Update module github.com/tektoncd/pipeline to v0.70.0 - autoclosed

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/tektoncd/pipeline	v0.66.0 -> v0.70.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.70.0: Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

Compare Source

🎉 OpenAPI schema to Tekton CRDs 🎉

-Docs @​ v0.70.0
-Examples @​ v0.70.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml
REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.70.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• Add structural OpenAPI schema to Tekton CRDs (#​8490)

action required: The structural OpenAPI schema to Tekton CRDs are added enabling API server schema validation and supporting kubectl explain to describe fields and structure of Tekton CRDs. Due to the API server schema validation, users should make sure Tekton CRs have a valid schema when creating or updating CRs.

Fixes

• 🐛 fix: Fix remote task params default-value substitution (#​8641)

Task Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

• 🐛 fix: configure StepAction to use conversion webhook (#​8644)

Misc

• 🔨 cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance (#​8542)

import only the writer part of the credentials package in the entrypoint so that we do not pull core v1 API indirectly into the package

• 🔨 FIPS Compliance: Refactor Entrypoint, Remove zap Dependency & Update Build Checks (#​8544)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#​8670)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8668)
• 🔨 build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#​8667)
• 🔨 build(deps): bump actions/cache from 4.2.2 to 4.2.3 (#​8666)
• 🔨 build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 (#​8665)
• 🔨 build(deps): bump tj-actions/changed-files from dcc7a0c to 27ae6b3 (#​8664)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#​8654)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8653)
• 🔨 build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#​8633)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8632)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.2 to 0.24.1 (#​8614)
• 🔨 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#​8608)
• 🔨 Refactor pipelinerun metrics tests (#​8340)

Docs

• 📖 Document ko settings for kind clusters with and without a local registry. (#​8662)
• 📖 Fix wrong entry in development documentation and other minor documentation corrections. (#​8661)
• 📖 Add release 0.69 to releases.md (#​8630)

Thanks

Thanks to these contributors who contributed to v0.70.0!

• ❤️ @​PuneetPunamiya
• ❤️ @​aThorp96
• ❤️ @​afrittoli
• ❤️ @​burigolucas
• ❤️ @​dependabot[bot]
• ❤️ @​devholic
• ❤️ @​twoGiants
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​aThorp96
• 😍 @​burigolucas
• 😍 @​waveywaves

v0.69.1: Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

Compare Source

-Docs @​ v0.69.1
-Examples @​ v0.69.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml
REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.69.x] fix: Fix remote task params default-value substitution (#​8651)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.69.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.69.0: Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"

Compare Source

-Docs @​ v0.69.0
-Examples @​ v0.69.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml
REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add feature flag to set readOnlyRootFilesystem for containers (#​8186)

New feature flag set-security-context-read-only-root-filesystem in ConfigMap feature-flags. The new feature sets readOnlyRootFilesystem in securityContext for taskrun and affinity assistant containers.

Fixes

• 🐛 fix: Move when condition to higher priority (#​8569)

fix: Move when condition to higher priority

• 🐛 fix: resolve panic issue in pipeline controller caused by CustomRun (#​8562)

fix: resolve panic issue in pipeline controller caused by CustomRun

Misc

• 🔨 Bump knative.dev/pkg to release-1.17 (#​8538)

Bump knative.dev/pkg to release-1.17 while keeping KUBERNETES_MIN_VERSION to 1.28.

