Skip to content

Releases: tektoncd/pipeline

Tekton Pipeline release v0.56.4 "Persian Terminator"

08 Apr 21:07
@tekton-robot tekton-robot
v0.56.4
faf26be
Compare
Choose a tag to compare
Tekton Pipeline release v0.56.4 "Persian Terminator"

-Docs @ v0.56.4
-Examples @ v0.56.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.4/release.yaml
REKOR_UUID=24296fb24b8ad77a246fb071bb1e27bb8c9aa3c80aa8f7f284a3f17e41f49960167d60df9ae6a20f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v0.56.x] [StepActions] when using a stepTemplate the ref gets removed (#7814)
  • [release-v0.56.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7856)
  • [release-v0.56.x] Update go-git/v5 for CVE-2023-49569 (#7837)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.4!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Assets 4
Loading

Tekton Pipeline release v0.53.6 "Chartreux Rachael"

08 Apr 19:57
@tekton-robot tekton-robot
v0.53.6
4413478
Compare
Choose a tag to compare
Tekton Pipeline release v0.53.6 "Chartreux Rachael"

-Docs @ v0.53.6
-Examples @ v0.53.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.6/release.yaml
REKOR_UUID=24296fb24b8ad77a58dae7f6faf9762bba17f2a70c00ecee45c691a6679e49878ddb4fc34cca12ee

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • [release-v0.53.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7857)
  • [release-v0.53.x] Update go-git/v5 for CVE-2023-49569 (#7838)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.53.6!

Extra shout-out for awesome release notes:

Contributors

vdemeester
Assets 4
Loading

Tekton Pipeline release v0.50.6 "Russian Blue Daneel Olivaw"

09 Apr 08:54
@tekton-robot tekton-robot
v0.50.6
0ca072b
Compare
Choose a tag to compare
Tekton Pipeline release v0.50.6 "Russian Blue Daneel Olivaw"

-Docs @ v0.50.6
-Examples @ v0.50.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.6/release.yaml
REKOR_UUID=24296fb24b8ad77ab39f94a9c6627f1ae85c428863d0dbdbea4c9481976f30c00d5f9f712a117720

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v0.50.x] Remove conversion configuration for (#7798)

emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

  • 🐛 [release-v0.50.x] fix: ensure clustertask annotations are synced to taskrun (#7656)

ix: ensure ClusterTask annotations and labels are synced to TaskRun

  • 🐛 [release-v0.50.x] Fix validations for Sidecars to be consistent (#7451)

idecars are now validated at admission webhook

  • 🐛 [release-v0.50.x] don't return validation error when final tasks failed/skipped (#7485)
  • [release-v0.50.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7858)
  • [release-v0.50.x] Update go-git/v5 for CVE-2023-49569 (#7839)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.50.6!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Assets 4
Loading

Tekton Pipeline release v0.47.9 "Chartreux Rachael"

09 Apr 08:54
@tekton-robot tekton-robot
v0.47.9
e7ba13b
Compare
Choose a tag to compare
Tekton Pipeline release v0.47.9 "Chartreux Rachael"

-Docs @ v0.47.9
-Examples @ v0.47.9

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.9/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.9/release.yaml
REKOR_UUID=24296fb24b8ad77a97b4cab5b45b50c5ccf7747c415168ca5a52a02bf17db08b9289c8518215ab4e

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.9@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • [release-v0.47.x] chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#7859)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.9!

Extra shout-out for awesome release notes:

Contributors

vdemeester
Assets 4
Loading

Tekton Pipeline release v0.47.8 "Chartreux Rachael"

08 Apr 13:51
@tekton-robot tekton-robot
v0.47.8
4b16da6
Compare
Choose a tag to compare
Tekton Pipeline release v0.47.8 "Chartreux Rachael"

-Docs @ v0.47.8
-Examples @ v0.47.8

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.8/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.8/release.yaml
REKOR_UUID=24296fb24b8ad77a4e15157f9968c5f4a015417a5c1d728fb85cf766ef9357ef1cc3abc19e871f58

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.8@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.8!

Extra shout-out for awesome release notes:

Contributors

vdemeester
Assets 4
Loading

Tekton Pipeline release v0.56.3 "Persian Terminator"

27 Mar 15:42
@tekton-robot tekton-robot
v0.56.3
3d2b5cb
Compare
Choose a tag to compare
Tekton Pipeline release v0.56.3 "Persian Terminator"

-Docs @ v0.56.3
-Examples @ v0.56.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.3/release.yaml
REKOR_UUID=24296fb24b8ad77ae45e562eaaa6a469881e47013e15601d6644002bc596ca9464a382cdec3f2b5d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v0.56.x] Fix: Merge StepTemplate with Step containing Results and Params (#7809)

ix: Merge StepTemplate with Step containing Results and Params

  • 🐛 [release-v0.56.x] Do not register for conversion (#7801)

emoved StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.

  • 🐛 [release-v0.56.x] Remove conversion configuration for (#7800)

emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.3!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Assets 4
Loading

Tekton Pipeline release v0.53.5 "Munchkin Maschinenmensch"

27 Mar 11:52
@tekton-robot tekton-robot
v0.53.5
35b85fb
Compare
Choose a tag to compare
Tekton Pipeline release v0.53.5 "Munchkin Maschinenmensch"

-Docs @ v0.53.5
-Examples @ v0.53.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.5/release.yaml
REKOR_UUID=24296fb24b8ad77a9d50edf817e79b97e161157785b92ff8000bf03e6a52970312def3c7a407be06

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v0.53.x] Remove conversion configuration for ClusterTask (#7797)

Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.53.5!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Assets 4
Loading

Tekton Pipeline release v0.47.7 "Chartreux Rachael"

27 Mar 14:07
@tekton-robot tekton-robot
v0.47.7
6808ce1
Compare
Choose a tag to compare
Tekton Pipeline release v0.47.7 "Chartreux Rachael"

-Docs @ v0.47.7
-Examples @ v0.47.7

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.7/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.7/release.yaml
REKOR_UUID=24296fb24b8ad77aec77ad419d1de1867a08ec105634b5ff541aad517abfb411bac62f6f26340f07

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.7@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v0.47.x] Remove conversion configuration for (#7799)

emove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.7!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Assets 4
Loading

Tekton Pipeline release v0.58.0 "Bombay Robbie"

20 Mar 21:34
@tekton-robot tekton-robot
v0.58.0
f0a1d64
Compare
Choose a tag to compare
Tekton Pipeline release v0.58.0 "Bombay Robbie"

🎉 displayName in childReferences and dynamic specifications of secrets and configmaps in workspaces 🎉

-Docs @ v0.58.0
-Examples @ v0.58.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.58.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.58.0/release.yaml
REKOR_UUID=24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.58.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ TEP-0147: introduce feature flag to guard artifacts feature (#7705)

Introduces a feature flag enable-artifacts.

  • ✨ TEP 0147: add inputs/outputs to stepState (#7703)

introduce inputs/outputs to stepState for future artifacts work

  • ✨ implementing TEP-0150 - in (#7683)

A fully resolved displayName is now available in childReferences along with the pipelineTaskName. This is mainly beneficial to parameterize and easily distinguish matrix instances of the task.

  • ✨ feat: support for variable interpolation in workspace.* (in PipelineRun and TaskRun) (#7671)

feat: support for variable interpolation in workspace.* (in PipelineRun and TaskRun)

Fixes

  • 🐛 fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task (#7722)

fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task

  • 🐛 fix: pipeline execution status test case index error (#7742)
  • 🐛 Migrate jaeger to otel API (#7547)

Misc

  • 🔨 chore(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 (#7774)
  • 🔨 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#7773)
  • 🔨 chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#7772)
  • 🔨 chore(deps): bump tj-actions/changed-files from 42.1.0 to 43.0.0 (#7771)
  • 🔨 chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14 (#7770)
  • 🔨 chore(deps): bump github/codeql-action from 3.24.6 to 3.24.8 (#7769)
  • 🔨 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#7768)
  • 🔨 chore(deps): bump k8s.io/api from 0.27.11 to 0.27.12 in /test/custom-task-ctrls/wait-task-beta (#7767)
  • 🔨 chore(deps): bump tj-actions/changed-files from 42.0.5 to 42.1.0 (#7747)
  • 🔨 chore(deps): bump github/codeql-action from 3.24.5 to 3.24.6 (#7735)
  • 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.1 to 1.8.2 (#7727)
  • 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to 1.8.2 (#7723)
  • 🔨 chore(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#7719)
  • 🔨 chore(deps): bump tj-actions/changed-files from 42.0.4 to 42.0.5 (#7718)
  • 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.8.7 to 1.9.0 (#7712)
  • 🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.23.1 to 1.24.0 (#7710)
  • 🔨 chore(deps): bump go.opentelemetry.io/otel from 1.23.1 to 1.24.0 (#7709)
  • 🔨 chore(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 (#7702)
  • 🔨 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#7696)
  • 🔨 chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.1 (#7695)
  • 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.56.1 to 1.56.2 in /tools (#7676)
  • 🔨 fix: reduce warnings caused by woke scan results (#7558)
  • 🔨 Bump github.com/docker/docker from 24.0.0+incompatible to 24.0.7+incompatible (#7526)

Docs

  • 📖 [TEP-0129] Move CRDs definition and update multi-tenancy docs accordingly (#7598)

Document simple installation instructions for a Tekton multi-tenancy setup.

  • 📖 docs: changing the variable camel cases (#7701)
  • 📖 fix:add missing documentation link (#7697)
  • 📖 Fix link to CEL in WhenExpression docs (#7692)
  • 📖 Fix typo in additional configs doc (#7689)
  • 📖 Add release v0.57.0 to the list of releases (#7687)
  • 📖 Add feature flags recording demo for developer guide (#7662)
  • 📖 docs: optimize examples for propagating results (#7554)

Thanks

Thanks to these contributors who contributed to v0.58.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, pritidesai, and 9 other contributors
Assets 4
Loading

Tekton Pipeline release v0.56.2 "Persian Terminator"

06 Mar 17:55
@tekton-robot tekton-robot
v0.56.2
f3dd478
Compare
Choose a tag to compare
Tekton Pipeline release v0.56.2 "Persian Terminator"

-Docs @ v0.56.2
-Examples @ v0.56.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.2/release.yaml
REKOR_UUID=24296fb24b8ad77a945b36a68c366cf57e421e1d269cb1cdd9b7efcfce4a1fcc9c4dfa0833912646

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ [release-v0.56.x] Allow for the specified duration (#7678)

onfigure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.

Fixes

  • 🐛 [release-v0.56.x] fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task (#7733)

ix: avoid panic when used pipelineRef or pipelineSpec in pipeline task

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.56.2!

Extra shout-out for awesome release notes:

Contributors

pritidesai, l-qing, and tekton-robot
Assets 4
Loading