Tekton Pipeline release v0.38.2 "Ocicat Ava"

-Docs @ v0.38.2
-Examples @ v0.38.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.2/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.2/release.yaml
REKOR_UUID=362f8ecba72f4326cb27c8cb17e02f54a59ad06cd79f516877b42be38a100da8ddb4e983af82f36d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [0.38: cherry-pick] Use step.ImageID instead of looking into status.TaskSpec (#5246)

Do not panic on ImagePullBackOff in case of status being not fully populated yet

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.38.2!

• ❤️ @piyush-garg

Extra shout-out for awesome release notes:

• 😍 @piyush-garg

Tekton Pipeline release v0.37.3 "Foldex Frost"

-Docs @ v0.37.3
-Examples @ v0.37.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.3/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.3/release.yaml
REKOR_UUID=362f8ecba72f4326aa481b6a086df24b271f27e3823e067689e1146d3b6f319e103937e642c2fd79

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [0.37: cherry-pick] Use step.ImageID instead of looking into status.TaskSpec (#5245)

Do not panic on ImagePullBackOff in case of status being not fully populated yet

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.3!

• ❤️ @piyush-garg

Extra shout-out for awesome release notes:

• 😍 @piyush-garg

Tekton Pipeline release v0.38.1 "Octocat Ava"

-Docs @ v0.38.1
-Examples @ v0.38.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.1/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4

Obtain the attestation:

REKOR_UUID=362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.1/release.yaml
REKOR_UUID=362f8ecba72f43268b4bd88676d8467bd55c1545fdf5b2786b15b6c1f94e34e15bc42416bb59d3e4

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [cherry-pick: v0.38] Do not serve v1alpha1 for CRDs that do not exists anymore (#5220)

Do not serve removed object from v1alpha1 (Task, ClusterTask, Pipeline, TaskRun and PipelineRun)

• 🐛 [cherry-pick: v0.38] Add SetDefaults for pipelineSpec in reconciler (#5217)

Fix an issue with parameters without types specified in pre-existing Pipelines and Tasks.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.38.1!

• ❤️ @abayer

Extra shout-out for awesome release notes:

• 😍 @abayer

Tekton Pipeline release v0.38.0 "Ocicat Ava"

-Docs @ v0.38.0
-Examples @ v0.38.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.0/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885

Obtain the attestation:

REKOR_UUID=362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.38.0/release.yaml
REKOR_UUID=362f8ecba72f432699509b8cc1664c3bb7f29f406bf9d81e24049d1d33735511ef14ae9f533a4885

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.38.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• Action required: v1alpha1 versions of Task, ClusterTask, TaskRun, Pipeline, and PipelineRun have been removed. Please use v1beta1 versions of these CRDs instead.

Changes

Features

• ✨ [TEP-0075] Object Params and Results

  • [TEP-0075]Pipeline results support object (#5088)
    Support object results and object element reference for pipeline level as an alpha feature.
    A pipeline can specify a type to create object result, and the task script can populate result in an array form. The pipeline results can refer to task results to collect them.
  • [TEP-0075] Support Object Results substitution (#5083)
    Support object results substitution as an alpha feature.
    A task can specify a type to produce array result, and the task script can populate result in an object form. We can refer to the object results in params.
  • TEP-0075: Implement object var replacement on task&taskrun level (#4904)
    Added implementation for object variables replacement on task/taskrun level where only individual object keys can be referenced in the format of $(params.<param_name>.<key_name>)
    Users need to enabled alpha feature flag to have this pr's change applied.

• ✨ [TEP-0076] Array Params and Results

  • [TEP-0076] Add indexing into array for taskrun params reference (#5132)
    Indexing into array for taskrun params is now an alpha feature, element of array params can be accessed via $(params.param-name[i]).
  • [TEP-0076]Validate Pipeline results array index (#5139)
    pipelinerun will fail if pipelineresults array index is out of bound
  • [TEP-0076]Pipeline results support array (#4965)
    Support array results and indexing array for pipeline level as an alpha feature.
    A pipeline can specify a type to create array result, and the task script can populate result in an array form. The pipeline results can refer to task results to collect them.
    *[TEP-0076]Validate Results type and object properties (#4920)
    Add Properties for TaskResult so user can define what keys are needed for object type TaskResult and leverage this Properties for validation.
  • [TEP-0076]Support Array Results substitution (#4908)
    Support array results substitution as an alpha feature.
    A task can specify a type to produce array result, and the task script can populate result in an array form. We can refer to the array results in params.
    *[TEP-0076] Add indexing into array for pipeline params reference (#4855)
    Indexing into array for pipeline params is now an alpha feature, element of array params can be accessed via $(params.param-name[i]).

• ✨ Add support for projected volumes as workspace type (#5085)

Add support for projected volumes as workspace type

• ✨ Publish Pipeline Results from successful TaskRuns in Failed PipelineRuns (#5060)

Pipeline results are now initialized even when a pipelineRun fails. The task results from all the successful tasks are propagated to the pipelineRun.

• ✨ Add support for the CSI workspace type (#5030)

Add support to use any CSI volume driver as a workspace

• ✨ TEP-0090: Matrix

  • TEP-0090: Matrix - Consume Results (#5063)
    Matrix supports Results of type String.
  • TEP-0090: Support both matrix and params in a PipelineTask (#5050)
    Users can specify both matrix and params fields. The matrix is used to fan out the PipelineTask and the params are the same in all the TaskRuns.
  • TEP-0090: Fan Out (#5049)
    A PipelineTask with a Matrix and Custom Task is fanned out into parallel Runs which are executed in parallel.
  • TEP-0090: Matrix - Implement isSuccessful for Runs (#5035)
    Matrixed PipelineTasks with Custom Tasks are successful when all Runs have completed successfully.
  • TEP-0090: Matrix - Minimal Status is Required (#5019)
    The embedded-status feature flag must be set to "minimal" to specify Matrix in a PipelineTask.
  • TEP-0090: Matrix - Max Matrix Combinations Count is 256 (#5012)
    The default maximum count of TaskRuns or Runs from a given Matrix is 256.
  • TEP-0090: Matrix - Get Names of Runs (#5037)
  • TEP-0090: Matrix - ChildReferences for TaskRuns (#5008)

• ✨ Only create & mount Downward API volume when necessary (#4953)

Added an await-sidecar-readiness feature flag, which can be used to remove the of DownwardAPI volumes in TaskRun pods. (#4953, @hWorblehat)

• ✨ TEP-0011: Add StdoutConfig and StderrConfig to steps. (#4882)

Users can specify stdoutConfig and stderrConfig in steps to capture steps' stdout and stderr to local files. This feature can be used to capture stdout and stderr into task results.

• ✨ [TEP-0104] Support Task-level Resource Requirements for TaskRun: Part #1 Fields Addition & Validation w/ Docs Updates (#4877)

Fixes

• 🐛 Add TerminationMessagePolicy in container conversion (#5201)

Apply the TerminationMessagePolicy field for container types

• 🐛 Fix the issue with empty array replacement (#5162)

After the replacement with an empty array, the original array will be empty.
Example:

params:
  - name: myarray
     value: "$(params.anEmptyArray[*])"

• 🐛 Update log keys to match logstream (#5159)

Binary file (standard input) matches

• 🐛 Reject embedded s with and/or specified (#5018)

Fail PipelineTask validation if a normal, non-custom embedded task is specified along with apiVersion and/or kind

• 🐛 Validation for Finally Task Results referenced in Pipeline Results (#5000)

Fixed a bug where Finally Task Result's where being referenced in Pipeline Result's.

Fixed a bug where Finally Task Result's are being referenced in Pipeline Result's.

• 🐛 remove spec.replicas from tekton-pipelines-webhook Deployment (#4894)

Unset replicas:1 in the webhook Deployment; HPA will autoscale the deployment (1-5 replicas by default). First reapplication after this change will cause scaling down to 1 replica, but subsequent reapplications will not change the HPA-set replica number.

• 🐛 Fix task pod creation failure with duplicate serviceaccount secrets (#4743)

Fix task pod creation failure when duplicate secrets present in service account.

• 🐛 Non terminal pod exists (#4742)

If for some reason between getting the pod with a list and creation it already exists, do not
treat it as a terminal failure.

• 🐛 Fail steps on Windows with StdoutPath or StderrPath set (#5180)
• 🐛 Include Windows image builds in CI build tests (#5178)
• 🐛 Fix context.background() in workspaceBinding validation (#5101)
• 🐛 Clarify error message for PipelineRun alpha fields (#5045)
• 🐛 Fix flaky test by sorting slices (#5171)
• 🐛 TEP-0090: Sort ChildReferences in tests (#5020)

Misc

• 🔨 TEP-0075: Validate object name and key name have no dots (#5090)

Dots are not allowed in object param names and key names.

• 🔨 Remove deprecated (#5022)

Deprecated PipelineRunCancelled status string removed; use Cancelled instead.

• 🔨 Remove v1alpha1 Pipeline, PipelineRun, Task, TaskRun, and ClusterTask (#5005)

action required: v1alpha1 Pipeline, PipelineRun, Task, TaskRun removed. Please switch to v1beta1 for those types.

• 🔨 TEP-0075: Add examples with object params and results (#5144)

Add taskrun & pipelinerun examples that use object param and result.

• 🔨 Export ValidateObjectKeys function (#5073)

ValidateObjectKeys function is now available for usage outside the v1beta1 package.

• 🔨 TEP-0090: Matrix - Add example and document expected PipelineRun status (#5033)

Fanning out PipelineTasks into parallel TaskRuns with substitutions from combinations of Parameters in a Matrix is fully supported. The ChildReferences of the fanned out TaskRuns will be added to the PipelineRun status.

• 🔨 Use ghcr.io/distroless/static as base image (#5...

Tekton Pipeline release v0.37.2 "Foldex Frost"

-Docs @ v0.37.2
-Examples @ v0.37.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.2/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26

Obtain the attestation:

REKOR_UUID=362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.2/release.yaml
REKOR_UUID=362f8ecba72f43269cf1514976bb3f5f404667c6c02359a4a04e762b2c318b8f5195cec448cd6b26

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [0.37: cherry-pick] cmd/entrypoint: do not interpret anything after -- (#5095)

Fix the entrypoint potentially not executing the right command due to flag parsing

Binary file (standard input) matches

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.2!

• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @vdemeester

Tekton Pipeline release v0.37.1 "Foldex Frost"

🎉 Allow for untyped results - backward compatibility fix 🎉

-Docs @ v0.37.1
-Examples @ v0.37.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.1/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2

Obtain the attestation:

REKOR_UUID=362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.1/release.yaml
REKOR_UUID=362f8ecba72f4326d84478dc11c6f1284cabd3f2fa5d913d24d9899318cc9a8133c1c8debcb507b2

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.37.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 Relax result type validation to avoid nightly build failure (#5065)

Relax the validation of result type: allow for no type specified to support resources created before result types were introduced.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.37.1!

• ❤️ @Yongxuanzhang
• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @Yongxuanzhang
• 😍 @afrittoli

Tekton Pipeline release v0.37.0 "Foldex Frost"

🎉 TaskRun Matrices, Indexing of Array Results and many fixes and improvements! 🎉

-Docs @ v0.37.0
-Examples @ v0.37.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.37.0/release.yaml

Attestation

The Rekor UUID for this release is c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d

🚨 There is a temporary issue with Rekor, which means the attestation cannot be retrieved from Rekor right now. The attestation is available in the OCI registry 🚨

Obtain the attestation:

cosign download attestation gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller@sha256:2a5239e0e458134870db8541008f358618a35d24247044a0041ab9ecb9ab2413 | jq -r .payload | base64 -D | jq .

Upgrade Notices

• 🚨 Action required: Deprecated Conditions has been removed. Existing pipelines using Conditions will need to be updated.

• ⚠️ The nightly git-init base image is no longer build, it is deprecated in favor of ghcr.io/distroless/git.

Changes

Features

• ✨ TEP-0090: Fan Out (#4990)

A PipelineTask with a Matrix is fanned out into parallel TaskRuns which are executed in parallel.

• ✨ Complete implementation of image pull failure handling (#4952)

The TaskRunImagePullFailed logic now covers sidecars, and the error message includes the step name and the image

• ✨ TEP-0090: Matrix - Concurrency Control (#4947)

The default maximum count of TaskRuns or Runs from a given Matrix is 256. Users can configure this value for their installations.

• ✨ TEP-0090: Add Matrix Package (#4934)

• ✨ [TEP-0076]Support Results Array Indexing (#4911)

Support indexing array results substitution as an alpha feature.

A task can specify a type to produce array result, such as:

results:
- name: array-results
type: array
description: The array results

And the task script can populate result in an array form with:

echo -n "["hello","world"]" | tee $(results.array-results.path)

and we can refer to the array results elements via index in param like:
params:
- name: foo
value: "$(tasks.task1.results.array-results[1])"

This feature is part of the TEP-0076.

• ✨ [TEP-0075] Validate task result variable of object type (#4878)

• ✨ [TEP-0075] Validate against using the whole object in task steps (#4861)

• ✨ TEP-0090: Matrix - Implement isRunning (#4981)

• ✨ TEP-0090: Matrix - Implement isSuccessful (#4980)

• ✨ TEP-0090: Failure Strategies - Remove Fail Fast (#4972)

• ✨ TEP-0090: Get Names of TaskRuns (#4958)

• ✨ TEP-0090: Add TaskRuns to ResolvedPipelineRunTask and implement isFailure (#4951)

• ✨ TEP-0090: Indicate Resolved PipelineRunTask is Matrixed (#4945)

• ✨ TEP-0090: Split up ResolvePipelineRunTask (#4943)

Backwards incompatible changes

In current release:

• 🚨 Remove deprecated field. (#4988)

Removes deprecated PipelineRun.Spec.ServiceAccountNames field; use PipelineRun.Spec.TaskRunSpecs instead.

• 🚨 Remove deprecated field (#4977)

Removes deprecated TaskRun.Status.ResourceResults.ResourceRef field; use TaskRun.Status.ResourceResults.ResourceName instead.

• 🚨 Remove deprecated Conditions CRD/functionality (#4942)

action required: Deprecated conditions in pipelines removed. Existing pipelines using conditions will need to be updated.

Fixes

• 🐛 LimitRange calculation should only split Requests for Step Containers (#4996)

Only use step containers for limitrange default request calculations

• 🐛 Validation for invalid Task Result expressions in Pipeline Result (#4956)

Fixed a bug where invalid expressions were not invalidated in Pipeline Results.

• 🐛 Validation for Task Result expressions in Pipeline Result (#4941)

Fixed a bug where static strings where not invalidated in Pipeline Results.

• 🐛 Cleanup: remove potential goroutine leakages in taskrun (#4936)

• 🐛 Terminate TaskRun when Pod fails due to ImagePullBackOff. (#4921)

• 🐛 Assume task not skipped if the run is associated (#4583)

Fixes controller with the high value of ThreadsPerController to report the correct status of PipelineRun, which contains Finally tasks.

Misc

• 🔨 TEP-0090: Refactor GetChildReferences (#4940)

• 🔨 TEP-0090: Refactor GetTaskRunsStatus (#4939)

• 🔨 TEP-0090: Refactor ResolvePipelineRunTask (#4938)

• 🔨 Clean up the git-init base Dockerfile and Task. (#4765)

The nightly git-init base image is no longer build, it is deprecated in favor of ghcr.io/distroless/git.

• 🔨 Add dependabot config. (#4915)

• 🔨 Fix test cases for validatePipelineParameterVariables function (#4901)

• 🔨 Use informer for pod get/list instead of talking to API server. (#4740)

Use informer instead of API server for Pod Get/List.

• 🔨 Fix typo in embedded statuses listing in alpha features (#4995)
• 🔨 Add details to isFailure docstring (#4970)
• 🔨 Sort slice of TaskRunNames in tests (#4969)
• 🔨 TaskRunName is not used in getTaskRunStatus (#4967)
• 🔨 GetTaskRunName/GetRunName: Use constants to check Kind (#4959)
• 🔨 Clarify naming in resolution tests (#4950)
• 🔨 Unexport RPRT member functions used within resources pkg only (#4949)
• 🔨 Remove Conditions from deprecations table (#4946)
• 🔨 Fix the release pipeline (#5004)
• 🔨 Add wlynch to entrypoint OWNERS (#4999)
• 🔨 Add the release-note-none to dependabot (#4997)
• 🔨 Propagated Parameters replaced Implicit Parameters (#4994)
• 🔨 PipelineRun timeouts is in Beta (#4993)
• 🔨 Add Andrew Bayer as a Pipeline Maintainer (Welcome Back!) (#4991)
• 🔨 Test isRunning (#4975)
• 🔨 Test isSuccessful (#4974)
• 🔨 isFailure includes isCancelled (#4973)
• 🔨 dependabot: remove vendor keys (#4948)
• 🔨 Fix TestTaskRunRetry for k8s 1.22.9 and later (#4944)
• 🔨 Add label dependabot PRs ok-to-test… (#4935)
• 🔨 tekton: remove build-base-image from pipeline (#4932)
• 🔨 .github: update pull-request template (#4929)
• 🔨 Add tests for failing remote resolution of Pipelines and Tasks (#4886)
• 🔨 Remove duplicate code for validating params types and defaults (#4872)
• 🔨 [TEP-0075] Extract out the validation of object keys (#4867)

Docs

• 📖 Add local private registry setup doc with kind (#4606)

Thanks

Thanks to these contributors who contributed to v0.37.0!

• ❤️ @SaschaSchwarze0
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @devholic
• ❤️ @jerop
• ❤️ @kerthcet
• ❤️ @lbernick
• ❤️ @mattmoor
• ❤️ @skaegi
• ❤️ @vaikas
• ❤️ @vdemeester
• ❤️ @vsinghai
• ❤️ @wlynch

Extra shout-out for awesome release notes:

• 😍 @SaschaSchwarze0
• 😍 @Yongxuanzhang
• 😍 @abayer
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @devholic
• 😍 @jerop
• 😍 @kerthcet
• 😍 @mattmoor
• 😍 @skaegi
• 😍 @vaikas
• 😍 @vsinghai
• 😍 @wlynch

Tekton Pipeline release v0.36.0 "Turkish-Angora Tony"

🎉 Params and Workspace propagation, Task Remote resolution, Dictionary in Params, Array in Results and Minimal status 🎉

-Docs @ v0.36.0
-Examples @ v0.36.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.0/release.yaml

Attestation

The Rekor UUID for this release is 0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2

Obtain the attestation:

REKOR_UUID=0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.36.0/release.yaml
REKOR_UUID=0c2001385a53e34162b7370fbe72fc99f464a8de78fb1d134e93e9bb99d076c2

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.36.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0108: Mapping Workspaces (#4887)

Users can specify the Workspace to use for PipelineTask in the name label to reduce verbosity when the names of the Workspaces declared in the Pipeline and PipelineTask are the same. Users can continue to explicitly map Workspaces.

• ✨ Add taskRef remote resolution support (#4859)

Allow taskRefs to be resolved directly from public git repos, using the tektoncd/resolution project.

• ✨ [TEP-0100] Add status helper functions for minimal embedded status (#4850)

Added helper functions for retrieving full TaskRun and Run statuses when using embedded-status=minimal.

• ✨ TEP-0107: Implement Parameter Propagation (#4845)

Parameters are propagated in embedded specifications without mutations.

• ✨ TEP-0106: Support Specifying Metadata per Task in Runtime (#4834)

Support Specifying Metadata per Task in Runtime (PipelineRun)

• ✨ [TEP-0075] Support Dictionary in Params (#4786)

Add support for dictionary in Params values (and Results as well). This should affect backward compatibilities but it will break forward compatibilities in some cases (a.k.a. old client with new pipeline version)
action required: This changes the ArrayOrStruct structure, which will have effect on project using the go API as a library.

• ✨ Extract full parameter name when using dots in bracket notation. (#4880)

Extract full parameter name when using dots inside single/double quotes.

• ✨ Added validation for parameters with bracket notation (#4833)

Added validation for parameters with bracket notation

• ✨ TEP-0103: Skipping Reason - Add SkippingReason to SkippedTasks field of PipelineRunStatus (#4829)

Add SkippingReason to SkippedTasks field of PipelineRunStatus. This enables users to know the exact reason why a given PipelineTask was skipped.

• ✨ [TEP-0076] Add array support for emitting results (#4818)

Support array type for emitting results from a task as an alpha feature.

The type of the result is changed from string to ArrayOrString.

A task can specify a type to produce array result, such as:

  results:
    - name: array-results
      type: array
      description: The array results

And the task script can populate result in an array form with:

echo -n "[\"hello\",\"world\"]" | tee $(results.array-results.path)

This feature is part of the TEP-0076 and its in progress to index into the array result while consuming that result.

• ✨ Add validation for duplicated param names in TaskSpec (#4806)

Add validation for duplicated param names in TaskSpec.

• ✨ [TEP-0076]Add type for results (#4779)

Add Type for TaskRunResult and TaskResult.

Deprecation Notices

• 🚨 Deprecate timeout and promote timeouts in PR (#4813)

Deprecate timeout field in PipelineRuns and promote PipelineRun.Timeouts field from alpha to stable

Backwards incompatible changes

• 🚨 TEP-0107: Deprecated implicit parameters (#4906)

Implicit Parameters is deprecated and removed. A replacement feature will be included in the same release. This only affect users who enable alpha api feature gate

Fixes

• 🐛 Allow PipelineTaskRunSpec.Metadata to be optional. (#4914)

• 🐛 Update PipelineSpec and TaskSpec fields of PipelineRun and TaskRun Status fields (#4891)

• 🐛 Fix the potential data race with RWLock (#4876)

• 🐛 Stop using GO111MODULE=off in builds (#4868)

SBOM generated during the release process now works and is available along with released images.
SBOM can be retrieved for instance using "cosign download bom "

• 🐛 Don't PATCH Ready annotation if it's already marked ready (#4865)

Pods will not be unconditionally PATCHed to set the ready annotation, avoiding some API server traffic.

• 🐛 Resolve Entrypoint and Cmd if there is no command and no args (#4832)

he entrypoint resolve will now reslove Entrypoint and Cmd in case
the steps has no command and no args specified.

• 🐛 Merge place-tools and step-init together (#4826)

place-tools and step-init init containers are merged together to reduce the number of container in each Task's Pod.

• 🐛 Fix variable interpolation on (#4803)

Variable are now correctly interpolated on stepTemplate field for Task

• 🐛 fix: debug scripts are not mounted to steps with no scripts (#4776)

• 🐛 Omit init containers from limitrange default request calculations (#4769)

Omit init containers from limitrange default request calculations

• 🐛 Add constant backoff for TaskRun retry (#4881)
• 🐛 Add singular to Tekton CRDs. (#4875)
• 🐛 Bubble up the image related error reason to taskrun status (#4846)
• 🐛 Set explicit parallelism for e2e tests, increase Kaniko e2e test timeouts (#4871)
• 🐛 Fix validateNoDuplicateNames (#4815)
• 🐛 Validate parameter name format (#4799)
• 🐛 Fix Metric tekton_pipelines_controller_pipelinerun_count (#4468)

Fix tekton_pipelines_controller_pipelinerun_count which was increasing without any new addition of pipelinerun.

Misc

• 🔨 Rename deprecated Step and StepTemplate fields (#4866)

Add deprecated Step/StepTemplate fields to deprecation table

• 🔨 Deprecate unusable Step/StepTemplate fields (#4851)

Deprecate unusable/unsupported fields of Step and StepTemplate

• 🔨 Refactor duplicate code in task_validation_test.go (#4836)
• 🔨 Enable automatic SBOM creation with spdx format (#4848)

SBOM built by "ko" in SPDX format is published along Tekton container images

• 🔨 Add Tekton-owned Step, StepTemplate, and Sidecar (#4778)

[Change to Go libraries]: Task.Step, Task.StepTemplate, and Task.Sidecar use Container fields directly instead of embedding the Container struct

• 🔨 Update gopkg.in/yaml.v3 to v3.0.1 (#4919)
• 🔨 Update gopkg.in/yaml.v3 to v3.0.0 (#4905)
• 🔨 double MaximumBundleObjects and update tests (#4899)
• 🔨 Add @lbernick to pipeline approvers list (#4843)
• 🔨 Create codeql-analysis.yml (#4591)

Docs

• 📖 fix typo about ths I think maybe it should be this (#4775)
• 📖 Add missing field to pipelineruns doc (#4853)
• 📖 adding latest release - 0.35 (#4796)
• 📖 Revamp compute resources documentation (#4770)

Thanks

Thanks to these contributors who contributed to v0.36.0!

• ❤️ @Aleromerog
• ❤️ @SaschaSchwarze0
• ❤️ @Yongxuanzhang
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @austinzhao-go
• ❤️ @chitrangpatel
• ❤️ @chuangw6
• ❤️ @dibyom
• ❤️ @dprotaso
• ❤️ @imjasonh
• ❤️ @jerop
• ❤️ @kerthcet
• ❤️ @khrm
• ❤️ @lbernick
• ❤️ @mattmoor
• ❤️ @pritidesai
• ❤️ @vdemeester
• ❤️ @vinamra28
• ❤️ @vsinghai
• ❤️ @williamlfish
• ❤️ @wlynch
• ❤️ @yhil
• ❤️ @yuzp1996

Extra shout-out for awesome release notes:

• 😍 @Aleromerog
• 😍 @Yongxuanzhang
• 😍 @abayer
• 😍 @afrittoli
• 😍 @austinzhao-go
• 😍 @chitrangpatel
• 😍 @chuangw6
• 😍 @imjasonh
• 😍 @jerop
• 😍 @kerthcet
• 😍 @khrm
• 😍 @lbernick
• 😍 @vdemeester
• 😍 @vinamra28
• 😍 @wlynch
• 😍 @yuzp1996

Tekton Pipeline release v0.35.1 "Wirehair Elio"

-Docs @ v0.35.1
-Examples @ v0.35.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.1/release.yaml

Attestation

The Rekor UUID for this release is de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10

Obtain the attestation:

REKOR_UUID=de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.1/release.yaml
REKOR_UUID=de02942bd2a6ebca8c094b7e69d31ccbc38d528d37f1b18d2f008e3710779f10

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [PATCH] Patch knative/pkg to fix HA via StatefulSet (#4864)

Restores the HA Setup via StatefulSet which was broken in v0.35.0

• 🐛 Fix bug where PipelineRun hangs after task failure (#4854)

[Bug fix] Prevent PipelineRun from hanging when a PipelineTask fails and another PipelineTask depends on it

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.35.1!

• ❤️ @lbernick
• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @lbernick
• 😍 @afrittoli

Tekton Pipeline release v0.35.0 "Wirehair Elio"

🎉 Minimal PipelineRun Status, Graceful Termination Graduation, and Referencing Remote Pipelines 🎉

-Docs @ v0.35.0
-Examples @ v0.35.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml

Attestation

The Rekor UUID for this release is b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791

Obtain the attestation:

REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml
REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [TEP-0100] Implementation for embedded TaskRun and Run statuses in PipelineRuns (#4739)

Added implementation for minimal TaskRun and Run statuses within PipelineRun statuses.

• ✨ TEP-0090: - (#4707)

• Consuming Results in Matrix is invalid - will be supported soon to allow dynamic fan out.
• Consuming Results from fanned out PipelineTasks is invalid - will be revisited soon after array and object Results are supported.

• ✨ TEP-0090: - (#4704)

Parameters in Matrix:

• must be of type Array
• must not be in Params field as well
• must be declared in the Parameters in Pipeline specification

Note that Matrix is not yet fully functional.

• ✨ Promote Graceful termination to stable (#4668)

Promoting graceful termination of pipelinerun to beta and keeping PipelineRunCancelled as deprecated, it will be removed after 3 releases

• ✨ Add pipelineRef remote resolution (#4596)

Initial integration with tektoncd/resolution project, allowing pipelineRefs to be resolved directly from public git repos.

• ✨ Use fields from PodTemplate when creating affinity-assistant pod (#4348)

• A default pod template for affinity-assistant pods can now be set by the default-affinity-assistant-pod-template field in config-defaults ConfigMap. Template merge rules is the same as the generic Pod templates (the template specified in the PipelineRun or TaskRun takes precedence over the one in the defaults).
• The affinity-assistant Pod template now supports ImagePullSecrets.

• ✨ [TEP-0100] Add new updatePipelineRunStatusFromChildRefs function (#4760)
• ✨ [TEP-0100] Add functionality to be used in supporting minimal embedded status (#4757)

Deprecation Notices

• 🚨 Deprecating full embedded status in pipelineRun

The PipelineRun.Status.TaskRuns and PipelineRun.Status.Runs fields are deprecated and will be removed in January, 2023. Please find more details in the proposal - TEP-0100.

• 🚨 pipelineRunCancelled will be removed in v0.38

With 0.35, graceful termination of PipelineRuns is now a stable feature and is no longer behind alpha feature flag. For more information related to graceful cancellation, you can refer to TEP-0058. Now, what this means is that the existing status PipelineRunCancelled which was deprecated in 0.25.0 release of Tekton Pipelines will be removed after 3 releases, i.e., in 0.38.0 release it will be removed completely and replaced by Cancelled in case of completely cancelling the PipelineRuns.

No changes need to be made to your Pipelines and Tasks. If you have tools to cancel the running pipeline, those tools will have to be updated in 0.38.0. This change also affects the tools such as Dashboard, CLI, IDE extensions, etc. as they now need to start supporting the new PipelineRun statuses. Tekton CLI has already made the following changes and will be available in the new release 0.24.0.

Backwards incompatible changes

In current release:

• 🚨 Removed feature flag - scope-when-expressions-to-task (#4715)

In TEP-0007: Conditions Beta, we introduced when expressions to guard execution of Tasks in Pipelines. To align with Conditions, we set scope of when expressions to the guarded Task and its dependent Tasks.

In TEP-0059: Skipping Strategies, we proposed changing the scope of when expressions to the guarded Task only. This was implemented in #4085. We provided a feature flag, scope-when-expressions-to-task, to support migration. It defaulted to false for 9 months per our Beta API compatibility policy, meaning that we continued to guard the Task and its dependent Tasks. Then in #4580, we flipped the flag to true to guard the Task only by default.

In this change, we remove the scope-when-expressions-to-task flag and complete the migration.

• 🚨 Removed pullrequest-init-build-base (#4709)

The pullrequest-init-build-base seemed to include a root and nonroot user to account for the fact that PR directories and files may have been written by a different (possibly non-root) user, and needed to be read by the pullrequest-init container image.

In order to achieve this, the image no longer needed to be based on a custom-built base image -- it seems like the rootful gcr.io/distroless/static base image is sufficient so removing pullrequest-init-build-base.

Fixes

• 🐛 Fix git-init for Git 2.35.2 (#4756)

Fixed git-init behavior to work with Git 2.35.2 changes.

• 🐛 Avoid panic in PipelineRun reconciler for Runs with no owner refs (#4733)

Fix panic when reconciling PipelineRun with indirectly-created custom tasks.

• 🐛 Allow tasks to retry when PipelineRun stops (#4651)

[Bug fix]: Allow TaskRuns/Runs to complete retries when PipelineRun is stopped, including graceful stopping

• 🐛 Add listType annotations (#4402)

• 🐛 Don't wait for TaskRun to be observed Running. (#4773)

• 🐛 Fix TestReconcileOnCompletedTaskRun (#4695)

Misc

• 🔨 Switch the franken-image to use for linux images. (#4763)

Linux builds for windows-compatible images now use gcr.io/distroless/static:nonroot instead of gcr.io/distroless/base:debug-nonroot (drops glibc and busybox)

• 🔨 Switch to for (#4762)

The default shell image is now nonroot by default, and much smaller.

• 🔨 Use a new base image for the image. (#4758)

The git-init image is now based on ghcr.io/distroless/git with fewer unused packages installed! 🎉

• 🔨 Bump to K8s 23 libs. (#4712)

Tekton Pipelines now uses k8s 23 libs

• 🔨 migrate yaml package to sigs.k8s.io/yaml (#4754)

• 🔨 PullRequest PipelineResource expects root (#4718)

The pullrequest PipelineResource is updated to explicitly set its runAsUser to 0. PipelineResources aren't tested as anything other than the root user and this change makes that explicit.

The pullrequest-init base image also no longer uses the root user by default. It now defaults to using UID 65532.

• 🔨 Update build pipeline to golang 1.17.8 (#4700)

Tekton build with golang 1.17.8

• 🔨 A few minor cleanups in pkg/reconciler/pipelinerun/pipelinerun_test.go (#4785)
• 🔨 Instrument e2e pipelinerun_test.go files for logstream (#4782)
• 🔨 Instrument the kaniko test for logstream. (#4774)
• 🔨 Consolidate more pipelinerun_test.go reconciler tests (#4768)
• 🔨 Switch to YAML parsing in much of taskrun_test.go (#4751)
• 🔨 Switch (almost all of) the rest of pipelinerun_test.go to YAML parsing (#4749)
• 🔨 Update a number of PipelineRun reconciler tests with parsed YAML (#4748)
• 🔨 Clean up usages of config maps in pipelinerun_test (#4736)
• 🔨 test: use t.TempDir to create temporary test directory (#4727)
• 🔨 Move go.mod to Go 1.17 (#4726)
• 🔨 Fix existing LGTM issues (#4592)
• 🔨 Instrument (almost all of) e2e tests for logstream (#4780)
• 🔨 Switch ApplyTaskResultsToPipelineResults to not use status maps (#4753)
• 🔨 Add Go libraries compatibility policy (#4750)
• 🔨 Consolidate TestReconcilePropagate* PipelineRun tests (#4745)
• 🔨 Consolidate TestReconcileOnStopped* PipelineRun tests (#4744)
• 🔨 Exclude the third_party directory from PKGS in Makefile (#4735)
• 🔨 Update PR template to clarify release notes policy (#4732)
• 🔨 Fix gofmt failure on go 1.17.8 (#4714)
• 🔨 Fix the xml report generation for kind e2e jobs (#4713)
• 🔨 [V1] Add new API versions to /config (#4702)
• 🔨 Add some switches to the e2e script ⚙️ (#4400)

Docs

• 📖 k8s 1.21 is the minimum requ...