Horizon SDV 3.1.0 is the minor release which extends platform capabilities with support for Sub-environments and additional MCP server configuration for Android Studio and Android Studio for Platforms IDEs. Horizon 3.1.0 also delivers several critical bug fixes including security fixes for network configurations and vulnerabilities in application containers.
Rel.3.1.0 defines rules for Partner Contributions Repository and recommended directory structure for third party modules provided from external Horizon Partners which are documented in contributing.md file located in the /doc directory of Horizon SDV repository.
Horizon SDV 3.1.0 package offers fully verified and documented upgrade patch (from Rel.3.0.0 to Rel.3.1.0). (see details in /docs/guides/upgrade_guide_3_0_0_to_3_1_0.md)
| ID | Feature | Description |
|---|---|---|
| TAA-1057 | Support for Sub-Environments in Horizon SDV platform | Horizon SDV 3.1.0 introduces sub-environments: multiple isolated copies of the platform that run on the same GKE cluster as the main environment. Each sub-environment has its own namespaces (prefixed by sub-environment name, e.g. sub-jenkins, sub-keycloak), its own Argo CD instance, its own sub-domain (e.g. sub..), and its own GCP Certificate Manager certificate, Secret Manager secrets, and Workload Identity service accounts. Sub-environments are defined entirely in terraform.tfvars via the sdv_sub_env_configs variable; no code changes are required to add or remove them. Typical use cases include giving teams isolated instances without extra clusters, testing platform changes on a branch before merge, and running a stable environment alongside a short-lived experimental one.Changes
Action Required
|
| ID | Feature | Description |
|---|---|---|
| TAA-1328 | MCP server configuration caching by Android Studio and ASfP IDE | This improvement provides the MCP configuration caching by Android Studio and ASfP IDE that makes MCP requests by Gemini Code Assist use expired tokens. MCP configuration caching in Android Studio and ASfP The Android Studio and Android Studio for Platform IDEs cache the MCP configuration ( mcp.json) for their current session.
Key Changes gemini-mcp-setup.py
Cloud-WS images (all 3):
More on gemini-mcp-agent changes
|
| TAA-1334 | Generate GitHub App private key PKCS#8 format via Terraform | Extension to the new simplified deployment flow for Horizon SDV introduced in Rel.3.0.0.
|
Google has changed Client Secret Handling and Visibility . This affects redeployments of the Horizon SDV platform if the Client Secret was not securely stored previously.
This secret is required by Keycloak for the Google Identity Provider (Client Secret). If the secrets do not match, OAuth 2.0 authentication will fail and users will lose access.
-
Create a new secret in Google Cloud:
-
In Credentials, select the Horizon client secret
-
Disable the old secret and create a new one.
-
Download or copy the new secret and store it securely.
-
-
Verify login (for apps from Landing Page) fail.
-
Update Keycloak:
-
Go to Identity Provider → Google.
-
Update the Client Secret and save.
-
-
Verify login works as expected.
-
Rel.3.1.0 provides with several updates in Horizon documentation including e.g. Horizon Deployment Guide (/docs/deployment_guide.md).
-
The new contributing.md document (/doc/contributing.md) defines rules for Partner Contributions Repository integration and recommended directory structure for third party modules provided from external Horizon Partners.
-
The new Upgrade Guide (/docs/guides/upgrade_guide_3_0_0_to_3_1_0.md) provide guideline for Rel.3.0.0 -> Rel.3.1.0 upgrade.
| ID | Bug | Description | SHA |
|---|---|---|---|
| TAA-1236 | [Volvo] Google platform failures on jenkins-mtk-connect-apikey |
|
ea84ef88c7236d582707601e368fd1803a3345c4 |
| TAA-1260 | Sync Mirror pipeline hangs after modifying MIRROR_VOLUME_CAPACITY_GB during Infra creation |
|
86bee3badf422614629752a19bcf19d8555789ef |
| TAA-1326 | Cloud WS: Create Configuration fails for region other than europe-west1 |
|
|
| TAA-1327 | Cloud WS: Create Workstation pipeline fails (WS created but IAM user add fails) |
This helps prevent concurrent IAM policy modification conflicts (409 errors) |
|
| TAA-1340 | [Jenkins] ABFS license no longer applied in deployment |
|
290bf5dea46d4f058d3fc96f8b67881c1efbdf9c |
| TAA-1416 | Remove obsolete ABFS secrets created via Terraform and GitOps | This PR removes deprecated ABFS license resources that were previously managed through Terraform and GitOps. The ABFS license is now exclusively managed by Jenkins, and all unused license-related resources and references have been cleaned up accordingly. Details:
Verification
Purpose These changes simplify license management by consolidating ABFS license handling within Jenkins, reduce configuration complexity in Terraform and GitOps, and prevent confusion caused by unused or legacy license resources. |
a7c2bbbf6e1189b6a5119c983183bfb7001133e6 |
| TAA-1418 | Fails on pkcs8_converter (jq missing) | TAA-1418: install jq dependency for pkcs8 conversion
|
b80c14290470ac483b8d1eb587acc20084b3a422 |
| TAA-1428 | Password check incorrect (12 should mean 12) | TAA-1428: Correct password length check If it states it should be at least 12 characters, ensure the check is correct, ie >= 12 not > 12! |
f29c70246fe52a4f880a2e332660157e1459af2e |
| TAA-1429 | argocd namespace stuck in 'Terminating' | Update deployment script with deletion of resources which cause the namespace argocd to be stuck in terminating state indefinitely.Changes deploy.sh File path: tools/scripts/deployment/deploy.sh
|
d2d32295bc4580bf77fc6f59cb11301de1451636 |
| TAA-1430 | Enable 'force_destroy' on buckets | Enable force_destroy for GCS buckets to destroy the buckets on Terraform destroy workflow even if it contains objects.Changes main.tf File path: terraform/modules/sdv-gcs/main.tf
|
211d4564d0265b38ee789dddca7708a8982502af |
| TAA-1432 | landingpage 'exec format error' | landingpage 'exec format error' fix Ensure docker images are built for the target platform, not the architecture of the platform they are deployed on. |
4322698a334d01c2c84ab72967537063b3c557ca |
| TAA-1435 | Cross architecture support | Cross architecture support fix. Explicitly set Docker base image platform to linux/amd64 to ensure cross-architecture deployment consistency. |
3ef9eb0b71f45bb920a9d62606118ee130895f76 |
| TAA-1438 | Cuttlefish SSH key incorrectly created (blocks CF jobs) | Cuttlefish SSH Key Update: Regenerate VM Templates This fix updates the SSH key generation algorithm used by Cuttlefish VM instances. To avoid any impact, regenerate the VM instance templates. In Jenkins:
If SSH key issues appear in any of the following jobs, regenerate the instance templates to ensure the latest keys are installed:
|
|
| TAA-1441 | Finalize cross architecture support - R31.0 | Updates in deployment scripts and containers to emulate linux/amd64Changes container-deploy.sh File path: tools/scripts/deployment/container-deploy.sh
Dockerfile File path: tools/scripts/deployment/container/Dockerfile
|
076c2c57434c2596e2db44ffb60e4c435f55b1a6 |
| TAA-1443 | Gerrit MCP Server issues | Fix syntax error for gerrit-mcp-server-config causing gerrit-mcp-server deployment errors.Changes gerrit-mcp-server.yaml File path: gitops/apps/gerrit-mcp-server/templates/gerrit-mcp-server.yaml
|
e6e2375372b4b16ce8d78a017818989ee911d954 |
| TAA-1446 | TF OpenSSH conversion failing | Fixed a bug where the OpenSSH key was not being updated after the initial RSA key creation. Replaced null_resource with terraform_data and added a timestamp trigger to force an idempotent conversion check on every run. This ensures that if an RSA key exists without the OpenSSH format, the conversion logic is triggered, while the grep check protects against unnecessary overwrites. |
a1f7ce4beaa59dd9acbd09a5c2571cbb8b5af2b8 |
| TAA-1447 | Shell Script Permission Denied | Update Dockerfiles for sdv-container-images module which when built with Terraform as a non-root user causes permission denied error for configure.shChanges Resolve permission related issues. File paths:
|
1e1532c5ca5a2a41f8a20ceaf9012f868947aed4 |
| TAA-1450 | High severity violation of security rules - "GCP DNS zones DNSSEC disabled" #4 | DNSSEC support in GCP DNS zones enabled by default. | 363659c78c41d6a3db7cf6877ec7320eb2b443a0 |
| TAA-1453 | Vulnerabilities in /horizon-sdv/landingpage-app container |
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1457 | Vulnerabilities in /horizon-sdv/keycloak-post-headlamp container | 32 Vulnerabilities fixed fixed in keycloak-post-headlamp container. Base OS Change - node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1458 | Vulnerabilities in /horizon-sdv/keycloak-post-grafana container | 32 Vulnerabilities fixed in keycloak-post-grafana container. Base OS Change - Node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1459 | Vulnerabilities in /horizon-sdv/keycloak-post-gerrit container | 33 Vulnerabilities fixed in keycloak-post-gerrit container. Base OS Change - Node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1460 | Vulnerabilities in /horizon-sdv/keycloak-post-argocd container | 33 Vulnerabilities fixed in keycloak-post-argocd container. Base OS Change - Node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1461 | Vulnerabilities in /horizon-sdv/keycloak-post container | 33 Vulnerabilities fixed in keycloak-post container. Base OS Change - Node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1462 | Vulnerabilities in /horizon-sdv/grafana-post container | 33 Vulnerabilities fixed in keycloak-post container. Base OS Change-Node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1463 | Vulnerabilities in /horizon-sdv/gerrit-post container | 7 Vulnerabilities fixed in gerrit-post container. Base OS Change - Debian 12.12 → Debian 12.13 Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1455 | Vulnerabilities in /horizon-sdv/keycloak-post-mtk-connect container | 32 Vulnerabilities fixed fixed in keycloak-post-mtk-connect container. Base OS Change - node:22.13.0 → node:22-bookworm Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1452 | Vulnerabilities in /horizon-sdv/mtk-connect-post container | 5 Vulnerabilities fixed in gerrit-post container. Base OS Change - Debian 12.12 → Debian 12.13 Base Image Changes:
|
a2b3bbb91091cc3c9e99014c1acacac6855bce3a |
| TAA-1468 | High severity violation of security rules "GCP GKE Application-layer Secrets encryption disabled " #7 | KMS can be deployed based on settings in terraform.tfvars - (sdv_enable_kms_encryption = false). KMS implementation details:
|
4ea1c55f90d22d77d74a2206c7c326c3dfeef495 |
| TAA-1475 | [Cuttlefish] OS Login Cleanup Script Errors - Improper Parsing & Excessive Latency | Avoid issues with using table that can lead to erroneous values leading to us delaying 1m per loop and taking too long. Make it a function so we can use elsewhere if required. |
5442aecc9a0cd98ef7b98699f095b0b9332f3e9e |
| TAA-1481 | mtk-connect-post-key Post-job container image build fails | The permission issue which causes the container image build to fail has been resolved. Changes Dockerfile File path: terraform/modules/sdv-container-images/images/mtk-connect/mtk-connect-post-key/Dockerfile
|
ef72216ba232586dea96306431a8860b64b9d5e5 |
| TAA-1482 | Terraform destroy fails to delete VPC | This merge fixes the issue which cause terraform destroy to fail due to the failure in deletion of the VPC sdv-network caused due to remaining NEGs (Network Endpoint Groups).Changes deploy.sh File path: tools/scripts/deployment/deploy.sh
|
d24100db5874a9591404fe522be1f39617448831 |
| TAA-1492 | Refactor Argo CD Application Lifecycle to Terraform-Native Cascading Delete | Update the Terraform module sdv-gke-apps module to enable cascading delete for the App of Apps horizon-sdv (argocd_application) and update dependency chain for the module sdv-gke-cluster.Changes main.tf File path: terraform/modules/base/main.tf
main.tf File path: terraform/modules/sdv-gke-apps/main.tf
Dockerfile File path: tools/scripts/deployment/container/Dockerfile
deploy.sh File path: tools/scripts/deployment/deploy.sh
|
|
| TAA-1493 | Cloud-WS Image Builds: Yarn GPG Key Issue | Added Yarn GPG key refresh before first apt-get update in all Dockerfiles |
|
| TAA-1494 | Kubernetes NetworkPolicies update breaks deployment | Missing closing brace breaking deployment. | c95c4c1cbb6ff7f1e47a296868fbc094aa9b619b |
| TAA-1495 | Security hardening breaks deployment | An input variable with the name "sdv_dns_dnssec_enabled" has not been declared. This variable can be declared with a variable "sdv_dns_dnssec_enabled" {} block. | 781c30d3e9c9f76c52e508cb4da2f0e7cf0fc1eb |
| TAA-1498 | Terraform local-exec fails because gcloud project is not explicitly set in script | Gcloud project is explicitly set in script | 4114bbaefb3305216541cce6a21f5874ff647de8 |
| TAA-1499 | Terraform destroy blocks redeployment when KMS is enabled (sdv_enable_kms_encryption = true) | Several fixes for KMS deployment | fe8c58c57f440cbebb32d6ad48b567245f3a07e6 |
| TAA-1507 | [Jenkins] CF instances - Fails to connect via ssh |
SSH to Cuttlefish. |
b65cda8a4af97e788af259396445415c243d0919 |
| TAA-1508 | [Jenkins] Fix Jenkins startup and Gerrit connectivity | Set noConnectionOnStartup: true for Gerrit so Jenkins starts and the UI is available without waiting for Gerrit; the plugin connects when Gerrit is reachable. Add allow-jenkins-controller-egress-to-gerrit NetworkPolicy so the controller can reach Gerrit on 29418 (SSH) and 8080 (HTTP). Default-deny had limited controller egress to 80/443, so the Gerrit Trigger never connected. |
|
| TAA-1517 | [Cloud-WS] terminal monospace rendering & gemini-mcp-agent executable broken entrypoint | Fixes applied
Minor changes
|
|
| TAA-1528 | ABFS server and uploader: SSH on port 22 blocked; get_server_details / get_uploader_details and Console SSH fail. | Code in this PR fixes port 22 opening. And deployment issue which fixes "Error: googleapi: Error 400: The network policy addon must be enabled before updating the nodes." in file terraform/modules/sdv-gke-cluster/main.tf |
|
| TAA-1529 | Pin ABFS build node pool to a fixed GKE version so CASFS kernel module stays compatible | This PR pins the ABFS build node pool to a configurable GKE version to ensure CASFS kernel compatibility and prevent breakage caused by automatic node upgrades. Details
Purpose CASFS is a kernel module and must match the running node kernel. By pinning the ABFS node pool GKE version, we ensure the kernel remains stable and compatible, preventing unexpected failures caused by GKE auto-upgrades. |
|
| TAA-1535 | GKE deployment fails on first run due to STABLE release channel conflict | Fix the error Error: error creating NodePool: googleapi: Error 400: Auto_upgrade must be true when release_channel STABLE is set.GCP requires auto_upgrade = true on node pools when a named release channel (STABLE/REGULAR/RAPID with REGULAR being the default option if release channel is unset) is active.Setting channel = "UNSPECIFIED" explicitly opts the cluster out of any release channel, removing this constraint and allowing Terraform to pin versions directly.Also formatted all Terraform files in terraform/ for alignment consistency (no logic changes).Changes terraform/modules/sdv-gke-cluster/main.tf
tools/scripts/deployment/deploy.sh
|
4a81e523ede0e405465dbe366148a866f571b624 |
| TAA-1569 | Gerrit-Operator in ArgoCD application goes into Unknown sync state and the Gerrit application fails to sync | Update gerrit-operator repoURL from Googlesource to GitHub, avoiding rate limits and fixing issues with gerrit-operator deployment on fresh platforms.Changes gerrit-operator.yaml File path: gitops/templates/gerrit-operator.yaml
|
37709c24d51326d61cd2da2c833a56af2b0e29b0 |
| TAA-1570 | Terraform workloads Service Account name mismatch in GCP and k8s | Service Account sa7 name in terraform/env/main.tf should be gke-tf-wl-sa instead of current value of gke-terraform-workloads-sa to match with other instances of the SA in yaml files. |
d055ccc982ff4ced993dd99a6a359cda5b6b571d |
| TAA-1573 | terraform apply fails with Error 400 when removing a sub-environment due to cert map referenced by TargetHTTPSProxy | This PR resolves two issues affecting the sandbox environment:
Changes: Certificate Manager Consolidation
Main Node Pool Autoscaling
|
|
| TAA-1579 | Cloud WS: Create Config pipeline fails due to inconsistent order of resource creation |
|
06bbd1cf74d6e47993c0d394e441ae96ea722c8c |
| TAA-1601 | AAOS Builder: Build that uses mirror for repo sync fails because of empty variable `MIRROR_DIR_NAME` | Fixes AOSP mirror path resolution in Android Jenkins pipelines by using AOSP_MIRROR_DIR_NAME when constructing MIRROR_DIR_FULL_PATH.Pipeline parameters are defined as AOSP_MIRROR_DIR_NAME, but Jenkinsfiles were reading MIRROR_DIR_NAME.This mismatch could produce an invalid mirror path when USE_LOCAL_AOSP_MIRROR=true.Change Updated Jenkinsfiles to build mirror path with: .../${AOSP_MIRROR_DIR_NAME} (instead of .../${MIRROR_DIR_NAME}). |
952611a5c6e8ee26ff25488e03904bbe5822cc73 |
| TAA-1602 | ExternalDNS does not update apex A record when load balancer IP changes | ExternalDNS was not updating the apex domain A record (e.g. .horizon-sdv.com) when the Gateway load balancer was recreated, only subdomains such as mcp..horizon-sdv.com were updated. ExternalDNS only updates records it owns, and ownership is stored in TXT records. With the default TXT registry, no valid ownership TXT was created for the zone apex, so the apex A record was never updated. This change sets txtPrefix: "%{record_type}-." so the ownership TXT is created in the same zone and ExternalDNS can own and update the apex A record.Changes external-dns.yaml File path: gitops/templates/external-dns.yaml
|
5e585c4f1e9548a7dbc616fc990d6313725a480f |
| TAA-1605 | cloud-ws/gemini-cli/gemini-mcp-agent: MCP tool calls fail after some time in gemini-cli due to JWT token caching | This fix hardens and standardizes how MCP authentication is handled across Gemini clients by using mcp-client-bridge for registry-managed servers, instead of relying on cached config tokens.It also updates setup documentation to reflect the actual runtime model and adds clearer operational guidance for Android Studio/ASfP cache reload behavior. Changes Command-based MCP entries for registry-managed servers
Unified bridge entry generation
Bridge now injects auth from token file, not config headers
Transport compatibility for Gemini clients
Security hardening and JSON-RPC protocol correctness (id handling)\
|
6438c8f1b428d01fa0f296c24810e71f9c96992d |
| TAA-1608 | Cloud WS: Add Users to WS and Remove Users from WS fail due to inconsistent way of fetching WS state | This fixe corrects a state-validation issue in Cloud Workstation admin pipelines (add user / remove user).Previously, these pipelines validated workstation state from Terraform state ( terraform show -json), which can be stale when users start/stop workstations via gcloud (user pipelines).Now, validation uses live workstation state from GCP API ( gcloud workstations describe) to make decisions based on current runtime reality.Key Changes
|
0bbeb90f60c9c3b904dae53c2c46c3bc271450ea |
Horizon SDV 3.0.0 extends platform capabilities with support for Android 15 and the latest extensions of OpenBSW. Horizon 3.0.0 also delivers multiple new feature and several improvements over Rel. 2.0.1 along with critical bug fixes.
The set of new features in version 3.0.0 includes, among others:
-
Simplified Deployment Flow : We have overhauled the deployment process to make it more intuitive and efficient. The new flow reduces complexity, minimizing the steps required to get your environment up and running.
-
ARM64 Support (Bare Metal) : We have expanded our infrastructure support to include ARM64 Bare Metal. This allows you to run your workloads natively on ARM architecture, ensuring higher performance and closer parity with automotive edge hardware.
-
Gemini Code Assist : Supercharge your development with the integration of Gemini Code Assist and the Gerrit MCP Server. You can now leverage Google's state-of-the-art AI to generate code, explain complex logic, debug issues faster and make use of agentic code review workflows directly within your development environment.
-
Advanced Monitoring with Grafana : Gain deeper insights into your infrastructure with our new Grafana integration. You can now visualize and monitor POD and Instance metrics in real-time, helping you optimize resource usage and diagnose performance bottlenecks quickly.
| ID | Feature | Description |
|---|---|---|
| TAA-924 | Simplified Horizon Deployment Flow | Simplified and automated the Horizon SDV platform deployment by removing GitHub Actions, enabling faster adoption by community teams and reducing human error. |
| TAA-511 | Gemini Code Assist in R3 – Gerrit MCP Server integration | Use company’s codebase as a knowledge base for Gemini Code Assist within the IDE to receive code suggestions & explanations tailored to known codebase, libraries and corporate standards. |
| TAA-365 | ARM64 GCP VM (Bare Metal) support for Cuttlefish | ARM64 GCP VM support for Android builds and testing with Cuttlefish |
| TAA-595 | Monitoring of POD/Instance metrics with Grafana | Access to CPU/Memory/Storage metrics for pods and instances, to more easily investigate and debug container, pod and instance related problems and its impact on platform performance. |
| TAA-944 | Android pipeline update to Android 16 | Support for Android16 for AAOS, CF and CTS in Horizon pipelines. |
| TAA-946 | Extend OpenBSW support with additional features | Support for Eclipse Foundation OpenBSW workload features that were not included in Horizon-SDV R2.0.0 |
| TAA-889 | Horizon R3 Security update | Selected open-source applications and tools which are part of Horizon SDV platform are updated to the latest stable versions |
| TAA-377 | Google AOSP Repo Mirroring | NFS based mirror of AOSP repos deployed in the K8s cluster. |
| TAA-947 | ABFS update for R3 | Corrections and minor ABFS updates delivered from Google in Release 3.0.0 timeframe. |
| TAA-1072 | Cloud Artefact storage management | Android and OpenBSW build jobs have been modified to allow the user to specify metadata to be added to the stored artifacts during the upload process. Implementation is supported for GCP storage option only |
| TAA-1001 | Kubernetes Dashboard SSO integration | Kubernetes Dashboard SSO integration |
| TAA-945 | Replace deprecated Kaniko tool | Replace deprecated Google Kaniko tool for building container images with new Buildkit tool. |
| TAA-941 | IAA demo case. | Support for Partner demo in IAA Messe show. The main technical scope is to apply a binary APK file to the Android code, help building it and flash it to selected targets (Cuttlefish and potentially Pixel) according to Partner specification. |
See details in horizon-sdv/docs/release-notes-3-0-0.md
| ID | Summary |
|---|---|
| TAA-1171 | Create Workloads area in Gitops section |
| TAA-862 | Improvements Structure of Test pipelines |
| TAA-1111 | Unified CTS Build process |
| TAA-1265 | [Gerrit] Support GERRIT_TOPIC with existing gerrit-triggers plugin |
| TAA-1271 | Support custom machine types for Cuttlefish |
| TAA-1269 | Adjust CTS/CVD options |
| ID | Summary |
|---|---|
| TAA-993 | [ABFS] Missing permission for jenkins-sa for ABFS server |
| TAA-1063 | [Security] Axios Security update 1.12.0 (dependabot) |
| TAA-904 | ABFS unmount doesn't work |
| TAA-1090 | [Android 16] Cuttlefish builds fail (x86/arm) |
| TAA-1080 | [OpenBSW] Builds no longer functional (main) |
| TAA-1110 | [OpenBSW] pyTest failure |
| TAA-1103 | [Android 16] CTS 16_r2 reports 15_r5 |
| TAA-1145 | Update filter (gcloud compute instance-templates list) |
| TAA-1161 | [ARM64] Subnet working utils too quiet |
| TAA-1113 | [ABFS] COS Images no longer available |
| TAA-1118 | [ABFS] CASFS kernel module update required (6.8.0-1029-gke) |
| TAA-1176 | [CF] CTS CtsDeqpTestCases execution on main not completing in reasonable time (x86) |
| TAA-1186 | Incorrect Headlamp Token Injector Argo CD App Project |
| TAA-1196 | AOSP Mirror changes break standard builds |
| TAA-1201 | AOSP Mirror sync failures |
| TAA-1200 | AOSP Mirror URLs and branches incorrect |
| TAA-1203 | AOSP Mirror repo sync failing on HTTP 429 (rate limits) |
| TAA-1205 | AOSP Mirror - no support for dev build instance |
| TAA-1198 | AOSP Mirror does not support Warm nor Gerrit Builds |
| TAA-1204 | AOSP Mirror repo sync failing - SyncFailFastError |
| TAA-1214 | AOSP Mirror ab is an |
| TAA-1219 | [Cuttlefish] Host installer failures masked |
| TAA-1202 | AOSP Mirror blocking concurrent jobs incorrectly configured |
| TAA-1238 | [Cuttlefish] Update to v1.31.0 - v1.30.0 has changed from stable to unstable. |
| TAA-1241 | [Android] Mirror should not be using OpenBSW nodes for jobs AM |
| TAA-1247 | [Workloads] Remove chmod and use git executable bit |
| TAA-1249 | [GCP] Client Secret now masked (security clarification) |
| TAA-1264 | [CVD] Logs are no longer being archived |
| TAA-1261 | [Cuttlefish] gnu.org down blocking builds |
| TAA-1266 | Pipeline does not fail when IMAGE_TAG is empty and NO_PUSH=true |
| TAA-1267 | [CWS] OSS Workstation blocking regex incorrect (non-blocking) |
| TAA-1258 | [Cuttlefish] VM instance template default disk too small. |
| TAA-1233 | [Jenkins] Plugin updates for fixes |
| TAA-1278 | [Cuttlefish] SSH/SCP errors on VM instance creation |
| TAA-1283 | Mismatch in githubApp secrets (TAA-1054) |
| TAA-1277 | [Jenkins] Plugin updates for fixes |
| TAA-1279 | [RPI] Android 16 RPI builds now failing |
| TAA-1282 | [GCP] Cluster deletion not removing load balancers |
| TAA-1257 | [Cuttlefish] android-cuttlefish build failure (regression) |
| TAA-1273 | [Cuttlefish] android-cuttlefish CVD device issues (regression) |
| TAA-1149 | [K8S] Reduce parallel jobs to reduce costs |
| TAA-1162 | [K8S] Revert parallel jobs change to reduce costs |
| TAA-1191 | Monitoring deployment related hotfixes |
| TAA-1114 | [ABFS] Update env/dev license (Oct'25) |
| TAA-1116 | [Android] Android 15 and 16 AVD missing SPDX BOM |
| TAA-1192 | [MTKC] Support additional hosts for dev and test instances |
| TAA-1207 | Mirror/Create-Mirror: Add parameter for size of the mirror NFS PVC |
| TAA-1208 | Mirror/Sync-Mirror: Sync all mirrors when SYNC_ALL_EXISTING_MIRRORS is selected |
| TAA-1211 | [Android] Simplify Dev Build instance job |
| TAA-1218 | [Grafana] ArgoCD on Dev shows 'Out Of Sync' |
| TAA-1231 | R2 - GitHub Actions workflow fails |
| TAA-1038 | [Jenkins] CF scripts - update to retain color |
| TAA-907 | Multibranch is not supported in ABFS |
| TAA-862 | Improvement to structure of Test pipelines |
| TAA-788 | Jenkins AAOS Build failure - Gerrit secrets/tokens mismatch |
| TAA-1088 | [NPM] Move wait-on post node install |
| TAA-1115 | [STORAGE] Override default paths |
| TAA-1160 | [ARM64] Lack of available instances on us-central1-b/f zone |
| TAA-1274 | [Cuttlefish] CTS hangs - android-cuttlefish issues |
| TAA-1290 | [Cuttlefish] ARM64 builds broken on f2fs-tools (missing) |
| TAA-1253 | [MTK Connect] ERROR: script returned exit code 92/1 |
Hot fix release for Rel.2.0.1 with emergency fix for Helm repo endpoint issues, and minor documentation updates.
N/A
- New simplified Release Notes format.
| ID | Summary |
|---|---|
| TAA-1002 | [Jenkins] Install ansicolor plugin for CWS |
| TAA-1005 | Horizon provisioning failure - Due to outdated Helm install steps |
| TAA-1007 | Cloud WS - Workstation Image builds fail due to Helm Debian repo (OSS) migration |
| TAA-1040 | Remove references to private repo in Horizon files |
| TAA-1045 | OSS Bitnami helm charts EOL |
Hot fix release for Rel.2.0.1 with emergency fix for Helm repo endpoint issues, and minor documentation updates.
N/A
- New simplified Release Notes format.
| ID | Summary |
|---|---|
| TAA-1002 | [Jenkins] Install ansicolor plugin for CWS |
| TAA-1005 | Horizon provisioning failure - Due to outdated Helm install steps |
| TAA-1007 | Cloud WS - Workstation Image builds fail due to Helm Debian repo (OSS) migration |
| TAA-1040 | Remove references to private repo in Horizon files |
| TAA-1045 | OSS Bitnami helm charts EOL |
Horizon SDV 2.0.0 extends Android build capabilities with the integration of Google ABFS and introduces support for Android 15. This release also adds support for OpenBSW, the first non-Android automotive software platform in Horizon. Other major enhancements include Google Cloud Workstations with access to browser based IDEs Code-OSS, Android Studio (AS), and Android Studio for Platforms (ASfP). In addition, Horizon 2.0.0 delivers multiple feature improvements over Rel. 1.1.0 along with critical bug fixes.
| ID | Feature | Description |
|---|---|---|
| TAA-8 | ABFS for Build Workloads | The Horizon-SDV platform now integrates Google's Android Build Filesystem (ABFS), a filesystem and caching solution designed to accelerate AOSP source code checkouts and builds. |
| TAA-9 | Cloud Workstation integration | The Horizon-SDV platform now includes GCP Cloud Workstations, enabling users to launch pre-configured, and ready-to-use development environments directly in browser. |
| TAA-375 | Android 15 Support | Horizon previously supported Android 15 in Horizon-SDV but by default Android 14 was selected. In this release, Android 15 android-15.0.0_r36 is now the default revision. |
| TAA-381 | Add OpenBSW build targets | Eclipse Foundation OpenBSW Workload: As part of the R2.0.0 delivery, a new workload has been introduced to support the Eclipse Foundation OpenBSW within the Horizon SDV platform. This workload enables users to work on the OpenBSW stack for build and testing. |
| TAA-915 | Cloud Android Orchestration - Pt.1 | In R2.0.0 Horizon platform introduces significant improvements to Cuttlefish Virtual Devices (CVD). These enhancements include increased support for a larger number of devices, optimized device startup processes, a more robust recovery mechanism, and updated CTS Test Plans and Modules to ensure seamless integration and compatibility with CVD. |
| TAA-623 | Management of Jenkins Jobs using CasC | The CasC configuration has been updated to include a single job in the jenkins.yaml file, automatically started on each Jenkins restart. This job provides the "Build with Parameters" option for users. |
| TAA-462 | Kubernetes Dashboard | The Horizon platform now includes the Headlamp application, a web-based tool to browse Kubernetes resources and diagnose problems. |
| TAA-717 | Multiple pre-warmed disk pools | Horizon is changing to persistent volume storage for build caches to improve build times, cost, and efficiency. Pools are separated by Android major version and Raspberry Vanilla targets now have their own smaller pools. |
| TAA-596 | Jenkins RBAC | Jenkins has been configured with RBAC capability using the Role-based Authorization Strategy plugin. |
| TAA-611 | Argo CD SSO | Argo CD has been configured with SSO capabilities. Users can login either with admin credentials or via Keycloak. |
| TAA-837 | Access Control tool | Additional Access Control functionality provides a Python script tool and classes for managing user and access control on GCP level. |
N/A
| ID | Summary |
|---|---|
| TAA-980 | Access control issue: Workstation User Operations succeed for non-owned workstations |
| TAA-984 | [Kaniko] Increase CPU resource limits |
| TAA-982 | [ABFS] Uploaders not seeding new branch/tag correctly |
| TAA-981 | [ABFS] CASFS kernel module update required (6.8.0-1027-gke) |
| TAA-977 | New Cloud Workstation configuration is created successfully, but user details are not added to the configuration |
| TAA-974 | kube-state-metrics Service Account missing causes StatefulSet pod creation failure |
| TAA-968 | [IAA] Elektrobit patches remain in PV and break gerrit0 |
| TAA-966 | [ABFS] Kaniko out of memory |
| TAA-953 | Android CF/CTS: update revisions |
| TAA-964 | [Gerrit] Propagate seed values |
| TAA-959 | Reduce number of GCE CF VMs on startup |
| TAA-932 | ABFS_LICENSE_B64 not propagated to k8s secrets correctly |
| TAA-958 | [Gerrit] repo sync - ensure we reset local changes before fetch |
| TAA-781 | GitHub environment secrets do not update when Terraform workload is executed |
| TAA-933 | Failure to access ABFS artifact repository |
| TAA-905 | AAOS build does not work with ABFS |
| TAA-931 | Create common storage script |
| TAA-930 | Investigate build issues when using MTK Connect as HOST |
| TAA-923 | Cuttlefish limited to 10 devices |
| TAA-921 | [Cuttlefish] Building android-cuttlefish failing on The GNU Operating System and the Free Software Movement |
| TAA-922 | MTK Connect device creation assumes sequential adb ports |
| TAA-920 | Android Developer Build and Test instances leave MTK Connect testbenches in place when aborted |
| TAA-563 | [Jenkins] Replace gsutils with gcloud storage |
| TAA-886 | Conflict Between Role Strategy Plugin and Authorize Project Plugin |
| TAA-814 | Android RPi builds failing: requires MESON update |
| TAA-863 | Workloads Guide: updates for R2.0.0 |
| TAA-867 | Gerrit triggers plugin deprecated |
| TAA-890 | Persistent Storage Audit: Internal tool removal |
| TAA-618 | MTK Connect access control for Cuttlefish Devices |
| TAA-711 | [Qwiklabs][Jenkins] GCE limits - VM instances blocked |
Minor improvements in Jenkins configuration, additional pipelines implemented for massive build cache pre-warming simplification required for Hackathon and Gerrit post jobs cleanup.
| ID | Feature | Description |
|---|---|---|
| TAA-431 | Jenkins R1 deployment extensions | Jenkins extensions to Platform Foundation deployment in Rel.1.0.0. Includes new job to pre-warm build volumes. |
| TAA-346 | Support Pixel devices | Support for Google Pixel tablet hardware, full integration with MTK Connect. |
N/A
| ID | Summary |
|---|---|
| TAA-683 | Change MTK Connect application version to 1.8.0 in helm chart |
| TAA-644 | self-hosted runners |
| TAA-641 | [Jenkins] Horizon Gerrit URL path breaks upstream Gerrit FETCH |
| TAA-639 | Keycloak Sign-in Failure: Non-Admin Users Stuck on Loading Screen |
| TAA-631 | MTK Connect license file in wrong location |
| TAA-628 | [Jenkins] CF instance creation (connection loss) |
| TAA-627 | [Jenkins][Dev] Investigate build nodes not scaling past 13 |
| TAA-622 | Workloads documentation - wrong paths |
| TAA-615 | Improve the Gerrit post job |
| TAA-401 | [Jenkins] Agent losing connection to instance |
| TAA-309 | [Jenkins] 'Build Now' post restart |
The main objective for Release 1.0.0 is to achieve Minimal Viable Product level for Horizon SDV platform where orchestration will be done using Terraform on GCP with the intention of deploying the tooling on the platform using a simple provisioner. Horizon SDV platform in Rel.1.0.0 supports:
- GCP platform / services.
- Terraform orchestration (IaC).
- IaC stored in GitHub repo and provisioned either via CLI or GitHub actions.
- Platform supports Gerrit to host Android (AAOS) repos and manifests, and allows users to create their own repos.
- With some pre-submit checks: e.g., voting labels: code review and manual vs automated triggered builds.
- Will mirror and fork AAOSP manifests repo, and one additional code repo for demonstrating the SDV Tooling pipeline. Locally mirrored/forked manifest will be updated to point to the internally mirrored code repo, all other repos will remain using the external OSS AAOS repos hosted by Google.
- Platform supports Jenkins to allow for concurrent, multiple builds for iterative builds from changes in open review in Gerrit, full builds (manually, when user requests) and CTS testing.
- Platform supports an artefact registry to hold all build artefacts and test results.
- Platform supports a means to run CTS tests and use the Accenture MTK Connect solution for UI/UX testing.
| ID | Feature | Description |
|---|---|---|
| TAA-6 | Platform foundation | Platform foundation including support for: GCP, Terraform workflow, Stage 1 and Stage 2 deployment with ArgoCD, Jenkins Orchestration and Authentication support through Keycloak. |
| TAA-12 | Github Setup | Github support for Horizon SDV platform repositories. |
| TAA-67 | Tooling for tooling | Android build pipelines support. |
| TAA-5 | Gerrit | Gerrit support. |
| TAA-61 | MTK Connect | Test connections to CVD with MTK Connect support. |
| TAA-2 | Android Virtual Devices | Pipelines for Android Virtual Devices CVD and AVD. |
N/A
| ID | Summary |
|---|---|
| TAA-608 | MTK Connect - testbench registration failing |
| TAA-593 | [Jenkins] Jenkins config auto reload affecting builds |
| TAA-590 | [Jenkins] CTS_DOWNLOAD_URL : strip trailing slashes |
| TAA-589 | [Jenkins] computeEngine: cuttlefish-vm-v110 points to incorrect instance template |
| TAA-577 | [Jenkins] CF CVD launcher fails to boot devices |
| TAA-562 | [Jenkins] Warnings from pipeline (Pipeline Groovy) |
| TAA-532 | [Jenkins] Stage View bug (display pipeline) |
| TAA-530 | [Jenkins] Regression: Exceptions raised on connection/instance loss |
| TAA-528 | [MTK Connect] node warnings: MaxListenersExceededWarning |
| TAA-520 | [Jenkins] Reinstate cuttlefish-vm termination |
| TAA-519 | TAA-518[Jenkins] Reinstate MTKC Test bench deletion env pipeline |
| TAA-518 | [Jenkins] Reinstate MTKC Test bench deletion env pipeline |
| TAA-518 | [Jenkins] CVD / CTS - hudson exceptions reported and jobs fail |
| TAA-516 | [Jenkins] Make test jobs more defensive + improvements |
| TAA-508 | [MTK Connect] Not terminating |
| TAA-507 | [Jenkins] CVD/CTS test run: times out on android-14.0.0_r74 |
| TAA-502 | Re-apply pull-request trigger to GitHub workflows |
| TAA-501 | Invent a solution for restricting GitHub workflows to a given branch |
| TAA-498 | Gerrit-admin password is not created in Keycloak |
| TAA-496 | [Android Studio] Arm builds throw an error due to config |
| TAA-490 | [RPi] RPi4 again broken |
| TAA-478 | [Jenkins] CLEAN_ALL: rsync errors |
| TAA-477 | [Gerrit] Branch name revision incorrect for 15 - build failures |
| TAA-425 | [Jenkins] Native Linux install of MTKC fails (unattended-upgr) |
| TAA-412 | [Jenkins] Russian Roulette with cache instance causing build failures |
| TAA-400 | [Jenkins] SSH issues |
| TAA-398 | [Jenkins] GCE plugin losing connection with VM instance |
| TAA-394 | [Gerrit] Admin password stored in secrets with newline |
| TAA-354 | [Jenkins] CVD adb devices not always working as expected |