Skip to content

Releases: tektoncd/pipeline

Tekton Pipeline release v1.3.1 LTS "Maine Coon Melfina"

05 Aug 21:34
@tekton-robot tekton-robot
v1.3.1
a53cdad
Compare
Choose a tag to compare
Tekton Pipeline release v1.3.1 LTS "Maine Coon Melfina" Latest
Latest

-Docs @ v1.3.1
-Examples @ v1.3.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.1/release.yaml
REKOR_UUID=108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v1.3.x] Fix tini-git image to be multi-arch (#8948)

pdating tini-git base image to be multi-platform, also fixing the resolvers image.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v1.3.1!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Assets 4
Loading

Tekton Pipeline release v1.3.0 LTS "Maine Coon Melfina"

04 Aug 14:09
@tekton-robot tekton-robot
v1.3.0
4d9bc1d
Compare
Choose a tag to compare
Tekton Pipeline release v1.3.0 LTS "Maine Coon Melfina"

-Docs @ v1.3.0
-Examples @ v1.3.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.0/release.yaml
REKOR_UUID=108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ exponential backoff in controller (#8926)

Introduced exponential backoff retry mechanism for createPod function to improve robustness against transient webhook issues in a heavy cluster during resource creation.

  • ✨ exponential backoff for and creation (#8902)
  • Introduced exponential backoff retry mechanism for createTaskRun and createCustomRun functions.
  • Retries are triggered only on mutating admission webhook timeouts (HTTP 500 with "timeout" in the error message).
  • Non-retryable errors (e.g., HTTP 400, validation failures) continue to fail immediately.
  • Feature is disabled by default. To enable, set enable-wait-exponential-backoff: "true" in the feature-flags ConfigMap.
  • Backoff parameters (duration, factor, steps) are configurable via the wait-exponential-backoff ConfigMap.
  • Improves robustness against transient webhook issues in a heavy cluster during resource creation.
  • ✨ Feature: Allow THREADS_PER_CONTROLLER env var to override default threads-per-controller value (#8890)

Default threads-per-controller value can be override by THREADS_PER_CONTROLLER env var

  • ✨ Add anti-affinity rules to controller's replicas (#8864)

As part of improving high availability (HA) for the Tekton Pipelines controller, this update adds a preferredDuringSchedulingIgnoredDuringExecution pod anti-affinity rule. This ensures that multiple replicas of the controller are preferably scheduled on different nodes, reducing the risk of service disruption in case of a node failure.

  • ✨ PodTemplate param substitution on TaskRunSpecs to enable multi-arch builds with Matrix (#8599)

TaskRuns and TaskRunSpecs now support param substitution on podTemplate fields. This allows operability with Matrix.

Fixes

  • πŸ› fix(pipeline): support variables in onError for pipeline v1beta1 (#8931)

fix(pipeline): support variables in onError for pipeline v1beta1

  • πŸ› fix: ensure git shell-out inherits environment variables (#8908)

fix: The git resolver now respects environment variables on the pod

  • πŸ› efficient polling in (#8901)

Binary file (standard input) matches

  • πŸ› Use tini-git image for the resolvers deployment (#8895)

The resolvers deployment now uses the tini init system to make sure we don't end up with a lot of git process zombies.

  • πŸ› Re-register metrics only during real update (#8863)

Misc

  • πŸ”¨ Resolvers: remove default TEKTON_HUB_API URI (#8861)

Removing the default value of TEKTON_HUB_API in the resolvers deployment as the public instance of tektoncd/hub (hub.tekton.dev) will be shutdown in September. It's still possible to set this environment variable to a value for users who self host an instance of tektoncd/hub

  • πŸ”¨ Remove linux/arm from platform we publish (#8657)

linux/arm images are not published anymore as part of the release. This means armv5, armv6 and armv7 are not supported anymore.

  • πŸ”¨ Stop emitting deprecated metrics (#8875)

BREAKING CHANGE:

This commit removes the following deprecated metrics that have been replaced
by newer, more descriptive metrics:

PipelineRun Metrics:

  • pipelinerun_count β†’ replaced by pipelinerun_total
  • running_pipelineruns_count β†’ replaced by running_pipelineruns
  • running_pipelineruns_waiting_on_pipeline_resolution_count β†’ replaced by running_pipelineruns_waiting_on_pipeline_resolution
  • running_pipelineruns_waiting_on_task_resolution_count β†’ replaced by running_pipelineruns_waiting_on_task_resolution

TaskRun Metrics:

  • taskrun_count β†’ replaced by taskrun_total
  • running_taskruns_count β†’ replaced by running_taskruns
  • running_taskruns_throttled_by_quota_count β†’ replaced by running_taskruns_throttled_by_quota
  • running_taskruns_throttled_by_node_count β†’ replaced by running_taskruns_throttled_by_node

The replacement metrics provide the same functionality with improved naming
conventions and are already being recorded in the codebase.

  • πŸ”¨ Make sure we do not validate ResolutionRequest on DELETE (#8857)

esolutionRequest are no more validated on DELETE, which is consistent with the rest of the pipeline's objects.

  • πŸ”¨ Move ConfigMap helpers to testing framework and cleanup 🧹 pipelinerun_test.go 🧹. (#8920)
  • πŸ”¨ Remove all reference to gcr.io tekton projects (#8885)
  • πŸ”¨ build(deps): bump github.com/jenkins-x/go-scm from 1.15.1 to 1.15.4 (#8935)
  • πŸ”¨ build(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 (#8922)
  • πŸ”¨ refactor getSidecarLogPollingInterval() (#8909)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 (#8907)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 (#8900)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#8899)
  • πŸ”¨ build(deps): bump the all group in /tekton with 3 updates (#8898)
  • πŸ”¨ nightly builds with gh actions (#8897)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.32.6 to 0.32.7 (#8896)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.32.6 to 0.32.7 (#8893)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.25.0 to 0.26.0 (#8892)
  • πŸ”¨ build(deps): bump k8s.io/api from 0.32.6 to 0.32.7 (#8888)
  • πŸ”¨ build(deps): bump github.com/jenkins-x/go-scm from 1.14.59 to 1.15.1 (#8884)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from cf79a64fed8a943fb1073260883d08fe0dfb4e56 to 055970845dd036d7345da7399b7e89f2e10f2b04 (#8883)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8882)
  • πŸ”¨ Add Stanislav (twoGiants) as reviewer to Tekton Pipeline repository. (#8880)
  • πŸ”¨ build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 (#8871)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from e8772ff27de71367c2771ef3e8b5b2075b3f8282 to cf79a64fed8a943fb1073260883d08fe0dfb4e56 (#8867)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8866)
  • πŸ”¨ build(deps): bump github.com/jenkins-x/go-scm from 1.14.58 to 1.14.59 (#8865)
  • πŸ”¨ build(deps): bump github.com/spiffe/spire-api-sdk from 1.12.0 to 1.12.4 (#8860)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2 (#8856)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 (#8855)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from d52d20fa3f981cb852b861fd8f55308b5fe29637 to e8772ff27de71367c2771ef3e8b5b2075b3f8282 (#8854)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8853)
  • πŸ”¨ build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 (#8852)
  • πŸ”¨ Update kubernetes version of the CI (#8758)
  • πŸ”¨ Add a tool to generate the release name (#8629)

Docs

  • πŸ“– Document controller debugging configuration. (#8881)

Developer documentation in DEVELOPMENT.md contains a "Debugging" section explaining how to setup VSCode for debugging Tekton controllers running in a k8 cluster.

  • πŸ“– docs: fix typo in pipelineruns.md (#8851)

Thanks

Thanks to these contributors who contributed to v1.3.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, pritidesai, and 10 other contributors
Loading

Tekton Pipeline release v1.2.0 "Dragon Li Dreadnought"

01 Jul 13:53
@tekton-robot tekton-robot
v1.2.0
18736c3
Compare
Choose a tag to compare
Tekton Pipeline release v1.2.0 "Dragon Li Dreadnought"

πŸŽ‰ Bug fixes and documentation enhancements πŸŽ‰

-Docs @ v1.2.0
-Examples @ v1.2.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.2.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a754b4d7d26d7ac445cc63785908c6df49e449f3da28b067511a0f2298767d8be

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a754b4d7d26d7ac445cc63785908c6df49e449f3da28b067511a0f2298767d8be
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.2.0/release.yaml
REKOR_UUID=108e9186e8c5677a754b4d7d26d7ac445cc63785908c6df49e449f3da28b067511a0f2298767d8be

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.2.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› Do not propagate managed-by annotation to Pods (#8846)

od created by the Pipeline controller will now always have app.kubernetes.io/managed-by set to the default configuration. Prior to this change, it would be overriden by the value of that label set on TaskRun (or PipelineRun).

