github tektoncd/pipeline v1.12.1
Tekton Pipeline release v1.12.1 "Exotic Shorthair Elektrobots LTS"
on GitHub

latest release: v1.13.1
9 hours ago

-Docs @ v1.12.1
-Examples @ v1.12.1

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.1/release.yaml

Attestation

The Rekor UUID for this release is dc902afe30f02cc9a6847faff1a30920c735b69de8efc5cfafab69eab1a1e8d2

Obtain the attestation: 

REKOR_UUID=dc902afe30f02cc9a6847faff1a30920c735b69de8efc5cfafab69eab1a1e8d2
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file: 

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.1/release.yaml
REKOR_UUID=dc902afe30f02cc9a6847faff1a30920c735b69de8efc5cfafab69eab1a1e8d2

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.12.1@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [cherry-pick: release-v1.12.x] fix(resolvers): Allow ResolutionRequests to resolve all Tekton kinds (#10252)

efore this change, ResolutionRequests could only resolve Pipelines, Tasks, and StepActions. After this change, ResolutionRequests can resolve PipelineRuns, Pipelines, TaskRuns, Tasks, Runs, CustomRuns, and StepActions.

  • 🐛 [cherry-pick: release-v1.12.x] fix: TaskRun stuck in Running when init container is OOMKilled with enableKubernetesSidecar (#10186)

ix: TaskRun no longer gets stuck in Running when an init container (e.g. prepare) is OOMKilled while enableKubernetesSidecar is enabled. The TaskRun is now correctly marked as Failed immediately.

  • 🐛 [cherry-pick: release-v1.12.x] Fix cross-arch platform command lookup in entrypoint (#10164)

ix entrypoint command lookup when controller and worker nodes run on different CPU architectures (e.g., ARM controller with AMD64 workloads). The controller's CPU variant was leaking into TEKTON_PLATFORM_COMMANDS keys via platforms.NewPlatform(), causing "could not find command for platform" errors on worker nodes of a different architecture.

  • 🐛 [cherry-pick: release-v1.12.x] fix: truncate affinity assistant volume names to 63 characters (#10137)

ffinity assistant StatefulSet no longer fails when workspace volumeClaimTemplate names exceed 63 characters. Long volume names are now automatically truncated with a hash suffix to stay within the Kubernetes limit.

  • 🐛 [cherry-pick: release-v1.12.x] fix(pipelinerun): use generateName for anonymous pipeline label (#10079)

Previously, TaskRuns' tekton.dev/pipeline label for anonymous Pipelines would use their PipelineRun's name in their tekton.dev/pipeline label and pipeline metrics tag. After this change, TaskRun and PipelineRun which are created from anonymous Pipelines now reference a sanitized metadata.generateName, when present, for the label tekton.dev/pipeline. Similarly, these TaskRruns and PipelineRuns will populate their respective metrics' pipeline tag with the sanitized generateName instead of using anonymous.

  • 🐛 [release-v1.12.x] Fix gen-crd-api-reference-docs require to use fetchable version (#10001)

ix gen-crd-api-reference-docs go.mod require to use a fetchable upstream version, fixing module resolution failures for downstream consumers.

  • 🐛 [cherry-pick: release-v1.12.x] fix(resolvers): validate data is Tekton object in resolver framework (#9963)

Fixes a bug which lets Tekton Resolvers resolve non-tekton objects and arbitrary data. After this change, resolving a non-tekton object causes the ResolutionRequest to fail.
Action Required: Tekton Resolvers are now only permitted to resolve StepActions, Tasks, and Pipelines. Custom resolvers or ResolutionRequest which use the Resolver API for other object types will no longer function.

  • 🐛 [release-v1.12.x] fix: replace symlinks with subpath params and fix Rekor UUID in release pipeline (#10216)
  • 🐛 [cherry-pick: release-v1.12.x] Fix PipelineRun premature failure when TaskRun recovers after pod eviction (#10161)

Misc

  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10265)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10234)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.22 (#10229)
  • 🔨 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#10200)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.6.19 to 1.6.21 (#10199)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10194)
  • 🔨 build(deps): bump github.com/sigstore/sigstore from 1.10.6 to 1.10.8 (#10168)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.6 to 1.10.8 (#10150)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.6 to 1.10.8 (#10149)
  • 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.14.6 to 1.14.7 (#10148)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.6 to 1.10.8 (#10147)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.6 to 1.10.8 (#10146)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10130)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#10129)
  • 🔨 build(deps): bump the all group across 1 directory with 4 updates (#10094)
  • 🔨 build(deps): bump step-security/harden-runner from 2.19.2 to 2.19.4 (#10093)
  • 🔨 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#10092)
  • 🔨 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#10091)
  • 🔨 build(deps): bump github.com/google/go-containerregistry from 0.21.5 to 0.21.6 (#10070)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.5 to 1.10.6 (#10065)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.5 to 1.10.6 (#10064)
  • 🔨 build(deps): bump github.com/sigstore/sigstore from 1.10.5 to 1.10.6 (#10063)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.5 to 1.10.6 (#10062)
  • 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.5 to 1.10.6 (#10061)
  • 🔨 build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.2 (#10046)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10041)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.35.4 to 0.35.5 (#10034)
  • 🔨 build(deps): bump k8s.io/client-go from 0.35.4 to 0.35.5 in /test/custom-task-ctrls/wait-task-beta (#10023)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.21 to 1.15.22 (#10018)
  • 🔨 build(deps): bump github.com/google/cel-go from 0.28.0 to 0.28.1 (#10017)
  • 🔨 build(deps): bump github/codeql-action from 4.35.2 to 4.35.4 (#9994)
  • 🔨 build(deps): bump chainguard/go from 7ec9277 to a4477c3 in /tekton in the all group (#9993)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.6.17 to 1.6.19 (#9983)
  • 🔨 build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#9981)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9976)

Docs

Thanks

Thanks to these contributors who contributed to v1.12.1!

Extra shout-out for awesome release notes:

Check out latest releases or
releases around tektoncd/pipeline v1.12.1

Don't miss a new pipeline release

NewReleases is sending notifications on new releases.

Get notifications