Tekton Pipeline release v0.56.0 "Persian Terminator LTS"

-Docs @ v0.56.0
-Examples @ v0.56.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0c94b8ccf25fa815c6b01ab90941b17a37373885d8f62efc99b17eea417bed4d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Support overriding the SCM type and server URL (#7450)
  User are now able to override the global server URL when using the git resolver to allow fetching from multiple git providers.
• ✨ TEP-0142: Introduce WorkingDir in StepActions (#7461)
• ✨ TEP-0075(object params and results) promoted to stable (#7544)
  TEP-0075 promoted to stable - object params and results is now possible with enable-api-fields set to stable.
• ✨ kind/feature : populate-params-and-results-to-workspace-bindings (#7503)
• ✨ TEP-0142: Passing StepResults between Steps (#7458)
  Enable passing StepResults between Steps in a `Task.
• ✨ param substitutions not allowed in StepAction's script (#7459)
  Param substitutions not allowed directly in StepAction's script

Fixes

• 🐛 fix: ensure global podTemplate configuration is merged correctly (#7552)

Merge the env and volumes from the podTemplate in the pipelineRun or TaskRun with the global defaults, instead of only considering the specified in the Run's.

• 🐛 Add back conversion for TaskRunStatus Resources (#7507)

restore conversion functions from taskRun and taskRunStatus resources for backwards compatibility

• 🐛 add default resource requirements to init-containers and containers of a pod (#7003)

[Bug fix]: takes default values of a resource requirements from a config map and updates to a init-container and container resource requirements value, if the value is not present

• 🐛 kind/bug allowExecution evaluation for when expression returns early when CEL is defined (#7569)
• 🐛 Fix broken import of go.opentelemetry.io/otel to v1.21.0 (#7465)

Misc

• 🔨 Label for failure PipelineRun Status Message (#7475)

user error attributions can now be seen via PipelineRunStatus condition messages

• 🔨 Error sweep: correct InvalidPipelineResultReference failure reason (#7459)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.5 to 1.8.1 (#7575)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.5 to 1.8.7 (#7570)
• 🔨 Bump tj-actions/changed-files from 41.0.1 to 41.1.1 (#7567)
• 🔨 Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#7566)
• 🔨 Bump github/codeql-action from 3.22.12 to 3.23.0 (#7548)
• 🔨 Bump actions/checkout from 3.1.0 to 4.1.1 (#7537)
• 🔨 Bump ossf/scorecard-action from 2.1.2 to 2.3.1 (#7536)
• 🔨 Bump tj-actions/changed-files from 40.2.3 to 41.0.1 (#7535)
• 🔨 Bump actions/upload-artifact from 3.1.0 to 4.0.0 (#7534)
• 🔨 Bump github/codeql-action from 2.2.4 to 3.22.12 (#7533)
• 🔨 Bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#7529)
• 🔨 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#7527)
• 🔨 Hardened GitHub workflows a little bit (#7524)
• 🔨 Bump k8s.io/api from 0.27.8 to 0.27.9 in /test/custom-task-ctrls/wait-task-beta (#7518)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.20 to 1.14.24 (#7515)
• 🔨 Bump google.golang.org/grpc from 1.59.0 to 1.60.1 (#7506)
• 🔨 Bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#7462)

Docs

Thanks

Thanks to these contributors who contributed to v0.56.0!

• ❤️ @JeromeJu
• ❤️ @Yongxuanzhang
• ❤️ @chitrangpatel
• ❤️ @dependabot[bot]
• ❤️ @ericzzzzzzz
• ❤️ @jkandasa
• ❤️ @l-qing
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @Yongxuanzhang
• 😍 @chitrangpatel
• 😍 @ericzzzzzzz
• 😍 @jkandasa
• 😍 @l-qing

Tekton Pipeline release v0.47.6 "Chartreux Rachael"

-Docs @ v0.47.6
-Examples @ v0.47.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.6/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.6/release.yaml
REKOR_UUID=24296fb24b8ad77a62ebb1cced6d37e04f6bce5a7736fcb8c2cf92c823122b72fa8c812ca90bb7b0

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.47.x] don't return validation error when final tasks failed/skipped (#7487)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.6!

• ❤️ @vdemeester

Extra shout-out for awesome release notes:

Tekton Pipeline release v0.55.0 "Bambino Alojzy Gąbka"

🎉 PipelineTask.OnError and bugfixes 🎉

-Docs @ v0.55.0
-Examples @ v0.55.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.55.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.55.0/release.yaml
REKOR_UUID=24296fb24b8ad77acf6e7f5cf38da4c2178e88e08bc2f291dc52b756371a21d349ca985bd125ace9

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.55.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0142: Introduce WorkingDir in StepActions (#7461)

Introduce WorkingDir in StepActions

• ✨ Support overriding the SCM type and server URL (#7450)

User are now able to override the global server URL when using the git resolver to allow fetching from multiple git providers.

