From 8fb54339f8140ca1bd696d66c61efe4444d60f5b Mon Sep 17 00:00:00 2001 From: Dhruv Soni Date: Thu, 12 Jun 2025 20:23:34 +0530 Subject: [PATCH] RHDEVDOCS-6415: Content creation for Pipelines 1.19 RN Incorporating peer review comments Fixed QE and additional peer review comments --- _attributes/common-attributes.adoc | 4 +- _topic_maps/_topic_map.yml | 2 +- ...g-tekton-hub-with-openshift-pipelines.adoc | 2 +- modules/op-release-notes-1-19.adoc | 558 ++++++++++++++++++ ...ipelines-compatibility-support-matrix.adoc | 8 +- pac/install-config-pipelines-as-code.adoc | 2 +- release_notes/op-release-notes-1-19.adoc | 33 ++ 7 files changed, 600 insertions(+), 9 deletions(-) create mode 100644 modules/op-release-notes-1-19.adoc create mode 100644 release_notes/op-release-notes-1-19.adoc diff --git a/_attributes/common-attributes.adoc b/_attributes/common-attributes.adoc index d17d55dda071..23339fd40d92 100644 --- a/_attributes/common-attributes.adoc +++ b/_attributes/common-attributes.adoc @@ -12,8 +12,8 @@ :pipelines-title: Red Hat OpenShift Pipelines :pipelines-shortname: OpenShift Pipelines -:pipelines-ver: pipelines-1.18 -:pipelines-version-number: 1.18 +:pipelines-ver: pipelines-1.19 +:pipelines-version-number: 1.19 :tekton-chains: Tekton Chains :tekton-results: Tekton Results :tekton-hub: Tekton Hub diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index d10cfae7f79a..93c077aff126 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -27,7 +27,7 @@ Dir: release_notes Distros: openshift-pipelines Topics: - Name: OpenShift Pipelines release notes - File: op-release-notes-1-17 + File: op-release-notes-1-19 --- Name: About OpenShift Pipelines Dir: about diff --git a/hub/using-tekton-hub-with-openshift-pipelines.adoc b/hub/using-tekton-hub-with-openshift-pipelines.adoc index 2a83d27b305b..de81a7984f2b 100644 --- a/hub/using-tekton-hub-with-openshift-pipelines.adoc +++ b/hub/using-tekton-hub-with-openshift-pipelines.adoc @@ -40,4 +40,4 @@ include::modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc[levelo * xref:../install_config/installing-pipelines.adoc#installing-pipelines[Installing {pipelines-shortname}] -* xref:../release_notes/op-release-notes-1-17.adoc#op-release-notes-1-17[{pipelines-title} release notes] +* xref:../release_notes/op-release-notes-1-19.adoc#op-release-notes-1-19[{pipelines-title} release notes] \ No newline at end of file diff --git a/modules/op-release-notes-1-19.adoc b/modules/op-release-notes-1-19.adoc new file mode 100644 index 000000000000..9a68952b6059 --- /dev/null +++ b/modules/op-release-notes-1-19.adoc @@ -0,0 +1,558 @@ +// This module is included in the following assemblies: +// * release_notes/op-release-notes-1-19.adoc + +:_mod-docs-content-type: REFERENCE +[id="op-release-notes_{context}"] += Release notes for {pipelines-title} 1.19 + +With this update, {pipelines-title} General Availability (GA) 1.19 is available on {OCP} 4.15 and later versions. + +[id="new-features-1-19_{context}"] +== New features + +In addition to fixes and stability improvements, the following sections highlight what is new in {pipelines-title} 1.19: + +[id="pipelines-new-features-1-19_{context}"] +=== Pipelines + +* With this update, you can now specify custom `securityContext` settings in the `EventListener` resource. When you enable a custom `securityContext`, user-defined values override the default configuration. Otherwise, the default `securityContext` settings are applied automatically. ++ +.Example `securityContext` configuration in the `EventListener` resource +[source,yaml] +---- +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: example +spec: + serviceAccountName: tekton-triggers-example-sa + resources: + kubernetesResource: + spec: + template: + spec: + securityContext: + runAsNonRoot: true + containers: + - resources: + requests: + memory: "64Mi" + cpu: "250m" + limits: + memory: "128Mi" + cpu: "500m" + securityContext: + readOnlyRootFilesystem: true +# ... +---- + +[id="tekton-results-new-features-1-19_{context}"] +=== {tekton-results} + +* With this update, you can configure custom database credentials for {tekton-results} by using the `TektonConfig` custom resource (CR). This eliminates the need to rely on the default PostgreSQL secrets that use default usernames and passwords. ++ +.Example for adding custom database credentials for {tekton-results} +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonResult +metadata: + name: result +spec: + db_secret_name: # optional: custom database secret name + db_secret_user_key: # optional + db_secret_password_key: # optional +... +---- + +* With this update, the {tekton-results} API supports response field