Skip to content

Tekton Pipeline release v0.40.0 "Himalayan Sonny"
Compare
Choose a tag to compare
@tekton-robot tekton-robot released this 19 Sep 14:16
v0.40.0
9221ac3

πŸŽ‰ Remote resolution integrated in tektoncd/pipeline with built-in resolvers, Object params and workspace propagation πŸŽ‰

-Docs @ v0.40.0
-Examples @ v0.40.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277

Obtain the attestation:

REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml
REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ TEP-119 - Add TaskRun Template in v1 PipelineRun (#5491)

Add pipelineRun.spec.pipelineTaskRunTemplate with serviceAccountName and podTemplate.

  • ✨ TEP-0111 - Propagating workspaces in pipelinerun (#5463)

Workspaces are propagated in embedded specifications of pipelinerun without mutations.

  • ✨ Add support for git remote resolution using provider APIs with an API token (#5450)

Adds new behavior to the git remote resolver to fetch Tasks and Pipelines from GitHub, Gitlab, BitBucket via their APIs using API tokens.

  • ✨ TEP-0075: More flexible ways to provide values for object param keys (#5427)

More flexible ways to provide values for object param keys: a subset of keys can be provided from default, and the rest is provided at runtime.

  • ✨ Add cluster remote resolver (#5405)

Add a cluster resolver for referencing Pipeline and Task resources in other namespaces

  • ✨ Add resolvers deployment, with release and e2e integration (#5395)

action required: The separate Resolutions project has been folded into Pipeline. If currently using Resolution, remove the tekton-remote-resolution namespace before upgrading and installing the new "resolvers.yaml".

  • ✨ TEP-0118: matrix: add field (#5383)

action required: matrixed params must be moved under matrix.params

  • ✨ Propagating object params (#5371)

Propagating object params

  • ✨ Merge affinity from podtemplate and affinity-assistant (#5306)

If the user provide affinity in podtemplate it will merge with affinity-assistant's affinity

action required: Need to check podtemplate make sure the change will not cause unexpected behaviour

  • ✨ Add types and client for Resolution (#5200)

action required: Remote resolver resource field has changed to params.

  • ✨ TEP-0111 - Propagating workspaces in taskruns (#5081)

Workspaces are propagated in embedded specifications without mutations.

  • ✨ Add ResolutionRequest v1beta1, without serving yet (#5495)
  • ✨ Avoid Duplicate Reconcile Logic in Testing Wait Custom Run Controller (#5462)
  • ✨ Move the remote resolvers deployment to a separate namespace (#5436)
  • ✨ TEP-0114: Implements Retries in The Testing Wait Custom Task (#5435)
  • ✨ TEP-0114: Added CustomRun references and specifications to v1beta1 (#5403)
  • ✨ Add combined remote resolvers binary (#5391)
  • ✨ TEP-0114: Timeout the Testing Wait Custom Task (#5389)
  • ✨ Support parameter substitution for resolver params (#5387)
  • ✨ Add ResolutionRequest to webhook and controller, add resolution docs (#5385)
  • ✨ Move Resolution bundle, git, and hub resolver pkgs over (#5384)
  • ✨ Move over the resolver framework from Resolution. (#5380)
  • ✨ Add baseimage for windows 1809 to support AKS (#5361)
  • ✨ TEP-0114: Tests Wait Custom Task without CRD in PipelineRun (#5356)
  • ✨ TEP-0114: Custom Task E2E Test with A Controller Installed (#5332)

Backwards incompatible changes

In current release:

  • 🚨 Switch PipelineRun timeout -> TaskRun logic to instead signal the TaskRuns to stop (#5134)

Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.
Previously, the timeout of a TaskRun would be calculated from the time remaining in a PipelineRun's timeouts.tasks. Now, it is set
to the default timeout (unless otherwise specified in pipeline.spec.tasks[].timeout), and the PipelineRun controller will cancel
TaskRuns after timeouts.tasks has elapsed. If timeouts.tasks is greater than the default timeout, tasks will time out at the default timeout instead of when they previously timed out.

[Detailed change description] (#Number).

[Fill list here]

Fixes

  • πŸ› fix regexp for ssh (#5496)

Fix regexp for ssh.

  • πŸ› Allow user to specify only tasks or finally timeout (#5460)

Bug fix: allow specifying only timeouts.tasks or timeouts.finally

  • πŸ› de-dupe order and resource dependencies (#5446)

De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.

  • πŸ› Improve DAG validation for pipelines with hundreds of tasks (#5421)

bug fixes:

  • #5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)
  • πŸ› Fix docs and remove redundant code for LimitRanges (#5351)

[Bug fix] Clarify limitrange documentation and remove functionality that's provided by k8s anyway

  • πŸ› Fail validation for PipelineRun params with results in value (#5350)

PipelineRuns will now fail validation for duplicate parameter names or task result references in parameter values

  • πŸ› Fix for ResourceQuotaConflictError (#5252)

Tekton will retry the creation of the Pod if it fails due to a conflict and results in ResourceQuotaConflictError while updating a ResourceQuota.

  • πŸ› Switch PipelineRun timeout -> TaskRun logic to instead signal the TaskRuns to stop (#5134)

Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.

  • πŸ› Fix the value for APISecretNamespaceKey (#5492)
  • πŸ› Replace $(context...) values in resolver parameters (#5476)
  • πŸ› Restore results dependencies in v1 Pipeline (#5424)
  • πŸ› Metrics: Nil Derefence when TR/PR not found (#5388)
  • πŸ› Fix taskrun_validation_test Version (#5386)
  • πŸ› Check and/or add to sent cloud event cache in one operation (#5313)

Misc

  • πŸ”¨ petite DAG - introduce key to identify node instead of holding a (#5468)

Replace holding a Task in dag.Node with a unique string identifier.

