Results
are supported.Parameters
in Matrix
:
Array
Params
field as wellParameters
in Pipeline
specificationNote that Matrix
is not yet fully functional.
Promoting graceful termination of pipelinerun to beta and keeping PipelineRunCancelled
as deprecated, it will be removed after 3 releases
Initial integration with tektoncd/resolution project, allowing pipelineRefs to be resolved directly from public git repos.
default-affinity-assistant-pod-template
field in config-defaults
ConfigMap. Template merge rules is the same as the generic Pod templates (the template specified in the PipelineRun
or TaskRun
takes precedence over the one in the defaults).ImagePullSecrets
.updatePipelineRunStatusFromChildRefs
function (#4760)The PipelineRun.Status.TaskRuns
and PipelineRun.Status.Runs
fields are deprecated and will be removed in January, 2023. Please find more details in the proposal - TEP-0100.
With 0.35, graceful termination of PipelineRuns is now a stable feature and is no longer behind alpha feature flag. For more information related to graceful cancellation, you can refer to TEP-0058. Now, what this means is that the existing status PipelineRunCancelled which was deprecated in 0.25.0 release of Tekton Pipelines will be removed after 3 releases, i.e., in 0.38.0 release it will be removed completely and replaced by Cancelled in case of completely cancelling the PipelineRuns.
No changes need to be made to your Pipelines and Tasks. If you have tools to cancel the running pipeline, those tools will have to be updated in 0.38.0. This change also affects the tools such as Dashboard, CLI, IDE extensions, etc. as they now need to start supporting the new PipelineRun statuses. Tekton CLI has already made the following changes and will be available in the new release 0.24.0.
In current release:
In TEP-0007: Conditions Beta, we introduced when expressions to guard execution of Tasks in Pipelines. To align with Conditions, we set scope of when expressions to the guarded Task and its dependent Tasks.
In TEP-0059: Skipping Strategies, we proposed changing the scope of when expressions to the guarded Task only. This was implemented in https://github.com/tektoncd/pipeline/pull/4085. We provided a feature flag, scope-when-expressions-to-task, to support migration. It defaulted to false for 9 months per our Beta API compatibility policy, meaning that we continued to guard the Task and its dependent Tasks. Then in https://github.com/tektoncd/pipeline/pull/4580, we flipped the flag to true to guard the Task only by default.
In this change, we remove the scope-when-expressions-to-task flag and complete the migration.
The pullrequest-init-build-base seemed to include a root and nonroot user to account for the fact that PR directories and files may have been written by a different (possibly non-root) user, and needed to be read by the pullrequest-init container image.
In order to achieve this, the image no longer needed to be based on a custom-built base image -- it seems like the rootful gcr.io/distroless/static base image is sufficient so removing pullrequest-init-build-base.
Fixed git-init behavior to work with Git 2.35.2 changes.
Fix panic when reconciling PipelineRun with indirectly-created custom tasks.
[Bug fix]: Allow TaskRuns/Runs to complete retries when PipelineRun is stopped, including graceful stopping
π Add listType annotations (#4402)
π Don't wait for TaskRun to be observed Running. (#4773)
π Fix TestReconcileOnCompletedTaskRun (#4695)
Linux builds for windows-compatible images now use gcr.io/distroless/static:nonroot instead of gcr.io/distroless/base:debug-nonroot (drops glibc and busybox)
The default shell image is now nonroot by default, and much smaller.
The git-init image is now based on ghcr.io/distroless/git with fewer unused packages installed! π
Tekton Pipelines now uses k8s 23 libs
π¨ migrate yaml package to sigs.k8s.io/yaml (#4754)
π¨ PullRequest PipelineResource expects root (#4718)
The pullrequest PipelineResource is updated to explicitly set its runAsUser to 0. PipelineResources aren't tested as anything other than the root user and this change makes that explicit.
The pullrequest-init base image also no longer uses the root user by default. It now defaults to using UID 65532.
