Skip to content

Releases: tektoncd/pipeline

Tekton Pipeline release v1.10.0 "LaPerm Little Helper"

27 Feb 06:03
@tekton-robot tekton-robot
v1.10.0
9db88e0

Choose a tag to compare

View all tags
Tekton Pipeline release v1.10.0 "LaPerm Little Helper" Latest
Latest

🎉 Observability, evolved: Tekton Pipelines migrates to OpenTelemetry 🎉

-Docs @ v1.10.0
-Examples @ v1.10.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.10.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a94dd58f7cfb4996ccce2c937681486ef690dab5e560e66c6c34aa9b446f32651

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a94dd58f7cfb4996ccce2c937681486ef690dab5e560e66c6c34aa9b446f32651
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.10.0/release.yaml
REKOR_UUID=108e9186e8c5677a94dd58f7cfb4996ccce2c937681486ef690dab5e560e66c6c34aa9b446f32651

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.10.0@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

  • 🚨 Metrics migration from OpenCensus to OpenTelemetry (#9043)

    ACTION REQUIRED: Infrastructure metrics (Go runtime, Workqueue, K8s Client) have been renamed from the tekton_pipelines_controller_ prefix to standard OpenTelemetry/Knative namespaces. The reason label has been added to duration metrics (pipelinerun_duration_seconds, taskrun_duration_seconds). The reconcile_count and reconcile_latency metrics have been removed.

    Upgrade actions:

    1. Update Config: Ensure your config-observability ConfigMap uses metrics-protocol: prometheus (or grpc/http) instead of the old metrics.backend-destination. If prometheus was already being used, no changes are needed.
    2. Update Dashboards:
      • Replace tekton_pipelines_controller_workqueue_* queries with kn_workqueue_*
      • Replace tekton_pipelines_controller_go_* queries with standard go_* metrics
      • Check aggregations on pipelinerun_duration_seconds to account for the new reason label

    See the full migration table in PR #9043 for complete details.

Changes

Features

  • ✨ feat: Add SHA-256 support for Git resolver revision validation (#9278)

    Git resolver now supports SHA-256 commit hashes for revision validation.

  • ✨ feat(metrics): Migrate from OpenCensus to OpenTelemetry (#9043)

    Migrated PipelineRun and TaskRun metrics to OpenTelemetry instruments (histograms, counters, gauges). Updated Knative to 1.19. See Upgrade Notices for breaking changes and required actions.

  • ✨ ci: add /rebase slash command workflow (#9375)

Fixes

  • 🐛 fix: Remove redundant shortNames from ResolutionRequest CRD (#9398)

    Remove redundant shortNames from ResolutionRequest CRD that caused ShortNamesConflict on Kubernetes 1.33+

  • 🐛 fix(pipelines): allow pipeline param defaults to use non-param variables (#9386)

    Fixed a bug which caused PipelineRun validation to fail when a pipeline parameter's default value referenced a non-parameter variable (e.g. $(context.pipelineRun.name))

  • 🐛 fix: pipeline-level results not recorded from failed tasks (#9367)

    Pipeline-level results now include results from failed, cancelled, and timed-out tasks, fixing cases where results referencing non-successful task outputs were left as unresolved variable strings.

  • 🐛 ci: replace e2e-only fan-in with unified CI summary job (#9394)

  • 🐛 fix: Align cache configstore with framework implementation (#9282)

  • 🐛 accept featureFlags.EnableTektonOCIBundles to fix unknown field error (#8996)

Misc

  • 🔨 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /test/resolver-with-timeout (#9426)
  • 🔨 Move v0.68 LTS to End of Life releases (#9434)
  • 🔨 Assess several new gosec findings (#9405)
  • 🔨 ci: Update cherry-pick command to latest plumbing (#9400)
  • 🔨 build(deps): bump opentelemetry exporter packages to v1.39.0 (#9332)
  • 🔨 build(deps): bump github.com/google/go-containerregistry from 0.21.0 to 0.21.1 (#9433)
  • 🔨 build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 (#9431)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9430)
  • 🔨 build(deps): bump tj-actions/changed-files from 47.0.2 to 47.0.4 (#9429)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 (#9428)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.6.1 to 1.6.4 (#9427)
  • 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.10.4 in /test/resolver-with-timeout (#9425)
  • 🔨 build(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 (#9418)
  • 🔨 build(deps): bump github.com/tektoncd/pipeline from 1.9.0 to 1.9.1 in /test/custom-task-ctrls/wait-task-beta (#9417)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9397)
  • 🔨 build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 (#9396)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.16 to 1.6.1 (#9395)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 (#9392)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.16 to 1.15.17 (#9391)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 (#9389)
  • 🔨 build(deps): bump k8s.io/code-generator from 0.32.11 to 0.32.12 (#9388)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.11 to 0.32.12 (#9385)
  • 🔨 build(deps): bump k8s.io/apimachinery from 0.33.7 to 0.33.8 (#9384)
  • 🔨 build(deps): bump k8s.io/client-go from 0.32.11 to 0.32.12 (#9383)
  • 🔨 build(deps): bump k8s.io/client-go from 0.32.11 to 0.32.12 in /test/custom-task-ctrls/wait-task-beta (#9382)
  • 🔨 build(deps): bump k8s.io/api from 0.32.11 to 0.32.12 in /test/custom-task-ctrls/wait-task-beta (#9381)
  • 🔨 build(deps): bump k8s.io/apimachinery from 0.33.7 to 0.33.8 in /test/custom-task-ctrls/wait-task-beta (#9380)
  • 🔨 build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 (#9374)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9373)
  • 🔨 build(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 (#9372)
  • 🔨 build(deps): bump tj-actions/changed-files from 47.0.1 to 47.0.2 (#9371)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.14 to 1.5.16 (#9370)
  • 🔨 build(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#9369)
  • 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.39.0 to 1.40.0 (#9363)
  • 🔨 fix(ci): simplify e2e test health status result (#9361)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9352)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.13 to 1.5.14 (#9351)
  • 🔨 build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 (#9350)
  • 🔨 build(deps): bump actions/cache from 4.2.3 to 5.0.3 (#9348)
  • 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.37.0 to 1.40.0 (#9345)
  • 🔨 build(deps): bump github.com/tektoncd/pipeline from 1.7.0 to 1.9.0 in /test/custom-task-ctrls/wait-task-beta (#9340)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 (#9337)
  • 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.14.0 to 1.14.1 (#9336)
  • 🔨 build(deps): bump sigstore/sigstore from 1.9.5 to 1.10.4 (#9331)
  • 🔨 build(deps): bump github.com/tektoncd/pipeline to v1.7.0 in wait-task-beta (#9329)

Docs

  • 📖 docs: clarify flag availability across controller binaries (#9390)
  • 📖 docs: update releases.md for v1.9.0 LTS (#9339)
  • 📖 docs: Document roadmap project board workflows and best practices (#9311)
  • 📖 Update examples in docs for changes in apiVersion v1 (#9042)

Thanks

Thanks to these contributors who contributed to v1.10.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, johankok, and 11 other contributors
Assets 4
Loading

Tekton Pipeline release v1.9.1 "Devon Rex Dreadnought"

19 Feb 15:30
@tekton-robot tekton-robot
v1.9.1
5a40b3f

Choose a tag to compare

View all tags
Tekton Pipeline release v1.9.1 "Devon Rex Dreadnought"

-Docs @ v1.9.1
-Examples @ v1.9.1

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a127d1213c2768a992b19df1a58983ef2336fc3ede3d6b9fdbd7e49431bdf3cc0

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a127d1213c2768a992b19df1a58983ef2336fc3ede3d6b9fdbd7e49431bdf3cc0
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.1/release.yaml
REKOR_UUID=108e9186e8c5677a127d1213c2768a992b19df1a58983ef2336fc3ede3d6b9fdbd7e49431bdf3cc0

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.9.1@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v1.9.x] fix(pipelines): allow pipeline param defaults to use non-param variables (#9387)

Misc

  • 🔨 [release-v1.9.x] ci: add CI summary fan-in job for branch protection (#9407)
  • 🔨 [cherry-pick: release-v1.9.x] tekton: update plumbing ref to latest commit (#9413)
  • 🔨 [cherry-pick: release-v1.9.x] tekton: update plumbing ref to include full image references fix (#9401)

Docs

Thanks

Thanks to these contributors who contributed to v1.9.1!

Extra shout-out for awesome release notes:

Contributors

vdemeester and tekton-robot
Loading

Tekton Pipeline release v1.9.0 LTS "Devon Rex Dreadnought"

30 Jan 21:04
@tekton-robot tekton-robot
v1.9.0
0cc7987

Choose a tag to compare

View all tags
Tekton Pipeline release v1.9.0 LTS "Devon Rex Dreadnought"

🎉 hostUsers support and digest validation for http resolver 🎉

-Docs @ v1.9.0
-Examples @ v1.9.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.0/release.yaml
REKOR_UUID=108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.9.0@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: add ServiceAccount inheritance to Affinity Assistants (#9253)

  • ✨ Add hostUsers field support to PodTemplate (#9227)

  • ✨ feat: Add digest validation support to HTTP resolver (#9171)

  • ✨ taskrun: include actual result size in error when exceeding maxResultSize (#8869)

Fixes

  • 🐛 fix(pipelinerun): fix the issue of massive invalid status updates caused by unordered arrays, which will greatly impact the resource load and stability of the apiserver. (#9295)

  • 🐛 Fix parameter resolution for defaults with references (#9271)

  • 🐛 Fix duplicated protobuf tag in pod.Template struct (#9229)

  • 🐛 fix: Prevent excessive reconciliation when timeout disabled (#9202)

  • 🐛 fix: Detect pod configuration errors early instead of timeout (#9197)

  • 🐛 chore(ci): update cherry-pick workflow to fix multi-commit PRs (#9320)

  • 🐛 fix: validate taskRef.apiVersion format for custom tasks (#9045)

  • 🐛 test(e2e): move flaky retry/matrix tests to no-ci temporarily (#9242)

  • 🐛 fix(e2e): improve dind-sidecar probe configuration for reliability (#9241)

Misc

  • 🔨 fix: reduce CRD size by shortening verbose descriptions (#9252)
  • 🔨 ci: add KOCACHE to speed up ko builds in GitHub Actions (#9319)
  • 🔨 Improve code consistency and fix missing test annotation (#9266)
  • 🔨 Remove the GHCR migration notice from the readme (#9237)
  • 🔨 fix: release pipeline feedback (#9210)
  • 🔨 build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#9333)
  • 🔨 build(deps): bump github.com/google/cel-go from 0.26.0 to 0.27.0 (#9330)
  • 🔨 build(deps): bump github/codeql-action from 4.31.9 to 4.32.0 (#9310)
  • 🔨 build(deps): bump the all group in /tekton with 3 updates (#9309)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.12 to 1.5.13 (#9308)
  • 🔨 build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#9307)
  • 🔨 build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 (#9306)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#9299)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.11 to 1.5.12 (#9298)
  • 🔨 build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#9297)
  • 🔨 build(deps): bump actions/cache from 5.0.1 to 5.0.2 (#9296)
  • 🔨 build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 (#9293)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#9291)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.10 to 1.5.11 (#9290)
  • 🔨 build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#9288)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.8 to 0.32.11 (#9286)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#9281)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9268)
  • 🔨 build(deps): bump chainguard/go from 2f71c4d to 0cd4986 in /tekton in the all group (#9264)
  • 🔨 build(deps): bump peter-evans/slash-command-dispatch from 5.0.1 to 5.0.2 (#9263)
  • 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.12.4 to 1.14.0 (#9261)
  • 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#9259)
  • 🔨 build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.16.1 to 2.16.2 (#9258)
  • 🔨 build(deps): bump k8s.io/client-go from 0.32.8 to 0.32.11 (#9256)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#9254)
  • 🔨 .github/workflows: Add a comment to main for plumbing's shared workflows (#9248)
  • 🔨 build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 (#9247)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#9246)
  • 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.37.0 to 1.39.0 (#9245)
  • 🔨 build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.7 (#9244)
  • 🔨 fix(codegen): Correct JSON tags for streaming lists (#9240)
  • 🔨 Fix golangci-lint action step for large diff (#9239)
  • 🔨 Fix: CI job incorrectly skipped by file change detection (#9238)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9236)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 (#9235)
  • 🔨 build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 (#9234)
  • 🔨 build(deps): bump actions/cache from 4.3.0 to 5.0.1 (#9233)
  • 🔨 build(deps): bump tj-actions/changed-files from abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b to e0021407031f5be11a464abee9a0776171c79891 (#9232)
  • 🔨 build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#9231)
  • 🔨 Add twoGiants as pipeline maintainers (#9230)
  • 🔨 fix: Add permissions to cherry-pick workflow (#9225)
  • 🔨 Proposal: test: implement parallel/serial test categorization system (#9224)
  • 🔨 github/workflows: use cherry-pick workflows from plumbing (#9222)
  • 🔨 .github/workflows: fixing go-coverage token issues (#9221)
  • 🔨 build(deps): bump the all group across 1 directory with 4 updates (#9220)
  • 🔨 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#9219)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 (#9218)
  • 🔨 build(deps): bump peter-evans/slash-command-dispatch from 4.0.0 to 5.0.1 (#9217)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 (#9216)
  • 🔨 build(deps): bump github/codeql-action from 4.31.6 to 4.31.7 (#9215)
  • 🔨 chore: enhance cherry-pick PR format with original context (#9214)
  • 🔨 Fix commit SHA of github-script action (#9203)
  • 🔨 test: limit examples test parallelism to 2 to prevent timeouts (#9200)
  • 🔨 .github/workflows: use CHATOPS_TOKEN for coverage comments (#9198)
  • 🔨 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#9195)
  • 🔨 build(deps): bump github/codeql-action from 4.31.5 to 4.31.6 (#9194)
  • 🔨 .github/workflows: use plumbing workflow for chatops_retest (#9192)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.4 to 1.15.16 (#9183)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.75.0 to 1.77.0 (#9177)

Docs

  • 📖 chore: fix YAML indentation in release cheat sheet (#9226)
  • 📖 Remove beta note from projected workspaces and csi as they are stable (#9208)
  • 📖 Update releases.md for 1.7 (#9205)

Thanks

Thanks to these contributors who contributed to v1.9.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, khrm, and 13 other contributors
Loading
0 Join discussion

Tekton Pipeline release v1.7.0 "LaPerm Little Helper"

03 Dec 11:22
@tekton-robot tekton-robot
v1.7.0
478d30f

Choose a tag to compare

View all tags
Tekton Pipeline release v1.7.0 "LaPerm Little Helper"

🎉 Bug fixes, stability improvements and dependency updates 🎉

-Docs @ v1.7.0
-Examples @ v1.7.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.7.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.7.0/release.yaml
REKOR_UUID=108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.7.0@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

  • 🐛 fix: Populate step statuses before TaskRun timeout handling (#9184)

Fix a race condition on timeout that would result in a TaskRun status without steps statuses.

  • 🐛 fix: panic in v1beta1 matrix validation for invalid result refs (#9135)

Resolved an issue where Pipelines with invalid result references in matrix parameters would cause a panic during validation (v1beta1 API)

  • 🐛 Use patch instead of update to replace sidecars with nop image (#9128)

Fixed race condition causing TaskRuns to fail with 409 conflict error when stopping sidecars.
StopSidecars now uses Patch instead of Update to avoid conflicts with concurrent kubelet pod status updates.

  • 🐛 fix: Add missing comma in slash commands workflow (#9157)
  • 🐛 Fix tekton/publish sed for combined-based-image digest replacement (#9119)
  • 🐛 examples: reduce the size of the matrix to reduce flakiness (#9187)

Misc

  • 🔨 Migrate tests images out of dockerhub. (#9158)
  • 🔨 refactor: add clock injection to cache for testing (#9142)
  • 🔨 Remove deprecated // +build directive from most files (#9118)
  • 🔨 build(deps): bump tj-actions/changed-files from 6da3c88b60ebf09464ada9b06fba5b6f2d34bb94 to abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b (#9196)
  • 🔨 chore(release-pipeline): update references to oci bucket (#9189)
  • 🔨 .github/workflows: fix e2e-matrix-extras (#9185)
  • 🔨 build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#9181)
  • 🔨 build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#9180)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#9179)
  • 🔨 .github: add a dependabot configuration to monitor .ko.yaml (#9173)
  • 🔨 feat: Add GitHub Actions cherry-pick slash command (#9172)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9170)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#9169)
  • 🔨 build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#9168)
  • 🔨 build(deps): bump tj-actions/changed-files from 70069877f29101175ed2b055d210fe8b1d54d7d7 to 6da3c88b60ebf09464ada9b06fba5b6f2d34bb94 (#9167)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.10 (#9166)
  • 🔨 build(deps): bump github/codeql-action from 4.31.0 to 4.31.5 (#9165)
  • 🔨 Fix commit SHA of actions/github-script in e2e-extras workflow (#9161)
  • 🔨 Fix the e2e-extras slash command (#9160)
  • 🔨 examples: make sure we use the same image for sidecar and step (#9139)
  • 🔨 fix(ci): correct grep patterns in detect job (#9137)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9134)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.7 to 1.5.8 (#9133)
  • 🔨 build(deps): bump tj-actions/changed-files from 0ff001de0805038ff3f118de4875002200057732 to 70069877f29101175ed2b055d210fe8b1d54d7d7 (#9132)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 (#9131)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#9130)
  • 🔨 fix: label checker action reference (#9129)
  • 🔨 Update releases.md after 1.6.0 release (#9127)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9124)
  • 🔨 build(deps): bump tj-actions/changed-files from dbf178ceecb9304128c8e0648591d71208c6e2c9 to 0ff001de0805038ff3f118de4875002200057732 (#9122)
  • 🔨 feat: upload release manifests to oracle cloud (#9121)
  • 🔨 test: reduce the number of examples tests running in parallel (#9114)
  • 🔨 Run less e2e matrix by default (#9109)
  • 🔨 ci: skip running builds and tests if no code changed (#8768)
  • 🔨 fix: update tekton setup action (#9126)
  • 🔨 build(deps): bump github.com/docker/docker from 26.1.5+incompatible to 28.0.0+incompatible in /test/resolver-with-timeout (#9182)

Thanks

Thanks to these contributors who contributed to v1.7.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, twoGiants, and 7 other contributors
Loading
0 Join discussion

Tekton Pipeline release v1.6.0 LTS "Sphynx Sentinels"

31 Oct 09:03
@tekton-robot tekton-robot
v1.6.0
fcba522

Choose a tag to compare

View all tags
Tekton Pipeline release v1.6.0 LTS "Sphynx Sentinels"

🎉 Resolvers caching, Pipeline in Pipeline, and better ARM64 support & tested releases 🎉

-Docs @ v1.6.0
-Examples @ v1.6.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.0/release.yaml
REKOR_UUID=108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.6.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: implement shared cache for bundle, git, and cluster resolvers (#9051)

Support caching for bundle, git, and cluster resolvers, reducing redundant fetches and improving pipeline performance.

Key Features:

  • Automatic caching for immutable references (digest-based bundles, git SHAs)
  • Three cache modes: always (cache everything), never (disable caching),auto (cache only immutable references - default)
  • Configurable via ConfigMap: Set cache size and TTL without restarting controllers
  • Per-task override: Tasks can override global cache settings using the cache parameter
  • Observability: Cache hits/misses and timestamps added to resource annotations

This helps reduce external API calls, improves pipeline exec speed, and provides better resilience during remote resource resolution.

  • ✨ feat: resolve array values in Input of When expressions (#9038)

Array values can now be resolved in the Input attribute of When expressions

  • ✨ Issue 9032 - Add support for step display name (#9033)

add displayName field to Step.

A Pipeline can now execute embedded Pipelines (Pipelines-in-Pipelines) using the PipelineSpec field under tasks. Refer to the TEP-0056 for more details.

Fixes

  • 🐛 fix: do not fail PipelineRun when TaskRef reconciles with retryable err (#9099)

With this change, unknown DryRunValidation errors during TaskRef and PipelineRef resolution no longer cause PipelineRuns and TaskRuns to fail. Explicit Validation errors will still cause the Run to fail.

  • 🐛 Added signal handling in SidecarLog results to support Kubernetes-native sidecar functionality (#9095)

Added signal handling to SidecarLog to support Kubernetes-native sidecar functionality, preventing repeated restarts of the init container.

  • 🐛 Pods for timed out TaskRuns should not be deleted when keep-pod-on-cancel feature flag is true (#9075)

If Feature flag "keep-pod-on-cancel" is set to true then pods corresponding to TaskRun will be not be deleted when TaskRun Times Out. Earlier pod was retained only if it taskrun was canceled.

  • 🐛 fix(taskrun): ensure status steps are ordered correctly when using StepAction (#9039)

Binary file (standard input) matches

  • 🐛 entrypoint: handle linux in pkgs/platforms (#9096)
  • 🐛 test/e2e: remove data race on global variable requireAlphaFeatureFlag (#9067)
  • 🐛 tests: pdate csi-node-driver-registrar image reference (#9089)
  • 🐛 ci: Ensure e2e setup errors fail tests, add retries during e2e setup (#9082)
  • 🐛 test/e2e: Fix TestLargerResultsSidecarLogs and TestWaitCustomTask_V1_PipelineRun flakyness (#9072)

Misc

  • 🔨 e2e: migrate wait.PollImmediate deprecated functions (#9073)
  • 🔨 chore: centralize ko base image configuration (#9110)
  • 🔨 build(deps): bump k8s.io/code-generator from 0.32.8 to 0.32.9 (#9106)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#9105)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.7 (#9104)
  • 🔨 build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#9103)
  • 🔨 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#9102)
  • 🔨 build(deps): bump tj-actions/changed-files from d03a93c0dbfac6d6dd6a0d8a5e7daff992b07449 to dbf178ceecb9304128c8e0648591d71208c6e2c9 (#9101)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.10 (#9097)
  • 🔨 e2e: tests against 1.34 as well (#9091)
  • 🔨 ci/e2e: run one e2e on arm64 (#9090)
  • 🔨 build(deps): bump github/codeql-action from 3.30.1 to 4.30.9 (#9088)
  • 🔨 build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#9087)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 (#9086)
  • 🔨 build(deps): bump golang.org/x/crypto from 0.41.0 to 0.43.0 (#9085)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#9081)
  • 🔨 build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.2 (#9079)
  • 🔨 build(deps): bump actions/cache from 4.2.4 to 4.3.0 (#9078)
  • 🔨 build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 (#9077)
  • 🔨 build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#9076)
  • 🔨 test/e2e: update kubernetes versions we test against (#9068)
  • 🔨 Pin actions by commit SHA or image digest (#9061)
  • 🔨 build(deps): bump tj-actions/changed-files from 2036da178f85576f1940fedb74bb93a36cd89ab7 to d03a93c0dbfac6d6dd6a0d8a5e7daff992b07449 (#9058)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.4.12 to 1.5.3 (#9057)
  • 🔨 Add GitHub Actions workflow for go coverage job (#9055)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.7.2 to 4.8.0 (#9047)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#9036)
  • 🔨 build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#9027)
  • 🔨 fix: fix %w formatting leak in user-facing error (#9003)
  • 🔨 build(deps): bump the all group in /tekton with 3 updates (#8990)
  • 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.5.0 to 2.6.0 (#8988)

