github tektoncd/pipeline v1.0.3
Tekton Pipeline release v1.0.3 "Oriental Omnidroid"
on GitHub

4 hours ago

Tekton Pipeline release v1.0.3

-Docs @ v1.0.3
-Examples @ v1.0.3

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.0.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677af9a0b5c0d190a06d3da1caf538bf0a6bb9020c707dcfdbe4dd8d2cbceec407d1

Obtain the attestation: 

REKOR_UUID=108e9186e8c5677af9a0b5c0d190a06d3da1caf538bf0a6bb9020c707dcfdbe4dd8d2cbceec407d1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file: 

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.0.3/release.yaml
REKOR_UUID=108e9186e8c5677af9a0b5c0d190a06d3da1caf538bf0a6bb9020c707dcfdbe4dd8d2cbceec407d1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.3@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 Fix cross-arch platform command lookup in entrypoint (#10165)

Fix entrypoint command lookup when controller and worker nodes run on different CPU architectures (e.g., ARM controller with AMD64 workloads). The controller's CPU variant was leaking into TEKTON_PLATFORM_COMMANDS keys via platforms.NewPlatform(), causing "could not find command for platform" errors on worker nodes of a different architecture.

Misc

  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.56 to 1.14.59 (#9968)
  • 🔨 build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#9865)
  • 🔨 build(deps): bump tj-actions/changed-files (#9942)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9944)
  • 🔨 build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2 (#9945)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.1 to 0.32.13 (#9919)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.16 (#9902)
  • 🔨 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.3 (#9900)
  • 🔨 build(deps): bump tj-actions/changed-files (#9904)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9899)
  • 🔨 build(deps): bump actions/cache from 4.2.3 to 4.2.4 (#9903)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 (#9901)
  • 🔨 build(deps): bump github.com/tektoncd/pipeline (#9887)
  • 🔨 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#9877)

Thanks

Thanks to these contributors who contributed to v1.0.3!

Extra shout-out for awesome release notes:

Check out latest releases or
releases around tektoncd/pipeline v1.0.3

Don't miss a new pipeline release

NewReleases is sending notifications on new releases.

Get notifications