Tekton build with golang 1.17.8
pipelinerun_test.go
reconciler tests (#4768)taskrun_test.go
(#4751)t.TempDir
to create temporary test directory (#4727)π k8s 1.21 is the minimum required (#4719)
π Add example for PipelineRun namespace context variable (#4703)
π Add v0.34.0 and v0.33.3 to the README (#4698)
π Update tutorial links (#4789)
π Update date of removal of PipelineRunCancelled (#4783)
π Add links to readme and docs for several minor releases (#4724)
π Add example and docs for array param with defaults π (#4518)
Thanks to these contributors who contributed to v0.35.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.31.4
-Examples @ v0.31.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.4/release.yaml
The Rekor UUID for this release is 34c51da902ac3809cabe793c88a66863eff038a74275ee9f51c83e47d6f0b9b1
Obtain the attestation:
REKOR_UUID=34c51da902ac3809cabe793c88a66863eff038a74275ee9f51c83e47d6f0b9b1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.4/release.yaml
REKOR_UUID=34c51da902ac3809cabe793c88a66863eff038a74275ee9f51c83e47d6f0b9b1
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.31.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton Pipeline v0.32.4 rebuilt with golang 1.17.8
Thanks to these contributors who contributed to v0.31.4!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.32.4
-Examples @ v0.32.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.4/release.yaml
The Rekor UUID for this release is 569c1fade99997a8cedffb696408ee5e0dceb0f02daf1fdadecc5c5e0d42b662
Obtain the attestation:
REKOR_UUID=569c1fade99997a8cedffb696408ee5e0dceb0f02daf1fdadecc5c5e0d42b662
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.4/release.yaml
REKOR_UUID=569c1fade99997a8cedffb696408ee5e0dceb0f02daf1fdadecc5c5e0d42b662
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.32.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton Pipeline v0.32.4 rebuilt with golang 1.17.8
Thanks to these contributors who contributed to v0.32.4!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.30.4
-Examples @ v0.30.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.4/release.yaml
The Rekor UUID for this release is 08691ed5de578de9fb4570c5dd4f7c0e3ee061dc7f34f708de8b276bc9377744
Obtain the attestation:
REKOR_UUID=08691ed5de578de9fb4570c5dd4f7c0e3ee061dc7f34f708de8b276bc9377744
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.4/release.yaml
REKOR_UUID=08691ed5de578de9fb4570c5dd4f7c0e3ee061dc7f34f708de8b276bc9377744
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.30.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton Pipeline v0.33.4 rebuilt with golang 1.17.8
Thanks to these contributors who contributed to v0.30.4!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.34.1
-Examples @ v0.34.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.1/release.yaml
The Rekor UUID for this release is 95e22c05299c9a60e2b4e8bc6a18017b0a8b4da3bc222fd945f7b407979108d1
Obtain the attestation:
REKOR_UUID=95e22c05299c9a60e2b4e8bc6a18017b0a8b4da3bc222fd945f7b407979108d1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.1/release.yaml
REKOR_UUID=95e22c05299c9a60e2b4e8bc6a18017b0a8b4da3bc222fd945f7b407979108d1
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.34.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton Pipelines v0.34.0 rebuilt on golang v1.17.8
Thanks to these contributors who contributed to v0.34.1!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.33.4
-Examples @ v0.33.4
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.4/release.yaml
The Rekor UUID for this release is d77c1b4c638f50249c5dcba385b4600d0f2759a50b7af5f9374101207d4f6797
Obtain the attestation:
REKOR_UUID=d77c1b4c638f50249c5dcba385b4600d0f2759a50b7af5f9374101207d4f6797
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.4/release.yaml
REKOR_UUID=d77c1b4c638f50249c5dcba385b4600d0f2759a50b7af5f9374101207d4f6797
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Tekton Pipeline release v0.33.3 rebuilt on golang v1.17.8
Thanks to these contributors who contributed to v0.33.4!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.34.0
-Examples @ v0.34.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.0/release.yaml
The Rekor UUID for this release is 1a84bc03f5f849d177185512d5578da724982ad33457852a1da2e93f259e7fb7
Obtain the attestation:
REKOR_UUID=1a84bc03f5f849d177185512d5578da724982ad33457852a1da2e93f259e7fb7
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.34.0/release.yaml
REKOR_UUID=1a84bc03f5f849d177185512d5578da724982ad33457852a1da2e93f259e7fb7
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.34.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
β¨ TEP-0090: Matrix - Context Variables (#4689)
Parameters
in Matrix
support Context Variables
. Note that Matrix
is not yet fully functional.
β¨ Implement CloudEvents for Runs (#4663)
Tekton Pipelines can now generate CloudEvents for Runs.
This feature is disabled by default. It can by enable by setting a sink URL and flipping the new feature flag "send-cloudevents-for-runs" to "true"
β¨ Add CloudEvents for Run definitions (#4659)
CloudEvents for Run have been defined, but they are not sent yet.
β¨ TEP-0090: Matrix - API Change and Feature Flag (#4600)
Added syntax support for Matrix
as an alpha feature. It is still in a very early stage of development and is not yet fully functional.
β¨ Implement Step and Sidecar Overrides for TaskRun (#4598)
β¨ Add functions to merge step/sidecar overrides (#4617)
In current release:
π¨ Change Default Metrics Level for Taskrun and Pipelinerun (#4630)
The Level for taskrun and pipelinerun metrics will change in this release. By default, taskrun and pipelinerun metrics have these values:
metrics.taskrun.level: "task"
metrics.taskrun.duration-type: "histogram"
metrics.pipelinerun.level: "pipeline"
metrics.pipelinerun.duration-type: "histogram"
π¨ If an annotation or label is present in both Pipeline and PipelineRun, the value in the Run type takes precedence (same for Task and TaskRun) (#4638)
π TEP-0090: Add validation for PipelineTask context variables (#4684)
π Update getNextTasks to support Run retries (#4647)
schedule Runs with remaining retries
π Update IsFailure method to reflect Run retries (#4625)
Runs that have remaining retries are not failed
π set the param type based on the default value (#4608)
Set the type of the param based on the default value when the type is not specified or cannot be inferred from the default value.
π workspace-in-sidecar flakey test fix (#4634)
π Add log line to debg workspace-in-sidecar example (#4646)
π Fix Task(Run)/Pipeline(Run) metadata propagation (#4638)
Fix Task(Run)/Pipeline(Run) metadata propagation, If an annotation or label is present in both Pipeline and PipelineRun, the value in the
Run type takes precedence (same for Task and TaskRun)
π Change Default Metrics Level for Taskrun and Pipelinerun (#4630)
The Level for taskrun and pipelinerun metrics will change in this release. By default, taskrun and pipelinerun metrics have these values:
metrics.taskrun.level: "task"
metrics.taskrun.duration-type: "histogram"
metrics.pipelinerun.level: "pipeline"
metrics.pipelinerun.duration-type: "histogram"
π¨ refactor reconcile pipeline TaskSpecMetadata test (#4693)
π¨ refactor create helpers in reconcile pr tests (#4682)
π¨ TEP-0090: Refactor Pipeline Workspaces Validation (#4670)
π¨ clean up reconcile unit test to use YAML parser (#4637)
π¨ test reconcile on cancelled refactor (#4628)
π¨ refactor TestReconcile_PipelineSpecTaskSpec result (#4627)
π¨ TEP-0058: Graceful Termination - is deprecated (#4612)
Reminder that PipelineRunCancelled
was deprecated in v0.25. Earliest removal date is March 2022.
π¨ Build tekton pipelines with golang 1.17 (#4639)
Tekton is now built using golang 1.17.7
π¨ PipelineRunState cleanup: tests + comments (#4667)
π¨ Remove unused windows dockerfiles (#4644)
π¨ cleanup - refactor taskRunStatus and runStatus unit tests (#4632)
π¨ Replace remaining implementations of TestClock (#4624)
π¨ refactor TestReconcile_PipelineSpecTaskSpec objects (#4622)
π¨ clean up TestReconcile_CloudEvents YAML parsing (#4619)
π¨ cleaning up a unit test InvalidPipelineRuns to use YAML parser (#4616)
π¨ Replace Clock package with k8s Clock package (#4607)
π¨ Remove broken link in development doc (#4602)
π¨ Add GetStatusCondition for Run (#4658)
π¨ TEP-0090: Pipeline Context Variables - Fix Validation Tests (#4685)
π¨ Add hostAliases to podTemplate doc (#4683)
π¨ go.mod: bump containerd dependency to 1.5.10 (#4649)
π¨ TEP-0090: Refactor execution status validation (#4635)
π¨ Remove lengthly operations from hermetic tests π§ͺ (#4590)
π TEP-0090: Matrix - Update API definition (#4601)
π Update the release cheatsheet to the new release drafter (#4677)
π Update API reference docs for TaskRun (#4662)
π Add links to docs and examples for 4 minor releases (#4650)
π Add links to docs and examples for v0.33.0 (#4595)
π Update taskrun code example links in the documentation (#4692)
Thanks to these contributors who contributed to v0.34.0!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.31.3
-Examples @ v0.31.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.3/release.yaml
The Rekor UUID for this release is a738563a98478da2c67936408825a60e8e67502e462938be8e42535f97ff9bfd
Obtain the attestation:
REKOR_UUID=a738563a98478da2c67936408825a60e8e67502e462938be8e42535f97ff9bfd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.3/release.yaml
REKOR_UUID=a738563a98478da2c67936408825a60e8e67502e462938be8e42535f97ff9bfd
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.31.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
There are no code changes in this release.
