🎉 Minimal PipelineRun Status, Graceful Termination Graduation, and Referencing Remote Pipelines 🎉

-Docs @ v0.35.0
-Examples @ v0.35.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml

Attestation

The Rekor UUID for this release is b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791

Obtain the attestation:

REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.35.0/release.yaml
REKOR_UUID=b304386ca92d8a4ca0d2f0acf051a1557507acf4891f9bc9db60d604a1bf3791

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.35.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [TEP-0100] Implementation for embedded TaskRun and Run statuses in PipelineRuns (#4739)

Added implementation for minimal TaskRun and Run statuses within PipelineRun statuses.

• ✨ TEP-0090: - (#4707)

• Consuming Results in Matrix is invalid - will be supported soon to allow dynamic fan out.
• Consuming Results from fanned out PipelineTasks is invalid - will be revisited soon after array and object Results are supported.

• ✨ TEP-0090: - (#4704)

Parameters in Matrix:

• must be of type Array
• must not be in Params field as well
• must be declared in the Parameters in Pipeline specification

Note that Matrix is not yet fully functional.

• ✨ Promote Graceful termination to stable (#4668)

Promoting graceful termination of pipelinerun to beta and keeping PipelineRunCancelled as deprecated, it will be removed after 3 releases

• ✨ Add pipelineRef remote resolution (#4596)

Initial integration with tektoncd/resolution project, allowing pipelineRefs to be resolved directly from public git repos.

• ✨ Use fields from PodTemplate when creating affinity-assistant pod (#4348)

• A default pod template for affinity-assistant pods can now be set by the default-affinity-assistant-pod-template field in config-defaults ConfigMap. Template merge rules is the same as the generic Pod templates (the template specified in the PipelineRun or TaskRun takes precedence over the one in the defaults).
• The affinity-assistant Pod template now supports ImagePullSecrets.

• ✨ [TEP-0100] Add new updatePipelineRunStatusFromChildRefs function (#4760)
• ✨ [TEP-0100] Add functionality to be used in supporting minimal embedded status (#4757)

Deprecation Notices

• 🚨 Deprecating full embedded status in pipelineRun

The PipelineRun.Status.TaskRuns and PipelineRun.Status.Runs fields are deprecated and will be removed in January, 2023. Please find more details in the proposal - TEP-0100.

• 🚨 pipelineRunCancelled will be removed in v0.38

With 0.35, graceful termination of PipelineRuns is now a stable feature and is no longer behind alpha feature flag. For more information related to graceful cancellation, you can refer to TEP-0058. Now, what this means is that the existing status PipelineRunCancelled which was deprecated in 0.25.0 release of Tekton Pipelines will be removed after 3 releases, i.e., in 0.38.0 release it will be removed completely and replaced by Cancelled in case of completely cancelling the PipelineRuns.

No changes need to be made to your Pipelines and Tasks. If you have tools to cancel the running pipeline, those tools will have to be updated in 0.38.0. This change also affects the tools such as Dashboard, CLI, IDE extensions, etc. as they now need to start supporting the new PipelineRun statuses. Tekton CLI has already made the following changes and will be available in the new release 0.24.0.

Backwards incompatible changes

In current release:

• 🚨 Removed feature flag - scope-when-expressions-to-task (#4715)

In TEP-0007: Conditions Beta, we introduced when expressions to guard execution of Tasks in Pipelines. To align with Conditions, we set scope of when expressions to the guarded Task and its dependent Tasks.

In TEP-0059: Skipping Strategies, we proposed changing the scope of when expressions to the guarded Task only. This was implemented in #4085. We provided a feature flag, scope-when-expressions-to-task, to support migration. It defaulted to false for 9 months per our Beta API compatibility policy, meaning that we continued to guard the Task and its dependent Tasks. Then in #4580, we flipped the flag to true to guard the Task only by default.

In this change, we remove the scope-when-expressions-to-task flag and complete the migration.

• 🚨 Removed pullrequest-init-build-base (#4709)

The pullrequest-init-build-base seemed to include a root and nonroot user to account for the fact that PR directories and files may have been written by a different (possibly non-root) user, and needed to be read by the pullrequest-init container image.

In order to achieve this, the image no longer needed to be based on a custom-built base image -- it seems like the rootful gcr.io/distroless/static base image is sufficient so removing pullrequest-init-build-base.

Fixes

• 🐛 Fix git-init for Git 2.35.2 (#4756)

Fixed git-init behavior to work with Git 2.35.2 changes.

• 🐛 Avoid panic in PipelineRun reconciler for Runs with no owner refs (#4733)

Fix panic when reconciling PipelineRun with indirectly-created custom tasks.

• 🐛 Allow tasks to retry when PipelineRun stops (#4651)

[Bug fix]: Allow TaskRuns/Runs to complete retries when PipelineRun is stopped, including graceful stopping

• 🐛 Add listType annotations (#4402)

• 🐛 Don't wait for TaskRun to be observed Running. (#4773)

• 🐛 Fix TestReconcileOnCompletedTaskRun (#4695)

Misc

• 🔨 Switch the franken-image to use for linux images. (#4763)

Linux builds for windows-compatible images now use gcr.io/distroless/static:nonroot instead of gcr.io/distroless/base:debug-nonroot (drops glibc and busybox)

• 🔨 Switch to for (#4762)

The default shell image is now nonroot by default, and much smaller.

• 🔨 Use a new base image for the image. (#4758)

The git-init image is now based on ghcr.io/distroless/git with fewer unused packages installed! 🎉

• 🔨 Bump to K8s 23 libs. (#4712)

Tekton Pipelines now uses k8s 23 libs

• 🔨 migrate yaml package to sigs.k8s.io/yaml (#4754)

• 🔨 PullRequest PipelineResource expects root (#4718)

The pullrequest PipelineResource is updated to explicitly set its runAsUser to 0. PipelineResources aren't tested as anything other than the root user and this change makes that explicit.

The pullrequest-init base image also no longer uses the root user by default. It now defaults to using UID 65532.

• 🔨 Update build pipeline to golang 1.17.8 (#4700)

Tekton build with golang 1.17.8

• 🔨 A few minor cleanups in pkg/reconciler/pipelinerun/pipelinerun_test.go (#4785)
• 🔨 Instrument e2e pipelinerun_test.go files for logstream (#4782)
• 🔨 Instrument the kaniko test for logstream. (#4774)
• 🔨 Consolidate more pipelinerun_test.go reconciler tests (#4768)
• 🔨 Switch to YAML parsing in much of taskrun_test.go (#4751)
• 🔨 Switch (almost all of) the rest of pipelinerun_test.go to YAML parsing (#4749)
• 🔨 Update a number of PipelineRun reconciler tests with parsed YAML (#4748)
• 🔨 Clean up usages of config maps in pipelinerun_test (#4736)
• 🔨 test: use t.TempDir to create temporary test directory (#4727)
• 🔨 Move go.mod to Go 1.17 (#4726)
• 🔨 Fix existing LGTM issues (#4592)
• 🔨 Instrument (almost all of) e2e tests for logstream (#4780)
• 🔨 Switch ApplyTaskResultsToPipelineResults to not use status maps (#4753)
• 🔨 Add Go libraries compatibility policy (#4750)
• 🔨 Consolidate TestReconcilePropagate* PipelineRun tests (#4745)
• 🔨 Consolidate TestReconcileOnStopped* PipelineRun tests (#4744)
• 🔨 Exclude the third_party directory from PKGS in Makefile (#4735)
• 🔨 Update PR template to clarify release notes policy (#4732)
• 🔨 Fix gofmt failure on go 1.17.8 (#4714)
• 🔨 Fix the xml report generation for kind e2e jobs (#4713)
• 🔨 [V1] Add new API versions to /config (#4702)
• 🔨 Add some switches to the e2e script ⚙️ (#4400)

Docs

• 📖 k8s 1.21 is the minimum required (#4719)

• 📖 Add example for PipelineRun namespace context variable (#4703)

• 📖 Add v0.34.0 and v0.33.3 to the README (#4698)

• 📖 Update tutorial links (#4789)

• 📖 Update date of removal of PipelineRunCancelled (#4783)

• 📖 Add links to readme and docs for several minor releases (#4724)

• 📖 Add example and docs for array param with defaults 📜 (#4518)

Thanks

Thanks to these contributors who contributed to v0.35.0!

• ❤️ @Juneezee
• ❤️ @abayer
• ❤️ @afrittoli
• ❤️ @bobcatfish
• ❤️ @chenbh
• ❤️ @geriom
• ❤️ @imjasonh
• ❤️ @jerop
• ❤️ @lbernick
• ❤️ @lumjjb
• ❤️ @mattmoor
• ❤️ @sbwsg
• ❤️ @timonwong
• ❤️ @vinamra28

Extra shout-out for awesome release notes:

• 😍 @abayer
• 😍 @afrittoli
• 😍 @chenbh
• 😍 @imjasonh
• 😍 @jerop
• 😍 @lbernick
• 😍 @mattmoor
• 😍 @sbwsg
• 😍 @timonwong
• 😍 @vinamra28