Tekton Pipeline release v0.54.0 "Korat Bender"

🎉 Reusable Steps via StepActions, Param Enums, HTTP Resolver! 🎉

-Docs @ v0.54.0
-Examples @ v0.54.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0142: Surface step results via sidecar logs (#7414)

  Surface step results via sidecar logs

• ✨ TEP-0142: Introduce StepResults in Steps, StepActions (#7382)

  Introduce StepResults in Steps for StepAction's Result storage.

• ✨ TEP-0142: Surface step results via termination message (#7349)

  Surface step results via termination message

• ✨ TEP-0142: Introduce Value in TaskResults (#7347)

  StepActions: Introduce Value in TaskResults

• ✨ [TEP-0142] Add VolumeMounts to StepAction (#7340)

  Users can define VolumeMounts in StepAction, the VolumeMounts Name should use string param reference to the params passed to the StepAction.

• ✨ [TEP-0144] Validate PipelineRun for Param Enum (#7338)

  Implement Param Enum validation for PipelineRuns. Param Enum is supported per TEP-0144

• ✨ [TEP-0142] Add SecurityContext (#7337)

  Users can declare SecurityContext in StepAction.

• ✨ TEP-0142: Add support for params between Step and StepActions (#7332)

  Completes support for params in StepActions.

• ✨ [TEP-0144] Validate TaskRun for Param Enum (#7326)

  Implement Param Enum validation for TaskRuns

• ✨ [TEP-0142] Remote Resolution for StepAction (#7321)

  Support Remote Resolution for StepAction

• ✨ TEP-0142: Introduce Params and Results into StepActions CRD (#7317)

  Introduces params and results into the StepAction CRD.

• ✨ Add credentials to HTTP resolver (#7315)

  The http resolver supports passing username and password for fetching URLs with basic credentials

• ✨ [TEP-0144] Add enum API field (#7289)

  Add Enum API field

• ✨ TEP-0142: Introduce StepAction referencing syntax in Steps (#7284)

  Introduces referencing syntax for StepAction in Steps

• ✨ [TEP-0144] Add feature flag and doc placeholder (#7279)

  Add enable-param-enum feature flag to gate the use of Param.Enum API field

• ✨ TEP-0142: Referencing StepActions in Steps (#7271)

  Enables referencing of StepActions in Steps if the feature flag "enable-step-actions: true" is set.

• ✨ Add a simple HTTP resolver (#7250)

  A new HTTP resolver is now available, it will let you resolve a http(s) URL to fetch a task or pipeline from.

• ✨ Let the user pass a secret via a parameter for SCM API operations when using the git API resolver (#7239)

  User are now able to pass a secret referencing token (or a tokenKey) for a SCM operation on the git resolver instead of using the global one from the configmap.

• ✨ [TEP-0142] Support default resolver for Ref to remote StepAction (#7345)

• ✨ TEP-0142: Add syntax for providing params to StepActions (#7334)

• ✨ [TEP-0142] Add ResolverRef to Ref (#7322)

Fixes

• 🐛 change bundle resolver to use secret instead of service account (#7331)

  action required: Bundle resolve uses secret to pull bundle Tasks/Pipelines from private registry instead of Service Account. Please update your bundle resolver ref to use secret.

• 🐛 fix: the pr may lose finallyStartTime when pipeline controller is not synchronized to all current state (#7186)

  Reset the finallyStartTime field when one or more final tasks have been created and the current finallyStartTime is empty.

• 🐛 fix: panic may occur when calculating the final task timeout waiting time (#7188)

Misc

• 🔨 Cleanup v1beta1 reference in pipelinerun reconciler (#7395)
• 🔨 fix: move getFeatureFlagsBaseOnAPIFlag from custom_task_test to another file (#7393)
• 🔨 chore: pkg import only once (#7348)
• 🔨 [TEP-0142] Refactor extractStepActions (#7328)
• 🔨 Fix capitalization inconsistency in reconciler (#7318)
• 🔨 remove GetUnsignedTask helper function and use var in each file (#6799)
• 🔨 Bump k8s.io/client-go from 0.27.7 to 0.27.8 in /test/custom-task-ctrls/wait-task-beta (#7377)
• 🔨 Bump github.com/tektoncd/pipeline from 0.53.0 to 0.53.1 in /test/custom-task-ctrls/wait-task-beta (#7368)
• 🔨 Use a maintained action for "changed files" (#7364)
• 🔨 Replace ubi9/ubi-minimal with busybox image (#7363)
• 🔨 Add direnv support with boilerplate (#7344)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.1 to 1.8.4 (#7343)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.14 to 1.14.20 (#7339)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#7311)
• 🔨 Bump github.com/tektoncd/pipeline from 0.52.1 to 0.53.0 in /test/custom-task-ctrls/wait-task-beta (#7305)
• 🔨 Bump github.com/containerd/containerd from 1.7.7 to 1.7.8 (#7303)
• 🔨 removed repeated word how-to-write-a-resolver.md (#7302)
• 🔨 Fix git resolver example (#7299)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.4 to 1.7.5 (#7288)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.2 to 1.55.1 in /tools (#7283)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#7281)
• 🔨 Bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 (#7280)
• 🔨 Bump github.com/google/cel-go from 0.12.6 to 0.18.1 (#7253)
• 🔨 Update ko to go 1.20 in release task (#7341)
• 🔨 Disable HTTP/2 by updating knative/pkg (#7324)

Docs

• 📖 Improve migration documentation (#7389)
• 📖 docs: update upper limit for layers in a bundle (#7355)
• 📖 fixed issue #7282 changed broken link from release-pipeline-nightly.yaml to release-pipeline.yaml (#7306)
• 📖 Update release with v0.53.0 LTS (#7301)

Thanks

Thanks to these contributors who contributed to v0.54.0!

• ❤️ @Dhruval7878
• ❤️ @Exar04
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chmouel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @khrm
• ❤️ @mlschmithorst
• ❤️ @pratap0007
• ❤️ @testwill
• ❤️ @vdemeester
• ❤️ @vivekBoii

Extra shout-out for awesome release notes:

• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @chitrangpatel
• 😍 @chmouel
• 😍 @cugykw
• 😍 @khrm