fix(deps): update module github.com/tektoncd/pipeline to v0.64.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/tektoncd/pipeline	v0.39.0 -> v0.64.0

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.64.0: Tekton Pipeline release v0.64.0 "Ragamuffin Reventlov"

Compare Source

🎉 Released Container Images stored on ghcr.io 🎉

-Docs @​ v0.64.0
-Examples @​ v0.64.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.64.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.64.0/release.yaml
REKOR_UUID=108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.64.0@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Implement set-security-context feature for affinity assistant containers (#​8182)

Affinity Assistant containers will now have a securityContext when feature flag set-security-context is enabled in ConfigMap feature-flags.

Fixes

• 🐛 Fix isolated workspaces ignored when using StepTemplate (#​8272)

Isolated workspaces are now correctly set when using in conjuction with StepTemplate

• 🐛 fix(TaskRun): fixed the issue where some step statuses might not be correctly updated in failed TaskRun (#​8270)

fix: fixed the issue where some step statuses might not be correctly updated in failed TaskRun

• 🐛 fix(pipelinerun): resolve issue with PipelineRun not timing out successfully (#​8236)

fix(pipelinerun): resolve issue with PipelineRun not timing out successfully

• 🐛 fix(e2e): stabilize TestTaskRunFailure test (#​8174)
• 🐛 Mark steps as deleted when TaskRun fails (#​8294)

Misc

• 🔨 Bump the all group across 1 directory with 4 updates (#​8300)
• 🔨 Pin setup-go action (#​8291)
• 🔨 Simply the path for the base image (#​8290)
• 🔨 Bump github/codeql-action from 3.26.7 to 3.26.8 (#​8289)
• 🔨 Pin alpine image used in release pipeline (#​8287)
• 🔨 Update to the latest version of koparse for the release pipeline (#​8285)
• 🔨 Bump google.golang.org/grpc from 1.64.1 to 1.67.0 (#​8281)
• 🔨 Use the new version of koparse in the build (#​8278)
• 🔨 Bump step-security/harden-runner from 2.9.1 to 2.10.1 (#​8269)
• 🔨 Bump tj-actions/changed-files from 45.0.1 to 45.0.2 (#​8268)
• 🔨 Bump github/codeql-action from 3.26.6 to 3.26.7 (#​8267)
• 🔨 Bump the all group in /tekton with 4 updates (#​8266)
• 🔨 Adapt koparse step to handle no import path (#​8261)
• 🔨 Add KO_EXTRA_ARGS (#​8260)
• 🔨 Propagate image registry regions to publish (#​8259)
• 🔨 Fix the imageRegistryUser param usage in the release pipeline (#​8256)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8253)
• 🔨 Run build and tests conditionally (#​8252)
• 🔨 Support separate bucket and image reg creds (#​8251)
• 🔨 Add OCI source label to images (#​8247)
• 🔨 Make image registry regions configurable (#​8246)
• 🔨 build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#​8245)
• 🔨 build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#​8244)
• 🔨 build(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 (#​8243)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​8235)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.0 to 45.0.1 (#​8233)
• 🔨 build(deps): bump github/codeql-action from 3.26.3 to 3.26.6 (#​8232)

Docs

• 📖 Update releases for new Tekton Pipeline Releases 0.63 (#​8229)

Thanks

Thanks to these contributors who contributed to v0.64.0!

• ❤️ @​AlanGreene
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​dependabot[bot]
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.63.0: Tekton Pipeline release v0.63.0 "Abyssinian K-9"

Compare Source

-Docs @​ v0.63.0
-Examples @​ v0.63.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml
REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.63.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ cluster-reslover: add support for StepAction (#​8199)

tepAction are now supported to a refered via the cluster resolver.

• ✨ Allow securityContext field for affinity assistant podtemplate (#​8176)

Added the ability to set the pod-level securityContext for the AffinityAssistant StatefulSet.
This can be configured by providing a default-affinity-assistant-pod-template in the config-defaults ConfigMap or by specifying a pod template in TaskRun or PipelineRun.

• ✨ Add UID label to PipelineRun and TaskRun (#​8166)

TaskRun pods have tekton.dev/taskRunUID and tekton.dev/pipelineRunUID labels

Fixes

• 🐛 Fix Artifact type to a pointer (#​8226)

Fix Artifact type to a pointer.

• 🐛 fix task name show in metric (#​8216)

fix clusterTask name show anonymous in metric

• 🐛 apply default-container-resource-requirements before LimitRange transformer (#​8197)

[Bug fix]: default-container-resource-requirements will be applied to the container before LimtRange

• 🐛 fix(pipelinerun): resolve issue where canceling active pipelinerun fails (#​8173)

fix(pipelinerun): resolve issue where canceling active pipelinerun fails

• 🐛 fix(taskrun): resolve issue with TaskRun not failing promptly after Pod OOM (#​8171)

fix(taskrun): resolve issue with TaskRun not failing promptly after Pod OOM

• 🐛 fix: If the finally timeout is set to 0s, the calculates the next queue entry time according to the pipeline timeout. (#​8056)

If the finally timeout is set to 0s, the reconciler calculates the next queue entry time according to the pipeline timeout.

• 🐛 feat(matrix): Fix matrix param type mismatch problem for ref array result from customrun scenario (#​8024)

Misc

• 🔨 build(deps): bump tj-actions/changed-files from 44.5.7 to 45.0.0 (#​8223)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.59.1 to 1.60.3 in /tools (#​8219)
• 🔨 build(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.5+incompatible (#​8218)
• 🔨 Bump the all group in /tekton with 4 updates (#​8212)
• 🔨 Bump github/codeql-action from 3.26.0 to 3.26.3 (#​8211)
• 🔨 Bump the all group in /tekton with 4 updates (#​8204)
• 🔨 Bump actions/upload-artifact from 4.3.5 to 4.3.6 (#​8203)
• 🔨 Bump step-security/harden-runner from 2.9.0 to 2.9.1 (#​8202)
• 🔨 Bump github/codeql-action from 3.25.15 to 3.26.0 (#​8201)
• 🔨 {taskrun,pipelinerun}metrics: make sure config is up-to-date (#​8187)
• 🔨 Bump the all group in /tekton with 2 updates (#​8180)
• 🔨 Bump actions/upload-artifact from 4.3.4 to 4.3.5 (#​8179)
• 🔨 Bump tj-actions/changed-files from 44.5.5 to 44.5.7 (#​8178)
• 🔨 Bump github/codeql-action from 3.25.13 to 3.25.15 (#​8162)
• 🔨 Bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#​8161)
• 🔨 Bump the all group in /tekton with 4 updates (#​8160)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.27.0 to 1.28.0 (#​8154)

Docs

• 📖 docs: fix links to Matrix examples (#​7953)

Thanks

Thanks to these contributors who contributed to v0.63.0!

• ❤️ @​AverageMarcus
• ❤️ @​chengjoey
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​hittyt
• ❤️ @​jkandasa
• ❤️ @​khrm
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​chengjoey
• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​jkandasa
• 😍 @​khrm
• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.62.3: Tekton Pipeline release v0.62.3 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.3
-Examples @​ v0.62.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.3/release.yaml
REKOR_UUID=108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.3@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Fix Artifact type to a pointer (#​8228)

Fix Artifact type to a pointer.

• 🐛 [release-v0.62.x] apply default-container-resource-requirements before LimitRange transformer (#​8227)

[Bug fix]: default-container-resource-requirements will be applied to the container before LimtRange

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.3!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot
• 😍 @​vdemeester

v0.62.2: Tekton Pipeline release v0.62.2 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.2
-Examples @​ v0.62.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.2/release.yaml
REKOR_UUID=108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.2@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] check namespace config for node throttle metric (#​8213)

ith this fix the 'config-observabilitiy' configmap setting 'metrics.taskrun.throttle.enable-namespace' is now checked before incrementing the 'tekton_pipelines_controller_running_taskruns_throttled_by_node', where previously that config value was not being checked for the metric.

• 🐛 [release-v0.62.x] {taskrun,pipelinerun}metrics: make sure config is up-to-date (#​8198)
• 🐛 [release-v0.62.x] pkg/taskrunmetrics/fake shouldn't be imported… (#​8188)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.2!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.1: Tekton Pipeline release v0.62.1 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.1
-Examples @​ v0.62.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a888f88120c037b3b7b9b3be97d8dd4ea1950235f44033f29dce4a1123992a3d9

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a888f88120c037b3b7b9b3be97d8dd4ea1950235f44033f29dce4a1123992a3d9
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.1/release.yaml
REKOR_UUID=24296fb24b8ad77a888f88120c037b3b7b9b3be97d8dd4ea1950235f44033f29dce4a1123992a3d9

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Refine check if the result is from a matrix task (#​8167)

ixed variable substitution of results from matrix TaskRuns with cardinality of 1.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.0: Tekton Pipeline release v0.62.0 "Birman HAL LTS"

Compare Source

🎉 Ignore Task Failure Promoted and native sidecars adopted with k8s 1.29 🎉

-Docs @​ v0.62.0
-Examples @​ v0.62.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml
REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ access taskRun reason in addition to status in finally task (#​8127)

Access reason in addition to the status using $(tasks.taskName.reason)

• ✨ Capture Remote StepAction Location in TaskRun Status (#​8106)

Capture Remote StepAction Location in TaskRun Status

• ✨ Add isBuildArtifact field to Artifacts (#​8103)

Add isBuildArtifact field to Artifacts.

• ✨ Promote Tasks to beta (#​8090)

Promote Ignore Task Failure to Beta

• ✨ feat(K8s native sidecar): Add support for Kubernetes native Sidecars (#​8052)

Introducing a feature to adopt Kubernetes-native sidecars, which designates sidecar containers as initContainers. This prevents the need to pull and replace a nop image, leading to faster termination of the sidecars without unnecessary pod errors. Set enable-kubernetes-sidecar to true for Kubernetes 1.29 and later to take advantage of this feature.

• ✨ kind/feat: passing artifacts between tasks (#​7978)

Support passing artifacts between tasks in a pipeline

• ✨ feat: introduce when expressions to steps (#​7746)

introduce when expressions to steps.

• ✨ [TEP-0094] Promote taskrun.spec's stepSpecs and sidecarSpecs to beta (#​8006)

Fixes

• 🐛 fix(pipelinerun): block pipelinerun spec updates once the pipelinerun has started (#​8149)

Fix: Once a PipelineRun is created, most of the fields in the spec is not allowed to be updated; only status can be updated.

• 🐛 fix(taskrun): block taskrun spec updates once the taskrun has started (#​8147)

Fix: Once a TaskRun is created, most of the fields in the spec is not allowed to be updated; only status and statusMessage can be updated.

• 🐛 DryRunValidate returns the mutated object (#​8108)

DryRunValidate returns the mutated object

• 🐛 Fix step action force replacing with default param (#​8102)

Fix incorrect param type passed to stepaction makes it use default value

• 🐛 Perform matrix results validation on only result ref params (#​8089)

Perform matrix results validation on only result ref params

• 🐛 Fix error message when a PipelineRun param is missing (#​8072)

Improved error string when a param is missing from a PipelineRun

• 🐛 fix:when debug.breakpoints.onFailure is an empty string, redundant volumes appear (#​7788)

debug.breakpoints.onFailure is not allowed to be set to an empty string.

Misc

• 🔨 Switch the image from docker.io to gcr mirror (#​8146)
• 🔨 Bump github/codeql-action from 3.25.12 to 3.25.13 (#​8144)
• 🔨 Bump step-security/harden-runner from 2.8.1 to 2.9.0 (#​8143)
• 🔨 Bump the all group in /tekton with 2 updates (#​8142)
• 🔨 Bump github.com/containerd/containerd from 1.7.18 to 1.7.20 (#​8139)
• 🔨 Bump k8s.io/client-go from 0.27.15 to 0.27.16 in /test/custom-task-ctrls/wait-task-beta (#​8138)
• 🔨 Bump k8s.io/code-generator from 0.29.6 to 0.29.7 (#​8137)
• 🔨 Bump tekton-releases/dogfooding/koparse from e6641f2 to 0535413 in /tekton in the all group across 1 directory (#​8135)
• 🔨 Bump the all group across 1 directory with 4 updates (#​8134)
• 🔨 use tagged images to take advantage of the least expensive default image pull policy (#​8133)
• 🔨 Bump k8s.io/api from 0.27.15 to 0.27.16 in /test/custom-task-ctrls/wait-task-beta (#​8132)
• 🔨 Bump k8s.io/apimachinery from 0.29.6 to 0.29.7 (#​8131)
• 🔨 Bump actions/dependency-review-action from 4.3.3 to 4.3.4 (#​8125)
• 🔨 Bump github/codeql-action from 3.25.11 to 3.25.12 (#​8124)
• 🔨 Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#​8104)
• 🔨 Released patch release: v0.59.2 (#​8098)
• 🔨 Bump go.opentelemetry.io/otel from 1.27.0 to 1.28.0 (#​8092)
• 🔨 Bump the all group in /tekton with 4 updates (#​8087)
• 🔨 Bump github/codeql-action from 3.25.10 to 3.25.11 (#​8085)
• 🔨 chore: remove unsupported configurations ScopeWhenExpressionsToTask (#​8078)
• 🔨 Create release v0.61.0. (#​8077)
• 🔨 Bump the all group in /tekton with 4 updates (#​8075)
• 🔨 Bump tj-actions/changed-files from 44.5.2 to 44.5.5 (#​8074)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.9.6 to 1.10.0 (#​8073)
• 🔨 Using image with "full" reference in tests (#​8070)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.34 to 1.14.37 (#​8032)
• 🔨 Correct error message to differentiate the cause (#​8027)

Docs

• 📖 Update min kubernetes version in the install doc (#​8122)
• 📖 document failureIgnored (#​8111)
• 📖 update the doc since the onError is now promoted (#​8109)

Thanks

Thanks to these contributors who contributed to v0.62.0!

• ❤️ @​AlanGreene
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​kgcarr
• ❤️ @​khrm
• ❤️ @​l-qing
• ❤️ @​piyush-garg
• ❤️ @​pritidesai
• ❤️ @​samagana
• ❤️ @​savitaashture
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​ericzzzzzzz
• 😍 @​kgcarr
• 😍 @​khrm
• 😍 @​l-qing
• 😍 @​piyush-garg
• 😍 @​pritidesai
• 😍 @​samagana

v0.61.1: Tekton Pipeline release v0.61.1 "Ragdoll Data"

Compare Source

-Docs @​ v0.61.1
-Examples @​ v0.61.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml
REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.1@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.61.x] Handle error conditions in CheckMissingResultReferences (#​8105)

mproved error handling for some invalid result reference scenarios.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.61.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.61.0: Tekton Pipeline release v0.61.0 "Ragdoll Data"

Compare Source

-Docs @​ v0.61.0
-Examples @​ v0.61.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.0/release.yaml
REKOR_UUID=24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.0@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Promote Larger Results via Sidecar Logs to Beta (#​8043)

Promote Larger Results via Sidecar Logs to Beta

• ✨ Add a flag on controllers to configure resyncPeriod (#​8023)

Binary file (standard input) matches

Fixes

• 🐛 Cleanup resolved object before validating through dry-run (#​8051)

Cleanup resolved object before attempting to validate it through api dry-run call

• 🐛 fix: resolve issue where results may not be obtained from sidecar logs (#​8029)

fix: resolve issue where results may not be obtained from sidecar logs

• 🐛 Fix Validation Error Merging StepTemplates with StepRef (#​7982)

Fix Validation Error Merging StepTemplates with Step's Ref

• 🐛 Bundle resolver can use ServiceAccount for auth (#​7969)

Fix bundle resolver so it could pull OCI image (bundle) manifest from AWS ECR private registry

• 🐛 Fix: Example Test point to Catalog StepAction (#​8044)

Misc

• 🔨 Remove taskref/pipelineref deprecated bundle field (#​7789)

taskRef.bundle and pipelineRef.bundle are now removed from v1beta1 API version, as they were deprecated for about a year and half. Using them will result in a error when creating an object.

action required: make sure you migrate from taskRef.bundle and pipelineRef.bundle to the bundle resolver (see https://tekton.dev/docs/pipelines/migrating-v1beta1-to-v1/#replacing-taskrefbundle-and-pipelinerefbundle-with-bundle-resolver-a-idreplacing-taskrefbundle-and-pipelinerefbundle-with-bundle-resolver-a)

• 🔨 Bump to go 1.22 and fixes (#​8035)

ektoncd/pipeline now requires go 1.22 to be built

• 🔨 Update knative/pkg to release-1.14 (#​7989)

he minimum Kubernetes version supported by Tekton is now 1.28.

• 🔨 Bump k8s.io/code-generator from 0.29.2 to 0.29.6 (#​8067)
• 🔨 Bump k8s.io/client-go from 0.29.2 to 0.29.6 (#​8066)
• 🔨 Bump github/codeql-action from 3.25.8 to 3.25.10 (#​8061)
• 🔨 Bump actions/checkout from 4.1.6 to 4.1.7 (#​8060)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.2.0 to 2.3.0 (#​8059)
• 🔨 Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (#​8058)
• 🔨 Bump the all group in /tekton with 4 updates (#​8057)
• 🔨 Bump k8s.io/client-go from 0.27.14 to 0.27.15 in /test/custom-task-ctrls/wait-task-beta (#​8049)
• 🔨 Bump k8s.io/apimachinery from 0.27.14 to 0.27.15 in /test/custom-task-ctrls/wait-task-beta (#​8048)
• 🔨 Remove bobcatfish and lbernick from OWNERS 😿 (#​8047)
• 🔨 Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#​8046)
• 🔨 Tests before promoting LargerResults via Sidecarlogs to Beta (#​8041)
• 🔨 Bump the all group across 1 directory with 4 updates (#​8040)
• 🔨 Bump actions/dependency-review-action from 4.3.2 to 4.3.3 (#​8039)
• 🔨 Bump github/codeql-action from 3.25.7 to 3.25.8 (#​8038)
• 🔨 Bump step-security/harden-runner from 2.8.0 to 2.8.1 (#​8037)
• 🔨 Bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /tools (#​8036)
• 🔨 README.md: fix Kubernetes min version (#​8030)
• 🔨 Bump github.com/containerd/containerd from 1.7.17 to 1.7.18 (#​8026)
• 🔨 Bump tj-actions/changed-files from 44.5.1 to 44.5.2 (#​8014)
• 🔨 Bump actions/dependency-review-action from 2.5.1 to 4.3.2 (#​8013)
• 🔨 Bump step-security/harden-runner from 2.7.0 to 2.8.0 (#​8012)
• 🔨 Bump github/codeql-action from 3.25.6 to 3.25.7 (#​8011)
• 🔨 Bump actions/checkout from 3.6.0 to 4.1.6 (#​8010)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.3 to 1.8.4 (#​8007)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.3 to 1.8.4 (#​8001)
• 🔨 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#​8000)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.3 to 1.8.4 (#​7999)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.3 to 1.8.4 (#​7998)
• 🔨 Bump the all group across 1 directory with 4 updates (#​7995)
• 🔨 Bump step-security/harden-runner from 2.7.1 to 2.8.0 (#​7993)
• 🔨 Bump tj-actions/changed-files from 44.4.0 to 44.5.1 (#​7992)
• 🔨 Bump github.com/golangci/golangci-lint from 1.58.2 to 1.59.0 in /tools (#​7991)
• 🔨 Bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#​7985)
• 🔨 Update releases.md for v0.60 (#​7976)
• 🔨 TEP0152 - Complete V1 conformance test suite (#​7913)
• 🔨 .github/workflows: add a dependency-review workflow (#​7846)

Docs

• 📖 Document that task results are not enforced (#​8053)
• 📖 Fix the document: Task Level Comp Res is beta (#​8004)
• 📖 Patch release v0.60.1 (#​7997)

Thanks

Thanks to these contributors who contributed to v0.61.0!

• ❤️ @​JeromeJu
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​dependabot[bot]
• ❤️ @​khrm
• ❤️ @​l-qing
• ❤️ @​vdemeester
• ❤️ @​wilstdu

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​l-qing
• 😍 @​vdemeester
• 😍 @​wilstdu

v0.60.2: Tekton Pipeline release v0.60.2 "Chinchilla Tobor"

Compare Source

-Docs @​ v0.60.2
-Examples @​ v0.60.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml
REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.2@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.60.x] Fix: Identify workspace usage in a Task (#​8021)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.2!

• ❤️ @​tekton-robot, @​chitrangpatel

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.60.1: Tekton Pipeline release v0.60.1 "Chinchilla Tobor"

Compare Source

-Docs @​ v0.60.1
-Examples @​ v0.60.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml
REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.1@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[ti-chi-bot]

I Skip it since the diff size(191536 bytes > 80000 bytes) is too large

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wuhuizuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• cloudevents-server/OWNERS
• tibuild/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187797 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187887 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(186883 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187014 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193614 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193521 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(205904 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(203668 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(204003 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202450 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202450 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(201134 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(205776 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202399 bytes > 80000 bytes) is too large