• 🔨 cleanup: use pkg/platforms instead of containerd/platforms to … (#​8579)
• 🔨 cleanup: add disable_spire build tag for entrypoint command (#​8548)
• 🔨 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#​8619)
• 🔨 build(deps): bump k8s.io/client-go from 0.31.4 to 0.31.6 (#​8618)
• 🔨 build(deps): bump k8s.io/code-generator from 0.31.4 to 0.31.6 (#​8615)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.12 to 1.8.15 (#​8613)
• 🔨 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#​8612)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8611)
• 🔨 build(deps): bump actions/cache from 4.2.1 to 4.2.2 (#​8610)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.6 to 45.0.7 (#​8609)
• 🔨 chore: add yaml linting to pre-commit (#​8606)
• 🔨 .github/workflow: add only-new-issues on lint (#​8604)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.12 to 1.8.15 (#​8598)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.1 to 1.11.2 (#​8597)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.12 to 1.8.15 (#​8596)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.15 (#​8595)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 (#​8594)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 (#​8593)
• 🔨 build(deps): bump github/codeql-action from 3.28.8 to 3.28.10 (#​8592)
• 🔨 build(deps): bump actions/setup-go from 5.1.0 to 5.3.0 (#​8591)
• 🔨 build(deps): bump actions/cache from 4.2.0 to 4.2.1 (#​8590)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8589)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.12 to 1.8.15 (#​8585)
• 🔨 build(deps): bump k8s.io/api from 0.31.4 to 0.31.6 (#​8584)
• 🔨 .github/workflows: add a build and test workflows (#​8577)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.37 to 1.14.56 (#​8576)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8573)
• 🔨 .github/workflows: force go to 1.23 for the lint job (#​8570)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.63.4 to 1.64.5 in /tools (#​8568)
• 🔨 build(deps): bump k8s.io/client-go from 0.29.13 to 0.29.14 (#​8567)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8560)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#​8557)
• 🔨 build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#​8554)
• 🔨 build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 (#​8552)
• 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 (#​8551)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.1 to 0.23.2 (#​8550)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8549)
• 🔨 tekton: fix micro typo on release-cheat-sheet (#​8545)

Docs

• 📖 releases.md: add 0.68.0 LTS and update other releases (#​8559)
• 📖 chore: fix some comments (#​8524)
• 📖 fix broken link to tutorials.md page (#​8444)

Thanks

Thanks to these contributors who contributed to v0.69.0!

• ❤️ @​Allda
• ❤️ @​clintonsteiner
• ❤️ @​damuzhi0810
• ❤️ @​dependabot[bot]
• ❤️ @​jkhelil
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​Allda
• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.68.1: Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

Compare Source

-Docs @​ v0.68.1
-Examples @​ v0.68.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml
REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.68.x] fix: Fix remote task params default-value substitution (#​8646)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

• 🔨 [release-v0.68.x] .github/workflows: add a build and test workflows (#​8583)

Docs

Thanks

Thanks to these contributors who contributed to v0.68.1!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.68.0: Tekton Pipeline release v0.68.0 "LaPerm Giskard Reventlov" LTS

Compare Source

-Docs @​ v0.68.0
-Examples @​ v0.68.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml
REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: improve step.Script variables references validation message (#​8312)

improve step.Script variables references validation message

Fixes

• 🐛 fix: reference params in default values, allow chained references in stepactions (#​8536)

fixes #​7935 allowing users to reference other parameters in default values

• 🐛 fix: avoid panic when validate enum param with special matrix task (#​8465)

fix: avoid panic when validate enum param with special matrix task

• 🐛 Bump go-billy to latest main to fix a git resolver issue (#​8306)

Binary file (standard input) matches

• 🐛 fix: improve parsing logic to handle empty results (#​8484)
• 🐛 fix: minor version check for sidecar logic (#​8447)
• 🐛 fix(computeresource/tasklevel): Fixed a bug where abnormal calculatio… (#​8399)