• ✨ [TEP-0050] Implement PipelineTask OnError (#7422)

Implement "Ignore Task Failure" with new "PipelineTask.OnError" API field (TEP-0050). User can now set pipelineTask.onError: continue to ignore failure

Fixes

• 🐛 Fix enum validation with multiple param references (#7481)

bug fix: allow task-level param references multiple pipeline-level params with enum

• 🐛 Fix: do not fail TaskRun for concurrent modification errors (#7467)

fix: taskRuns will not fail for concurrent modification errors when stopping sideCars

• 🐛 Fix validations for Sidecars to be consistent (#7443)

sidecars are now validated at admission webhook

• 🐛 fix: resolve issue where resolutionrequest defaulted to v1alpha1 vs v1beta1 (#7438)

Resolved issue where resolutionrequest defaulted to v1alpha1 when it should be v1beta1

• 🐛 Do not require for entrypoint cancellation (#7430)

ntrypoint cancellation only requires keep-pod-on-cancel: true feature-flag.

• 🐛 Freeze image sha for dind-sidecar example test. (#7498)
• 🐛 FIX: Prevent panic on parameter evaluation (#7488)
• 🐛 change ResultRef.ResultsIndex from int to *int (#7460)
• 🐛 don't return validation error when final tasks failed/skipped (#7407)

Misc

• 🔨 Tracing: Add credentialsSecret for basic authentication to remote endpoint (#7238)

Tracing config now includes an additional optional field credentialsSecret where users can specify the name of a secret. The username and password fields from the secret will be used to authenticate against Tracing collector endpoint.

• 🔨 [TEP-0131] Update Conformance Spec for v1 api types (#7224)

Updates the conformance api spec with v1 api types in line with TEP-131

• 🔨 Error sweep: complete user-facing error messages formats (#7474)
• 🔨 Replace PipelineRunReasonFailedValidation with more granular reasons (#7417)
• 🔨 Error sweep: Move TaskRun Reasons in pkg/pod to pkg/apis (#7406)
• 🔨 Cleanup error message for Step container status (#7405)
• 🔨 Error sweep: add more context for PipelineRunCouldntGetPipeline error message (#7403)
• 🔨 Error sweep: refactor steps termination when failing TaskRun (#7386)
• 🔨 Refactor common util functions for /test (#7369)
• 🔨 Fix showing error message when validation fail (#7509)
• 🔨 Git resolver: validate repo URL (#7482)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.4 to 1.8.5 (#7463)
• 🔨 Fix some spelling in stepactions.md (#7432)
• 🔨 Remove .envrc and show an example in .envrc.sample (#7429)
• 🔨 Create scorecard.yml (#7409)
• 🔨 Add @JeromeJu as a pipelines maintainer (#7327)
• 🔨 Bump github.com/google/uuid from 1.3.1 to 1.4.0 (#7308)

Docs

• 📖 Add stdoutConfig and stderrConfig to alpha features table (#7494)
• 📖 Fix step actions documentation (#7492)
• 📖 [TEP-0050] Add Ignore Task Failure to alpha table (#7468)
• 📖 Update Feature Flags Documentation (#7445)
• 📖 Update StepActions Documentation (#7441)
• 📖 Fix typos and broken links in StepActions doc (#7431)
• 📖 Make git resolver label explicit (#7428)
• 📖 Update release with v0.54.0 (#7427)
• 📖 Update release cheat sheet (#7425)

Thanks

Thanks to these contributors who contributed to v0.55.0!

• ❤️ @AlanGreene
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @aaron-prindle
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chmouel
• ❤️ @dependabot[bot]
• ❤️ @dibyom
• ❤️ @jerop
• ❤️ @joaosilva15
• ❤️ @kmjayadeep
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @JeromeJu
• 😍 @QuanZhang-William
• 😍 @aaron-prindle
• 😍 @chitrangpatel
• 😍 @chmouel
• 😍 @dibyom
• 😍 @kmjayadeep
• 😍 @vdemeester

Tekton Pipeline release v0.54.2 "Korat Bender"

-Docs @ v0.54.2
-Examples @ v0.54.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.2/release.yaml
REKOR_UUID=24296fb24b8ad77a70414b954f5ea533eecb2a83f9a87997dc311d043ea27f6e609f4af5dcba94a1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.54.x] FIX: Prevent panic on parameter evaluation (#7512)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.54.2!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

Tekton Pipeline release v0.54.1 "Korat Bender"

-Docs @ v0.54.1
-Examples @ v0.54.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.1/release.yaml

Attestation

The Rekor UUID for this release is ``

Obtain the attestation:

REKOR_UUID=
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.1/release.yaml
REKOR_UUID=

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.54.x] don't return validation error when final tasks failed/skipped (#7510)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.54.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

Tekton Pipeline release v0.53.3 "Munchkin Maschinenmensch"

-Docs @ v0.53.3
-Examples @ v0.53.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.3/release.yaml
REKOR_UUID=24296fb24b8ad77afb99bd712cd691b6390f8d712a52f96661eaa96ad92eefe7cb047049140f16f3

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.53.x] Fix: do not fail TaskRun for concurrent modification errors (#7479)

ix: taskRuns will not fail for concurrent modification errors when stopping sideCars

• 🐛 [release-v0.53.x] Do not require for entrypoint cancellation (#7457)

Entrypoint cancellation only requires keep-pod-on-cancel: true feature-flag.

• 🐛 [release-v0.53.x] Fix validations for Sidecars to be consistent (#7446)

idecars are now validated at admission webhook

• 🐛 [release-v0.53.x] FIX: Prevent panic on parameter evaluation (#7491)
• 🐛 [release-v0.53.x] don't return validation error when final tasks failed/skipped (#7486)

Misc

• 🔨 [release-v0.53.x] Use a maintained action for "changed files" (#7490)
• 🔨 [v0.53.x] bump knative version to get a CVE fix (#7372)

Docs

Thanks

Thanks to these contributors who contributed to v0.53.3!

• ❤️ @JeromeJu
• ❤️ @jkandasa
• ❤️ @tekton-robot
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @tekton-robot
• 😍 @vdemeester

Tekton Pipeline release v0.54.0 "Korat Bender"

🎉 Reusable Steps via StepActions, Param Enums, HTTP Resolver! 🎉

-Docs @ v0.54.0
-Examples @ v0.54.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0142: Surface step results via sidecar logs (#7414)

  Surface step results via sidecar logs

• ✨ TEP-0142: Introduce StepResults in Steps, StepActions (#7382)

  Introduce StepResults in Steps for StepAction's Result storage.

• ✨ TEP-0142: Surface step results via termination message (#7349)

  Surface step results via termination message

• ✨ TEP-0142: Introduce Value in TaskResults (#7347)

  StepActions: Introduce Value in TaskResults

• ✨ [TEP-0142] Add VolumeMounts to StepAction (#7340)

  Users can define VolumeMounts in StepAction, the VolumeMounts Name should use string param reference to the params passed to the StepAction.

• ✨ [TEP-0144] Validate PipelineRun for Param Enum (#7338)

  Implement Param Enum validation for PipelineRuns. Param Enum is supported per TEP-0144

• ✨ [TEP-0142] Add SecurityContext (#7337)

  Users can declare SecurityContext in StepAction.

• ✨ TEP-0142: Add support for params between Step and StepActions (#7332)

  Completes support for params in StepActions.

• ✨ [TEP-0144] Validate TaskRun for Param Enum (#7326)

  Implement Param Enum validation for TaskRuns

• ✨ [TEP-0142] Remote Resolution for StepAction (#7321)

  Support Remote Resolution for StepAction

• ✨ TEP-0142: Introduce Params and Results into StepActions CRD (#7317)

  Introduces params and results into the StepAction CRD.

• ✨ Add credentials to HTTP resolver (#7315)

  The http resolver supports passing username and password for fetching URLs with basic credentials

• ✨ [TEP-0144] Add enum API field (#7289)

  Add Enum API field

• ✨ TEP-0142: Introduce StepAction referencing syntax in Steps (#7284)

  Introduces referencing syntax for StepAction in Steps

• ✨ [TEP-0144] Add feature flag and doc placeholder (#7279)

  Add enable-param-enum feature flag to gate the use of Param.Enum API field

• ✨ TEP-0142: Referencing StepActions in Steps (#7271)

  Enables referencing of StepActions in Steps if the feature flag "enable-step-actions: true" is set.

• ✨ Add a simple HTTP resolver (#7250)

  A new HTTP resolver is now available, it will let you resolve a http(s) URL to fetch a task or pipeline from.

• ✨ Let the user pass a secret via a parameter for SCM API operations when using the git API resolver (#7239)

  User are now able to pass a secret referencing token (or a tokenKey) for a SCM operation on the git resolver instead of using the global one from the configmap.

• ✨ [TEP-0142] Support default resolver for Ref to remote StepAction (#7345)

• ✨ TEP-0142: Add syntax for providing params to StepActions (#7334)

• ✨ [TEP-0142] Add ResolverRef to Ref (#7322)

Fixes

• 🐛 change bundle resolver to use secret instead of service account (#7331)

  action required: Bundle resolve uses secret to pull bundle Tasks/Pipelines from private registry instead of Service Account. Please update your bundle resolver ref to use secret.

• 🐛 fix: the pr may lose finallyStartTime when pipeline controller is not synchronized to all current state (#7186)

  Reset the finallyStartTime field when one or more final tasks have been created and the current finallyStartTime is empty.

• 🐛 fix: panic may occur when calculating the final task timeout waiting time (#7188)

Misc

• 🔨 Cleanup v1beta1 reference in pipelinerun reconciler (#7395)
• 🔨 fix: move getFeatureFlagsBaseOnAPIFlag from custom_task_test to another file (#7393)
• 🔨 chore: pkg import only once (#7348)
• 🔨 [TEP-0142] Refactor extractStepActions (#7328)
• 🔨 Fix capitalization inconsistency in reconciler (#7318)
• 🔨 remove GetUnsignedTask helper function and use var in each file (#6799)
• 🔨 Bump k8s.io/client-go from 0.27.7 to 0.27.8 in /test/custom-task-ctrls/wait-task-beta (#7377)
• 🔨 Bump github.com/tektoncd/pipeline from 0.53.0 to 0.53.1 in /test/custom-task-ctrls/wait-task-beta (#7368)
• 🔨 Use a maintained action for "changed files" (#7364)
• 🔨 Replace ubi9/ubi-minimal with busybox image (#7363)
• 🔨 Add direnv support with boilerplate (#7344)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.1 to 1.8.4 (#7343)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.14 to 1.14.20 (#7339)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#7311)
• 🔨 Bump github.com/tektoncd/pipeline from 0.52.1 to 0.53.0 in /test/custom-task-ctrls/wait-task-beta (#7305)
• 🔨 Bump github.com/containerd/containerd from 1.7.7 to 1.7.8 (#7303)
• 🔨 removed repeated word how-to-write-a-resolver.md (#7302)
• 🔨 Fix git resolver example (#7299)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.4 to 1.7.5 (#7288)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.2 to 1.55.1 in /tools (#7283)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#7281)
• 🔨 Bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 (#7280)
• 🔨 Bump github.com/google/cel-go from 0.12.6 to 0.18.1 (#7253)
• 🔨 Update ko to go 1.20 in release task (#7341)
• 🔨 Disable HTTP/2 by updating knative/pkg (#7324)

Docs

• 📖 Improve migration documentation (#7389)
• 📖 docs: update upper limit for layers in a bundle (#7355)
• 📖 fixed issue #7282 changed broken link from release-pipeline-nightly.yaml to release-pipeline.yaml (#7306)
• 📖 Update release with v0.53.0 LTS (#7301)

Thanks

Thanks to these contributors who contributed to v0.54.0!

• ❤️ @Dhruval7878
• ❤️ @Exar04
• ❤️ @JeromeJu
• ❤️ @QuanZhang-William
• ❤️ @Yongxuanzhang
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @chmouel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @khrm
• ❤️ @mlschmithorst
• ❤️ @pratap0007
• ❤️ @testwill
• ❤️ @vdemeester
• ❤️ @vivekBoii

Extra shout-out for awesome release notes:

• 😍 @QuanZhang-William
• 😍 @Yongxuanzhang
• 😍 @chitrangpatel
• 😍 @chmouel
• 😍 @cugykw
• 😍 @khrm

Tekton Pipeline release v0.53.2 "Munchkin Maschinenmensch"

-Docs @ v0.53.2
-Examples @ v0.53.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.2/release.yaml
REKOR_UUID=24296fb24b8ad77a65b4c04ecc3fa6d06bcfea7b874c1614dd3067dfc35fbffdfc8dcbe1ca0b891f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.53.x] Fix the controller and webhook images to use stable alpine (#7371)

The Tekton controller images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.53.2!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

Tekton Pipeline release v0.50.5 "Russian Blue Daneel Olivaw"

-Docs @ v0.50.5
-Examples @ v0.50.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.5/release.yaml
REKOR_UUID=24296fb24b8ad77a6931938578b4916b2944efdb45cd531e1913f85b8bc9c0a4e73512edcfbb86b5

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.50.x] Fix the controller and webhook images to use stable alpine (#7370)

The Tekton controller images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.50.5!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

Tekton Pipeline release v0.53.1 "Munchkin Maschinenmensch"

-Docs @ v0.53.1
-Examples @ v0.53.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.1/release.yaml
REKOR_UUID=24296fb24b8ad77a2b1a1e305c730d970cef50e8aa4e9da65cb4da59fd03d253eb3de693252ffad6

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.53.x] Pin the distroless base image to a stable alpine (#7361)

The Tekton images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.53.1!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli