Tekton Pipeline release v0.49.0 "Maine Coon Megatron"
-Docs @ v0.49.0
-Examples @ v0.49.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml
REKOR_UUID=24296fb24b8ad77a7568df3bfec7071c4ec0e2ce4f105b7e8f5749bdad0b5c1774ae7000ce62ac8f
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.49.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
- ✨ [TEP-0091] support remote v1 pipeline verification (#6765)
Trusted Resources supports v1 remote tasks verification
- ✨ [TEP-0091] support remote v1 task verification (#6764)
Trusted Resources supports v1 remote tasks verification
- ✨ [TEP-0091] update taskrun and pipelinerun condition based on VerificationResult (#6757)
TrustedResourcesVerified is added to TaskRun/PipelineRun status if trusted resources is enabled, the condition indicates the result of the verification.
- ✨ add taskrun gauge metrics for k8s throttling because of defined resource quotas or k8s node constraints (#6744)
A new gauge metric for both PipelineRun and TaskRun will indicate whether underlying Pods are being throttled by Kubernetes because of either ResourceQuota policies defined in the namespace, or because the underlying node is experiencing resource constraints.
- ✨ Add more secure SecurityContext to injected pod containers (#6515)
Set new feature flag "set-security-context" to "true" to allow TaskRuns and PipelineRuns to be run in namespaces with restricted pod security admission
Backwards incompatible changes
In current release:
- 🚨 Enable beta features by default (#6732)
action required: "enable-api-fields" is set to "beta" by default. If you are using v1 APIs and would like to use only stable features, modify the "feature-flags" configmap in the "tekton-pipelines" namespace to set "enable-api-fields" to "stable". Example command: kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"stable"}}'
If you are using v1beta1 APIs, no action is needed.
Fixes
- 🐛 Conversion webhook fix for tasks with nil StepTemplate (#6825)
Conversion webhook fix for tasks with nil StepTemplate
- 🐛 Add validation for beta features in v1 remote Tasks/Pipelines (#6725)
Bug fix: Apply validation for beta features for v1 remote pipelines and tasks in the same way as already exists for pipelines and tasks created directly on cluster
- 🐛 Validate pipelineTask params usage only when explicit declaration is required (#6710)
Adds validation that parameters used in inline task specs within pipelines are declared by the pipeline.
- 🐛 fix: taskrun still fails even with onerror set to continue (#6675)
bug fix: taskrun still fails even with onerror set to continue
- 🐛 Ignore tekton reserved annotations (#6441)
Binary file (standard input) matches
- 🐛 Fix v1beta1 pipelineref bundle conversion to resolver (#6791)
- 🐛 Fix the key for Span of Tracing in pipelinerun reconciler (#6784)
- 🐛 Remove reconciler check for enable-tekton-oci-bundles flag (#6777)
- 🐛 Add Unit Tests for TestMissingResultWhenStepErrorIsIgnored and Update e2e test: TestFailingStepOnContinue (#6771)
- 🐛 Issue#6697 Fix tab formatting for documentation (#6750)
Misc
- 🔨 merge VerifyTask and VerifyPipeline into VerifyResource (#6724)
action required: VerifyTask and VerifyPipeline are now merged into 1 function VerifyResource, please update the usages if upgrade to the new release
- 🔨 Change the Storage Version to V1 Types (#6444)
action required: for custom resolver users, please update to use v1.Param and v1.RefSource
- 🔨 TEP-0135: Refactor Affinity Assistant PVC creation (#6741)
TEP-0135: Update the owner of PVCs
created by pipelinerun VolumeClaimTemplate
to the affinity assistant StatefulSet
when affinity assistant is enabled. The PVCs
bounded to the pipelinerun
is now in terminating
state when the pipelinerun
is completed but not deleted (when affinity assistant is enabled).
