github tektoncd/pipeline v0.47.0
Tekton Pipeline release v0.47.0 "Chartreux Rachel" LTS

latest releases: v0.65.1, v0.62.5, v0.65.0...
18 months ago

๐ŸŽ‰ Trusted Resources, Matrix Execution and various improvements ๐ŸŽ‰

-Docs @ v0.47.0
-Examples @ v0.47.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml
REKOR_UUID=24296fb24b8ad77a26cba25047813dca68dd316baedd830ade34aac05e6f51ccd73a54a013021440

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

Changes

Features

  • โœจ Migrate Propagated Workspaces to Stable (#6432)

Propagated workspaces is now a stable feature.

  • โœจ [TEP-0091] use verification mode in trusted resources (#6406)

The mode of VerificationPolicy determines how failing policies for trusted resources are handled. When set to warn, failing policies will log a warning but not fail the taskrun/pipelinerun. When set to enforce, failing policies will cause the taskrun/pipelinerun to fail if the policy cannot be verified.

  • โœจ TEP-0118: Implement Fanning Out logic to support Matrix Include Parameters in a Task Run (#6341)

Users can now specify aPipelineTask with Matrix Include Parameters to generate explicit combinations or add
a specific combination of input values for Matrix Parameters.

  • โœจ [TEP-0091] Add mode for VerificationPolicy (#6328)

Add mode field into VerificationPolicy to controls whether fail taskrun/pipelinerun or not when fails verification

  • โœจ [TEP-0091] change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy (#6324)

[action required] for trusted resources users, please change feature flag resource-verification-mode to trusted-resources-verification-no-match-policy, please refer to https://github.com/tektoncd/pipeline/blob/main/docs/trusted-resources.md#enable-trusted-resources to learn how to config the new trusted-resources-verification-no-match-policy feature flag

  • โœจ [TEP-0089] SPIRE for non-falsifiable provenance - IsSpireEnabled (#6524)

  • โœจ TEP-0118: Update TaskRun Validation for Matrix Include Params (#6418)

  • โœจ [TEP-0047] add display name to pipeline spec and task spec (#6294)

Fixes

  • ๐Ÿ› Fix resolutionrequest conversion (#6509)

bug fix: reduced webhook log spam related to conversion of ResolutionRequests

  • ๐Ÿ› [TEP-0133] Apply default resolver to finally tasks (#6481)

TEP-0133: Apply default resolver to finally tasks

  • ๐Ÿ› Make sure we pass the live config to the conversion webhook (#6450)

Make sure the conversion webhook sees the live configmaps instead of the default ones

  • ๐Ÿ› Avoid occasional failures when using remote resolution (#6424)

Avoid occasional failures of TaskRun/PipelineRun execution using remote resolution.

  • ๐Ÿ› Avoid retry on permanent errors in pipelinerun (#6297)

When encountering a permanent error during the creation of run resources in pipelinerun, stop retrying and set the failure reason to "CreateRunFailed".

  • ๐Ÿ› Fix no logs in stdout/stderr if uses stdoutConfig (#6162)

users can still view the output through the Pod log API if stdoutConfig.path or stderrConfig.path is specified

  • ๐Ÿ› Fix for PipelineRuns getting stuck in the running state in the cluster (#6095)

Fix a bug that made big PipelineRuns get stuck in the running state in the cluster

  • ๐Ÿ› Fix Timeouts Default in v1 PipelienRun (#6546)
  • ๐Ÿ› Fixed nil panic scenarios. (#6465)
  • ๐Ÿ› fix: add PodAdmissionFailed reason to avoid confusing failed status (#6295)
  • ๐Ÿ› fix taskrun failing with duplicate unique image found (#6260)
  • ๐Ÿ› Added Skip Logic: Matrix parameters cannot be empty arrays (#6140)
  • ๐Ÿ› test: add unit tests for pkg/resolution/resource (#6433)

Misc

  • ๐Ÿ”จ Fix v1beta1.CustomRun GVK (#6562)

BREAKING CHANGE: v1beta1.CustomRuns GVK was changed to properly match it's type (Runs -> CustomRuns). This may break relationships that are relying on the incorrect GVK value. Clients not relying on the GVK value from the Go type are unaffected.

  • ๐Ÿ”จ TEP-0114: Remove support for v1alpha1.Run (#6508)

action required: v1alpha1.Run objects are no longer supported. You must upgrade to v1beta1.CustomRun before upgrading to this release. See https://github.com/tektoncd/pipeline/blob/main/docs/migrating-v1alpha1.Run-to-v1beta1.CustomRun.md for migration instructions

  • ๐Ÿ”จ [TEP-114] Remove the feature flag custom-task-version to stop supporting v1alpha1 Run (#6499)

action required: Feature flag custom-task-version is removed, tekton pipeline will stop supporting v1alpha1 Run and only use v1beta1 CustomRun.

  • ๐Ÿ”จ [TEP-0074] Remove git-init code (#6417)

pkg/git has been removed

  • ๐Ÿ”จ Keep securitycontext fields simple in e2e (#6547)

allow e2e tests to run on openshift using securitycontext fields simple

  • ๐Ÿ”จ Revert removal of PipelineResources related fields (#6436)

Revert removal of client fields for PipelineResources for backwards compatibility. PipelineResources are still no longer functional and will not work with this version of Tekton.
Example command to list tasks that use PipelineResources and must be deleted before upgrading (works for other Tekton CRDs as well):
kubectl get taskruns --all-namespaces -o json | jq -r '.items[] | select(.metadata.annotations["[tekton.dev/v1beta1Resources](http://tekton.dev/v1beta1Resources)"] | (. != "{}") and (. != "") and (. != null)) | .metadata.namespace + "/" + .metadata.name + " " + .metadata.creationTimestamp'

  • ๐Ÿ”จ Remove third_party directory (#6416)

Images built as part of releases no longer contain contents of third_party/. (Images still contain contents of vendor/.)

  • ๐Ÿ”จ Remove RunControllerName from the Codebase (#6531)
  • ๐Ÿ”จ TEP-0089: Refactor setting of "enforce-nonfalsifiability" feature flag (#6527)
  • ๐Ÿ”จ 6483-Step1: move validation code out of pipeline_types.go (#6526)
  • ๐Ÿ”จ Hygiene: enabled presets and various linters. (#6518)
  • ๐Ÿ”จ Hygiene: enable exhaustive linter. (#6484)
  • ๐Ÿ”จ Cleanup: addressed various nolint items. ๐Ÿงน ๐Ÿงน ๐Ÿงน (#6477)
  • ๐Ÿ”จ chore: cleanup unused functions in the resources (#6473)
  • ๐Ÿ”จ Refactor Overwriting Combinations in Matrix (#6463)
  • ๐Ÿ”จ Cleanup: move taskspec_test to resources_test pkg (#6458)
  • ๐Ÿ”จ Split up and refactor isCustomTask (#6447)
  • ๐Ÿ”จ Clean Up: Update []Param to the new Params type (#6446)
  • ๐Ÿ”จ Clarify ParamValue syntax (#6445)
  • ๐Ÿ”จ Cleanup Resolution import path (#6438)
  • ๐Ÿ”จ Refactor Matrix Implementation (#6407)
  • ๐Ÿ”จ Hygiene: enable errorlint. (#6340)
  • ๐Ÿ”จ refactor getTaskRunCreations in the pipelineRun reconciler test suite (#6293)
  • ๐Ÿ”จ Remove v1alpha1 Runs Client setup in init test (#6571)
  • ๐Ÿ”จ Add link to examples of good release notes to template (#6564)
  • ๐Ÿ”จ Use the system-installed version of golangci-lint. (#6560)
  • ๐Ÿ”จ Add timeouts tests for v1beta1 PipelineRun Defaults (#6548)
  • ๐Ÿ”จ Bump k8s.io/api from 0.25.8 to 0.25.9 (#6545)
  • ๐Ÿ”จ Remove TaskrunMetrics Blank Identifier in CustomRun Reconciler to Avoid Redundant TaskRun Informer Register (#6542)
  • ๐Ÿ”จ Fix serviceAccountName in v1 Examples (#6541)
  • ๐Ÿ”จ Bump k8s.io/api from 0.26.2 to 0.26.4 in /test/custom-task-ctrls/wait-task-beta (#6537)
  • ๐Ÿ”จ Bump k8s.io/client-go from 0.25.8 to 0.25.9 in /test/custom-task-ctrls/wait-task-beta (#6536)
  • ๐Ÿ”จ Bump k8s.io/client-go from 0.25.8 to 0.25.9 (#6535)
  • ๐Ÿ”จ Bump k8s.io/code-generator from 0.25.8 to 0.25.9 (#6534)
  • ๐Ÿ”จ Bump k8s.io/apimachinery from 0.26.3 to 0.26.4 (#6533)
  • ๐Ÿ”จ create multi-arch Wait Custom Task Controller image (#6523)
  • ๐Ÿ”จ Bump github.com/sigstore/sigstore from 1.6.1 to 1.6.2 (#6522)
  • ๐Ÿ”จ Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 (#6521)
  • ๐Ÿ”จ tekton: update ko/koparse images in release pipeline (#6519)
  • ๐Ÿ”จ Migrate v1beta1 RunResult to Unversioned Package (#6514)
  • ๐Ÿ”จ Bump github.com/sigstore/sigstore from 1.6.0 to 1.6.1 (#6501)
  • ๐Ÿ”จ Bump github.com/spiffe/spire-api-sdk from 1.6.1 to 1.6.2 (#6500)
  • ๐Ÿ”จ Sync v1 TaskRun StepSpecs and SidecarSpecs Merge with v1beta1 Overrides Merge (#6497)
  • ๐Ÿ”จ Downgrade to latest k8s.io/apimachinery from beta. (#6492)
  • ๐Ÿ”จ Bump github.com/jenkins-x/go-scm from 1.13.12 to 1.13.13 (#6487)
  • ๐Ÿ”จ Bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.4 (#6480)
  • ๐Ÿ”จ chore: add copyright header to source files (#6474)
  • ๐Ÿ”จ chore: modify test package name (#6472)
  • ๐Ÿ”จ Replace v1beta1.TaskObject with *v1beta1.Task in TaskRun Reconciler (#6471)
  • ๐Ÿ”จ Replace v1beta1.PipelineObject with *v1beta1.Pipeline in PipelineRun โ€ฆ (#6469)
  • ๐Ÿ”จ Bump github.com/golangci/golangci-lint from 1.52.1 to 1.52.2 in /tools (#6440)
  • ๐Ÿ”จ Add RoundTrip to Conversion Integration Test (#6439)
  • ๐Ÿ”จ Rename PipelineResourceResult to RunResult (#6434)
  • ๐Ÿ”จ Bump github.com/golangci/golangci-lint from 1.52.0 to 1.52.1 in /tools (#6428)
  • ๐Ÿ”จ Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#6427)
  • ๐Ÿ”จ Bump k8s.io/client-go from 0.25.7 to 0.25.8 in /test/custom-task-ctrls/wait-task-beta (#6413)
  • ๐Ÿ”จ Bump k8s.io/client-go from 0.25.7 to 0.25.8 in /test/custom-task-ctrls/wait-task-alpha (#6412)
  • ๐Ÿ”จ Ignore k8s.io/* major/minor version in test/OWNERS test/README.md test/build_logs.go test/cancel_test.go test/clients.go test/columns.txt test/conformance_test.go test/controller.go test/controller_test.go test/conversion_test.go test/custom-task-ctrls test/custom_task_test.go test/dag_test.go test/diff test/doc.go test/duplicate_test.go test/e2e-common.sh test/e2e-tests-kind-prow-alpha.env test/e2e-tests-kind-prow-beta.env test/e2e-tests-kind-prow.env test/e2e-tests-kind.env test/e2e-tests-upgrade.sh test/e2e-tests.sh test/entrypoint_test.go test/examples_test.go test/featureflags.go test/git-resolver test/gohelloworld test/hermetic_taskrun_test.go test/ignore_step_error_test.go test/init_test.go test/kubectl.go test/larger_results_sidecar_logs_test.go test/markdown-lint-config.rc test/multiarch_utils.go test/names test/parse test/path_filtering.go test/path_filtering_test.go test/pipelinefinally_test.go test/pipelinerun_test.go test/presubmit-tests.sh test/propagated_params_test.go test/registry_test.go test/remote.go test/remote_test.go test/resolution.go test/resolvers_test.go test/resolvers_yaml test/retry_test.go test/secret.go test/serviceaccount_test.go test/sidecar_test.go test/start_time_test.go test/status_test.go test/step_output_test.go test/taskrun_test.go test/tektonbundles_test.go test/timeout_test.go test/trusted_resources_test.go test/trustedresources-keys test/trustedresources.go test/trustedresources_test.go test/wait.go test/wait_example_test.go test/windows_script_test.go test/windows_test.go test/workingdir_test.go test/workspace_test.go test/yamls go.mod (#6410)
  • ๐Ÿ”จ Bump github.com/tektoncd/pipeline from 0.45.0 to 0.46.0 in /test/custom-task-ctrls/wait-task-alpha (#6404)
  • ๐Ÿ”จ Bump github.com/tektoncd/pipeline from 0.45.0 to 0.46.0 in /test/custom-task-ctrls/wait-task-beta (#6401)
  • ๐Ÿ”จ Bump github.com/golangci/golangci-lint from 1.51.2 to 1.52.0 in /tools (#6396)
  • ๐Ÿ”จ Bump github.com/jenkins-x/go-scm from 1.13.9 to 1.13.12 (#6394)
  • ๐Ÿ”จ Bump k8s.io/client-go from 0.25.7 to 0.25.8 (#6393)
  • ๐Ÿ”จ Bump k8s.io/api from 0.25.7 to 0.25.8 (#6392)
  • ๐Ÿ”จ Bump k8s.io/code-generator from 0.25.7 to 0.25.8 (#6391)
  • ๐Ÿ”จ divide ApplyTaskResultsToPipelineResults tests into success and error (#6388)
  • ๐Ÿ”จ Bump google.golang.org/protobuf from 1.29.0 to 1.30.0 (#6371)
  • ๐Ÿ”จ [TEP074] Tombstone ResourceResult field with the removal of PipelineResources (#6301)

Docs

  • ๐Ÿ“– Migrate documentation to v1 API (#6414)

Migrate documentation from v1beta1 to v1 API

  • ๐Ÿ“– Update wording for end-of-life in releases.md (#6569)
  • ๐Ÿ“– Add developer guidance for API changes to CustomRuns (#6567)
  • ๐Ÿ“– Update development guide on creating new CRDs (#6566)
  • ๐Ÿ“– Update API compatibility policy for stable CRDs (#6532)
  • ๐Ÿ“– Fixed Broken Links in Cloud Events Documentation (#6517)
  • ๐Ÿ“– updating releases with the latest 0.41.2 (#6504)
  • ๐Ÿ“– Update min k8s version to 1.24 (#6478)
  • ๐Ÿ“– Small docs fix to make the timeout field value more obvious. (#6470)
  • ๐Ÿ“– Update docstring of v1beta1.PipelineObject (#6468)
  • ๐Ÿ“– doc: added a note on pulling task image from private repo (#6426)
  • ๐Ÿ“– fix:inconsistent 'retries' document example fields in customrun (#6422)
  • ๐Ÿ“– Add missing links for v0.46 release and move v0.42 to EOL section (#6421)
  • ๐Ÿ“– updating releases.md for 0.46 (#6389)

Thanks

Thanks to these contributors who contributed to v0.47.0!

Extra shout-out for awesome release notes:

Don't miss a new pipeline release

NewReleases is sending notifications on new releases.