  • πŸ› fix: Avoid errors in PVC handler if PVC is already deleted (#8811)

PVCs that have already been deleted will no longer cause errors during resource cleanup operations.

Misc

  • πŸ”¨ refactor: replace go-multierror with errors.Join for native error aggregation (#8791)

Replaced external go-multierror dependency with Go's built-in errors.Join for error aggregation, reducing dependencies and improving code maintainability.

  • πŸ”¨ fix: Remove direct usage of testify from pkg/spire/ (#8788)

Removed direct dependency on testify in pkg/spire to simplify testing and reduce external dependencies.

  • πŸ”¨ [TEP-0056]: Extract common status helper functions from pipelinerun_test.go. (#8850)
  • πŸ”¨ [TEP-0056]: Refactor names and fix typos. (#8806)
  • πŸ”¨ Move Step step action reference test to container_validation_test.go. (#8779)
  • πŸ”¨ Move Step Validate and ValidateError tests to container_validation_test.go. (#8778)
  • πŸ”¨ Move Step ResultRef and ArtifactsRef tests to container_validation_test.go. (#8777)
  • πŸ”¨ Move Step onError and API version tests to container_validation_test.go. (#8773)
  • πŸ”¨ Move Step ref tests to container_validation_test.go. (#8772)
  • πŸ”¨ Move Step artifacts flag tests to container_validation_test.go. (#8769)
  • πŸ”¨ Fix CRD Generation Errors (#8726)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.36.0 to 1.37.0 (#8848)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8844)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.32.5 to 0.32.6 (#8842)
  • πŸ”¨ build(deps): bump k8s.io/apiextensions-apiserver from 0.32.5 to 0.32.6 (#8840)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.32.5 to 0.32.6 (#8837)
  • πŸ”¨ build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.16.0 to 2.16.1 (#8836)
  • πŸ”¨ build(deps): bump github.com/google/go-containerregistry from 0.20.5 to 0.20.6 (#8835)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8834)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1 (#8833)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 (#8832)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 4140eb99d2cced9bfd78375c2088371853262f79 to d52d20fa3f981cb852b861fd8f55308b5fe29637 (#8831)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore from 1.9.4 to 1.9.5 (#8826)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.9.4 to 1.9.5 (#8823)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.4 to 1.9.5 (#8822)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.9.4 to 1.9.5 (#8821)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.4 to 1.9.5 (#8820)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 (#8819)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from c6634ca281a9fc05b03bee224ba00910cb78ab6e to 4140eb99d2cced9bfd78375c2088371853262f79 (#8818)
  • πŸ”¨ build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0 (#8817)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 (#8816)
  • πŸ”¨ Fix the sed command with crane (#8812)
  • πŸ”¨ fix(lint): resolve golangci-lint errors in testing context (#8810)
  • πŸ”¨ build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#8808)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8807)

Docs

  • πŸ“– docs: clarify container entrypoint behavior (#8696)

docs: clarify container contract documentation to avoid ambiguity

  • πŸ“– Update releases.md for 1.1.0 (#8814)
  • πŸ“– fix(docs): remove duplicated block from artifacts.md (#8802)

Thanks

Thanks to these contributors who contributed to v1.2.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, arthur-c, and 8 other contributors
Loading

Tekton Pipeline release v1.1.0 "Selkirk Rex Saul Tigh"

04 Jun 21:12
@tekton-robot tekton-robot
v1.1.0
43c0bb9
Compare
Choose a tag to compare
Tekton Pipeline release v1.1.0 "Selkirk Rex Saul Tigh"

-Docs @ v1.1.0
-Examples @ v1.1.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.1.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.1.0/release.yaml
REKOR_UUID=108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.1.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› fix: Ensure retryable errors during validation do not fail Runs (#8746)

Retryable errors during dry-run Task validation will no longer cause a PipelineRun to be failed.

  • πŸ› Add oomkilled reason (#8709)

TaskRuns that fail due to Out of Memory (OOM) conditions will now show the termination reason in their failure message.

Misc

  • πŸ”¨ refactor: use os.UserHomeDir instead of go-homedir (#8774)
  • πŸ”¨ Remove temporary GOPATH generation in in update-codegen.sh and update-openapigen.sh. (#8719)
  • πŸ”¨ Refactor Step validation to implement apis.Validatable. (#8717)
  • πŸ”¨ Raise test coverage in task_validation.go and container_validation.go. (#8714)
  • πŸ”¨ Refactor sidecar validation to implement apis.Validatable. (#8710)
  • πŸ”¨ Move Steps and Sidecars validation to container_validation.go. (#8685)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2 (#8801)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8800)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 480f49412651059a414a6a5c96887abb1877de8a to c6634ca281a9fc05b03bee224ba00910cb78ab6e (#8799)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/trace from 1.35.0 to 1.36.0 (#8798)
  • πŸ”¨ build(deps): bump github.com/google/go-containerregistry from 0.20.3 to 0.20.5 (#8796)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/sdk from 1.35.0 to 1.36.0 (#8794)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.35.0 to 1.36.0 (#8793)
  • πŸ”¨ Fix subpath capitalisation (#8790)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.32.4 to 0.32.5 (#8789)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8787)
  • πŸ”¨ build(deps): bump actions/dependency-review-action from 4.7.0 to 4.7.1 (#8786)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 (#8785)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.32.4 to 0.32.5 (#8783)
  • πŸ”¨ build(deps): bump k8s.io/apiextensions-apiserver from 0.32.4 to 0.32.5 (#8781)
  • πŸ”¨ build(deps): bump k8s.io/api from 0.32.4 to 0.32.5 (#8780)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 (#8771)
  • πŸ”¨ build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (#8766)
  • πŸ”¨ build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#8765)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 4168bb487d5b82227665ab4ec90b67ce02691741 to 480f49412651059a414a6a5c96887abb1877de8a (#8764)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8763)
  • πŸ”¨ build(deps): bump k8s.io/apiextensions-apiserver from 0.32.1 to 0.32.4 (#8762)
  • πŸ”¨ build(deps): bump github.com/jenkins-x/go-scm from 1.14.56 to 1.14.58 (#8754)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.34.0 to 1.35.0 (#8753)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.15 to 1.9.4 (#8752)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.24.1 to 0.25.0 (#8751)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 (#8749)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.15 to 1.9.4 (#8748)
  • πŸ”¨ build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 (#8747)
  • πŸ”¨ Migration to golangci-lint v2… (#8745)
  • πŸ”¨ Add @waveywaves as a maintainer (#8743)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8742)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (#8741)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f to 4168bb487d5b82227665ab4ec90b67ce02691741 (#8739)
  • πŸ”¨ build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.2 to 2.16.0 (#8737)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.15 to 1.9.4 (#8736)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.32.2 to 0.32.4 (#8735)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/sdk from 1.34.0 to 1.35.0 (#8734)
  • πŸ”¨ build(deps): bump code.gitea.io/sdk/gitea from 0.20.0 to 0.21.0 (#8733)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.32.2 to 0.32.4 (#8732)
  • πŸ”¨ build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.2 to 1.12.0 (#8731)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from c34c1c13a740b06851baff92ab9a653d93ad6ce7 to 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f (#8730)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.15 to 1.9.4 (#8725)
  • πŸ”¨ build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 in /test/resolver-with-timeout (#8708)
  • πŸ”¨ build(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 in /test/resolver-with-timeout (#8706)
  • πŸ”¨ build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 in /test/custom-task-ctrls/wait-task-beta (#8588)

Docs

  • πŸ“– docs: add more explicit language in the Pipelines in Pipelines docs (#8767)
  • πŸ“– Update releases.md after v1.0.0 (#8761)
  • πŸ“– fix(docs): correct documentation link errors related to sidecar-logs (#8744)
  • πŸ“– Add ghcr.io migration banner to README.md. (#8693)

Thanks

Thanks to these contributors who contributed to v1.1.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, twoGiants, and 7 other contributors
Loading
0 Join discussion

Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS

01 May 00:03
@tekton-robot tekton-robot
v1.0.0
d9974e2
Compare
Choose a tag to compare
Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS

πŸŽ‰ 1.0.0 is live πŸŽ‰ StepActions are GA and Git resolvers enhancements πŸŽ‰

-Docs @ v1.0.0
-Examples @ v1.0.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml
REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ fix: resolve Git Anonymous Resolver excessive memory usage (#8677)

RemoteResolutions using the Git Resolver now use the git binary instead of the Golang library go-git to shallow-clone, shallow-fetch, then checkout the provided repository at the given revision. This reduces resolution time and memory significantly. Some git providers such as Gitea may not support fetching revisions if the revision is a SHA which is not reachable via a ref or is not at a ref/head. In general, no user action is required.

See also: https://git-scm.com/docs/protocol-capabilities#_allow_reachable_sha1_in_want

Resolves #8652

  • ✨ feat(pipeline): allow variable substitution in pipeline.tasks[].onError (#8600)

feat(pipeline): allow variable substitution in pipeline.tasks[].onError

  • ✨ Add configuration for custom bundle resolver backoff (#8574)

Enables the configuration of backoffs for a bundle resolver requests.

  • ✨ feat: promote StepActions to GA (#8546)

StepActions promoted to GA and is available by default. The enable-step-actions feature flag exists as a no-op flag to ensure that existing user workflows which might rely on this flag are not disabled. This flag will be removed completely in a later release.

  • ✨ feat: add support for authenticated git clone (#8537)

n optional token can now be passed to the git clone method (using go-git library) to
bypass token limit when using the API.

Fixes

  • πŸ› fix: add stepaction as a valid kind in the hub resolver (#8635)

the hub resolver now validates StepActions as a valid kind

  • πŸ› fix: avoid fan out matrix task failed due to result ref (#8487)

fix: avoid fan out matrix task failed due to result ref

  • πŸ› fix: handle subPath directory creation errors gracefully (#8683)

Misc

  • πŸ”¨ cleanup: [TEP-0135] remove deprecated disable-affinity-assistant feature flag (#8603)

Binary file (standard input) matches

  • πŸ”¨ cleanup: remove clustertask support (#8601)

Remove ClusterTask support completely

  • πŸ”¨ Bump go.mod and tools/go.mod to go 1.23 (#8482)

Updating go to 1.23

  • πŸ”¨ misc: promote to beta (#8343)

keep-pod-on-cancel feature flag will be enabled in default

  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#8729)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 (#8728)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8727)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore from 1.8.15 to 1.9.4 (#8724)
  • πŸ”¨ build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.4 (#8723)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8722)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from be393a90381e27c9fec2c8c2e02b00f005710145 to c34c1c13a740b06851baff92ab9a653d93ad6ce7 (#8721)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 (#8705)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 6abeaa506a419f85fa9e681260b443adbeebb3d4 to be393a90381e27c9fec2c8c2e02b00f005710145 (#8704)
  • πŸ”¨ build(deps): bump ko-build/setup-ko from 0.8 to 0.9 (#8703)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8702)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 (#8690)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 to 6abeaa506a419f85fa9e681260b443adbeebb3d4 (#8689)
  • πŸ”¨ build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#8688)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 (#8687)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8686)
  • πŸ”¨ build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8680)
  • πŸ”¨ build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#8678)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel from 1.34.0 to 1.35.0 (#8676)
  • πŸ”¨ Consume release pipeline images and task bundles from GHCR (#8674)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.31.6 to 0.31.7 (#8645)

Docs

  • πŸ“– Add v0.70 to the releases doc and fix dates of v0.64 and v0.69 releases (#8699)
  • πŸ“– Move Step when expressions documentation from StepActions to Tasks documetnation. (#8672)
  • πŸ“– Update link to section on overriding task requests (#8650)
  • πŸ“– chore: param enum usage example for stepaction (#8605)

Thanks

Thanks to these contributors who contributed to v1.0.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, chmouel, and 9 other contributors
Loading

Tekton Pipeline release v0.59.6 "Scottish Fold Sox"

29 Apr 13:33
@tekton-robot tekton-robot
v0.59.6
b08b965
Compare
Choose a tag to compare
Tekton Pipeline release v0.59.6 "Scottish Fold Sox"

-Docs @ v0.59.6
-Examples @ v0.59.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.6/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.6/release.yaml
REKOR_UUID=108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.59.x] fix: avoid panic when validate enum param with special matrix task (#8517)

ix: avoid panic when validate enum param with special matrix task

Misc

  • πŸ”¨ [release-v0.59.x] .github/workflows: add a build and test workflows (#8580)
  • πŸ”¨ [release-v0.59.x] .github/workflows: backport e2e workflows (#8450)

Docs

Thanks

Thanks to these contributors who contributed to v0.59.6!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

28 Mar 14:47
@tekton-robot tekton-robot
v0.70.0
47bcb09
Compare
Choose a tag to compare
Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

πŸŽ‰ OpenAPI schema to Tekton CRDs πŸŽ‰

-Docs @ v0.70.0
-Examples @ v0.70.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml
REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.70.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • Add structural OpenAPI schema to Tekton CRDs (#8490)

action required: The structural OpenAPI schema to Tekton CRDs are added enabling API server schema validation and supporting kubectl explain to describe fields and structure of Tekton CRDs. Due to the API server schema validation, users should make sure Tekton CRs have a valid schema when creating or updating CRs.

Fixes

  • πŸ› fix: Fix remote task params default-value substitution (#8641)

Task Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

  • πŸ› fix: configure StepAction to use conversion webhook (#8644)

Misc

  • πŸ”¨ cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance (#8542)

import only the writer part of the credentials package in the entrypoint so that we do not pull core v1 API indirectly into the package

  • πŸ”¨ FIPS Compliance: Refactor Entrypoint, Remove zap Dependency & Update Build Checks (#8544)
  • πŸ”¨ build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8670)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8668)
  • πŸ”¨ build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#8667)
  • πŸ”¨ build(deps): bump actions/cache from 4.2.2 to 4.2.3 (#8666)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 (#8665)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 (#8664)
  • πŸ”¨ build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#8654)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8653)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#8633)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8632)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.23.2 to 0.24.1 (#8614)
  • πŸ”¨ build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#8608)
  • πŸ”¨ Refactor pipelinerun metrics tests (#8340)

Docs

  • πŸ“– Document ko settings for kind clusters with and without a local registry. (#8662)
  • πŸ“– Fix wrong entry in development documentation and other minor documentation corrections. (#8661)
  • πŸ“– Add release 0.69 to releases.md (#8630)

Thanks

Thanks to these contributors who contributed to v0.70.0!

Extra shout-out for awesome release notes:

Contributors

burigolucas, twoGiants, and 6 other contributors
Loading

Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

20 Mar 12:05
@tekton-robot tekton-robot
v0.69.1
1122e76
Compare
Choose a tag to compare
Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

-Docs @ v0.69.1
-Examples @ v0.69.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml
REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.69.x] fix: Fix remote task params default-value substitution (#8651)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.69.1!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Loading

Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

20 Mar 12:04
@tekton-robot tekton-robot
v0.68.1
1a01f6b
Compare
Choose a tag to compare
Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

-Docs @ v0.68.1
-Examples @ v0.68.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml
REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.68.x] fix: Fix remote task params default-value substitution (#8646)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

  • πŸ”¨ [release-v0.68.x] .github/workflows: add a build and test workflows (#8583)

Docs

Thanks

Thanks to these contributors who contributed to v0.68.1!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v0.65.7 "Sokoke Herbie"

29 Apr 14:22
@tekton-robot tekton-robot
v0.65.7
579fe68
Compare
Choose a tag to compare
Tekton Pipeline release v0.65.7 "Sokoke Herbie"

-Docs @ v0.65.7
-Examples @ v0.65.7

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.7/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.7/release.yaml
REKOR_UUID=108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.7@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.65.x] fix: Fix remote task params default-value substitution (#8648)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

  • πŸ”¨ [release-v0.65.x] .github/workflows: add a build and test workflows (#8582)

Docs

Thanks

Thanks to these contributors who contributed to v0.65.7!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading