github tektoncd/pipeline v0.69.0
Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"
on GitHub

2 days ago

-Docs @ v0.69.0
-Examples @ v0.69.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

Obtain the attestation: 

REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file: 

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml
REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add feature flag to set readOnlyRootFilesystem for containers (#8186)

New feature flag set-security-context-read-only-root-filesystem in ConfigMap feature-flags. The new feature sets readOnlyRootFilesystem in securityContext for taskrun and affinity assistant containers.

Fixes

  • 🐛 fix: Move when condition to higher priority (#8569)

fix: Move when condition to higher priority

  • 🐛 fix: resolve panic issue in pipeline controller caused by CustomRun (#8562)

fix: resolve panic issue in pipeline controller caused by CustomRun

Misc

  • 🔨 Bump knative.dev/pkg to release-1.17 (#8538)

Bump knative.dev/pkg to release-1.17 while keeping KUBERNETES_MIN_VERSION to 1.28.

  • 🔨 cleanup: use pkg/platforms instead of containerd/platforms to … (#8579)
  • 🔨 cleanup: add disable_spire build tag for entrypoint command (#8548)
  • 🔨 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#8619)
  • 🔨 build(deps): bump k8s.io/client-go from 0.31.4 to 0.31.6 (#8618)
  • 🔨 build(deps): bump k8s.io/code-generator from 0.31.4 to 0.31.6 (#8615)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.12 to 1.8.15 (#8613)
  • 🔨 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#8612)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#8611)
  • 🔨 build(deps): bump actions/cache from 4.2.1 to 4.2.2 (#8610)
  • 🔨 build(deps): bump tj-actions/changed-files from 45.0.6 to 45.0.7 (#8609)
  • 🔨 chore: add yaml linting to pre-commit (#8606)
  • 🔨 .github/workflow: add only-new-issues on lint (#8604)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.12 to 1.8.15 (#8598)
  • 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.1 to 1.11.2 (#8597)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.12 to 1.8.15 (#8596)
  • 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.15 (#8595)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 (#8594)
  • 🔨 build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 (#8593)
  • 🔨 build(deps): bump github/codeql-action from 3.28.8 to 3.28.10 (#8592)
  • 🔨 build(deps): bump actions/setup-go from 5.1.0 to 5.3.0 (#8591)
  • 🔨 build(deps): bump actions/cache from 4.2.0 to 4.2.1 (#8590)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#8589)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.12 to 1.8.15 (#8585)
  • 🔨 build(deps): bump k8s.io/api from 0.31.4 to 0.31.6 (#8584)
  • 🔨 .github/workflows: add a build and test workflows (#8577)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.37 to 1.14.56 (#8576)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#8573)
  • 🔨 .github/workflows: force go to 1.23 for the lint job (#8570)
  • 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.63.4 to 1.64.5 in /tools (#8568)
  • 🔨 build(deps): bump k8s.io/client-go from 0.29.13 to 0.29.14 (#8567)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#8560)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#8557)
  • 🔨 build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#8554)
  • 🔨 build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 (#8552)
  • 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 (#8551)
  • 🔨 build(deps): bump github.com/google/cel-go from 0.23.1 to 0.23.2 (#8550)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#8549)
  • 🔨 tekton: fix micro typo on release-cheat-sheet (#8545)

Docs

  • 📖 releases.md: add 0.68.0 LTS and update other releases (#8559)
  • 📖 chore: fix some comments (#8524)
  • 📖 fix broken link to tutorials.md page (#8444)

Thanks

Thanks to these contributors who contributed to v0.69.0!

Extra shout-out for awesome release notes:

Check out latest releases or
releases around tektoncd/pipeline v0.69.0

Don't miss a new pipeline release

NewReleases is sending notifications on new releases.

Get notifications