Tekton Pipeline release v0.42.0 "Aegean Brackenridge"
π Enforce resource verification, GA policy documented and Custom Task Beta π
-Docs @ v0.42.0
-Examples @ v0.42.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.42.0/release.yaml
REKOR_UUID=24296fb24b8ad77a92f523df8531edb5cb063ec9ef24a9e652e0643ff0f7ac9ce89edc8aa9395ffd
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.42.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
- β¨ Make the webhook port number configurable (#5696)
The port on which the webhook server listens may be configured via the WEBHOOK_PORT environment variable.
- β¨ Set ConfigSource in clusterresolver (#5687)
Set source value for cluster resource to link back its origin i.e. url and checksum.
- β¨ Set ConfigSource in bundleresolver (#5684)
ociresolver captures correct source information about where remote image came from.
- β¨ Feature flag for provenance field in status (#5670)
Added a new boolean feature flag named "enable-provenance-in-status" in feature-flags configmap to enable the provenance field in status to be populated. This field in status aims to record authenticated metadata about how a software artifact was built i.e. the source where remote resource came from.
- β¨ Set ConfigSource in gitresolver (#5664)
Set ConfigSource value for gitresolver to record the source where the remote resource came from.
- β¨ TEP-0114: Reconciler, event, config, webhook support for CustomRuns (#5662)
Reconciler, event, config, and webhook support for CustomRuns
- β¨ [TEP-0091] Add Verification at reconciler (#5581)
Trusted Resource feature enable tekton pipeline to verify the resources resolved from resolver. With trusted resource feature, users can configure public keys in configmap and choose to turn on/off this feature via feature flag resource-verification-mode
. This commit enables mount public key files as secrets into Pipeline and used for verification. Taskrun/Pipelinerun that fail the verification will be marked as failed
and be stopped from execution if resource-verification-mode
is set to enforce
- β¨ Populate the field (#5397)
Populate the TaskRun/PipelineRun's Status.Provenance.ConfigSource field with the value from the remote ResolutionRequest Status.
Note: the feature flag enable-provenance-in-status
needs to be set to "true" to enable this provenance field to be populated & available in *Run.Status.
- β¨ Bring
Retries
andRetriesStatus
back (#5765)
Fixes
- π Add conversion config to ResolutionRequest CRD (#5742)
Properly configures conversion from v1alpha1.ResolutionRequest to v1beta1.ResolutionRequest
- π fix: the pipelinerun never done due to repeated workspace (#5724)
Check for duplicate workspaces of pipeline task.
- π Remove logging.request-log-template from resolvers config-observability CM (#5717)
Clean up example configuration in config-observability configmap for tekton-pipelines-resolvers namespace
- π Fixes default value for enabling resolvers (#5725)
- π Fix TaskRef and PipelineRef name with Resolver Conversion (#5702)
Misc
- π¨ TEP-0114 Serve Custom Task Beta (#5780)
Custom Task Beta is available.
- π¨ Use SchemeGroupVersion for tekton objects in cluster resolver (#5705)
Use v1beta1.SchemeGroupVersion.String() for the APIVersion field in the tekton object retrieved by cluster resolver.
- π¨ fix cloud event flaky unit tests by adding waitgroup to fakeclient (#5690)
Fix cloud event flacky unit tests by adding EventSender
- π¨ Add unit tests for bundle resolver (#5704)
Add unit test for bundle resolver
- π¨ Add GA API policy and describe feature gates (#5634)
Updates API compatibility policy for the V1 api version
- π¨ main branch's codegen is out of sync. (#5764)
- π¨ fix knative downstream tests (#5763)
- π¨ TEP-0114: Stop serving v1beta1.CustomRun until we align on Retries (#5736)
- π¨ Order methods to appear next to their receiving types (#5733)
- π¨ [upgrade test] Change to Kind cluster and Unfixed upgrade test release version (#5726)
- π¨ Remove
retriesStatus
fromCustomRunStatus
(#5719) - π¨ Add RunReason and CustomRunReason (#5718)
- π¨ Stop using copy-paste of old git-clone catalog task in examples/tests (#5712)
- π¨ Bump k8s.io/code-generator from 0.25.2 to 0.25.4 (#5762)
- π¨ Bump k8s.io/client-go from 0.25.3 to 0.25.4 (#5761)
- π¨ Bump k8s.io/api from 0.25.3 to 0.25.4 (#5759)
- π¨ Bump github.com/containerd/containerd from 1.6.9 to 1.6.10 (#5758)
- π¨ Bump k8s.io/apimachinery from 0.25.3 to 0.25.4 (#5745)
- π¨ Bump github.com/google/go-containerregistry from 0.12.0 to 0.12.1 (#5743)
- π¨ Bump golang.org/x/oauth2 from 0.1.0 to 0.2.0 (#5739)
- π¨ Bump golang.org/x/crypto from 0.1.0 to 0.2.0 (#5738)
- π¨ Bump go.opencensus.io from 0.23.0 to 0.24.0 (#5731)
- π¨ Rename v1beta1 clients for test (#5701)
- π¨ Bump github.com/jenkins-x/go-scm from 1.11.29 to 1.11.35 (#5642)
Docs
- π Update Roadmap with link to project board (#5735)
- π Add finallystarttime to PipelineRun status docs (#5729)
- π Update README and releases for v0.41.0 (#5698)
- π TEP-0114: Custom Task Beta - User Guide (#5677)
Thanks
Thanks to these contributors who contributed to v0.42.0!
- β€οΈ @JeromeJu
- β€οΈ @ScrapCodes
- β€οΈ @XinruZhang
- β€οΈ @Yongxuanzhang
- β€οΈ @abayer
- β€οΈ @afrittoli
- β€οΈ @chuangw6
- β€οΈ @cugykw
- β€οΈ @dependabot[bot]
- β€οΈ @dibyom
- β€οΈ @imjasonh
- β€οΈ @jerop
- β€οΈ @lbernick
- β€οΈ @sel
- β€οΈ @sm43
- β€οΈ @urbanikb
Extra shout-out for awesome release notes:
- π @XinruZhang
- π @Yongxuanzhang
- π @abayer
- π @chuangw6
- π @cugykw
- π @dibyom
- π @sel