- 🔨 Clean up non-functional CloudEvents Metrics in Reconciler for Deprecated CloudEvents (#6827)
- 🔨 Refactor test cases for remote PipelineRef (#6805)
- 🔨 Remove logic setting resolvers feature flag in e2e tests (#6786)
- 🔨 Fix apiVersion of Task to v1 in v1 examples (#6785)
- 🔨 Refactor TestReconcile_RemotePipelineRef bundle resolver test case (#6781)
- 🔨 Refactor test cases for remote TaskRef (#6778)
- 🔨 fix alpha propagated object params docs (#6753)
- 🔨 move tep75 tep76 and tep 107 examples from alpha to beta (#6747)
- 🔨 Cleanup outdated usage for functions in upgrade test (#6723)
- 🔨 Consolidate validation for Task/Pipeline beta features (#6719)
- 🔨 Cleanup: Use CustomRun instead of RunObject (#6718)
- 🔨 Add tests for ResolvedPipelineTask IsCancelled and IsCancelledForTimeout (#6703)
- 🔨 Cleanup: Move array indexing validation out of apis package (#6617)
- 🔨 Remove refs, HEAD symlinks in resolvers kodata (#6838)
- 🔨 Bump k8s.io/apimachinery from 0.26.5 to 0.26.6 in /test/custom-task-ctrls/wait-task-beta (#6836)
- 🔨 Bump github.com/golangci/golangci-lint from 1.53.2 to 1.53.3 in /tools (#6833)
- 🔨 TEP-0135: add affinity assistant cleanup unit tests (#6818)
- 🔨 Add apiVersions to TrustedResources Verification Helper Functions (#6803)
- 🔨 Add pod name to build_logs test output (#6796)
- 🔨 Bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5 (#6789)
- 🔨 Bump github.com/golangci/golangci-lint from 1.52.2 to 1.53.2 in /tools (#6776)
- 🔨 RFC: Update Go compatibility policy (#6768)
- 🔨 Sync V1 apis with V1beta1 changes (#6766)
- 🔨 [TEP-0091] add more no error test cases for taskrun and pipelinerun (#6754)
- 🔨 Bump golang.org/x/sync from 0.1.0 to 0.2.0 (#6745)
- 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.5 (#6737)
- 🔨 Bump github.com/tektoncd/pipeline from 0.47.0 to 0.48.0 in /test/custom-task-ctrls/wait-task-beta (#6734)
- 🔨 Bump k8s.io/apimachinery from 0.26.4 to 0.26.5 (#6733)
- 🔨 Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#6721)
- 🔨 Bump github.com/google/go-containerregistry from 0.14.0 to 0.15.2 (#6720)
- 🔨 add missing unit test case for warn mode verification policy. (#6717)
- 🔨 Refactor PipelineRun and Run yamls in conversion_test to avoid flake (#6714)
- 🔨 Bump go.opentelemetry.io/otel from 1.14.0 to 1.16.0 (#6708)
- 🔨 Bump go.opentelemetry.io/otel/exporters/jaeger from 1.14.0 to 1.16.0 (#6706)
- 🔨 Bump go.opentelemetry.io/otel/sdk from 1.14.0 to 1.16.0 (#6705)
- 🔨 Validate beta features only when v1 Tasks and Pipelines are defined (#6701)
- 🔨 Bump k8s.io/api from 0.26.4 to 0.26.5 in /test/custom-task-ctrls/wait-task-beta (#6687)
- 🔨 Bump k8s.io/client-go from 0.25.9 to 0.25.10 in /test/custom-task-ctrls/wait-task-beta (#6686)
- 🔨 Bump k8s.io/apimachinery from 0.26.4 to 0.26.5 in /test/custom-task-ctrls/wait-task-beta (#6685)
- 🔨 Update pipelineTasks in Release-Pipeline to use Git Resolver (#6565)
Docs
- 📖 Remove cloudevent metrics from documentation (#6843)
- 📖 Update broken links in api_compatibility_policy.md (#6840)
- 📖 Updating release doc with recent releases (#6821)
- 📖 Add instructions for cherry-picking commits for patch releases (#6788)
- 📖 Added clarification and fix the Metrics doc (#6779)
- 📖 remove tep75 in alpha feature list table (#6749)
- 📖 chore: Add PROBES_PORT environment variable and update targetPorts for existing services (#6739)
- 📖 clarify in docs to not use apiVersion for taskRef for non-customtask (#6704)
Thanks
Thanks to these contributors who contributed to v0.49.0!
- ❤️ @EmmaMunley
- ❤️ @JeromeJu
- ❤️ @QuanZhang-William
- ❤️ @Yongxuanzhang
- ❤️ @chitrangpatel
- ❤️ @concaf
- ❤️ @dependabot[bot]
- ❤️ @gabemontero
- ❤️ @jsminem
- ❤️ @kahirokunn
- ❤️ @khrm
- ❤️ @l-qing
- ❤️ @lbernick
- ❤️ @vdemeester
Extra shout-out for awesome release notes: