Tekton Pipeline release v0.50.4 "Russian Blue Daneel Olivaw"

-Docs @ v0.50.4
-Examples @ v0.50.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.4/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.4/release.yaml
REKOR_UUID=24296fb24b8ad77a71dafca6c5f27aec2842996255eeda41ddd2b1cec5ca920da82d7239d7007e7a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.4@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

• 🔨 [release-v0.50.x] Pin the distroless base image to a stable alpine (#7362)

The Tekton images are now based on a distroless base image which is built on top of Alpine 3.18

Thanks

Thanks to these contributors who contributed to v0.50.4!

• ❤️ @afrittoli

Extra shout-out for awesome release notes:

• 😍 @afrittoli

Tekton Pipeline release v0.53.0 "Munchkin Maschinenmensch" LTS

🎉 CEL-based when expressions, Results from Matrices, beta promotions and more 🎉

-Docs @ v0.53.0
-Examples @ v0.53.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• [TEP-0104] Task-level Resource Requirements in now beta
• Matrix is now beta
• Starting with this release, all new API driven features will be controlled by individual feature flags, and the enable-api-fields flag will be eventually phased out, once all API features currently in alpha/beta reach stability (or are removed)

Changes

Features

• ✨ parameterize pipelineTask (#7273)

displayName can now accept params, task result references, or context variables.

• ✨ Hub resolver: add version constraints (#7257)

hub resolver can now specify a version constraint to choose a version (example: version: ">=0.2.0,< 1.0.0")

• ✨ Set public Tekton Hub API as default catalog (#7256)

tekton resolver now uses hub.tekton.dev by default.

• ✨ [TEP-0145] Add CEL field to WhenExpression

  • ✨ [TEP-0145] Add CEL field to WhenExpression, and feature flag to guard the field (#7247)
  • ✨ [TEP-0145] Add sanity check for CEL expression (#7251)
  • ✨ [TEP-0145] Add CEL evaluation (#7255)
    Support CEL expression in WhenExpression to guard the execution of Tasks

• ✨ Add a setting disallowing access to all namespaces (#7237)

Add special value * to the blocked-namespace setting for the cluster-resolver to disallow by default all namespaces and only allow the namespaces explicitly listed in allowed-namespace setting.

• ✨ [TEP-0104] Task-level Resource Requirements to beta (#7225)

The task-level resource requirements feature allows the user to set computeResources at runtime i.e. on TaskRun. This is now enabled as part of the beta API.

• ✨ TEP-140: Produce Results in Matrix (#7167)

Pipeline authors can now produce results from a Matrixed PipelineTask as an aggregated array and consume them in an array params. Two context variables are introduced as part of this feature, $(tasks..matrix.length) to get the length of a matrix combinations and $(tasks..matrix..length) to get a length of aggregated result.

• ✨ Promoting Matrix to Beta 🎉 🎓 (#7164)

Matrix feature is promoted to beta and possible to utilize with enable-api-fields set to beta.

• ✨ TEP-0107: propagate results to embedded task spec (#7100)

Results are propagated in embedded specifications without mutations.

• ✨ [TEP0138] Add Per-feature Flag Struct for New Features (#7090)

Please use per feature flags for new API-driven feature gating.

• ✨ feat: add ability to include reason in count metrics (#7060)

Add ability to include reason along with status in TaskRun and PipelineRun count metrics

Backwards incompatible changes

In the current release:

• 🚨 The behaviour of the enable-api-field flag has been fixed, resulting in a slight behaviour change: when using the v1beta1 API, API features in beta are only available when the enable-api-field is set to beta or alpha. Beta features used to be enabled on the v1beta1 API regardless of the value of enable-api-field.
  Note that:

  • The default value for enable-api-field is beta
  • Users that have the flag set to alpha or beta will continue to have access to beta features on v1beta1 and v1 APIs
  • Users that have the flag set to stable will continue to not have access to beta features on the v1 API

  So in practice, there is no breaking change for users. Users of the v1beta1 API may now disable beta features, should they wish to do so, which was not possible before.

Work-in-progress

• 🚧 TEP-0142: Introduce feature flag (#7277)

[WIP] Introduces a new feature flag "enable-step-actions: true/false" to gate the use of step actions.

• 🚧 TEP-0142: Introducing the StepAction CRD (#7260)

Introduced the StepAction CRD as designed in https://github.com/tektoncd/community/blob/main/teps/0142-enable-step-reusability.md. The implementation is still ongoing; feature is not yet functional.

• 🚧 [TEP-0050] Add OnError field (#7162)

Fixes

• 🐛 Regression: fix results with out of order tasks (#7169)

Fix regression where a different order of task definition may cause result resolution to break

• 🐛 Fix race condition in PVC deletion (#7149)

Bug fix: delete PVCs created by VolumeClaimTemplates when the owning PipelineRun is completed

• 🐛 Recover Conversion Functions from Pipeline Resources for backwards compatibility (#7109)

Recover Conversion Functions from Pipeline Resources for backwards compatibility

• 🐛 Different configmap for Leader Election per deployment (#7014)

Change configmap for LeaderElection of webhook to config-leader-election-webhook, event controller to config-leader-election-event and resolvers to config-leader-election-resolvers

• 🐛 fix wait entrypoint cancellation error log output. (#7272)
• 🐛 Flake Test fix: Sort TaskRunResults (#7254)
• 🐛 fix waiter test is flaky (#7227)
• 🐛 🔒 Update knative/pkg 1.11 to address CVE-2023-44487 (#7210)

Misc

• 🔨 Refactor version.ValidateEnabledAPIFields to config pkg (#7206)

refactor: version.ValidateEnabledAPIFields has been moved to the config package

• 🔨 [TEP0138] Decouple v1beta1 beta feature validation (#6941)

v1beta1 CRDs with beta features now requires beta enable-api-fields. More specifically, users who have been accidentally using beta features resolvers, object array params and results with enable-api-fields set to stable now needs to change to enable-api-fields=beta

• 🔨 #7027 Cleanup cmp.Diff(want, got) for all diff.PrintWantGot() (#7209)
• 🔨 Avoid unnecessary scans for codeql on non code (#7286)
• 🔨 Bump k8s.io/client-go from 0.27.6 to 0.27.7 in /test/custom-task-ctrls/wait-task-beta (#7261)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#7246)
• 🔨 [TEP-0145] Pull in cel-go to vendor (#7245)
• 🔨 Bump github.com/tektoncd/pipeline from 0.52.0 to 0.52.1 in /test/custom-task-ctrls/wait-task-beta (#7219)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.3 to 1.7.4 (#7213)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.8.0 to 1.8.1 (#7204)
• 🔨 Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#7203)
• 🔨 #6614 Add inclusive source scanning (#7199)
• 🔨 Rename test cases for beta feature validations (#7198)
• 🔨 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#7197)
• 🔨 Bump github.com/containerd/containerd from 1.7.6 to 1.7.7 (#7196)
• 🔨 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 in /test/custom-task-ctrls/wait-task-beta (#7195)
• 🔨 Add reviewers section to OWNERS file. (#7193)
• 🔨 Add @chitrangpatel as an pipelines maintainer (#7181)
• 🔨 Bump golang.org/x/sync from 0.3.0 to 0.4.0 (#7178)
• 🔨 update perl docker image with multi-arch tag (#7171)
• 🔨 Add @Yongxuanzhang as a pipelines maintainer (#7168)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.16.0 to 1.19.0 (#7163)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 (#7161)
• 🔨 Increase the publish timeout (#7160)
• 🔨 Bump google.golang.org/grpc from 1.58.1 to 1.58.2 (#7158)
• 🔨 Increase the publish task timeout (#7156)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#7154)
• 🔨 Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#7151)
• 🔨 Fix latest folder in releases (#7146)
• 🔨 updating an example - results using sidecar logs (#7145)
• 🔨 Bump github.com/tektoncd/pipeline from 0.51.0 to 0.52.0 in /test/custom-task-ctrls/wait-task-beta (#7142)
• 🔨 Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#7141)
• 🔨 Bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 (#7140)
• 🔨 documenting 0.51 and 0.52 releases (#7139)
• 🔨 Bump gomodules.xyz/jsonpatch/v2 from 2.2.0 to 2.4.0 (#7137)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.7.2 to 1.8.0 (#7136)
• 🔨 Bump code.gitea.io/sdk/gitea from 0.15.1 to 0.16.0 (#7135)
• 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.16.0 to 1.17.0 (#7134)
• 🔨 Bump go.opentelemetry.io/otel/trace from 1.16.0 ...

Tekton Pipeline release v0.50.3 "Rusian Blue Daneel Olivaw"

-Docs @ v0.50.3
-Examples @ v0.50.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.3/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.3/release.yaml
REKOR_UUID=24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• [v0.50.x] Bump GRPC Go to 1.56.3 to fix CVE (#7234)

This addresses GHSA-qppj-fm5r-hxr3 by not allowing more server handlers to be run than the HTTP/2 MAX_CONCURRENT_STREAMS setting.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.50.3!

• ❤️ @khrm

Extra shout-out for awesome release notes:

• 😍 @khrm

Tekton Pipeline release v0.47.5 "Chartreux Rachael"

-Docs @ v0.47.5
-Examples @ v0.47.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a8e347216bc80c82074f1721dbcfb1e10e487a0a2e5925d27cf46898c53bf6f5a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae82bf9a7805e018a65de380f89976e1ff158f0872060bc761452ec52d26dcc90
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.5/release.yaml
REKOR_UUID=24296fb24b8ad77ae82bf9a7805e018a65de380f89976e1ff158f0872060bc761452ec52d26dcc90

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.47.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• [0.47.x] Bump GRPC to v1.56.3 (#7240)
• [v0.47.x] Bump golang.org/x/net from 0.11.0 to 0.17.0 (#7221)

These addresse GHSA-qppj-fm5r-hxr3 by not allowing more server handlers to be run than the HTTP/2 MAX_CONCURRENT_STREAMS setting.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.47.5!

• ❤️ @khrm

Extra shout-out for awesome release notes:

• 😍 @khrm

Tekton Pipeline release v0.44.5 "Nebelung Nomad"

-Docs @ v0.44.5
-Examples @ v0.44.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml
REKOR_UUID=24296fb24b8ad77ae6d4a97d973af478bc9cefd6f575761773249d2706bf3d35bc7b81a7cc481fcf

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.44.5@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [cherry-pick-v0.44.x] Fix PipelineRun reconciler panic for computed timeouts (#6999)

bug fix: Avoid controller panics for computed timeouts

• [v0.44.x] Bump golang.org/x/net to 0.17.0 (#7222)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.44.5!

• ❤️ @khrm
• ❤️ @lbernick

Extra shout-out for awesome release notes:

• 😍 @lbernick

Tekton Pipeline release v0.50.2 "Russian Blue Daneel Olivaw"

-Docs @ v0.50.2
-Examples @ v0.50.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.2/release.yaml
REKOR_UUID=24296fb24b8ad77a6726958468f17410d57decea33a20cc1c61cae727201991da57f788c4095926b

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.50.x] Regression: fix results with out of order tasks (#7173)

Fix regression where a different order of task definition may cause result resolution to break

• 🐛 [release-v0.50.x] Validate beta features for inline pipelines and tasks (#7080)

Bug fix: validate beta features in inline tasks/pipelines in the same way as referenced tasks/pipelines

• 🐛 [release-v0.50.x] Fix release pipeline (publish-to-bucket) (#7045)

Fixed the release pipeline invalid spec.

• 🐛 [release-v0.50.x] Remove results annotations filtering (#7131)

• 🐛 [v0.50.x] Update knative/pkg 1.10 to address CVE-2023-44487 (#7211)

Misc

• 🔨 Increase the publish timeout (#7215)

Docs

• 📖 [release-v0.50.x] docs: Update references to examples from v1beta1 to v1 (#7202)

Thanks

Thanks to these contributors who contributed to v0.50.2!

• ❤️ @afrittoli
• ❤️ @khrm
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

Tekton Pipeline release v0.52.1 "California Spangled Optimus"

-Docs @ v0.52.1
-Examples @ v0.52.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.1/release.yaml
REKOR_UUID=24296fb24b8ad77a97c22594268cc45d986246339ada304b7587b205b59cf5d59df2650d24b14825

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 [release-v0.52.x] Regression: fix results with out of order tasks (#7174)

Fix regression where a different order of task definition may cause result resolution to break

Thanks

Thanks to these contributors who contributed to v0.52.1!

• ❤️ @afrittoli
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @afrittoli
• 😍 @tekton-robot

Tekton Pipeline release v0.52.0 "California Spangled Optimus"

🎉 Task and Pipeline Resolver Metrics, API Specifications for pipelines-in-pipelines 🎉

-Docs @ v0.52.0
-Examples @ v0.52.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml
REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add taskrun/pipelinerun gauge metrics around resolving respective tasks/pipelines (#7094)

New gauge metrics are introduced that count the number of TaskRuns waiting for resolution of any Tasks they reference, as well as count the number of PipelineRuns waiting on Pipeline resolution, and lastly count the number of PipelineRuns waiting on Task resolution for their underlying TaskRuns.

• ✨ [TEP-0056]: Initial set of API refactors pertinent to Pipelines in Pipelines (#7055)

Added PipelineRef and PipelineSpec fields to PipelineTask, in lieu of TEP-0056

Fixes

• 🐛 fix: clean results when taskrun retries (#7126)

The taskrun will clean up the last task results before retrying.

• 🐛 Validate beta features for inline pipelines and tasks (#7079)

Bug fix: validate beta features in inline tasks/pipelines in the same way as referenced tasks/pipelines

• 🐛 Remove results annotations filtering (#7108)
• 🐛 fix an issue with InvalidMatrixParameterTypes along with updating the matrix example with additional validations (#7064)

Misc

• 🔨 Add configmap for tracing config (#6897)

Tracing endpoint configuration is now moved from environment variable to the configmap config-tracing. Tracing can be now configured dynamically without needing to restart the controller. Refer the example configuration provided as part of the ConfigMap for the configuration options and format.

• 🔨 Clean up getting substitution expressions (#7121)
• 🔨 DEVELOPMENT: missing newline escape on shell example (#7107)
• 🔨 Cleanup: Move PipelineRun Reasons to pkg/apis (#7102)
• 🔨 cleaning up provenance from pipelineRun (#7091)
• 🔨 eventForObjectWithCondition -> EventForObjectWithCondition (#7052)
• 🔨 remove GetUnsignedPipeline helper function and use var in each file (#6800)
• 🔨 Bump github.com/containerd/containerd from 1.7.3 to 1.7.6 (#7130)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.7.1 to 1.7.2 (#7129)
• 🔨 Bump k8s.io/apimachinery from 0.27.1 to 0.27.6 in /test/custom-task-ctrls/wait-task-beta (#7119)
• 🔨 Bump k8s.io/client-go from 0.27.1 to 0.27.6 in /test/custom-task-ctrls/wait-task-beta (#7118)
• 🔨 Bump k8s.io/api from 0.27.1 to 0.27.6 in /test/custom-task-ctrls/wait-task-beta (#7117)
• 🔨 Bump k8s.io/api from 0.26.7 to 0.26.9 in /test/custom-task-ctrls/wait-task-beta (#7114)
• 🔨 Bump k8s.io/client-go from 0.25.11 to 0.25.14 in /test/custom-task-ctrls/wait-task-beta (#7112)
• 🔨 Bump google.golang.org/grpc from 1.56.2 to 1.58.1 (#7111)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.13.13 to 1.14.14 (#7089)
• 🔨 Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.3 (#7087)
• 🔨 Bump github.com/tektoncd/pipeline from 0.49.0 to 0.51.0 in /test/custom-task-ctrls/wait-task-beta (#7061)
• 🔨 Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#6913)

Docs

• 📖 add docs for emitting object results (#7120)
• 📖 fix docs and add max-result-size optional feature flag (#7110)
• 📖 Fix the link to alpha-features in docs (#7075)

Thanks

Thanks to these contributors who contributed to v0.52.0!

• ❤️ @Yongxuanzhang
• ❤️ @bhujangr
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @gabemontero
• ❤️ @jerop
• ❤️ @khrm
• ❤️ @kmjayadeep
• ❤️ @lbernick
• ❤️ @lvnvn
• ❤️ @melnikalex
• ❤️ @pritidesai
• ❤️ @vbatts

Extra shout-out for awesome release notes:

• 😍 @bhujangr
• 😍 @cugykw
• 😍 @gabemontero
• 😍 @kmjayadeep
• 😍 @lbernick

Tekton Pipeline release v0.51.0 "Havana Brown Demerzel"

🎉 Co-schedule option and bugfixes 🎉

-Docs @ v0.51.0
-Examples @ v0.51.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.51.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.51.0/release.yaml
REKOR_UUID=24296fb24b8ad77af0123195ea84840480151ea9735ca9e2f869d262e403dad6fa6c42c32bc04193

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.51.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

With this release, the minimun Kubernetes version supported is now 1.25.

Changes

Features

• ✨ [TEP-0135] Coschedule per (Isolated) PipelineRun e2e support (#6927)

[TEP-0135]: Support coschedule: pipelineruns and coschedule: isolate-pipelinerun coschedule modes.
Users can now opt in this new feature to schedule all the pods in the same node and to optionally enforce one running pipelinerun in a node at the same time.

• ✨ Add service for Resolvers - metrics, probes and tracing (#6973)

Deprecation Notices

• 🚨 Mark disable-affinity-assistant as deprecated (#6991)

The disable-affinity-assistant feature flag is deprecated in favour of the new coschedule feature flag. The disable-affinity-assistant feature flag will be removed in 9 months.

