Releases: tektoncd/pipeline
Tekton Pipeline release v0.60.0 "Chinchilla Tobor"
π Artifacts through Sidecar Logs and Concise Resolver Syntax(Stage I)π
-Docs @ v0.60.0
-Examples @ v0.60.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
- β¨ feat: Surface artifacts through sidecar container logs. (#7883)
Surface artifacts through sidecar container logs.
- β¨ add namespace label/tag to non-deprecated throttle metrics (#7879)
Add 'namespace' label/tag to the 'tekton_pipelines_controller_running_taskruns_throttled_by_quota' and 'tekton_pipelines_controller_running_taskruns_throttled_by_node' metrics, as kubernetes quota definitions are namespace scoped, hence certain namespaces may be more susceptible to quota throttling than others, and in a multi-node environment, not all namespaces are necessarily on the same node.
To enable this new label/tag, set 'metrics.taskrun.throttle.enable-namespace' to 'true' in the 'config-observability' ConfigMap
- β¨ TEP-0154: Enable concise resolver syntax - stage 1 (#7845)
TEP-0154: Enable concise resolver syntax
- β¨ Add reason tag to duration metrics (#7812)
The reason tag has been added to the duration metrics of taskrun and pipelinerun.
Fixes
- π Propagate params in pipelines (#7930)
Enable propagating params in Pipelines.
- π Fix version mismatch of aws-sdk-go-v2 (#7921)
Fixing "401 Not Authorized" using Image from private AWS ECR without specifying "command" or "script" in Task.
- π allow for retry on typically transient k8s errors in both core controller and resolver for remote resolution (#7894)
This fix address the lack of retry on transient kubernetes errors during remote resolution for tasks, etc.
- π Fix: Faulty Remote Resource Accepted by Remote Resolution (#7952)
- π minor followup to PR 7894 (#7950)
- π fix: prevent repeated setting of pipeline name label (#7732)
- π fix: when using remote resources, the related metrics tag name is wrong (#7731)
Misc
- π¨ Deprecate current resolution framework (#7945)
Mark current resolver framework as deprecated. Note: we are not removing the interface to be compatible with our Go policy.
- π¨ misc: promote stepAction to beta (#7920)
promote StepActions to beta
- π¨ fix: artifactsFlag (#7914)
fix defaultEnableArtifacts flag uses wrong name
- π¨ Upgraded Remote Resolution Framework (#7910)
Upgraded remote resolution framework.
- π¨ Bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 (#7975)
- π¨ Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.26.0 to 1.27.0 (#7972)
- π¨ chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#7968)
- π¨ chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#7967)
- π¨ chore(deps): bump github.com/golangci/golangci-lint from 1.58.1 to 1.58.2 in /tools (#7966)
- π¨ chore(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17 (#7961)
- π¨ chore(deps): bump k8s.io/client-go from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#7949)
- π¨ chore(deps): bump k8s.io/api from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#7948)
- π¨ chore(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#7947)
- π¨ chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.4 to 1.9.6 (#7946)
- π¨ chore(deps): bump the all group in /tekton with 3 updates (#7944)
- π¨ chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#7943)
- π¨ chore(deps): bump github/codeql-action from 3.25.3 to 3.25.5 (#7942)
- π¨ chore(deps): bump tj-actions/changed-files from 44.3.0 to 44.4.0 (#7941)
- π¨ Add image replacement for amd64 specific image for entrypoint-resolution test and update docker-in-docker test image for Power. (#7937)
- π¨ chore(deps): bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /tools (#7936)
- π¨ chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 (#7934)
- π¨ chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#7933)
- π¨ chore(deps): bump the all group in /tekton with 4 updates (#7932)
- π¨ chore(deps): bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#7931)
- π¨ chore(deps): bump github.com/jenkins-x/go-scm from 1.14.30 to 1.14.34 (#7928)
- π¨ chore(deps): bump github.com/golangci/golangci-lint from 1.57.2 to 1.58.0 in /tools (#7927)
- π¨ chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#7926)
- π¨ chore(deps): bump the all group in /tekton with 2 updates (#7925)
- π¨ chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#7924)
- π¨ chore(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#7923)
Docs
- π Update releases.md for v0.59 (#7917)
- π v1beta1 fields updated to v1 in docs and examples (#7873)
Thanks
Thanks to these contributors who contributed to v0.60.0!
- β€οΈ @Sachin-Itagi
- β€οΈ @afrittoli
- β€οΈ @chitrangpatel
- β€οΈ @cugykw
- β€οΈ @dependabot[bot]
- β€οΈ @ericzzzzzzz
- β€οΈ @gabemontero
- β€οΈ @khrm
- β€οΈ @ppitonak
- β€οΈ @seternate
Extra shout-out for awesome release notes:
- π @chitrangpatel
- π @ericzzzzzzz
- π @gabemontero
- π @khrm
- π @seternate
Tekton Pipeline release v0.59.0 "Scottish Fold Sox" LTS
π Artifact Metadata, Improved StepActions and Improved Stability π
-Docs @ v0.59.0
-Examples @ v0.59.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Upgrade Notices
Tekton v0.59 minimum Kubernetes version is 1.27.
Changes
Features
- β¨ Add a feature flag to disable inline spec (#7844)
Add a feature flag disable-inline-spec
to disable embedded spec in Pipeline(PipelineSpec/TaskSpec), Taskrun(TaskSpec), and Pipelinerun. (PipelineSpec) By default, the inline specs will be enabled. Only if the flag is set to "pipeline", "pipelinerun" and "taskrun" or a combination like "pipeline,pipelinerun" would the inline spec be disabled for Pipeline, PipelineRun, or TaskRun.
- β¨ Add description to StepActions (#7831)
Add description to StepActions
- β¨ kind/feat: Surface artifacts through termination message (#7714)
Surface artifact metadata through termination message
Fixes
- π fix: resolve pod creation failure on retry when using (#7887)
fix: resolve pod creation failure on retry when using workspace.<name>.volume
- π Fix ImagePullTimeout to use Initialized (#7882)
Fix ImagePullTimeout to use "PodInitialized" or "PodReadyToStartContainers" PodCondition transition time
- π Enable Param Substitution in StepAction resolver reference params (#7872)
Enable Param Substitution in StepAction resolver reference params
- π validate TaskRun retries in TestRunSpec is greater than or equal to zero (#7836)
fix: the retries value has not been verified
- π fix: stepresult intepolations does not accept multiple matches (#7830)
fix: cannot use multiple step results at the same time for interpolation.
- π Fix the naming for Metrics as per convention (#7810)
We introduce new metrics with compliant naming.
Gauge metrics: Gauge metrics shouldn't end with count as it implies a counter.
Counter metrics: Counter metrics shouldn't end with count as it implies a counter from the histogram. Instead, we should use total.
Previous Metrics are deprecated because they don't satisfy the Prometheus naming convention. Consult https://github.com/tektoncd/pipeline/blob/main/docs/metrics.md to know the updated names and tags.
- π Remove conversion configuration for (#7796)
Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.
- π Do not register for conversion (#7795)
Removed StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.
- π fix: ensure default type for params in remote tasks to prevent pipeline failures (#7776)
fix: resolve issues that may cause pipeline failures when using remote resources
- π fix: do not set default kind when taskRef resolver is present (#7763)
fix: do not set default kind when taskRef resolver is present
- π fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing (#7761)
fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing
- π Fix: Merge StepTemplate with Step containing Results and Params (#7757)
Fix: Merge StepTemplate with Step containing Results and Params
- π fix: the params in step replace other fields in step that are not in stepaction (#7755)
Pass only the fields in stepaction
and replace these fields with the params
in step.
- π Fix bugfix-release.sh behavior when there is nothing to release (#7860)
- π [StepActions] when using a stepTemplate the ref gets removed (#7813)
Misc
- π¨ Update docker/docker to v26.0.0 (#7842)
Update docker/docker dependency to v26.0.0
- π¨ Bump knative/pkg to 1.13 and k8s.io to 0.28.5 (#7808)
knative/pkg dependency is now 1.13 and k8s.io dependencies are 0.28.x.
In addition, this makes the minimum kubernetes version supported by tektoncd/pipeline to be 1.27.
- π¨ Update golangci version and configuration, and fix errors (#7832)
- π¨ Fix: add notes for why not to import the dependency pkg for OptimisticLockErrorMsg (#7780)
- π¨ Fix shell for tag-images step (#7912)
- π¨ Fix the shell in crane image (#7911)
- π¨ chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.25.0 to 1.26.0 (#7908)
- π¨ chore(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 (#7905)
- π¨ chore(deps): bump the all group in /tekton with 4 updates (#7900)
- π¨ chore(deps): bump tj-actions/changed-files from 44.0.1 to 44.3.0 (#7899)
- π¨ chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#7898)
- π¨ chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#7897)
- π¨ chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 (#7896)
- π¨ chore(deps): bump k8s.io/client-go from 0.27.11 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#7891)
- π¨ chore(deps): bump k8s.io/api from 0.27.12 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#7890)
- π¨ chore(deps): bump code.gitea.io/sdk/gitea from 0.17.1 to 0.18.0 (#7889)
- π¨ chore(deps): bump the all group in /tekton with 4 updates (#7885)
- π¨ chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 (#7884)
- π¨ kind/misc: add error log (#7874)
- π¨ chore(deps): bump the all group in /tekton with 4 updates (#7868)
- π¨ chore(deps): bump tj-actions/changed-files from 44.0.0 to 44.0.1 (#7867)
- π¨ chore(deps): bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#7866)
- π¨ chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.3 to 1.9.4 (#7862)
- π¨ chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 (#7861)
- π¨ release: add a small script to "automate" bugfix releases (#7855)
- π¨ chore: fix function names in comment (#7853)
- π¨ chore(deps): bump github.com/containerd/containerd from 1.7.14 to 1.7.15 (#7849)
- π¨ chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.25.0 (#7848)
- π¨ chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.2 to 1.9.3 (#7847)
- π¨ .github/workflow: update (and harden) codeql workflow (#7843)
- π¨ chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#7835)
- π¨ chore(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#7834)
- π¨ chore(deps): bump github.com/jenkins-x/go-scm from 1.14.29 to 1.14.30 (#7829)
- π¨ Initiate Conformance Test Suite (#7826)
- π¨ chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.2 to 1.8.3 (#7825)
- π¨ chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 (#7824)
- π¨ chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.2 to 1.8.3 (#7823)
- π¨ chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.3 (#7821)
- π¨ chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#7820)
- π¨ chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.2 to 1.8.3 (#7819)
- π¨ chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.2 to 1.8.3 (#7818)
- π¨ chore(deps): bump tj-actions/changed-files from 43.0.1 to 44.0.0 (#7817)
- π¨ chore(deps): bump github.com/golangci/golangci-lint from 1.57.1 to 1.57.2 in /tools (#7816)
- π¨ chore(deps): bump github.com/jenkins-x/go-scm from 1.14.26 to 1.14.29 (#7815)
- π¨ chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.1 to 1.9.2 (#7806)
- π¨ chore(deps): bump tj-actions/changed-files from 43.0.0 to 43.0.1 (#7803)
- π¨ chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 (#7802)
- π¨ chore(deps): bump github.com/golangci/golangci-lint from 1.56.2 to 1.57.1 in /tools (#7785)
- π¨ chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.0 to 1.9.1 (#7784)
- π¨ chore(deps): bump github.com/google/cel-go from 0.20.0 to 0.20.1 (#7783)
- π¨ chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.1 to 2.15.2 (#7782)
- π¨ chore(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 (#7781)
- π¨ chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7750)
- π¨ .github/workflows: make codeql a bit quicker (#7728)
- π¨ Replace out of date publish images with cgr.dev equivalents. (#7359)
- π¨ Update golang/x/net to handle GO-2024-2687 (#7841)
Docs
- π fi...
Tekton Pipeline release v0.56.4 "Persian Terminator"
-Docs @ v0.56.4
-Examples @ v0.56.4
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.4/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.4/release.yaml
REKOR_UUID=24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.4@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- π [release-v0.56.x] [StepActions] when using a stepTemplate the ref gets removed (#7814)
- [release-v0.56.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7856)
- [release-v0.56.x] Update go-git/v5 for CVE-2023-49569 (#7837)
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.56.4!
- β€οΈ @tekton-robot
- β€οΈ @vdemeester
Extra shout-out for awesome release notes:
- π @vdemeester
Tekton Pipeline release v0.53.6 "Chartreux Rachael"
-Docs @ v0.53.6
-Examples @ v0.53.6
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.6/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.6/release.yaml
REKOR_UUID=24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.6@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- [release-v0.53.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7857)
- [release-v0.53.x] Update go-git/v5 for CVE-2023-49569 (#7838)
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.53.6!
- β€οΈ @vdemeester
Extra shout-out for awesome release notes:
- π @vdemeester
Tekton Pipeline release v0.50.6 "Russian Blue Daneel Olivaw"
-Docs @ v0.50.6
-Examples @ v0.50.6
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.6/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.6/release.yaml
REKOR_UUID=24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.6@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- π [release-v0.50.x] Remove conversion configuration for (#7798)
emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.
- π [release-v0.50.x] fix: ensure clustertask annotations are synced to taskrun (#7656)
ix: ensure ClusterTask
annotations and labels are synced to TaskRun
- π [release-v0.50.x] Fix validations for Sidecars to be consistent (#7451)
idecars are now validated at admission webhook
- π [release-v0.50.x] don't return validation error when final tasks failed/skipped (#7485)
- [release-v0.50.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7858)
- [release-v0.50.x] Update go-git/v5 for CVE-2023-49569 (#7839)
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.50.6!
- β€οΈ @tekton-robot
- β€οΈ @vdemeester
Extra shout-out for awesome release notes:
- π @tekton-robot
- π @vdemeester
Tekton Pipeline release v0.47.9 "Chartreux Rachael"
-Docs @ v0.47.9
-Examples @ v0.47.9
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.9/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.9/release.yaml
REKOR_UUID=24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.9@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- [release-v0.47.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7859)
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.47.9!
- β€οΈ @vdemeester
Extra shout-out for awesome release notes:
- π @vdemeester
Tekton Pipeline release v0.47.8 "Chartreux Rachael"
-Docs @ v0.47.8
-Examples @ v0.47.8
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.8/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.8/release.yaml
REKOR_UUID=24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.8@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- [release-v0.47.x] Update go-git/v5 for CVE-2023-49569 (#7840)
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.47.8!
- β€οΈ @vdemeester
Extra shout-out for awesome release notes:
- π @vdemeester
Tekton Pipeline release v0.56.3 "Persian Terminator"
-Docs @ v0.56.3
-Examples @ v0.56.3
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.3/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.3/release.yaml
REKOR_UUID=24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.3@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- π [release-v0.56.x] Fix: Merge StepTemplate with Step containing Results and Params (#7809)
ix: Merge StepTemplate with Step containing Results and Params
- π [release-v0.56.x] Do not register for conversion (#7801)
emoved StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.
- π [release-v0.56.x] Remove conversion configuration for (#7800)
emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.56.3!
- β€οΈ @tekton-robot
Extra shout-out for awesome release notes:
- π @tekton-robot
Tekton Pipeline release v0.53.5 "Munchkin Maschinenmensch"
-Docs @ v0.53.5
-Examples @ v0.53.5
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.5/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.5/release.yaml
REKOR_UUID=24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.5@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- π [release-v0.53.x] Remove conversion configuration for
ClusterTask
(#7797)
Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.53.5!
- β€οΈ @tekton-robot
Extra shout-out for awesome release notes:
- π @tekton-robot
Tekton Pipeline release v0.47.7 "Chartreux Rachael"
-Docs @ v0.47.7
-Examples @ v0.47.7
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.7/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.7/release.yaml
REKOR_UUID=24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.7@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
Fixes
- π [release-v0.47.x] Remove conversion configuration for (#7799)
emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.
Misc
Docs
Thanks
Thanks to these contributors who contributed to v0.47.7!
- β€οΈ @tekton-robot
Extra shout-out for awesome release notes:
- π @tekton-robot