  • πŸ”¨ hardening - params and when expressions (#5465)

Hardening looksLikeResultRef to only report a valid result references, "tasks..results." and "tasks..results..". Any other invalid look-a-like-result-references are treated as constants.

  • πŸ”¨ Log namespaces left in place after e2e testing. (#5370)

e2e tests log when a namespace is not deleted at test completion.

  • πŸ”¨ chore: change ghcr.io/distroless/* to distroless.dev/* (#5341)

Images are based on distroless.dev/* instead of the (equivalent) ghcr.io/distroless/* -- no effective behavior change

  • πŸ”¨ Adding template for a promotion request (#5486)

Developers - Please file a promotion request using this new template.

  • πŸ”¨ readable error message - double quote an invalid value in (#5425)

Updating error message - when step.onError is set to an invalid value, the error message now double quotes that value to easily spot it.

  • πŸ”¨ Add more unit tests for using non-exist key of an object in task step (#5411)

Add more unit tests to cover the case where non-exist individual keys of an object are used in task step.

  • πŸ”¨ Revert "Add baseimage for windows 1809" (#5502)
  • πŸ”¨ Improve DAG validation - v1beta1 tests (#5434)
  • πŸ”¨ Bump github.com/emicklei/go-restful from v2.15.0+incompatible to v2.16.0+incompatible (#5422)
  • πŸ”¨ Updated clock to use k8s.io/utils/clock (#5413)
  • πŸ”¨ test: use T.Setenv to set env vars in tests (#5398)
  • πŸ”¨ Get rid 'pipelienrun' (#5382)
  • πŸ”¨ Move bespoke functionality out of TaskRun API (#5377)
  • πŸ”¨ Remove @sbwsg -- account deleted. (#5367)
  • πŸ”¨ Fail linting if k8s.io/apimachinery/pkg/util/clock is imported (#5498)
  • πŸ”¨ Update location of clock (#5494)
  • πŸ”¨ Bump code.gitea.io/sdk/gitea from 0.14.0 to 0.15.1 (#5488)
  • πŸ”¨ V1: add conversion for PipelineRunSpec.PipelineRef.Bundle (#5477)
  • πŸ”¨ Remove a stray println from resolvers main (#5469)
  • πŸ”¨ Bump codeql-action to v2 (#5467)
  • πŸ”¨ Add V1 version of PipelineRun CRD (#5464)
  • πŸ”¨ Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#5458)
  • πŸ”¨ Add examples for some resolvers (#5451)
  • πŸ”¨ Switch remaining clock references to k8s.io/utils/clock (#5448)
  • πŸ”¨ Add successful git resolver e2e test (#5428)
  • πŸ”¨ Add conversion for v1 PipelineRun (#5426)
  • πŸ”¨ Add docs/pipeline-api.md.backup to .gitignore (#5418)
  • πŸ”¨ git-resolver.md should refer to default-revision, not default-branch (#5410)
  • πŸ”¨ Fix TestYamls for change in ko create (#5396)
  • πŸ”¨ V1: Add conversion for TaskRunSpec.TaskRef.Bundle (#5381)
  • πŸ”¨ Add V1 version of TaskRun CRD (#5379)
  • πŸ”¨ V1: Add conversion for TaskRun.Resources (#5378)
  • πŸ”¨ Move over Resolution's reconciler-related code, update existing code to point to it (#5372)
  • πŸ”¨ Bump go.uber.org/zap from 1.22.0 to 1.23.0 (#5368)
  • πŸ”¨ knative/pkg: bump to release-1.7. (#5360)
  • πŸ”¨ Add CSI and Projected Workspace to V1 (#5354)
  • πŸ”¨ Add V1 version of Pipeline CRD (#5349)
  • πŸ”¨ Update go.mod to go 1.18 (#5338)
  • πŸ”¨ V1: Add conversion for Pipeline.Resources (#5331)
  • πŸ”¨ Add V1 PipelineRun Golang struct (#5324)
  • πŸ”¨ Bump github.com/containerd/containerd from 1.5.13 to 1.6.8 (#5285)
  • πŸ”¨ Add conversion for v1 TaskRun (#5274)
  • πŸ”¨ Add V1 TaskRun Golang structs (#5264)
  • πŸ”¨ Clarify error message for verify-codegen.sh (#5256)

Docs

  • πŸ“– Move and update v1beta1 to v1 migration doc from Indexed (#5466)

The document has been added that describes the changes needed when migrating from v1beta1 to v1.

  • πŸ“– Doc about migrating from v1beta1 to v1 (#5415)

The document has been added that describes the changes needed when migrating from v1beta1 to v1.

  • πŸ“– updating readme with the last two releases (#5347)

Updating README to include last two releases details - 0.39 and 0.38.3.

  • πŸ“– Update releases in deprecations table (#5473)
  • πŸ“– Fix alpha features and alpha release links for remote resolution (#5472)
  • πŸ“– Describe Runtime Envs of E2E Tests (#5449)
  • πŸ“– Update docs for testing and enabling alpha features (#5437)
  • πŸ“– Add the enable-*-resolver flags to the Pipeline controller customization docs (#5419)
  • πŸ“– Add instructions for enabling alpha features (#5406)
  • πŸ“– Update the release cheatsheet to include release resources (#5366)

Thanks

Thanks to these contributors who contributed to v0.40.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, abayer, and 23 other contributors
Assets 6
Loading