Tekton Pipeline release v0.31.3 is identical to v0.31.2, but rebuilt with golang v1.17.7.
Thanks to these contributors who contributed to v0.31.3!
Published by tekton-robot over 2 years ago
-Docs @ v0.32.3
-Examples @ v0.32.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.3/release.yaml
The Rekor UUID for this release is db07ee76eae2ae06792990fde3c18e2551a5a820b242d5766dff8af5b7ee632b
Obtain the attestation:
REKOR_UUID=db07ee76eae2ae06792990fde3c18e2551a5a820b242d5766dff8af5b7ee632b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.3/release.yaml
REKOR_UUID=db07ee76eae2ae06792990fde3c18e2551a5a820b242d5766dff8af5b7ee632b
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.32.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
There are no code changes in this release.
Tekton Pipeline release v0.32.3 is identical to v0.32.2, but rebuilt with golang v1.17.7.
Thanks to these contributors who contributed to v0.32.3!
Published by tekton-robot over 2 years ago
-Docs @ v0.30.3
-Examples @ v0.30.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.3/release.yaml
The Rekor UUID for this release is bed8ac13a06cc1367ce7e7ba8f24a4ae912722abe0645a1bbcd8b4e3be340715
Obtain the attestation:
REKOR_UUID=bed8ac13a06cc1367ce7e7ba8f24a4ae912722abe0645a1bbcd8b4e3be340715
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.3/release.yaml
REKOR_UUID=bed8ac13a06cc1367ce7e7ba8f24a4ae912722abe0645a1bbcd8b4e3be340715
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.30.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
There are no code changes in this release.
Tekton Pipeline release v0.30.3 is identical to v0.30.2, but rebuilt with golang v1.17.7.
Thanks to these contributors who contributed to v0.30.3!
Published by tekton-robot over 2 years ago
-Docs @ v0.33.3
-Examples @ v0.33.3
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.3/release.yaml
The Rekor UUID for this release is 58a9cc1653c98f726dbce1683b3052d7a5d8efe967636429412d5fe8c13ce7bf
Obtain the attestation:
REKOR_UUID=58a9cc1653c98f726dbce1683b3052d7a5d8efe967636429412d5fe8c13ce7bf
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.3/release.yaml
REKOR_UUID=58a9cc1653c98f726dbce1683b3052d7a5d8efe967636429412d5fe8c13ce7bf
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
There are no code changes in this release.
Tekton Pipeline release v0.33.3 is identical to v0.33.2, but rebuilt with golang v1.17.7.
Thanks to these contributors who contributed to v0.33.3!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.30.2
-Examples @ v0.30.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.2/release.yaml
The Rekor UUID for this release is 344bfcaf7c5aa70754672a0da6ea9d61f0cdc8e8589a2c58e44fb82e02d1a8a6
Obtain the attestation:
REKOR_UUID=344bfcaf7c5aa70754672a0da6ea9d61f0cdc8e8589a2c58e44fb82e02d1a8a6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.30.2/release.yaml
REKOR_UUID=344bfcaf7c5aa70754672a0da6ea9d61f0cdc8e8589a2c58e44fb82e02d1a8a6
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.30.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
This release is the same as v0.30.1, but rebuilt using golang v1.17.7.
Thanks to these contributors who contributed to v0.30.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.31.2
-Examples @ v0.31.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.2/release.yaml
The Rekor UUID for this release is 92ea7e8a8b5343fc6e84d7cc29d9ed02d2f4e4170e51bf4f5a568e92ccd1a62c
Obtain the attestation:
REKOR_UUID=92ea7e8a8b5343fc6e84d7cc29d9ed02d2f4e4170e51bf4f5a568e92ccd1a62c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.31.2/release.yaml
REKOR_UUID=92ea7e8a8b5343fc6e84d7cc29d9ed02d2f4e4170e51bf4f5a568e92ccd1a62c
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.31.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
This release is the same as v0.31.1, but rebuilt using golang v1.17.7.
Thanks to these contributors who contributed to v0.31.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.32.2
-Examples @ v0.32.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.2/release.yaml
The Rekor UUID for this release is 4468a40e9152007916ffb200c5ad6852a7c7d6f064efec515af2e9f9ad95005b
Obtain the attestation:
REKOR_UUID=4468a40e9152007916ffb200c5ad6852a7c7d6f064efec515af2e9f9ad95005b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.2/release.yaml
REKOR_UUID=4468a40e9152007916ffb200c5ad6852a7c7d6f064efec515af2e9f9ad95005b
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.32.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
This release is the same as v0.32.1, but rebuilt using golang v1.17.7.
Thanks to these contributors who contributed to release-v0.32.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.33.2
-Examples @ v0.33.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.2/release.yaml
The Rekor UUID for this release is 54dfb92e4adb988fcba9d78f15b73c5a31ce560100f1e72fc6fed0a399c7c611
Obtain the attestation:
REKOR_UUID=54dfb92e4adb988fcba9d78f15b73c5a31ce560100f1e72fc6fed0a399c7c611
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.2/release.yaml
REKOR_UUID=54dfb92e4adb988fcba9d78f15b73c5a31ce560100f1e72fc6fed0a399c7c611
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Same as v0.33.0
:
The scope-when-expressions-to-task
flag will be removed in the next release.
We recommend migrating Pipelines
to using when
expressions scoped to the guarded Task
only.
Same as v0.33.0
:
π¨ Tekton v0.33.2 requires Kubernetes v1.21+ π¨
The configuration flags disable-working-dir-overwrite
and disable-home-env-overwrite
and associated features are not available anymore. Users that rely on automatic workingDir
and HOME
overwrite must update their Tasks
to explicitly them before updating to
this release.
The when
expressions in a given Task
are scoped to guard the Task
only by default. Users that rely the Branch
scope can use the scope-when-expressions-to-task
to continue guarding the Task
and its dependent Tasks
.
There a no new commits in v0.33.2 compared to v0.33.1 - the only change is that the release has been rebuilt using golang v1.17.7.
Thanks to these contributors who contributed to v0.33.2!
Extra shout-out for awesome release notes:
Published by tekton-robot over 2 years ago
-Docs @ v0.33.1
-Examples @ v0.33.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.1/release.yaml
The Rekor UUID for this release is 18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb
Obtain the attestation:
REKOR_UUID=18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.1/release.yaml
REKOR_UUID=18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Same as v0.33.0
:
The scope-when-expressions-to-task
flag will be removed in the next release.
We recommend migrating Pipelines
to using when
expressions scoped to the guarded Task
only.
Same as v0.33.0
:
π¨ Tekton v0.33.1 requires Kubernetes v1.21+ π¨
The configuration flags disable-working-dir-overwrite
and disable-home-env-overwrite
and associated features are not available anymore. Users that rely on automatic workingDir
and HOME
overwrite must update their Tasks
to explicitly them before updating to
this release.
The when
expressions in a given Task
are scoped to guard the Task
only by default. Users that rely the Branch
scope can use the scope-when-expressions-to-task
to continue guarding the Task
and its dependent Tasks
.
#4599: Reduce some spammy logs when resolving images not on ECR.
#4616: Pick up a fix in a dependency affecting Docker registry auth configs stored in Secrets where the registry string included the URL scheme ("https://", "http://"), or a registry path component ("/v1/" or "/v2/").
Thanks to these contributors who contributed to v0.33.1!
Extra shout-out for awesome release notes: