fix(deps): update module github.com/tektoncd/pipeline to v0.65.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/tektoncd/pipeline	v0.39.0 -> v0.65.1

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.65.1: Tekton Pipeline release v0.65.1 "Sokoke Herbie LTS"

Compare Source

-Docs @​ v0.65.1
-Examples @​ v0.65.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677abd62783f1c644771b33f78da6ddf96863355b36a2807c1f93a433eb1e2babdeb

Obtain the attestation:

REKOR_UUID=108e9186e8c5677abd62783f1c644771b33f78da6ddf96863355b36a2807c1f93a433eb1e2babdeb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.1/release.yaml
REKOR_UUID=108e9186e8c5677abd62783f1c644771b33f78da6ddf96863355b36a2807c1f93a433eb1e2babdeb

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [release-v0.65.x] Expose Resolvers Controller performance tuning configurations (#​8364)

e can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 [release-v0.65.x] Add Failed Validation group in message for the status message in PipelineRun (#​8372)
• 🐛 [release-v0.65.x] Run finally pipeline even if task is failed at the validation (#​8367)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.65.0: Tekton Pipeline release v0.65.0 "Sokoke Herbie LTS"

Compare Source

-Docs @​ v0.65.0
-Examples @​ v0.65.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aad7a1878b454249eae3ea9a5ff3b0eef665d0995b57a367880b4b34fbd42a3b4

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aad7a1878b454249eae3ea9a5ff3b0eef665d0995b57a367880b4b34fbd42a3b4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.0/release.yaml
REKOR_UUID=108e9186e8c5677aad7a1878b454249eae3ea9a5ff3b0eef665d0995b57a367880b4b34fbd42a3b4

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add support for priorityClassName in affinityAssistantPodTemplate (#​8286)

Add support for priorityClassName in affinityAssistantPodTemplate

This will help to specify default priorityClassName in affinity assistant podTemplate for affinity assistant pods.
Also value specified in pipelinerun/taskrun will be used for both affinity assistant pods and taskrun pods.

• ✨ Add support for multiple git resolver configurations (#​8263)

Add support for multiple git resolver configurations

• ✨ Add Metrics for Running PipelinesRuns at Pipeline and Namespace level (#​8280)

Fixes

Misc

• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8342)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8331)
• 🔨 build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#​8330)
• 🔨 build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 (#​8329)
• 🔨 build(deps): bump actions/cache from 4.1.0 to 4.1.1 (#​8328)
• 🔨 tekton: update bugfix-release.sh script for ghcr.io (#​8323)
• 🔨 build(deps): bump actions/cache from 4.0.2 to 4.1.0 (#​8321)
• 🔨 build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#​8320)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.2 to 45.0.3 (#​8319)
• 🔨 build(deps): bump github/codeql-action from 3.26.10 to 3.26.12 (#​8318)
• 🔨 build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#​8317)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​8316)
• 🔨 build(deps): bump actions/setup-go from 5.0.0 to 5.0.2 (#​8309)
• 🔨 build(deps): bump github/codeql-action from 3.26.8 to 3.26.10 (#​8308)
• 🔨 build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#​8307)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.60.3 to 1.61.0 in /tools (#​8254)
• 🔨 Improve how gosec G115 findings are addressed (#​8250)
• 🔨 build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#​8231)

Docs

• 📖 Update the release cheat-sheet (#​8302)

Container images in the release are stored in ghcr.io,

• 📖 docs: fix formatting in artifacts.md (#​8326)
• 📖 Improve git resolver docs (#​8311)
• 📖 Update releases.md with v0.64.0 (#​8304)

Thanks

Thanks to these contributors who contributed to v0.65.0!

• ❤️ @​SaschaSchwarze0
• ❤️ @​afrittoli
• ❤️ @​dependabot[bot]
• ❤️ @​piyush-garg
• ❤️ @​pramodbindal
• ❤️ @​tarilabs
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​afrittoli
• 😍 @​piyush-garg

v0.64.0: Tekton Pipeline release v0.64.0 "Ragamuffin Reventlov"

Compare Source

🎉 Released Container Images stored on ghcr.io 🎉

-Docs @​ v0.64.0
-Examples @​ v0.64.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.64.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.64.0/release.yaml
REKOR_UUID=108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.64.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Implement set-security-context feature for affinity assistant containers (#​8182)

Affinity Assistant containers will now have a securityContext when feature flag set-security-context is enabled in ConfigMap feature-flags.

Fixes

• 🐛 Fix isolated workspaces ignored when using StepTemplate (#​8272)

Isolated workspaces are now correctly set when using in conjuction with StepTemplate

• 🐛 fix(TaskRun): fixed the issue where some step statuses might not be correctly updated in failed TaskRun (#​8270)

fix: fixed the issue where some step statuses might not be correctly updated in failed TaskRun

• 🐛 fix(pipelinerun): resolve issue with PipelineRun not timing out successfully (#​8236)

fix(pipelinerun): resolve issue with PipelineRun not timing out successfully

• 🐛 fix(e2e): stabilize TestTaskRunFailure test (#​8174)
• 🐛 Mark steps as deleted when TaskRun fails (#​8294)

Misc

• 🔨 Bump the all group across 1 directory with 4 updates (#​8300)
• 🔨 Pin setup-go action (#​8291)
• 🔨 Simply the path for the base image (#​8290)
• 🔨 Bump github/codeql-action from 3.26.7 to 3.26.8 (#​8289)
• 🔨 Pin alpine image used in release pipeline (#​8287)
• 🔨 Update to the latest version of koparse for the release pipeline (#​8285)
• 🔨 Bump google.golang.org/grpc from 1.64.1 to 1.67.0 (#​8281)
• 🔨 Use the new version of koparse in the build (#​8278)
• 🔨 Bump step-security/harden-runner from 2.9.1 to 2.10.1 (#​8269)
• 🔨 Bump tj-actions/changed-files from 45.0.1 to 45.0.2 (#​8268)
• 🔨 Bump github/codeql-action from 3.26.6 to 3.26.7 (#​8267)
• 🔨 Bump the all group in /tekton with 4 updates (#​8266)
• 🔨 Adapt koparse step to handle no import path (#​8261)
• 🔨 Add KO_EXTRA_ARGS (#​8260)
• 🔨 Propagate image registry regions to publish (#​8259)
• 🔨 Fix the imageRegistryUser param usage in the release pipeline (#​8256)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8253)
• 🔨 Run build and tests conditionally (#​8252)
• 🔨 Support separate bucket and image reg creds (#​8251)
• 🔨 Add OCI source label to images (#​8247)
• 🔨 Make image registry regions configurable (#​8246)
• 🔨 build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#​8245)
• 🔨 build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#​8244)
• 🔨 build(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 (#​8243)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​8235)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.0 to 45.0.1 (#​8233)
• 🔨 build(deps): bump github/codeql-action from 3.26.3 to 3.26.6 (#​8232)

Docs

• 📖 Update releases for new Tekton Pipeline Releases 0.63 (#​8229)

Thanks

Thanks to these contributors who contributed to v0.64.0!

• ❤️ @​AlanGreene
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​dependabot[bot]
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.63.0: Tekton Pipeline release v0.63.0 "Abyssinian K-9"

Compare Source

-Docs @​ v0.63.0
-Examples @​ v0.63.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml
REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.63.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ cluster-reslover: add support for StepAction (#​8199)

tepAction are now supported to a refered via the cluster resolver.

• ✨ Allow securityContext field for affinity assistant podtemplate (#​8176)

Added the ability to set the pod-level securityContext for the AffinityAssistant StatefulSet.
This can be configured by providing a default-affinity-assistant-pod-template in the config-defaults ConfigMap or by specifying a pod template in TaskRun or PipelineRun.

• ✨ Add UID label to PipelineRun and TaskRun (#​8166)

TaskRun pods have tekton.dev/taskRunUID and tekton.dev/pipelineRunUID labels

Fixes

• 🐛 Fix Artifact type to a pointer (#​8226)

Fix Artifact type to a pointer.

• 🐛 fix task name show in metric (#​8216)

fix clusterTask name show anonymous in metric

• 🐛 apply default-container-resource-requirements before LimitRange transformer (#​8197)

[Bug fix]: default-container-resource-requirements will be applied to the container before LimtRange

• 🐛 fix(pipelinerun): resolve issue where canceling active pipelinerun fails (#​8173)

fix(pipelinerun): resolve issue where canceling active pipelinerun fails

• 🐛 fix(taskrun): resolve issue with TaskRun not failing promptly after Pod OOM (#​8171)

fix(taskrun): resolve issue with TaskRun not failing promptly after Pod OOM

• 🐛 fix: If the finally timeout is set to 0s, the calculates the next queue entry time according to the pipeline timeout. (#​8056)

If the finally timeout is set to 0s, the reconciler calculates the next queue entry time according to the pipeline timeout.

• 🐛 feat(matrix): Fix matrix param type mismatch problem for ref array result from customrun scenario (#​8024)

Misc

• 🔨 build(deps): bump tj-actions/changed-files from 44.5.7 to 45.0.0 (#​8223)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.59.1 to 1.60.3 in /tools (#​8219)
• 🔨 build(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.5+incompatible (#​8218)
• 🔨 Bump the all group in /tekton with 4 updates (#​8212)
• 🔨 Bump github/codeql-action from 3.26.0 to 3.26.3 (#​8211)
• 🔨 Bump the all group in /tekton with 4 updates (#​8204)
• 🔨 Bump actions/upload-artifact from 4.3.5 to 4.3.6 (#​8203)
• 🔨 Bump step-security/harden-runner from 2.9.0 to 2.9.1 (#​8202)
• 🔨 Bump github/codeql-action from 3.25.15 to 3.26.0 (#​8201)
• 🔨 {taskrun,pipelinerun}metrics: make sure config is up-to-date (#​8187)
• 🔨 Bump the all group in /tekton with 2 updates (#​8180)
• 🔨 Bump actions/upload-artifact from 4.3.4 to 4.3.5 (#​8179)
• 🔨 Bump tj-actions/changed-files from 44.5.5 to 44.5.7 (#​8178)
• 🔨 Bump github/codeql-action from 3.25.13 to 3.25.15 (#​8162)
• 🔨 Bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#​8161)
• 🔨 Bump the all group in /tekton with 4 updates (#​8160)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.27.0 to 1.28.0 (#​8154)

Docs

• 📖 docs: fix links to Matrix examples (#​7953)

Thanks

Thanks to these contributors who contributed to v0.63.0!

• ❤️ @​AverageMarcus
• ❤️ @​chengjoey
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​hittyt
• ❤️ @​jkandasa
• ❤️ @​khrm
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​chengjoey
• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​jkandasa
• 😍 @​khrm
• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.62.5: Tekton Pipeline release v0.62.5 "Ragamuffin Reventlov"

Compare Source

-Docs @​ v0.62.5
-Examples @​ v0.62.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.5/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a02a8666fc6bbbd2549e455aac7f2fb8f4cf66f07b8e0c6dd992c7e05ec7ba52a

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a02a8666fc6bbbd2549e455aac7f2fb8f4cf66f07b8e0c6dd992c7e05ec7ba52a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.5/release.yaml
REKOR_UUID=108e9186e8c5677a02a8666fc6bbbd2549e455aac7f2fb8f4cf66f07b8e0c6dd992c7e05ec7ba52a

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.5@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [release-v0.62.x] Expose Resolvers Controller performance tuning configurations (#​8365)

e can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 [release-v0.62.x] Add Failed Validation group in message for the status message in PipelineRun (#​8373)
• 🐛 [release-v0.62.x] Run finally pipeline even if task is failed at the validation (#​8368)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.5!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.4: Tekton Pipeline release v0.62.4 "Ragamuffin Reventlov"

Compare Source

-Docs @​ v0.62.4
-Examples @​ v0.62.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.4/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a294d223044005f4caffd3b6b20afcfcc96849fd9b2cdbcb170ca741ab440fb83

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a294d223044005f4caffd3b6b20afcfcc96849fd9b2cdbcb170ca741ab440fb83
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.4/release.yaml
REKOR_UUID=108e9186e8c5677a294d223044005f4caffd3b6b20afcfcc96849fd9b2cdbcb170ca741ab440fb83

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.4@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Fix isolated workspaces ignored when using StepTemplate (#​8273)

solated workspaces are now correctly set when using in conjuction with StepTemplate

• 🐛 [release-v0.62.x] Mark steps as deleted when TaskRun fails (#​8295)

Misc

• 🔨 [release-v0.62.x] Backport release "scripts" changes from main… (#​8332)

Docs

Thanks

Thanks to these contributors who contributed to v0.62.4!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.3: Tekton Pipeline release v0.62.3 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.3
-Examples @​ v0.62.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.3/release.yaml
REKOR_UUID=108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.3@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Fix Artifact type to a pointer (#​8228)

Fix Artifact type to a pointer.

• 🐛 [release-v0.62.x] apply default-container-resource-requirements before LimitRange transformer (#​8227)

[Bug fix]: default-container-resource-requirements will be applied to the container before LimtRange

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.3!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot
• 😍 @​vdemeester

v0.62.2: Tekton Pipeline release v0.62.2 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.2
-Examples @​ v0.62.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.2/release.yaml
REKOR_UUID=108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.2@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] check namespace config for node throttle metric (#​8213)

ith this fix the 'config-observabilitiy' configmap setting 'metrics.taskrun.throttle.enable-namespace' is now checked before incrementing the 'tekton_pipelines_controller_running_taskruns_throttled_by_node', where previously that config value was not being checked for the metric.

• 🐛 [release-v0.62.x] {taskrun,pipelinerun}metrics: make sure config is up-to-date (#​8198)
• 🐛 [release-v0.62.x] pkg/taskrunmetrics/fake shouldn't be imported… (#​8188)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.2!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.1: Tekton Pipeline release v0.62.1 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.1
-Examples @​ v0.62.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a888f88120c037b3b7b9b3be97d8dd4ea1950235f44033f29dce4a1123992a3d9

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a888f88120c037b3b7b9b3be97d8dd4ea1950235f44033f29dce4a1123992a3d9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.1/release.yaml
REKOR_UUID=24296fb24b8ad77a888f88120c037b3b7b9b3be97d8dd4ea1950235f44033f29dce4a1123992a3d9

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Refine check if the result is from a matrix task (#​8167)

ixed variable substitution of results from matrix TaskRuns with cardinality of 1.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.0: Tekton Pipeline release v0.62.0 "Birman HAL LTS"

Compare Source

🎉 Ignore Task Failure Promoted and native sidecars adopted with k8s 1.29 🎉

-Docs @​ v0.62.0
-Examples @​ v0.62.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml
REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ access taskRun reason in addition to status in finally task (#​8127)

Access reason in addition to the status using $(tasks.taskName.reason)

• ✨ Capture Remote StepAction Location in TaskRun Status (#​8106)

Capture Remote StepAction Location in TaskRun Status

• ✨ Add isBuildArtifact field to Artifacts (#​8103)

Add isBuildArtifact field to Artifacts.

• ✨ Promote Tasks to beta (#​8090)

Promote Ignore Task Failure to Beta

• ✨ feat(K8s native sidecar): Add support for Kubernetes native Sidecars (#​8052)

Introducing a feature to adopt Kubernetes-native sidecars, which designates sidecar containers as initContainers. This prevents the need to pull and replace a nop image, leading to faster termination of the sidecars without unnecessary pod errors. Set enable-kubernetes-sidecar to true for Kubernetes 1.29 and later to take advantage of this feature.

• ✨ kind/feat: passing artifacts between tasks (#​7978)

Support passing artifacts between tasks in a pipeline

• ✨ feat: introduce when expressions to steps (#​7746)

introduce when expressions to steps.

• ✨ [TEP-0094] Promote taskrun.spec's stepSpecs and sidecarSpecs to beta (#​8006)

Fixes

• 🐛 fix(pipelinerun): block pipelinerun spec updates once the pipelinerun has started (#​8149)

Fix: Once a PipelineRun is created, most of the fields in the spec is not allowed to be updated; only status can be updated.

• 🐛 fix(taskrun): block taskrun spec updates once the taskrun has started (#​8147)

Fix: Once a TaskRun is created, most of the fields in the spec is not allowed to be updated; only status and statusMessage can be updated.

• 🐛 DryRunValidate returns the mutated object (#​8108)

DryRunValidate returns the mutated object

• 🐛 Fix step action force replacing with default param (#​8102)

Fix incorrect param type passed to stepaction makes it use default value

• 🐛 Perform matrix results validation on only result ref params (#​8089)

Perform matrix results validation on only result ref params

• 🐛 Fix error message when a PipelineRun param is missing (#​8072)

Improved error string when a param is missing from a PipelineRun

• 🐛 fix:when debug.breakpoints.onFailure is an empty string, redundant volumes appear (#​7788)

debug.breakpoints.onFailure is not allowed to be set to an empty string.

Misc

• 🔨 Switch the image from docker.io to gcr mirror (#​8146)
• 🔨 Bump github/codeql-action from 3.25.12 to 3.25.13 (#​8144)
• 🔨 Bump step-security/harden-runner from 2.8.1 to 2.9.0 (#​8143)
• 🔨 Bump the all group in /tekton with 2 updates (#​8142)
• 🔨 Bump github.com/containerd/containerd from 1.7.18 to 1.7.20 (#​8139)
• 🔨 Bump k8s.io/client-go from 0.27.15 to 0.27.16 in /test/custom-task-ctrls/wait-task-beta (#​8138)
• 🔨 Bump k8s.io/code-generator from 0.29.6 to 0.29.7 (#​8137)
• 🔨 Bump tekton-releases/dogfooding/koparse from e6641f2 to 0535413 in /tekton in the all group across 1 directory (#​8135)
• 🔨 Bump the all group across 1 directory with 4 updates (#​8134)
• 🔨 use tagged images to take advantage of the least expensive default image pull policy (#​8133)
• 🔨 Bump k8s.io/api from 0.27.15 to 0.27.16 in /test/custom-task-ctrls/wait-task-beta (#​8132)
• 🔨 Bump k8s.io/apimachinery from 0.29.6 to 0.29.7 (#​8131)
• 🔨 Bump actions/dependency-review-action from 4.3.3 to 4.3.4 (#​8125)
• 🔨 Bump github/codeql-action from 3.25.11 to 3.25.12 (#​8124)
• 🔨 Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#​8104)
• 🔨 Released patch release: v0.59.2 (#​8098)
• 🔨 Bump go.opentelemetry.io/otel from 1.27.0 to 1.28.0 (#​8092)
• 🔨 Bump the all group in /tekton with 4 updates (#​8087)
• 🔨 Bump github/codeql-action from 3.25.10 to 3.25.11 (#​8085)
• 🔨 chore: remove unsupported configurations ScopeWhenExpressionsToTask (#​8078)
• 🔨 Create release v0.61.0. (#​8077)
• 🔨 Bump the all group in /tekton with 4 updates (#​8075)
• 🔨 Bump tj-actions/changed-files from 44.5.2 to 44.5.5 (#​8074)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.9.6 to 1.10.0 (#​8073)
• 🔨 Using image with "full" reference in tests (#​8070)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.34 to 1.14.37 (#​8032)
• 🔨 Correct error message to differentiate the cause (#​8027)

Docs

• 📖 Update min kubernetes version in the install doc (#​8122)
• 📖 document failureIgnored (#​8111)
• 📖 update the doc since the onError is now promoted (#​8109)

Thanks

Thanks to these contributors who contributed to v0.62.0!

• ❤️ @​AlanGreene
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​kgcarr
• ❤️ @​khrm
• ❤️ @​l-qing
• ❤️ @​piyush-garg
• ❤️ @​pritidesai
• ❤️ @​samagana
• ❤️ @​savitaashture
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​ericzzzzzzz
• 😍 @​kgcarr
• 😍 @​khrm
• 😍 @​l-qing
• 😍 @​piyush-garg
• 😍 @​pritidesai
• 😍 @​samagana

v0.61.1: Tekton Pipeline release v0.61.1 "Ragdoll Data"

Compare Source

-Docs @​ v0.61.1
-Examples @​ v0.61.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml
REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.1@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[ti-chi-bot]

I Skip it since the diff size(191536 bytes > 80000 bytes) is too large

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wuhuizuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• cloudevents-server/OWNERS
• tibuild/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187797 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187887 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(186883 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187014 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193614 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193521 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(204003 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202450 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202450 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(201134 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(205776 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202399 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large