Skip to content

Tekton Pipeline release v0.42.0 "Aegean Brackenridge"

Compare
Choose a tag to compare
@tekton-robot tekton-robot released this 23 Nov 09:27

πŸŽ‰ Enforce resource verification, GA policy documented and Custom Task Beta πŸŽ‰

-Docs @ v0.42.0
-Examples @ v0.42.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml
REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.42.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Make the webhook port number configurable (#5696)

The port on which the webhook server listens may be configured via the WEBHOOK_PORT environment variable.

  • ✨ Set ConfigSource in clusterresolver (#5687)

Set source value for cluster resource to link back its origin i.e. url and checksum.

  • ✨ Set ConfigSource in bundleresolver (#5684)

ociresolver captures correct source information about where remote image came from.

  • ✨ Feature flag for provenance field in status (#5670)

Added a new boolean feature flag named "enable-provenance-in-status" in feature-flags configmap to enable the provenance field in status to be populated. This field in status aims to record authenticated metadata about how a software artifact was built i.e. the source where remote resource came from.

  • ✨ Set ConfigSource in gitresolver (#5664)

Set ConfigSource value for gitresolver to record the source where the remote resource came from.

  • ✨ TEP-0114: Reconciler, event, config, webhook support for CustomRuns (#5662)

Reconciler, event, config, and webhook support for CustomRuns

  • ✨ [TEP-0091] Add Verification at reconciler (#5581)

Trusted Resource feature enable tekton pipeline to verify the resources resolved from resolver. With trusted resource feature, users can configure public keys in configmap and choose to turn on/off this feature via feature flag resource-verification-mode. This commit enables mount public key files as secrets into Pipeline and used for verification. Taskrun/Pipelinerun that fail the verification will be marked as failed and be stopped from execution if resource-verification-mode is set to enforce

  • ✨ Populate the field (#5397)

Populate the TaskRun/PipelineRun's Status.Provenance.ConfigSource field with the value from the remote ResolutionRequest Status.

Note: the feature flag enable-provenance-in-status needs to be set to "true" to enable this provenance field to be populated & available in *Run.Status.

  • ✨ Bring Retries and RetriesStatus back (#5765)

Fixes

  • πŸ› Add conversion config to ResolutionRequest CRD (#5742)

Properly configures conversion from v1alpha1.ResolutionRequest to v1beta1.ResolutionRequest

  • πŸ› fix: the pipelinerun never done due to repeated workspace (#5724)

Check for duplicate workspaces of pipeline task.

  • πŸ› Remove logging.request-log-template from resolvers config-observability CM (#5717)

Clean up example configuration in config-observability configmap for tekton-pipelines-resolvers namespace

  • πŸ› Fixes default value for enabling resolvers (#5725)
  • πŸ› Fix TaskRef and PipelineRef name with Resolver Conversion (#5702)

Misc

  • πŸ”¨ TEP-0114 Serve Custom Task Beta (#5780)

Custom Task Beta is available.

  • πŸ”¨ Use SchemeGroupVersion for tekton objects in cluster resolver (#5705)

Use v1beta1.SchemeGroupVersion.String() for the APIVersion field in the tekton object retrieved by cluster resolver.

  • πŸ”¨ fix cloud event flaky unit tests by adding waitgroup to fakeclient (#5690)

Fix cloud event flacky unit tests by adding EventSender

  • πŸ”¨ Add unit tests for bundle resolver (#5704)

Add unit test for bundle resolver

  • πŸ”¨ Add GA API policy and describe feature gates (#5634)

Updates API compatibility policy for the V1 api version

  • πŸ”¨ main branch's codegen is out of sync. (#5764)
  • πŸ”¨ fix knative downstream tests (#5763)
  • πŸ”¨ TEP-0114: Stop serving v1beta1.CustomRun until we align on Retries (#5736)
  • πŸ”¨ Order methods to appear next to their receiving types (#5733)
  • πŸ”¨ [upgrade test] Change to Kind cluster and Unfixed upgrade test release version (#5726)
  • πŸ”¨ Remove retriesStatus from CustomRunStatus (#5719)
  • πŸ”¨ Add RunReason and CustomRunReason (#5718)
  • πŸ”¨ Stop using copy-paste of old git-clone catalog task in examples/tests (#5712)
  • πŸ”¨ Bump k8s.io/code-generator from 0.25.2 to 0.25.4 (#5762)
  • πŸ”¨ Bump k8s.io/client-go from 0.25.3 to 0.25.4 (#5761)
  • πŸ”¨ Bump k8s.io/api from 0.25.3 to 0.25.4 (#5759)
  • πŸ”¨ Bump github.com/containerd/containerd from 1.6.9 to 1.6.10 (#5758)
  • πŸ”¨ Bump k8s.io/apimachinery from 0.25.3 to 0.25.4 (#5745)
  • πŸ”¨ Bump github.com/google/go-containerregistry from 0.12.0 to 0.12.1 (#5743)
  • πŸ”¨ Bump golang.org/x/oauth2 from 0.1.0 to 0.2.0 (#5739)
  • πŸ”¨ Bump golang.org/x/crypto from 0.1.0 to 0.2.0 (#5738)
  • πŸ”¨ Bump go.opencensus.io from 0.23.0 to 0.24.0 (#5731)
  • πŸ”¨ Rename v1beta1 clients for test (#5701)
  • πŸ”¨ Bump github.com/jenkins-x/go-scm from 1.11.29 to 1.11.35 (#5642)

Docs

  • πŸ“– Update Roadmap with link to project board (#5735)
  • πŸ“– Add finallystarttime to PipelineRun status docs (#5729)
  • πŸ“– Update README and releases for v0.41.0 (#5698)
  • πŸ“– TEP-0114: Custom Task Beta - User Guide (#5677)

Thanks

Thanks to these contributors who contributed to v0.42.0!

Extra shout-out for awesome release notes: