Skip to content

Releases: tektoncd/pipeline

Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS

01 May 00:03
@tekton-robot tekton-robot
v1.0.0
d9974e2
Compare
Choose a tag to compare
Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS Latest
Latest

πŸŽ‰ 1.0.0 is live πŸŽ‰ StepActions are GA and Git resolvers enhancements πŸŽ‰

-Docs @ v1.0.0
-Examples @ v1.0.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml
REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ fix: resolve Git Anonymous Resolver excessive memory usage (#8677)

RemoteResolutions using the Git Resolver now use the git binary instead of the Golang library go-git to shallow-clone, shallow-fetch, then checkout the provided repository at the given revision. This reduces resolution time and memory significantly. Some git providers such as Gitea may not support fetching revisions if the revision is a SHA which is not reachable via a ref or is not at a ref/head. In general, no user action is required.

See also: https://git-scm.com/docs/protocol-capabilities#_allow_reachable_sha1_in_want

Resolves #8652

  • ✨ feat(pipeline): allow variable substitution in pipeline.tasks[].onError (#8600)

feat(pipeline): allow variable substitution in pipeline.tasks[].onError

  • ✨ Add configuration for custom bundle resolver backoff (#8574)

Enables the configuration of backoffs for a bundle resolver requests.

  • ✨ feat: promote StepActions to GA (#8546)

StepActions promoted to GA and is available by default. The enable-step-actions feature flag exists as a no-op flag to ensure that existing user workflows which might rely on this flag are not disabled. This flag will be removed completely in a later release.

  • ✨ feat: add support for authenticated git clone (#8537)

n optional token can now be passed to the git clone method (using go-git library) to
bypass token limit when using the API.

Fixes

  • πŸ› fix: add stepaction as a valid kind in the hub resolver (#8635)

the hub resolver now validates StepActions as a valid kind

  • πŸ› fix: avoid fan out matrix task failed due to result ref (#8487)

fix: avoid fan out matrix task failed due to result ref

  • πŸ› fix: handle subPath directory creation errors gracefully (#8683)

Misc

  • πŸ”¨ cleanup: [TEP-0135] remove deprecated disable-affinity-assistant feature flag (#8603)

Binary file (standard input) matches

  • πŸ”¨ cleanup: remove clustertask support (#8601)

Remove ClusterTask support completely

  • πŸ”¨ Bump go.mod and tools/go.mod to go 1.23 (#8482)

Updating go to 1.23

  • πŸ”¨ misc: promote to beta (#8343)

keep-pod-on-cancel feature flag will be enabled in default

  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#8729)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 (#8728)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8727)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore from 1.8.15 to 1.9.4 (#8724)
  • πŸ”¨ build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.4 (#8723)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8722)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from be393a90381e27c9fec2c8c2e02b00f005710145 to c34c1c13a740b06851baff92ab9a653d93ad6ce7 (#8721)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 (#8705)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 6abeaa506a419f85fa9e681260b443adbeebb3d4 to be393a90381e27c9fec2c8c2e02b00f005710145 (#8704)
  • πŸ”¨ build(deps): bump ko-build/setup-ko from 0.8 to 0.9 (#8703)
  • πŸ”¨ build(deps): bump the all group in /tekton with 4 updates (#8702)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 (#8690)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 to 6abeaa506a419f85fa9e681260b443adbeebb3d4 (#8689)
  • πŸ”¨ build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#8688)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 (#8687)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8686)
  • πŸ”¨ build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8680)
  • πŸ”¨ build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#8678)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel from 1.34.0 to 1.35.0 (#8676)
  • πŸ”¨ Consume release pipeline images and task bundles from GHCR (#8674)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.31.6 to 0.31.7 (#8645)

Docs

  • πŸ“– Add v0.70 to the releases doc and fix dates of v0.64 and v0.69 releases (#8699)
  • πŸ“– Move Step when expressions documentation from StepActions to Tasks documetnation. (#8672)
  • πŸ“– Update link to section on overriding task requests (#8650)
  • πŸ“– chore: param enum usage example for stepaction (#8605)

Thanks

Thanks to these contributors who contributed to v1.0.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, chmouel, and 9 other contributors
Assets 4
Loading

Tekton Pipeline release v0.59.6 "Scottish Fold Sox"

29 Apr 13:33
@tekton-robot tekton-robot
v0.59.6
b08b965
Compare
Choose a tag to compare
Tekton Pipeline release v0.59.6 "Scottish Fold Sox"

-Docs @ v0.59.6
-Examples @ v0.59.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.6/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.6/release.yaml
REKOR_UUID=108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.59.x] fix: avoid panic when validate enum param with special matrix task (#8517)

ix: avoid panic when validate enum param with special matrix task

Misc

  • πŸ”¨ [release-v0.59.x] .github/workflows: add a build and test workflows (#8580)
  • πŸ”¨ [release-v0.59.x] .github/workflows: backport e2e workflows (#8450)

Docs

Thanks

Thanks to these contributors who contributed to v0.59.6!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

28 Mar 14:47
@tekton-robot tekton-robot
v0.70.0
47bcb09
Compare
Choose a tag to compare
Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

πŸŽ‰ OpenAPI schema to Tekton CRDs πŸŽ‰

-Docs @ v0.70.0
-Examples @ v0.70.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml
REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.70.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • Add structural OpenAPI schema to Tekton CRDs (#8490)

action required: The structural OpenAPI schema to Tekton CRDs are added enabling API server schema validation and supporting kubectl explain to describe fields and structure of Tekton CRDs. Due to the API server schema validation, users should make sure Tekton CRs have a valid schema when creating or updating CRs.

Fixes

  • πŸ› fix: Fix remote task params default-value substitution (#8641)

Task Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

  • πŸ› fix: configure StepAction to use conversion webhook (#8644)

Misc

  • πŸ”¨ cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance (#8542)

import only the writer part of the credentials package in the entrypoint so that we do not pull core v1 API indirectly into the package

  • πŸ”¨ FIPS Compliance: Refactor Entrypoint, Remove zap Dependency & Update Build Checks (#8544)
  • πŸ”¨ build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8670)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8668)
  • πŸ”¨ build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#8667)
  • πŸ”¨ build(deps): bump actions/cache from 4.2.2 to 4.2.3 (#8666)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 (#8665)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 (#8664)
  • πŸ”¨ build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#8654)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8653)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#8633)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8632)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.23.2 to 0.24.1 (#8614)
  • πŸ”¨ build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#8608)
  • πŸ”¨ Refactor pipelinerun metrics tests (#8340)

Docs

  • πŸ“– Document ko settings for kind clusters with and without a local registry. (#8662)
  • πŸ“– Fix wrong entry in development documentation and other minor documentation corrections. (#8661)
  • πŸ“– Add release 0.69 to releases.md (#8630)

Thanks

Thanks to these contributors who contributed to v0.70.0!

Extra shout-out for awesome release notes:

Contributors

burigolucas, twoGiants, and 6 other contributors
Loading

Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

20 Mar 12:05
@tekton-robot tekton-robot
v0.69.1
1122e76
Compare
Choose a tag to compare
Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

-Docs @ v0.69.1
-Examples @ v0.69.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml
REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.69.x] fix: Fix remote task params default-value substitution (#8651)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.69.1!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Loading

Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

20 Mar 12:04
@tekton-robot tekton-robot
v0.68.1
1a01f6b
Compare
Choose a tag to compare
Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

-Docs @ v0.68.1
-Examples @ v0.68.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml
REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.68.x] fix: Fix remote task params default-value substitution (#8646)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

  • πŸ”¨ [release-v0.68.x] .github/workflows: add a build and test workflows (#8583)

Docs

Thanks

Thanks to these contributors who contributed to v0.68.1!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v0.65.7 "Sokoke Herbie"

29 Apr 14:22
@tekton-robot tekton-robot
v0.65.7
579fe68
Compare
Choose a tag to compare
Tekton Pipeline release v0.65.7 "Sokoke Herbie"

-Docs @ v0.65.7
-Examples @ v0.65.7

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.7/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.7/release.yaml
REKOR_UUID=108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.7@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.65.x] fix: Fix remote task params default-value substitution (#8648)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

  • πŸ”¨ [release-v0.65.x] .github/workflows: add a build and test workflows (#8582)

Docs

Thanks

Thanks to these contributors who contributed to v0.65.7!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v0.62.9 "Ragamuffin Reventlov"

29 Apr 14:22
@tekton-robot tekton-robot
v0.62.9
898912d
Compare
Choose a tag to compare
Tekton Pipeline release v0.62.9 "Ragamuffin Reventlov"

-Docs @ v0.62.9
-Examples @ v0.62.9

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.9/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a7ff10d12220d6155b84235df4518ed42400668179ccaaacc93e9631f44868e03

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a7ff10d12220d6155b84235df4518ed42400668179ccaaacc93e9631f44868e03
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.9/release.yaml
REKOR_UUID=108e9186e8c5677a7ff10d12220d6155b84235df4518ed42400668179ccaaacc93e9631f44868e03

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.9@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.62.x] fix: Fix remote task params default-value substitution (#8649)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

  • πŸ”¨ [release-v.62.x] .github/workflows: add a build and test workflows (#8581)

Docs

Thanks

Thanks to these contributors who contributed to v0.62.9!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"

07 Mar 07:39
@tekton-robot tekton-robot
v0.69.0
5b082b1
Compare
Choose a tag to compare
Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"

-Docs @ v0.69.0
-Examples @ v0.69.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml
REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add feature flag to set readOnlyRootFilesystem for containers (#8186)

New feature flag set-security-context-read-only-root-filesystem in ConfigMap feature-flags. The new feature sets readOnlyRootFilesystem in securityContext for taskrun and affinity assistant containers.

Fixes

  • πŸ› fix: Move when condition to higher priority (#8569)

fix: Move when condition to higher priority

  • πŸ› fix: resolve panic issue in pipeline controller caused by CustomRun (#8562)

fix: resolve panic issue in pipeline controller caused by CustomRun

Misc

  • πŸ”¨ Bump knative.dev/pkg to release-1.17 (#8538)

Bump knative.dev/pkg to release-1.17 while keeping KUBERNETES_MIN_VERSION to 1.28.

  • πŸ”¨ cleanup: use pkg/platforms instead of containerd/platforms to … (#8579)
  • πŸ”¨ cleanup: add disable_spire build tag for entrypoint command (#8548)
  • πŸ”¨ build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#8619)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.31.4 to 0.31.6 (#8618)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.31.4 to 0.31.6 (#8615)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.12 to 1.8.15 (#8613)
  • πŸ”¨ build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#8612)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8611)
  • πŸ”¨ build(deps): bump actions/cache from 4.2.1 to 4.2.2 (#8610)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 45.0.6 to 45.0.7 (#8609)
  • πŸ”¨ chore: add yaml linting to pre-commit (#8606)
  • πŸ”¨ .github/workflow: add only-new-issues on lint (#8604)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.12 to 1.8.15 (#8598)
  • πŸ”¨ build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.1 to 1.11.2 (#8597)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.12 to 1.8.15 (#8596)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.15 (#8595)
  • πŸ”¨ build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 (#8594)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 (#8593)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.8 to 3.28.10 (#8592)
  • πŸ”¨ build(deps): bump actions/setup-go from 5.1.0 to 5.3.0 (#8591)
  • πŸ”¨ build(deps): bump actions/cache from 4.2.0 to 4.2.1 (#8590)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8589)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.12 to 1.8.15 (#8585)
  • πŸ”¨ build(deps): bump k8s.io/api from 0.31.4 to 0.31.6 (#8584)
  • πŸ”¨ .github/workflows: add a build and test workflows (#8577)
  • πŸ”¨ build(deps): bump github.com/jenkins-x/go-scm from 1.14.37 to 1.14.56 (#8576)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8573)
  • πŸ”¨ .github/workflows: force go to 1.23 for the lint job (#8570)
  • πŸ”¨ build(deps): bump github.com/golangci/golangci-lint from 1.63.4 to 1.64.5 in /tools (#8568)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.29.13 to 0.29.14 (#8567)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8560)
  • πŸ”¨ build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#8557)
  • πŸ”¨ build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#8554)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 (#8552)
  • πŸ”¨ build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 (#8551)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.23.1 to 0.23.2 (#8550)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8549)
  • πŸ”¨ tekton: fix micro typo on release-cheat-sheet (#8545)

Docs

  • πŸ“– releases.md: add 0.68.0 LTS and update other releases (#8559)
  • πŸ“– chore: fix some comments (#8524)
  • πŸ“– fix broken link to tutorials.md page (#8444)

Thanks

Thanks to these contributors who contributed to v0.69.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, Allda, and 7 other contributors
Loading
0 Join discussion

Tekton Pipeline release v0.68.0 "LaPerm Giskard Reventlov" LTS

31 Jan 09:34
@tekton-robot tekton-robot
v0.68.0
c6d38c9
Compare
Choose a tag to compare
Tekton Pipeline release v0.68.0 "LaPerm Giskard Reventlov" LTS

-Docs @ v0.68.0
-Examples @ v0.68.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml
REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: improve step.Script variables references validation message (#8312)

improve step.Script variables references validation message

Fixes

  • πŸ› fix: reference params in default values, allow chained references in stepactions (#8536)

fixes #7935 allowing users to reference other parameters in default values

  • πŸ› fix: avoid panic when validate enum param with special matrix task (#8465)

fix: avoid panic when validate enum param with special matrix task

  • πŸ› Bump go-billy to latest main to fix a git resolver issue (#8306)

Binary file (standard input) matches

  • πŸ› fix: improve parsing logic to handle empty results (#8484)
  • πŸ› fix: minor version check for sidecar logic (#8447)
  • πŸ› fix(computeresource/tasklevel): Fixed a bug where abnormal calculatio… (#8399)

Misc

  • πŸ”¨ better step result referencing and docs for step param substitution order and (#8528)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.22.1 to 0.23.1 (#8541)
  • πŸ”¨ Fix deprecated golangci-lint configuration (#8540)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 (#8534)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8533)
  • πŸ”¨ build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#8530)
  • πŸ”¨ build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#8527)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#8525)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.27.0 to 1.34.0 (#8520)
  • πŸ”¨ build(deps): bump github.com/spiffe/spire-api-sdk from 1.10.0 to 1.11.1 (#8519)
  • πŸ”¨ build(deps): bump github.com/google/cel-go from 0.20.1 to 0.22.1 (#8518)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.28.0 to 3.28.1 (#8509)
  • πŸ”¨ build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#8508)
  • πŸ”¨ build(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4 (#8507)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8506)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/trace from 1.33.0 to 1.34.0 (#8505)
  • πŸ”¨ build(deps): bump k8s.io/client-go from 0.29.6 to 0.29.13 (#8504)
  • πŸ”¨ build(deps): bump github.com/containerd/containerd from 1.7.20 to 1.7.25 (#8503)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.4 to 1.8.12 (#8502)
  • πŸ”¨ build(deps): bump google.golang.org/grpc from 1.67.3 to 1.69.4 (#8500)
  • πŸ”¨ build(deps): bump k8s.io/code-generator from 0.29.7 to 0.29.13 (#8499)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/sdk from 1.29.0 to 1.33.0 (#8498)
  • πŸ”¨ build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 (#8497)
  • πŸ”¨ build(deps): bump k8s.io/api from 0.29.6 to 0.29.13 (#8496)
  • πŸ”¨ build(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 (#8494)
  • πŸ”¨ build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.3.0 to 2.4.0 (#8493)
  • πŸ”¨ build(deps): bump code.gitea.io/sdk/gitea from 0.18.0 to 0.20.0 (#8491)
  • πŸ”¨ build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to 1.33.0 (#8488)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8481)
  • πŸ”¨ Migrate golangci-lint to a github workflow (#8480)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.4 to 1.8.12 (#8478)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.4 to 1.8.12 (#8477)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.4 to 1.8.12 (#8476)
  • πŸ”¨ build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.12 (#8475)
  • πŸ”¨ build(deps): bump github.com/golangci/golangci-lint from 1.62.2 to 1.63.4 in /tools (#8472)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8471)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 45.0.5 to 45.0.6 (#8470)
  • πŸ”¨ Fixed make goimports (#8461)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#8459)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8458)
  • πŸ”¨ .github/workflows: run e2e-matrix on all pull-request (#8454)
  • πŸ”¨ build(deps): bump the all group in /tekton with 2 updates (#8440)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#8439)
  • πŸ”¨ build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#8431)
  • πŸ”¨ build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 (#8430)
  • πŸ”¨ build(deps): bump chainguard/go from 551fd4c to 2cc6974 in /tekton in the all group (#8428)
  • πŸ”¨ build(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 (#8426)
  • πŸ”¨ build(deps): bump actions/cache from 4.1.1 to 4.2.0 (#8425)
  • πŸ”¨ build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#8424)
  • πŸ”¨ Improve gha k8s e2e tests names (#8423)
  • πŸ”¨ Ignore failures when rerunning jobs (#8421)
  • πŸ”¨ Remove extra pip symbol (#8420)
  • πŸ”¨ Fix getting the commit sha from comment event (#8419)
  • πŸ”¨ Add /retest chatops command (#8417)
  • πŸ”¨ chore: fix some function name in comment (#8415)
  • πŸ”¨ Run e2e tests in GHA (#8411)
  • πŸ”¨ tekton: fix bugfix-release.sh script (#8375)
  • πŸ”¨ Make resolvers' maximum resolution timeout configurable (#8366)

Docs

  • πŸ“– Add PipelineRun pipeline-timeout note to pipeline docs (#8510)
  • πŸ“– Fix dead admission-webhook blog link in developer docs (#8489)
  • πŸ“– typo fix (#8437)
  • πŸ“– docs: replace link to link to page with link to page (#8429)
  • πŸ“– Updated releases.md for v0.66.0 (#8414)
  • πŸ“– Remove bad links from StepActions TOC (#8412)

Thanks

Thanks to these contributors who contributed to v0.68.0!

Extra shout-out for awesome release notes:

Contributors

justinabrahms, vdemeester, and 16 other contributors
Loading

Tekton Pipeline release v0.65.6 "Sokoke Herbie"

28 Jan 12:49
@tekton-robot tekton-robot
v0.65.6
286089a
Compare
Choose a tag to compare
Tekton Pipeline release v0.65.6 "Sokoke Herbie"

-Docs @ v0.65.6
-Examples @ v0.65.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.6/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677accfc27cf999e8bd5070325041d2c2c9f8c2f3c11f9d61d945fa7cf83cea13e44

Obtain the attestation:

REKOR_UUID=108e9186e8c5677accfc27cf999e8bd5070325041d2c2c9f8c2f3c11f9d61d945fa7cf83cea13e44
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.6/release.yaml
REKOR_UUID=108e9186e8c5677accfc27cf999e8bd5070325041d2c2c9f8c2f3c11f9d61d945fa7cf83cea13e44

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› [release-v0.65.x] fix: avoid panic when validate enum param with special matrix task (#8516)

ix: avoid panic when validate enum param with special matrix task

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.6!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Loading