Misc

• 🔨 better step result referencing and docs for step param substitution order and (#​8528)
• 🔨 build(deps): bump github.com/google/cel-go from 0.22.1 to 0.23.1 (#​8541)
• 🔨 Fix deprecated golangci-lint configuration (#​8540)
• 🔨 build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 (#​8534)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8533)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#​8530)
• 🔨 build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#​8527)
• 🔨 build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#​8525)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.27.0 to 1.34.0 (#​8520)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.10.0 to 1.11.1 (#​8519)
• 🔨 build(deps): bump github.com/google/cel-go from 0.20.1 to 0.22.1 (#​8518)
• 🔨 build(deps): bump github/codeql-action from 3.28.0 to 3.28.1 (#​8509)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#​8508)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4 (#​8507)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8506)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.33.0 to 1.34.0 (#​8505)
• 🔨 build(deps): bump k8s.io/client-go from 0.29.6 to 0.29.13 (#​8504)
• 🔨 build(deps): bump github.com/containerd/containerd from 1.7.20 to 1.7.25 (#​8503)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.4 to 1.8.12 (#​8502)
• 🔨 build(deps): bump google.golang.org/grpc from 1.67.3 to 1.69.4 (#​8500)
• 🔨 build(deps): bump k8s.io/code-generator from 0.29.7 to 0.29.13 (#​8499)
• 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.29.0 to 1.33.0 (#​8498)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 (#​8497)
• 🔨 build(deps): bump k8s.io/api from 0.29.6 to 0.29.13 (#​8496)
• 🔨 build(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 (#​8494)
• 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.3.0 to 2.4.0 (#​8493)
• 🔨 build(deps): bump code.gitea.io/sdk/gitea from 0.18.0 to 0.20.0 (#​8491)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to 1.33.0 (#​8488)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8481)
• 🔨 Migrate golangci-lint to a github workflow (#​8480)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.4 to 1.8.12 (#​8478)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.4 to 1.8.12 (#​8477)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.4 to 1.8.12 (#​8476)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.12 (#​8475)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.62.2 to 1.63.4 in /tools (#​8472)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8471)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.5 to 45.0.6 (#​8470)
• 🔨 Fixed make goimports (#​8461)
• 🔨 build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#​8459)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8458)
• 🔨 .github/workflows: run e2e-matrix on all pull-request (#​8454)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8440)
• 🔨 build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#​8439)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#​8431)
• 🔨 build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 (#​8430)
• 🔨 build(deps): bump chainguard/go from 551fd4c to 2cc6974 in /tekton in the all group (#​8428)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 (#​8426)
• 🔨 build(deps): bump actions/cache from 4.1.1 to 4.2.0 (#​8425)
• 🔨 build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#​8424)
• 🔨 Improve gha k8s e2e tests names (#​8423)
• 🔨 Ignore failures when rerunning jobs (#​8421)
• 🔨 Remove extra pip symbol (#​8420)
• 🔨 Fix getting the commit sha from comment event (#​8419)
• 🔨 Add /retest chatops command (#​8417)
• 🔨 chore: fix some function name in comment (#​8415)
• 🔨 Run e2e tests in GHA (#​8411)
• 🔨 tekton: fix bugfix-release.sh script (#​8375)
• 🔨 Make resolvers' maximum resolution timeout configurable (#​8366)

Docs

• 📖 Add PipelineRun pipeline-timeout note to pipeline docs (#​8510)
• 📖 Fix dead admission-webhook blog link in developer docs (#​8489)
• 📖 typo fix (#​8437)
• 📖 docs: replace link to link to page with link to page (#​8429)
• 📖 Updated releases.md for v0.66.0 (#​8414)
• 📖 Remove bad links from StepActions TOC (#​8412)

Thanks

Thanks to these contributors who contributed to v0.68.0!

• ❤️ @​AlanGreene
• ❤️ @​Ccheers
• ❤️ @​RenuBhati
• ❤️ @​SaschaSchwarze0
• ❤️ @​aThorp96
• ❤️ @​afrittoli
• ❤️ @​chengjoey
• ❤️ @​chmouel
• ❤️ @​clintonsteiner
• ❤️ @​dependabot[bot]
• ❤️ @​jkhelil
• ❤️ @​justinabrahms
• ❤️ @​l-qing
• ❤️ @​lvyaoting
• ❤️ @​say5
• ❤️ @​vdemeester
• ❤️ @​waveywaves
• ❤️ @​zou2699

Extra shout-out for awesome release notes:

• 😍 @​chengjoey
• 😍 @​l-qing
• 😍 @​vdemeester
• 😍 @​waveywaves

---

Configuration

📅 Schedule: Branch creation - "before 4am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

[red-hat-konflux]

ℹ Artifact update notice

File name: acceptance/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 11 additional dependencies were updated

Details:

Package	Change
github.com/go-git/go-billy/v5	v5.6.0 -> v5.6.2
github.com/go-git/go-git/v5	v5.13.0 -> v5.13.2
github.com/sigstore/sigstore	v1.8.9 -> v1.8.15
github.com/ProtonMail/go-crypto	v1.1.3 -> v1.1.5
github.com/cyphar/filepath-securejoin	v0.3.1 -> v0.3.6
github.com/google/cel-go	v0.22.0 -> v0.24.1
github.com/pjbgf/sha1cd	v0.3.0 -> v0.3.2
github.com/sigstore/protobuf-specs	v0.3.2 -> v0.4.0
google.golang.org/api	v0.215.0 -> v0.217.0
k8s.io/apiextensions-apiserver	v0.31.0 -> v0.31.4
knative.dev/pkg	v0.0.0-20240815051656-89743d9bbf7c -> v0.0.0-20250117084104-c43477f0052b

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 10 additional dependencies were updated

Details:

Package	Change
github.com/sigstore/sigstore	v1.8.9 -> v1.8.15
k8s.io/apiextensions-apiserver	v0.31.0 -> v0.31.4
cloud.google.com/go/auth	v0.13.0 -> v0.14.0
cloud.google.com/go/auth/oauth2adapt	v0.2.6 -> v0.2.7
github.com/coreos/go-oidc/v3	v3.11.0 -> v3.12.0
github.com/google/cel-go	v0.21.0 -> v0.24.1
github.com/google/s2a-go	v0.1.8 -> v0.1.9
github.com/sigstore/protobuf-specs	v0.3.2 -> v0.4.0
google.golang.org/api	v0.215.0 -> v0.217.0
knative.dev/pkg	v0.0.0-20240815051656-89743d9bbf7c -> v0.0.0-20250117084104-c43477f0052b

File name: tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 22 additional dependencies were updated

Details:

Package	Change
cloud.google.com/go/auth	v0.13.0 -> v0.14.0
cloud.google.com/go/auth/oauth2adapt	v0.2.6 -> v0.2.7
cloud.google.com/go/kms	v1.20.1 -> v1.20.5
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.16.0 -> v1.17.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys	v1.1.0 -> v1.3.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal	v1.0.1 -> v1.1.0
github.com/ProtonMail/go-crypto	v1.0.0 -> v1.1.5
github.com/aws/aws-sdk-go	v1.55.5 -> v1.55.6
github.com/aws/aws-sdk-go-v2/service/kms	v1.35.5 -> v1.37.13
github.com/coreos/go-oidc/v3	v3.11.0 -> v3.12.0
github.com/google/cel-go	v0.23.2 -> v0.24.1
github.com/google/s2a-go	v0.1.8 -> v0.1.9
github.com/hashicorp/vault/api	v1.14.0 -> v1.16.0
github.com/secure-systems-lab/go-securesystemslib	v0.8.0 -> v0.9.0
github.com/sigstore/protobuf-specs	v0.3.2 -> v0.4.0
github.com/sigstore/sigstore	v1.8.8 -> v1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/aws	v1.8.8 -> v1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/azure	v1.8.8 -> v1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/gcp	v1.8.8 -> v1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	v1.8.8 -> v1.8.15
google.golang.org/api	v0.215.0 -> v0.217.0
knative.dev/pkg	v0.0.0-20240815051656-89743d9bbf7c -> v0.0.0-20250117084104-c43477f0052b

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
generative	68.59% <ø> (ø)
integration	68.59% <ø> (ø)
unit	68.59% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.