🎉 Observability, evolved: Tekton Pipelines migrates to OpenTelemetry 🎉

-Docs @ v1.10.0
-Examples @ v1.10.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.10.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a94dd58f7cfb4996ccce2c937681486ef690dab5e560e66c6c34aa9b446f32651

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a94dd58f7cfb4996ccce2c937681486ef690dab5e560e66c6c34aa9b446f32651
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.10.0/release.yaml
REKOR_UUID=108e9186e8c5677a94dd58f7cfb4996ccce2c937681486ef690dab5e560e66c6c34aa9b446f32651

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.10.0@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• 🚨 Metrics migration from OpenCensus to OpenTelemetry (#9043)

  ACTION REQUIRED: Infrastructure metrics (Go runtime, Workqueue, K8s Client) have been renamed from the tekton_pipelines_controller_ prefix to standard OpenTelemetry/Knative namespaces. The reason label has been added to duration metrics (pipelinerun_duration_seconds, taskrun_duration_seconds). The reconcile_count and reconcile_latency metrics have been removed.

  Upgrade actions:

  1. Update Config: Ensure your config-observability ConfigMap uses metrics-protocol: prometheus (or grpc/http) instead of the old metrics.backend-destination. If prometheus was already being used, no changes are needed.
  2. Update Dashboards:
     • Replace tekton_pipelines_controller_workqueue_* queries with kn_workqueue_*
     • Replace tekton_pipelines_controller_go_* queries with standard go_* metrics
     • Check aggregations on pipelinerun_duration_seconds to account for the new reason label

  See the full migration table in PR #9043 for complete details.

Changes

Features

• ✨ feat: Add SHA-256 support for Git resolver revision validation (#9278)

  Git resolver now supports SHA-256 commit hashes for revision validation.

• ✨ feat(metrics): Migrate from OpenCensus to OpenTelemetry (#9043)

  Migrated PipelineRun and TaskRun metrics to OpenTelemetry instruments (histograms, counters, gauges). Updated Knative to 1.19. See Upgrade Notices for breaking changes and required actions.

• ✨ ci: add /rebase slash command workflow (#9375)

Fixes

• 🐛 fix: Remove redundant shortNames from ResolutionRequest CRD (#9398)

  Remove redundant shortNames from ResolutionRequest CRD that caused ShortNamesConflict on Kubernetes 1.33+

• 🐛 fix(pipelines): allow pipeline param defaults to use non-param variables (#9386)

  Fixed a bug which caused PipelineRun validation to fail when a pipeline parameter's default value referenced a non-parameter variable (e.g. $(context.pipelineRun.name))

• 🐛 fix: pipeline-level results not recorded from failed tasks (#9367)

  Pipeline-level results now include results from failed, cancelled, and timed-out tasks, fixing cases where results referencing non-successful task outputs were left as unresolved variable strings.

• 🐛 ci: replace e2e-only fan-in with unified CI summary job (#9394)

• 🐛 fix: Align cache configstore with framework implementation (#9282)

• 🐛 accept featureFlags.EnableTektonOCIBundles to fix unknown field error (#8996)

Misc

• 🔨 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /test/resolver-with-timeout (#9426)
• 🔨 Move v0.68 LTS to End of Life releases (#9434)
• 🔨 Assess several new gosec findings (#9405)
• 🔨 ci: Update cherry-pick command to latest plumbing (#9400)
• 🔨 build(deps): bump opentelemetry exporter packages to v1.39.0 (#9332)
• 🔨 build(deps): bump github.com/google/go-containerregistry from 0.21.0 to 0.21.1 (#9433)
• 🔨 build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 (#9431)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#9430)
• 🔨 build(deps): bump tj-actions/changed-files from 47.0.2 to 47.0.4 (#9429)
• 🔨 build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 (#9428)
• 🔨 build(deps): bump chainguard-dev/actions from 1.6.1 to 1.6.4 (#9427)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.10.4 in /test/resolver-with-timeout (#9425)
• 🔨 build(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 (#9418)
• 🔨 build(deps): bump github.com/tektoncd/pipeline from 1.9.0 to 1.9.1 in /test/custom-task-ctrls/wait-task-beta (#9417)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#9397)
• 🔨 build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 (#9396)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.16 to 1.6.1 (#9395)
• 🔨 build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 (#9392)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.16 to 1.15.17 (#9391)
• 🔨 build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 (#9389)
• 🔨 build(deps): bump k8s.io/code-generator from 0.32.11 to 0.32.12 (#9388)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.11 to 0.32.12 (#9385)
• 🔨 build(deps): bump k8s.io/apimachinery from 0.33.7 to 0.33.8 (#9384)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.11 to 0.32.12 (#9383)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.11 to 0.32.12 in /test/custom-task-ctrls/wait-task-beta (#9382)
• 🔨 build(deps): bump k8s.io/api from 0.32.11 to 0.32.12 in /test/custom-task-ctrls/wait-task-beta (#9381)
• 🔨 build(deps): bump k8s.io/apimachinery from 0.33.7 to 0.33.8 in /test/custom-task-ctrls/wait-task-beta (#9380)
• 🔨 build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 (#9374)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#9373)
• 🔨 build(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 (#9372)
• 🔨 build(deps): bump tj-actions/changed-files from 47.0.1 to 47.0.2 (#9371)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.14 to 1.5.16 (#9370)
• 🔨 build(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#9369)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.39.0 to 1.40.0 (#9363)
• 🔨 fix(ci): simplify e2e test health status result (#9361)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#9352)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.13 to 1.5.14 (#9351)
• 🔨 build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 (#9350)
• 🔨 build(deps): bump actions/cache from 4.2.3 to 5.0.3 (#9348)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.37.0 to 1.40.0 (#9345)
• 🔨 build(deps): bump github.com/tektoncd/pipeline from 1.7.0 to 1.9.0 in /test/custom-task-ctrls/wait-task-beta (#9340)
• 🔨 build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 (#9337)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.14.0 to 1.14.1 (#9336)
• 🔨 build(deps): bump sigstore/sigstore from 1.9.5 to 1.10.4 (#9331)
• 🔨 build(deps): bump github.com/tektoncd/pipeline to v1.7.0 in wait-task-beta (#9329)

Docs

• 📖 docs: clarify flag availability across controller binaries (#9390)
• 📖 docs: update releases.md for v1.9.0 LTS (#9339)
• 📖 docs: Document roadmap project board workflows and best practices (#9311)
• 📖 Update examples in docs for changes in apiVersion v1 (#9042)

Thanks

Thanks to these contributors who contributed to v1.10.0!

• ❤️ @7h3-3mp7y-m4n
• ❤️ @SaschaSchwarze0
• ❤️ @aThorp96
• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]
• ❤️ @johankok
• ❤️ @khrm
• ❤️ @lusqua
• ❤️ @softho0n
• ❤️ @vdemeester
• ❤️ @waveywaves
• ❤️ @wilderbridge
• ❤️ @wmypku

Extra shout-out for awesome release notes:

• 😍 @7h3-3mp7y-m4n
• 😍 @aThorp96
• 😍 @dependabot[bot]
• 😍 @khrm
• 😍 @lusqua
• 😍 @vdemeester
• 😍 @waveywaves
• 😍 @wmypku