filtering or partial responses to reduce payload size and improve network efficiency. You can specify what fields to include in API responses, which benefits `List` operations by preventing the retrieval of entire objects, thus optimizing response latency and I/O performance. + +* With this update, you can configure retry timings for OCI bundle lookups, such as initial retry delay, backoff factor, and maximum retry duration, in the `config-resolver-bundle` config map under `bundle.resolver.backoff`. This helps reduce load on busy registries by preventing aggressive retry behavior. ++ +.Example for configuring retry timings +[source,yaml] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bundleresolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The initial duration for a backoff. + backoff-duration: "500ms" + # The factor by which the sleep duration increases every step + backoff-factor: "2.5" + # A random amount of additional sleep between 0 and duration * jitter. + backoff-jitter: "0.1" + # The number of backoffs to attempt. + backoff-steps: "3" + # The maxumum backoff duration. If reached, remaining steps are zeroed. + backoff-cap: "10s" + # The default layer kind in the bundle image. + default-kind: "task" +---- + +* With this update, the Git resolver can now use personal access tokens to authenticate with GitHub or GitLab, avoiding rate limits associated with anonymous `git clone` API usage. To enable this feature, add a `gitToken:` field to your git resolver parameter specification. Tekton automatically injects the token as an HTTP header during resolution to reduce the risk of quota-related errors during remote resolution. ++ +.Example for configuring the `gitToken:` field +[source,yaml] +---- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: git-clone-demo-pr +spec: + pipelineRef: + resolver: git + params: + - name: url + value: https://github.com/tektoncd/catalog.git + - name: revision + value: main + - name: pathInRepo + value: pipeline/simple/0.1/simple.yaml + - name: gitToken + value: "secret-with-token" + - name: gitTokenKey (optional, defaults to "token") + value: "token" + params: + - name: name + value: Ranni +---- + +* With this update, the default log level for SQL in {tekton-results} has been set to `warn`. You can override this setting by specifying the `SQL_LOG_LEVEL` environment variable in the {tekton-results} deployment. ++ +.Example for enabling the `SQL_LOG_LEVEL` environment variable +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonConfig +metadata: + name: config + options: + deployments: + tekton-results-api: + spec: + template: + spec: + containers: + - name: api + env: + - name: SQL_LOG_LEVEL + value: debug +# ... +---- + +* With this update, the {tekton-results} watcher retries reconciliation before removing the finalizer, until the `storedDeadline` duration is reached. This reduces the risk of missing `TaskRun` or `PipelineRun` storage. + +* With this update, the `opc version` command now displays the {tekton-results} API client library version in addition to the `opc`, `pac`, and `tkn` CLI tool versions. This enhancement helps Operators verify cross-component compatibility between CLI tools and the cluster. + +* With this update, {tekton-results} users can retrieve logs from Splunk that were forwarded by OpenShift Logging. To enable this functionality, set the following environment variables in the {tekton-results} API deployment: + +** SPLUNK\_SEARCH\_TOKEN, LOGGING\_PLUGIN\_QUERY\_PARAMS +** LOGGING\_PLUGIN\_API\_URL ++ +.Example for retrieving forwarded logs by OpenShift Logging +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonConfig +metadata: + name: config + options: + deployments: + tekton-results-api: + spec: + template: + spec: + containers: + - name: api + env: +---- ++ +[NOTE] +==== +* The `LOGGING\_PLUGIN\_API\_URL` variable must be configured with the Splunk endpoint and port number. +==== + +* With this update, the {tekton-results} watcher uses `StatefulSet` ordinals to improve high availability and workload distribution as an alternative to the leader election mechanism. ++ +-- +.Example for enabling `StatefulSet` ordinals for the {tekton-results} watcher +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonConfig +metadata: + name: config +spec: +# ... + result: + performance: + disable-ha: false + buckets: 4 + replicas: 4 + statefulset-ordinals: true +# ... +---- + +:FeatureName: Using `StatefulSet` ordinals for high availability +include::snippets/technology-preview.adoc[] +-- + +[id="pac-new-features-and-enhancements-1-19_{context}"] +=== {pac} + +* With this update, {pac} no longer creates a `Pending` status on