v0.14.3

Pipelines as Code v0.14.3

Pipelines as Code patch version v0.14.3 has been released 🥳

Features

• tkn pac resolve command now ask for a token when we detect a git_auth_secret in template PR , resolve-DOC , private-repo-DOC

pac-resolve.mp4

• We are now hiding secrets from the log snippets, this avoid leaking secrets by looking into the PipelineRun and grab the environment variable on every tasks and steps attached to the PipelineRun, fetch the values of the secrets and if there are any match of those values in the log snippet it will replace them with a ***** palceholder. PR , error-snippet-DOC , error-log-snippet-setting-DOC

• There are some update on tkn-pac create repo , tkn-pac webhook add tkn-pac generate commands

  • tkn-pac create repo

    • Add webhook when GithubApp is configured

      1. tkn-pac create repo won't add Github webhook when GithubApp is configured
      2. tkn-pac create repo add Gitlab webhook when GithubApp is configured
      3. tkn-pac create repo add Bitbucket Cloud webhook when GithubApp is configured

    • Add webhook when GithubApp is not configured

      1. tkn-pac create repo add Github webhook successfully and detect provider by command itself
      2. tkn-pac create repo add Gitlab webhook successfully and detect provider by command itself
      3. tkn-pac create repo add Bitbucket Cloud webhook successfully and detect provider by command itself

  • tkn-pac webhook add

    • Add webhook to existing repository
    • Re-add a webhook to existing repo because the webhook was deleted on the Git provider

  • tkn-pac generate

    • Added extra info regarding push

    $ ./tkn-pac generate
    ? Enter the Git event type for triggering the pipeline:  Pull Request
    ? Enter the target GIT branch for the Pull Request (default: main):  
    ℹ Directory .tekton has been created.
    ✓ A basic template has been created in /home/sashture/Go/src/github.com/savitaashture/cee/.tekton/pull-request.yaml, feel free to customize it.
    ℹ You can test your pipeline manually with: tkn-pac resolve -f .tekton/pull-request.yaml | kubectl create -f-
    ℹ You can test your pipeline by pushing generated template to your git repository
    

For more details refer to the hackmd.io document , PR

• The secrets automatically generated for git_auth_secret are now a "owner reference" with pipelinerun. They will automatically get cleaned right with the PipelineRun instead of right after the pipelinerun execution. PR , Doc

• The automatic secret now include a "token" key with the short lived token generated. PR , Doc.

• Updated tkn-pac logs to show repo name instead of pr PR

• Checking for github webhook token expiration was previously not working properly, we are now detecting properly if the token has expired. PR

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.14.3/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.14.3/release.k8s.yaml

Documentation

documentation is available here :

https://pipelinesascode.com

Changelog

• d493833: Add condition to check existance of GithubApp only for github repo and not for Gitlab or Bitbucket (@savitaashture)
• 911fae9: Add documentation about fine grained webhook token (@chmouel)
• 1ea74cc: Apply suggestions from code review (@chmouel)
• 1ea29f0: Detect existing secret if it exist and reuses it (@chmouel)
• 7ddac64: Detect git_auth_secret in tkn pac resolve (@chmouel)
• 0a8cbfd: Fix checking token expiration on webhook (@chmouel)
• f7e5e30: Fix gitea test for cli generation (@chmouel)
• c03480a: Fix pylint latest error (@chmouel)
• 99de10c: Fix tkn pac resolve with remote task (@chmouel)
• ab58012: Fix: watcher was breaking when taskref was used in pipelinerun (@sm43)
• 71d49f7: Hide secrets from log snippets (@chmouel)
• 3dcdbc8: Only report expired token error when there is one (@chmouel)
• f625295: Refactor secrets (@chmouel)
• cb971ce: Separate installing ingress dashboard and pac (@chmouel)
• 415836e: Update commands of create repo, webhook add and generate (@savitaashture)
• 1244f38: Updates basic auth secret owner reference with pipelinerun (@sm43)
• 112b5df: Use gitea from the nightly cluster instead from kind (@chmouel)
• ace2127: Workaround some gitea bugs (@chmouel)
• 12dcb84: add more gitea hack workaround (@chmouel)
• 50a3259: detect installation locally (@chmouel)
• 0944329: fixes pod breaking due to nil client & removes duplication (@sm43)
• e10a28b: refactor the text in a common code (@chmouel)
• 8288716: rephrase resolver documentation (@chmouel)
• 43c29da: show repo name instead of pr when using tkn pac logs (@chmouel)