github tektoncd/pipeline v1.3.5
Tekton Pipeline release v1.3.5 "Maine Coon Melfina"
on GitHub

latest releases: v1.13.1, v1.12.1, v1.10.3...
9 hours ago

-Docs @ v1.3.5
-Examples @ v1.3.5

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.3.5/release.yaml

Attestation

The Rekor UUID for this release is ea8c21baac6aed569aaca070afb07e04b700a02e202e6531b6b52e82831641cf

Obtain the attestation: 

REKOR_UUID=ea8c21baac6aed569aaca070afb07e04b700a02e202e6531b6b52e82831641cf
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file: 

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.3.5/release.yaml
REKOR_UUID=ea8c21baac6aed569aaca070afb07e04b700a02e202e6531b6b52e82831641cf

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.5@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [cherry-pick: release-v1.3.x] fix(resolvers): Allow ResolutionRequests to resolve all Tekton kinds (#10255)

efore this change, ResolutionRequests could only resolve Pipelines, Tasks, and StepActions. After this change, ResolutionRequests can resolve PipelineRuns, Pipelines, TaskRuns, Tasks, Runs, CustomRuns, and StepActions.

  • 🐛 [cherry-pick: release-v1.3.x] fix(resolvers): validate data is Tekton object in resolver framework (#9964)

Fixes a bug which lets Tekton Resolvers resolve non-tekton objects and arbitrary data. After this change, resolving a non-tekton object causes the ResolutionRequest to fail.
Action Required: Tekton Resolvers are now only permitted to resolve StepActions, Tasks, and Pipelines. Custom resolvers or ResolutionRequest which use the Resolver API for other object types will no longer function.

  • 🐛 [release-v1.3.x] fix: add automated draft release support to release pipeline (#10212)

Misc

  • 🔨 build: bump go directive to 1.25 (#10027)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10263)
  • 🔨 build(deps): bump go-jose v4 to 4.1.4 (#10259)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10236)
  • 🔨 [release-v1.3.x] Fix golangci-lint action step for large diff (#10224)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10195)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10127)
  • 🔨 [Cherry-pick Release-v1.3.x] fix: resolve goroutine leak from unbuffered channels in resolver reconcilers (#10106)
  • 🔨 [Cherry-pick release-v1.3.x] fix: convert pod latency metric to histogram and remove pod label (#10100)
  • 🔨 [Cherry-pick Release-v1.3.x] fix(pipelinerun): use generateName for anonymous pipeline label (#10099)
  • 🔨 build(deps): bump tj-actions/changed-files from 6b924b1775b8688e12ffb9b5cb5e968e1eb682ec to 934b2d2c7e653bb8c968afed5a0428617f09aa24 (#10090)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10089)
  • 🔨 build(deps): bump tj-actions/changed-files from 7dc4d75b6aa91041857e522f1426c3d1ac5d13b6 to 6b924b1775b8688e12ffb9b5cb5e968e1eb682ec (#10044)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#10040)
  • 🔨 build(deps): bump the all group across 1 directory with 4 updates (#9986)
  • 🔨 build(deps): bump tj-actions/changed-files from 778ca51dd262f0b33085d14089d652a53707f25b to 7dc4d75b6aa91041857e522f1426c3d1ac5d13b6 (#9985)
  • 🔨 build(deps): bump github.com/google/cel-go from 0.26.0 to 0.26.1 (#9949)
  • 🔨 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#9948)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.16 (#9941)
  • 🔨 build(deps): bump tj-actions/changed-files from 5f4a0b68ac816d8cb4a52bd88b460549197b7ff1 to 778ca51dd262f0b33085d14089d652a53707f25b (#9940)
  • 🔨 build(deps): bump actions/cache from 4.2.3 to 4.2.4 (#9939)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.6 to 0.32.13 (#9930)
  • 🔨 build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#9927)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.11 (#9921)
  • 🔨 build(deps): bump k8s.io/code-generator from 0.32.7 to 0.32.13 (#9920)
  • 🔨 build(deps): bump github/codeql-action from 3.29.3 to 3.29.11 (#9893)
  • 🔨 build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#9892)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.3 (#9891)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.4 (#9890)
  • 🔨 build(deps): bump tj-actions/changed-files from 055970845dd036d7345da7399b7e89f2e10f2b04 to 5f4a0b68ac816d8cb4a52bd88b460549197b7ff1 (#9889)
  • 🔨 build(deps): bump github.com/tektoncd/pipeline from 0.53.1 to 0.53.9 in /test/custom-task-ctrls/wait-task-beta (#9885)
  • 🔨 build(deps): bump k8s.io/api from 0.32.7 to 0.32.13 (#9880)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.74.2 to 1.74.3 (#9873)
  • 🔨 build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.16.1 to 2.16.2 (#9868)
  • 🔨 build(deps): bump the all group across 1 directory with 4 updates (#9864)

Docs

Thanks

Thanks to these contributors who contributed to v1.3.5!

Extra shout-out for awesome release notes:

Check out latest releases or
releases around tektoncd/pipeline v1.3.5

Don't miss a new pipeline release

NewReleases is sending notifications on new releases.

Get notifications