Fixes

• 🐛 Fix release pipeline (publish-to-bucket) (#7044)

Binary file (standard input) matches

• 🐛 Make sure we use the correct namespace for remote Pipeline validation (#7017)

ix validation errors when using the cluster resolver

• 🐛 Create a separate role for Events Controller (#7016)

The role for Events Controller is now tekton-events-controller, and the Rolebinding is now tekton-pipelines-events-controller.

• 🐛 fix: add taskRunTemplate field validation (#6983)

Validate forbidden envs in TaskRunTemplate.PodTemplate.

• 🐛 Fail fast on invalid image (#6982)

The Pod reason InvalidImageName is treated now as a permanent issue, so that TaskRuns that include a step with an invalid image reference are failed immediately and the corresponding Pod is deleted.

• 🐛 Sync checksum between trusted resources and cluster resolver (#6964)

Cluster resolver now computes the checksum of the pre-processed Tekton object instead of just the spec.

• 🐛 Fix Taskrun Failure for Preempted Pod of Taskrun (#6962)

This fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.

• 🐛 fix: refine error resean with invalid pipelinename in taskrunspecs (#6957)

When the taskRunSpecs of the pipelineRun contains an invalid pipeline task name, the cause of the InvalidTaskRunSpecs error is displayed.

• 🐛 Fix enforce-nonfalsifiability feature flag in configmap (#6937)

Misc

• 🔨 Mark disable-affinity-assistant as deprecated (#6991)

action required: The disable-affinity-assistant feature flag is deprecated in favour of the new coschedule feature flag. The disable-affinity-assistant feature flag will be removed in 9 months.
The Affinity Assistant behaviour should now be configured by the coschedule feature flag.

• 🔨 Bump knative/pkg to 1.11 (#6975)

Bump knative.dev/pkg to 1.11 so the Kubernetes min version is now 1.25

• 🔨 Add webhook validation for remote Tasks (#6942)

Remote tasks are now validated by any validating admission webhooks.

• 🔨 [TEP-0135] Refactor CreatePVCsForWorkspaces (#6921)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.1 to 1.54.2 in /tools (#7057)
• 🔨 Bump github.com/golangci/golangci-lint from 1.54.0 to 1.54.1 in /tools (#7047)
• 🔨 Bump github.com/golangci/golangci-lint from 1.53.3 to 1.54.0 in /tools (#7039)
• 🔨 Bump github.com/hashicorp/golang-lru from 0.5.4 to 1.0.2 (#7031)
• 🔨 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#7026)
• 🔨 Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1 (#7021)
• 🔨 Bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7018)
• 🔨 Bump github.com/containerd/containerd from 1.6.19 to 1.7.3 (#7002)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.7.0 to 1.7.1 (#6997)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.8.1 (#6980)
• 🔨 Add E2E Testing for Matrix (#6944)

Docs

• 📖 docs: Update references to examples from v1beta1 to v1 (#7050)
• 📖 Fix typos and formatting in TaskRuns doc (#7020)
• 📖 Update Matrix Documentation for Results (#7012)
• 📖 [TEP-0135] Improve workspace related documentation (#6994)
• 📖 Remove warnings about matrix being non-functional (#6986)
• 📖 Add v0.50 to releases.md (#6967)
• 📖 [TEP-0135] Update Affinity Assistant documentation (#6892)

Thanks

Thanks to these contributors who contributed to v0.51.0!

• ❤️ @AlanGreene
• ❤️ @EmmaMunley
• ❤️ @HamzaMateen
• ❤️ @QuanZhang-William
• ❤️ @afrittoli
• ❤️ @chitrangpatel
• ❤️ @cugykw
• ❤️ @dependabot[bot]
• ❤️ @khrm
• ❤️ @lbernick
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @QuanZhang-William
• 😍 @afrittoli
• 😍 @chitrangpatel
• 😍 @cugykw
• 😍 @khrm
• 😍 @lbernick
• 😍 @vdemeester

Tekton Pipeline release v0.50.1 "Russian Blue Daneel Olivaw"

-Docs @ v0.50.1
-Examples @ v0.50.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.50.1/release.yaml
REKOR_UUID=24296fb24b8ad77a1b02a57c8f75368d54f3f986188b3692201557a51808b4bc4e8acc1fcb835e38

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.50.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.50.x] Make sure we use the correct namespace for remote Pipeline validation (#7023)

ix validation errors when using the cluster resolver

• 🐛 [release-v0.50.x] Fix Taskrun Failure for Preempted Pod of Taskrun (#7009)

his fixes the Taskrun failure for Preempted Pod of Taskrun which uses PVC.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.50.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot