concourse/concourse v7.3.0

on GitHub

🚨 Breaking

• Bump opentelemetry to 0.19.0 (#6787) @aoldershaw _^🔗

  • The service name Honeycomb tracing exporter is now configured via the more general --tracing-service-name (CONCOURSE_TRACING_SERVICE_NAME) rather than --tracing-honeycomb-service-name (CONCOURSE_TRACING_HONEYCOMB_SERVICE_NAME)

✈️ Features

• Cache streamed volumes and use local cache when looking for volumes (#6660) @evanchaoli _^🔗
  Optimize resource cache streaming and get step.

  • Mark streamed resource cache volumes as resource cache, to avoid duplicate streaming in next runs.
  • If a resource from a get can be found on some workers, then get step will do nothing. This will reduce times of Concourse connecting to external systems, such as git, docker hub, and so on.
  • This feature is currently opt-in and can be enabled using CONCOURSE_ENABLE_CACHE_STREAMED_VOLUMES flag.

• Re-ordering instanced pipelines (#6830) @EstebanFS _^🔗

  • Instanced Pipelines are allowed to be re-ordered with in their group through the UI (using the drag and drop functionality) or using the fly command:
    fly -t dev oip -g groupName -p key1:var1 -p key2:var2

• Enhance syslog-drainer to make it more useful (#6834) @SimonXming _^🔗

  • Add event_id into syslog-drainer entries, to get the correct order of "drained" build logs.
  • Add more supported event_type for syslog-drainer to include more info for "drained" build logs.

• Enhance webhook triggered checks (#6854) @evanchaoli _^🔗

  • When multiple pipelines hold a common resource and webhook calls against the common resource, checks are sent to all pipelines at same time. Without this enhancement, each webhook call will cause a check to run. With this enhancement, only a single check will run, which is the expected behavior as a global resource.

• Allow override of container limits in task config (#6867) @BooleanCat _^🔗

  • Pipeline authors can now set container_limits for reusable tasks in pipelines. Any limits set in the pipeline will override the limits set within the reusable task file.

• Use cursor-based pagination for build events (#6873) @aoldershaw _^🔗

  • Optimizes fetching build logs from the DB for builds with massive logs

• Use display_user_id field to render username in web interface (#6970) @logyball _^🔗

• Set Content-Security-Policy and Cache-Control Headers (#6949) @taylorsilva _^🔗

  • A Content-Security-Policy header is now set with a default value that will block framing of the Concourse web UI. This was already possible with the default value of the X-Frames-Option header.
    • The CSP header value is configurable with CONCOURSE_CONTENT_SECURITY_POLICY
  • A Cache-Control header is set on every page with a default value of no-store, private. The value of the header is overwritten for some paths (i.e. web assets)

🐞 Bug Fixes

• Ensure stdin never errors when using containerd with TTY enabled (#6791) @chenbh _^🔗

  • Fixed bug with containerd runtime where builds to error out if it runs for a long time without any output

• Add trigger for deleting pipeline (#6880) @xtremerui _^🔗

  • Fix a bug that might leave orphan pipeline_build_events_* table in DB when deleting a team. Pipelines belong to the deleted team will be destroyed by DELETE CASCADE but associated events table was not cleaned up properly.

• Fix volume GC query to not include volumes with children (#6902) @xtremerui _^🔗

  • Fix query that causes volume cannot be destroyed as children are present in web and update or delete on table "volumes" violates foreign key constraint "volumes_parent_id_fkey" in DB.

• Set autocomplete to off for login form (#6920) @taylorsilva _^🔗

  • add autocomplete="off" to the top-level form and username tags.

• Scan unchecked resource-types (#6923) @EstebanFS _^🔗

  • Fixed an edge case where a put-only resource's parent-type would not be checked

• Ignore "not found" error on process deletion for Containerd runtime (#6959) @aoldershaw _^🔗

• worker: Set PATH based on UID instead of container's privileged state (#6982) @taylorsilva _^🔗

  • Containerd: fixed a bug where PATH did not contain directories to system tools (i.e. /sbin) when a user/process was root. Only effects unprivileged containers.

• Fix Postgres deadlock when frequently setting pipelines (#7011) @aoldershaw _^🔗

• containerd: allow use of non-existent uids (#7029) @muntac _^🔗

  • containerd supports running images with non-existent UIDs such as distroless images.

🤷 Miscellaneous

• Add exception handling in bigint migration (#6848) @xtremerui _^🔗

• add help text for password connector flag (#6876) @aoldershaw _^🔗

• skip DNS proxy test with extra DNS server (#6878) @aoldershaw _^🔗

• Optimise fake generation (#6885) @BooleanCat _^🔗

• Refactor: Pick -> Approve (#6886) @taylorsilva _^🔗

• Optimise fake generation (#6901) @BooleanCat _^🔗

• re-enable k8s dns proxy test (#6906) @chenbh _^🔗

• atc: fix asset leak in api tests (#6918) @vito _^🔗

• web/wats: replace deprecated waitFor usage (#6922) @vito _^🔗

• Correct a typo in project documentation (#6925) @plan-do-break-fix _^🔗

• topgun/k8s: move dns proxy tests to integration (#6947) @chenbh _^🔗

• Don't check resource-types from paused pipelines (#6961) @taylorsilva _^🔗

• Add drills environment to major release template (#6967) @clarafu _^🔗

• Using osFlag to fix windows worker error (#6971) @EstebanFS _^🔗

• contributing: cover governance model, be brief (#6972) @vito _^🔗

• [skip-migrations-check] bump secondary_order migration (#6979) @aoldershaw _^🔗

• .github: set up security scanning action (#6992) @vito _^🔗

• Fix bugs related to caching streamed volumes (#7001) @aoldershaw _^🔗

• Fix caching when streamed volume was also streamed (#7024) @aoldershaw _^🔗

• Upgraded xenial to bionic stemcell (#7037) @EstebanFS _^🔗

• 7.3.x: make resource cache streaming opt-in (#7051) @taylorsilva _^🔗

• 7.3.x: Fix capture of failing topgun tests logs (#7055) @taylorsilva _^🔗

• 7.3.x: update regex for capturing instances (#7063) @taylorsilva _^🔗

📦 Bundled resource types