GitHub pull requests when an unauthorized bot user attempts to trigger a `PipelineRun`. Instead of generating a blocking status check, such requests are now silently disallowed. + +* With this update, a new `pipelines_as_code_git_provider_api_request_count` metric tracks the number of API calls made by {pac} to Git providers, such as GitHub, GitLab, and Gitea. The metric also helps monitor API rate limit usage per Git provider, namespace, event type, and repository. + +* With this update, URLs in the `Repository` CR are now validated during creation to ensure they are properly formatted and use valid schemes, such as http or https. This enhancement helps prevent configuration errors and runtime errors. + +* With this update, `PipelineRun` status comments now render correctly in markdown on Bitbucket Data Center and Bitbucket Cloud, instead of appearing as raw strings in the pull request UI. + +[id="Operator-new-features-1-19_{context}"] +=== Operator + +* With this update, you can generate the `cosign` key pair by setting the `generateSigningSecret` field in the `TektonConfig` custom resource (CR) to `true`. The {pipelines-title} Operator generates a `cosign` key pair, a `cosign.key` private key and a `cosign.pub` public key. ++ +.Example of enabling `cosign` key pairs +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1 +kind: TektonConfig +metadata: + name: config +spec: + chain: + disabled: false + generateSigningSecret: true +# ... +---- + +* With this update, tasks in the {OCP} web console now include `displayName` properties instead of technical task names, providing clearer, more user-friendly names within the {pipelines-title} interface. + +* With this update, the {pipelines-title} entrypoint image includes support for FIPS compliance. The image is now built with appropriate cryptographic dependencies and configurations to meet FIPS requirements, ensuring compatibility in environments with strict security standards. + +* With this update, FIPS compliance is enhanced by adding `disable_spire` and `disable_tls` build tags to the entrypoint command compilation process. This enhancement ensures cryptographic symbols are properly removed from the entrypoint binary to meet compliance requirements. + +* With this update, the `/ok-to-test` memory feature is disabled by default. This precaution helps mitigate the risk of malicious code execution within testing environments. + +* With this update, dynamic variables can be expanded from remote pipeline definitions. This enhancement improves pipeline composition capabilities. + +* With this update, you can use the `opc` tool to manage `ManualApprovalGate` tasks instead of switching to Kubernetes APIs. You can use the `opc` tool to `approve`, `reject`, or `inspect` gates directly with commands, such as `opc mag approve --task ` or `opc mag list`. + +* With this update, the `--live` flag in the `opc version --live` command queries the cluster to display the running versions of Chains, Pipelines, and other Tekton controllers instead of only the local binary versions. + +* With this update, the Git resolver included in the remote resolution feature now uses the native git binary instead of the pure Go `go-git` library. This change reduces memory consumption and improves clone performance, especially for large repositories. This enhancement uses shallow-clone flags, for example `--depth 1`, to reduce resource usage. No changes to pipeline manifests are required. + +* With this update, the `onError` field in {pipelines-title} supports Tekton parameter substitution. Previously, the `onError` filed only accepted literal values, such as `continue`, `stop`, or `finally`. You can use substitution tokens, such as `$(params.strategy)`, to dynamically determine failure handling behavior at runtime. This allows a single Pipeline definition to adapt its `onError` policy based on parameters, context, or results. + +* With this release, `StepAction` definitions are updated from alpha to stable and are now enabled by default. The `enable-step-actions` flag used in the earlier versions is no longer used and will be removed in a future release. + +* With this update, the Pipeline scheduler now correctly evaluates result references in fan-out/fan-in patterns. Previously, such pipelines could fail unpredictably when matrix tasks relied on result refs. + +* With this update, the `remember-ok-to-test` value in the `TektonConfig` CR is set to `false` by default to reduce the risk of running untrusted code in test environments. + +[id="tekton-cache-new-features-1-19_{context}"] +=== Tekton Cache + +* With this update, the `tekton-caches` tool can automatically detect and use common cache directories when the `--path` flag is not specified. The system inspects the workspace and applies sensible defaults, such as `$GOMODCACHE`, `~/.npm`, and `~/.m2`. + +* With this update, build caching is no longer limited to predefined paths for Go and Maven builds. You can use a new `--buildCommand ` flag to snapshot and cache any directory, enabling support for additional build systems like `Rust (target/)`, `Gradle (.gradle/)`, or custom toolchains. + +* With this update, parameter naming conventions across the `StepActions` feature are unified for consistency. The casing of `git-clone` step actions is now consistent with that of `cache-fetch` and `cache-upload`. + +* With this update, the `tekton-caches` tool can be pushed to and retrieved from Google Cloud Storage (GCS) buckets, in addition to existing OCI registry support. To enable this, set the cache backend to a `gcs://bucket/path` URI. + +* With this update, you can store cache archives in any S3 compatible bucket, including on-premises solutions such as MinIO or cloud providers such as AWS. To use this feature, specify a URL, such as `s3://my-bucket/cache` as the cache backend. + +* With this update, cache archives are compressed using `Gzip` before being uploaded. This reduces object storage costs and speeds up data transfer, especially for large caches such as `Go` modules. + +* With this update, restored caches retain their original file mode bits, ensuring that executable scripts and other permission-sensitive files function correctly. Previously, restored files defaulted to 0600 permissions, which could prevent scripts from running as expected. + +* With this update, running on Google Kubernetes Engine (GKE) with Workload Identity Federation (WIF) no longer requires embedding key files in tasks. Instead, you can now mount projected volume tokens, eliminating the need for long-lived credentials and improving security. + +* With this update, the CLI and `Task` components use a consistent environment variable for provider credentials. Set the `CRED_STORE` value to `/tekton/creds/creds.json` to support this value across all supported backends, including OCI, GCS, and S3. ++ +.Example for enabling the `CRED_STORE=/tekton/creds/creds.json` environment variable +[source,yaml] +---- +apiVersion: tekton.dev/v1 +kind: TaskRun +containers: +- name: cache + env: + - name: CRED_STORE + value: /tekton/creds/creds.json + volumeMounts: + - name: creds + mountPath: /tekton/creds +---- + +* With this update, the code paths for GCS and S3 backends are unified using the `gocloud.dev` library. This abstraction simplifies support of additional storage providers, such as Azure Blob Storage or local filesystems. + +* With this update, the `fetch` command is improved to automatically create the destination folder if it does not exist in a new workspace. Previously, the command would fail in such cases, requiring you to create a directory manually. + +* With this update, registry authentication is no longer limited to the `/tekton/home/.docker/config.json` default path. You can now mount any Docker configuration file and specify its location by using the `dockerConfig` parameter in your `Task` resource. ++ +.Example for enabling the `dockerConfig` parameter in a task +[source,yaml] +---- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: task +spec: +params: +- name: dockerConfig + value: /workspace/creds/config.json +# ... +---- + +[id="tekton-chains-new-features-1-19_{context}"] +=== {tekton-chains} + +* With this update, the {tekton-chains} controller uses `StatefulSet` ordinals to improve high availability and workload distribution as an alternative to the leader election mechanism. ++ +-- +.Example of enabling the StatefulSet ordinals for the the `Chains` controller +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonChains +metadata: + name: chain +spec: + chain: + performance: + disable-ha: false + buckets: 4 + replicas: 4 + statefulset-ordinals: true +---- +:FeatureName: Using `StatefulSet` ordinals for high availability +include::snippets/technology-preview.adoc[] +-- + +[id="pac-new-features-1-19_{context}"] +=== {pac} + +* With this release, {pac} introduces the `pipelines_as_code_git_provider_api_request_count` metric. This metric tracks the number of API requests made by {pac} to a Git provider in response to an event. + +* With this release, the `TektonConfig` custom resource provides support for two new fields to enable the `cancel-in-progress` feature for pipeline runs in {pac} globally: +** `enable-cancel-in-progress-on-pull-requests` +** `enable-cancel-in-progress-on-push` ++ +When set to `true`, these fields automatically cancel any in-progress pipeline run triggered by pull request or push events when there is a new commit. By default, both these fields are set to false. ++ +[NOTE] +==== +If a `PipelineRun` resource includes the `pipelinesascode.tekton.dev/cancel-in-progress` annotation, it overrides the corresponding `TektonConfig` setting. +==== ++ +.Example enabling auto-cancel on pull requests and push events with `TektonConfig` CR +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonConfig +metadata: + name: config +# ... +platforms: + openshift: + pipelinesAsCode: + # ... + settings: + # ... + enable-cancel-in-progress-on-pull-requests: "false" + enable-cancel-in-progress-on-push: "false" + # ... +---- + +* With this release, {pac} supports the `git_tag` dynamic variable. This variable is used during tag push events and reflects the value of the Git tag. For example, if the tag `v1.0` is pushed to the `Repository` CR, the `git_tag` variable holds the value `v1.0`. ++ +.Example configuration for git_tag +[source,yaml] +---- +--- +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: pull-pr-3 + annotations: + pipelinesascode.tekton.dev/on-event: ["push"] + pipelinesascode.tekton.dev/on-target-branch: ["refs/tags/*"] +spec: + params: + - name: tag + value: "{{ git_tag }}" + pipelineSpec: + tasks: + # ... + tasks: + ... + taskSpec: + steps: + ... + script: | +---- + +* With this release, the `TektonConfig` CR includes the `skip-push-event-for-pr-commits` field. When enabled, {pac} does not trigger pipeline runs for push events if the commit SHA is included in an open pull request. This prevents duplicate pipeline runs for the same commit. By default, this field is set to `true`. ++ +.Example configuration for `skip-push-event-for-pr-commits` in `TektonConfig` +[source,yaml] +---- +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonConfig +metadata: + name: config +# ... +platforms: + openshift: + pipelinesAsCode: + additionalPACControllers: + : + enable: true + configMapName: + secretName: + settings: + enable: true + # ... + settings: + # ... + hub-url: https://api.hub.tekton.dev/v1 + skip-push-event-for-pr-commits: "true" + remote-tasks: "true" + secret-auto-create: "true" + # ... +---- + +* With this release, an OpenAPI schema is now integrated into {pac} for the Repository CR. This schema enables IDE autocompletion for Repository CR writing and allows repository explanations via the `oc explain` command. + +* With this update, when you set the `on-cel-expression`, `on-event`, or `on-target-branch` annotations in a repository, the `on-cel-expression` annotation takes precedence. The `on-event` and `on-target-branch` annotations are ignored in this case. To alert users, a warning log and Kubernetes event are generated to indicate this behavior. + +[id="pruner-new-features-1-19_{context}"] +=== Pruner + +* With this update, the `Pruner` component introduces automated cleanup of `PipelineRun` and `TaskRun` resources in {pipelines-title}. It supports the following features: + +** Time-based pruning (TTL). This feature automatically deletes completed `PipelineRun` and `TaskRun` resources after a specified duration. This is controlled through the `ttlSecondsAfterFinished` setting. + +** History-based pruning. This feature retains a limited number of successful and failed runs. it is configured through the following parameters: + +*** `successfulHistoryLimit` +*** `failedHistoryLimit` +*** `historyLimit` + +** Flexible configuration levels. There are two configurable levels: + +*** Global. This option applies to all namespaces except those prefixed with `kube-` and `openshift-`. +*** Namespace. This option applies to all resources in a specific namespace ++ +-- +:FeatureName: The Pruner component +include::snippets/technology-preview.adoc[] +[NOTE] +==== +In this release, only `Global` and `Namespace` configurations are available. +==== +-- + +* With this update, the event-based pruner can now be enabled or disabled through the `TektonConfig` CR by setting the `spec.tektonpruner.disabled` parameter to `false`. Fine-grained configuration is not yet available through the `TektonConfig` CR and should be managed using config maps. ++ +-- +:FeatureName: The Pruner component +include::snippets/technology-preview.adoc[] +[NOTE] +==== +The existing job-based pruner must be disabled before enabling the event-based pruner. +==== +-- + +[id="breaking-changes-1-19_{context}"] +== Breaking changes + +* With this release, the `hub clustertask` command is removed from the CLI because the `ClusterTask` functionality is no longer available on {tekton-hub}. + +* With this release, support for `ClusterTask` objects is removed. As a result, the `tkn clustertask` and `tkn task create` commands are no longer available. + +* With this release, the `opc results list` command is replaced with the `opc results result list` command. + +[id="fixed-issues-1-19_{context}"] +== Fixed issues + +* Before this update, the `s2i-java` task failed with an error message, `/usr/libexec/s2i/assemble: No such file or directory`. This error occurred due to incorrect script path references. With this update, the default script path for the `s2i-java` task is modified to `/usr/local/s2i`. Other S2I tasks, such as those for Go or .NET, continue to use the `/usr/libexec/s2i/assemble` script path. + +* Before this update, YAML syntax errors in `PipelineRun` were only reported in logs and Kubernetes events, making them difficult to detect and troubleshoot. With this update, {pac} comments directly on pull requests when `PipelineRun` YAML validation errors occur. This improves error visibility and simplifies troubleshooting on GitHub, GitLab, and Gitea providers. + +* Before this update, in the GitLab integration, {pac} posted comments on merge requests at the start and end of each `PipelineRun`. This behavior led to excessive comments appearing on merge requests when multiple pipelineruns were triggered. With this update, you can now disable all GitLab comments by setting `disable_all` to `true` in the `Repository` custom resource (CR). ++ +.Example of enabling the Repository CR +[source,yaml] +---- +--- +apiVersion: "pipelinesascode.tekton.dev/v1alpha1" +kind: Repository +metadata: + name: test-pac +spec: + # other fields + settings: + gitlab: + comment_strategy: "disable_all" +---- + +* Before this update, logs retrieved from the Amazon Web Services (AWS) S3 bucket were displayed in a random order, making debugging and troubleshooting difficult. With this update, logs from AWS S3 are now correctly ordered chronologically, improving readability and the overall debugging experience. + +* Before this update, {pac} required all custom parameters defined in a `Repository` CR to include predefined values. With this update, custom parameters can now be defined without specifying default values in the `Repository` CR. This change enables values to be supplied through webhook payloads and preserves backward compatibility. + +* Before this update, when using the `github-push` `ClusterTriggerBinding`, the `git-clone` command could fail with `HTTP 403` errors. This issue occurred because the `$(body.repository.url)` parameter pointed to the GitHub API URL instead of a valid Git clone URL. With this update, a new `git-repo-clone-url` parameter uses `$(body.repository.html_url)` to ensure that the cloning uses the correct repository URL. + +* Before this update, the `buildah` task failed to process build arguments that contained spaces when used with the cluster resolver. This issue affected users migrating from the deprecated `ClusterTask` custom resource (CR). With this update, the `BUILD_ARGS` parameter in the `buildah` task now correctly supports arguments with spaces, for example, `EXAMPLE="abc def"`, restoring compatibility with previous functionality. + +* Before this update, the *PipelineRun details* page in the {OCP} web console failed to load correctly, preventing users from viewing pipeline run details. With this update, the web console displays the `PipelineRun` information correctly. + +* Before this update, the console plugin styling was outdated due to the upgrade to PatternFly 6 and the removal of deprecated `co-` classes. This caused alignment and spacing issues in the *Pipelines* section of the {OCP} web console. With this update, the console plugin styling is updated to use the appropriate PatternFly equivalent classes, ensuring consistent alignment and visual integration with the current {OCP} web console design standards + +* Before this update, links for `PipelineRun` in the {OCP} web console incorrectly pointed to the deprecated `v1beta1` {pipelines-title} APIs instead of the current `v1` APIs. With this update, the links point to the appropriate `v1` APIs. + +* Before this update, {pipelines-title} and {tekton-results} incorrectly displayed `TaskRun` resources from previous `PipelineRun` resource that shared the same name. This led to confusion about which `TaskRun` resources were associated with the current execution. With this update, {tekton-results} now correctly isolates and displays only the `TaskRun` resources associated with the current `PipelineRun` resource, preventing the mixing of archived and active execution data. + +* Before this update, end-to-end (E2E) tests were unstable due to GitOps comments being incorrectly associated with cancelled pipeline runs. This behavior caused intermittent test failures and reduced reliability in CI/CD pipelines. With this update, GitOps comments are no longer mixed with cancelled pipeline runs, resulting in stable and predictable E2E tests. + +* Before this update, the `tekton-caches` `tarit` tool did not keep file permissions when compressing cached directories. As a result, executable files and scripts sometimes stopped working after being unpacked. This caused problems especially when artifacts were used by different users or SELinux-enforcing base images. With this update, file permissions are kept correctly during caching and files work as expected in all user environments. + +* Before this update, when a `TaskRun` failed due to `ImagePullBackOff` errors, the `PipelineRun` log snippet displayed unclear messages, such as “pods not found,” after switching between tabs in the *Pipelines* section of the {OCP} web console. With this update, errors include clear error messages, such as `TaskRunImagePullFailed` or `failing to pull image`, to improve the troubleshooting experience. + +* Before this update, certain elements within the {pipelines-title} *Start* interface in the {OCP} web console, such as `deployment-name`, `Hr`, `Min`, and `Sec`, always showed in English, no matter the user’s regional settings. With this update, all interface elements are fully localized and now display according to the user’s selected region. + +* Before this update, the Tekton pruner job encountered `ImagePullBackOff` errors during Helm-based installation due to missing `SHA256 digests` in image tags. With this update, image tag includes the required `SHA256 digests` and the error no longer occurs. + +* Before this update, the {pac} controller could crash with an `index out of range` error during push events from Bitbucket Data Center. This behavior occurred when the changes array in the event payload was empty. With this update, {pac} now handles empty changes arrays gracefully, preventing the controller from crashing. + +* Before this update, adding labels to pull requests would unintentionally trigger a `PipelineRun`. With this update, this issue is resolved. + +* Before this update, closing a pull request would cancel ongoing `PipelineRun` even if the `cancel-in-progress` annotation was not set. With this update, pipeline runs are only canceled on pull request closure when you configure the `cancel-in-progress` annotation. + +* Before this update, the GitLab integration in {pac} encountered API call failures caused by an incorrect API URL. With this update, this issue is fixed by introducing URL validation, which prevents such misconfigurations and ensures successful API communication. + +* Before this update, {pac} did not cancel a `PipelineRun` created with the `generateName` field, even when the `cancel-in-progress` annotation was set. With this update, {pac} correctly cancels an in-progress `PipelineRun` that contains the `generateName` field. + +* Before this update, when provenance was configured in GitLab, {pac} retrieved an incorrect `PipelineRun` template from the Git repository. With this update, {pac} correctly identifies and retrieves the intended template in GitLab provenance setups. + +* Before this update, if you used the `/ok-to-test` GitOps command in a push commit comment, it triggered a pipeline run. With this update, the `/ok-to-test` command no longer triggers a pipeline run when used outside of pull requests. + +* Before this update, `TaskRun` and `PipelineRun` resources failed with the `kind param must be task or pipeline` error when referencing `StepAction` definitions by the Artifact Hub resolver. This happened because the `StepAction` definition was not recognized as a valid resource type. With this update, the Artifact Hub resolver supports `StepAction` references, allowing users to include remote step actions in their tasks and pipelines. + +* Before this update, `PipelineRun` failed with the error `failed to create subPath directory for volumeMount`, even though {OCP} would eventually recover and create the required pod. This led to unnecessary `PipelineRun` failures and a poor user experience, often requiring manual restarts. With this update, `PipelineRun` implements a grace period and retry mechanism for `subPath` directory creation errors. This allows {OCP} time to resolve the issue automatically, reducing false failures and improving reliability. + +* Before this update, the {tekton-results} API server encountered an error when a log query was made for a non-existent `TaskRun` or `PipelineRun`. With this update, the issue is fixed. + +* Before this update, users had to wrap the CLI in separate `Task` resources to back up or restore build caches. With this update, `StepAction` definitions support `fetch` and `upload`, so you can handle cache operations with a single step inside any `Task` or `Pipeline`. + +* Before this update, pushing a cache to a registry with a self-signed certificate failed due to TLS errors. With this update, the CLI and `Task` resource support new `--insecure` flag, which enables those pushes and makes it easier to work with air-gapped development clusters and local registries. \ No newline at end of file diff --git a/modules/op-tkn-pipelines-compatibility-support-matrix.adoc b/modules/op-tkn-pipelines-compatibility-support-matrix.adoc index f1c631a911c3..562a9cf7798c 100644 --- a/modules/op-tkn-pipelines-compatibility-support-matrix.adoc +++ b/modules/op-tkn-pipelines-compatibility-support-matrix.adoc @@ -23,13 +23,13 @@ GA:: General Availability | Operator | Pipelines | Triggers | CLI | Chains | Hub | {pac} | Results | Manual Approval Gate | | -|1.17 | 0.65.x | 0.30.x | 0.39.x | 0.23.x (GA) | 1.19.x (TP) | 0.29.x (GA) | 0.13.x (TP) | 0.4.x (TP) | 4.15, 4.16, 4.17 | GA +|1.19 | 1.0.x | 0.32.x | 0.41.x | 0.25.x (GA) | 1.21.x (TP) | 0.35.x (GA) | 0.15.x (GA) | 0.6.x (TP) | 4.15, 4.16, 4.17, 4.18, 4.19 | GA -|1.16 | 0.62.x | 0.29.x | 0.38.x | 0.22.x (GA) | 1.18.x (TP) | 0.28.x (GA) | 0.12.x (TP) | 0.3.x (TP) | 4.15, 4.16, 4.17 | GA +|1.18 | 0.68.x | 0.31.x | 0.40.x | 0.24.x (GA) | 1.20.x (TP) | 0.33.x (GA) | 0.14.x (GA) | 0.5.x (TP) | 4.15, 4.16, 4.17, 4.18 | GA -|1.15 | 0.59.x | 0.27.x | 0.37.x | 0.20.x (GA) | 1.17.x (TP) | 0.27.x (GA) | 0.10.x (TP) | 0.2.x (TP) | 4.14, 4.15, 4.16 | GA +|1.17 | 0.65.x | 0.30.x | 0.39.x | 0.23.x (GA) | 1.19.x (TP) | 0.29.x (GA) | 0.13.x (TP) | 0.4.x (TP) | 4.15, 4.16, 4.17 | GA -|1.14 | 0.56.x | 0.26.x | 0.35.x | 0.20.x (GA) | 1.16.x (TP) | 0.24.x (GA) | 0.9.x (TP) | NA | 4.12, 4.13, 4.14, 4.15, 4.16 | GA +|1.16 | 0.62.x | 0.29.x | 0.38.x | 0.22.x (GA) | 1.18.x (TP) | 0.28.x (GA) | 0.12.x (TP) | 0.3.x (TP) | 4.15, 4.16, 4.17 | GA |=== diff --git a/pac/install-config-pipelines-as-code.adoc b/pac/install-config-pipelines-as-code.adoc index 34bea14c3246..953a1d39764b 100644 --- a/pac/install-config-pipelines-as-code.adoc +++ b/pac/install-config-pipelines-as-code.adoc @@ -32,4 +32,4 @@ include::modules/op-pac-additional-controller.adoc[leveloffset=+1] * xref:../install_config/installing-pipelines.adoc#installing-pipelines[Installing {pipelines-shortname}] * xref:../tkn_cli/installing-tkn.adoc#installing-tkn[Installing tkn] -* xref:../release_notes/op-release-notes-1-17.adoc#op-release-notes-1-17[{pipelines-title} release notes] +* xref:../release_notes/op-release-notes-1-19.adoc#op-release-notes-1-19[{pipelines-title} release notes] diff --git a/release_notes/op-release-notes-1-19.adoc b/release_notes/op-release-notes-1-19.adoc new file mode 100644 index 000000000000..b2f6bc1b6feb --- /dev/null +++ b/release_notes/op-release-notes-1-19.adoc @@ -0,0 +1,33 @@ +:_mod-docs-content-type: ASSEMBLY +//OpenShift Pipelines Release Notes +include::_attributes/common-attributes.adoc[] +[id="op-release-notes"] += {pipelines-title} release notes +:context: op-release-notes + +toc::[] + +[NOTE] +==== +For additional information about the {pipelines-shortname} lifecycle and supported platforms, refer to the link:https://access.redhat.com/support/policy/updates/openshift_operators[OpenShift Operator Life Cycles] and link:https://access.redhat.com/support/policy/updates/openshift[Red{nbsp}Hat {OCP} Life Cycle Policy]. +==== + +Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent {pipelines-shortname} releases on {OCP}. + +{pipelines-title} is a cloud-native CI/CD experience based on the Tekton project which provides: + +* Standard Kubernetes-native pipeline definitions (CRDs). +* Serverless pipelines with no CI server management overhead. +* Extensibility to build images using any Kubernetes tool, such as S2I, Buildah, JIB, and Kaniko. +* Portability across any Kubernetes distribution. +* Powerful CLI for interacting with pipelines. +* Integrated user experience with the *Developer* perspective of the {OCP} web console, up to {OCP} version 4.19. + +For an overview of {pipelines-title}, see xref:../about/understanding-openshift-pipelines.adoc#understanding-openshift-pipelines[Understanding {pipelines-shortname}]. + +// Compatibility and support matrix +include::modules/op-tkn-pipelines-compatibility-support-matrix.adoc[leveloffset=+1] + +// Release notes for Red Hat OpenShift Pipelines 1.19.0 +include::modules/op-release-notes-1-19.adoc[leveloffset=+1] +