Docs

  • 📖 document the latest release - 1.5 (#9054)
  • 📖 Remove broken example link from TaskRuns doc (#9023)

Thanks

Thanks to these contributors who contributed to v1.6.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, pritidesai, and 10 other contributors
Loading

Tekton Pipeline release v1.5.0 "Bombay Robbie"

02 Oct 20:45
@tekton-robot tekton-robot
v1.5.0
81db63a

Choose a tag to compare

View all tags
Tekton Pipeline release v1.5.0 "Bombay Robbie"

🎉 Use managedBy to delegate pipelineRun and taskRun lifecycle control 🎉

-Docs @ v1.5.0
-Examples @ v1.5.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.5.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a657cc892687dc9dbf41be24c29f51d2f5fc1092446b0739ec5280bb6b0bc1b82

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a657cc892687dc9dbf41be24c29f51d2f5fc1092446b0739ec5280bb6b0bc1b82
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.5.0/release.yaml
REKOR_UUID=108e9186e8c5677a657cc892687dc9dbf41be24c29f51d2f5fc1092446b0739ec5280bb6b0bc1b82

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.5.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add Support for managedBy field in TaskRun and PipelineRun (#8965)

Added a "managedBy" field to delegate responsibility of controlling the lifecycle of PipelineRuns/TaskRuns.

The semantics of the field:

Whenever the value is set, and it does not point to the built-in controller, then we skip the reconciliation.

  • The field is immutable
  • The field is not defaulted

Fixes

Misc

  • 🔨 GHA label checker (#9050)
  • 🔨 build(deps): bump github/codeql-action from 3.29.10 to 3.30.1 (#9030)
  • 🔨 Set the user-agent in the release name tool (#9016)
  • 🔨 add khrm to reviewers in OWNERS_ALIASES (#9026)

Docs

  • 📖 document 1.3.2 patch (#9022)
  • 📖 Updates for release 1.4 (#9020)

Thanks

Thanks to these contributors who contributed to v1.5.0!

Extra shout-out for awesome release notes:

Contributors

pritidesai, khrm, and 3 other contributors
Loading

Tekton Pipeline release v1.4.0 "Kurilian K-2SO"

04 Sep 17:35
@tekton-robot tekton-robot
v1.4.0
eaf7dc1

Choose a tag to compare

View all tags
Tekton Pipeline release v1.4.0 "Kurilian K-2SO"

🎉 Improved remote resolution and timeout configuration 🎉

-Docs @ v1.4.0
-Examples @ v1.4.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.4.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a040c237838848039376864340e5217f6c7c23f294d61437c3d196cb1112b91f1

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a040c237838848039376864340e5217f6c7c23f294d61437c3d196cb1112b91f1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.4.0/release.yaml
REKOR_UUID=108e9186e8c5677a040c237838848039376864340e5217f6c7c23f294d61437c3d196cb1112b91f1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.4.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: resolve steps referencing StepActions concurrently (#8925)

The resolution of StepActions within a TaskRun is now performed concurrently, which can significantly reduce the time it takes for a TaskRun to start, especially when using multiple remote StepActions.

  • ✨ Do not fail PipelineRun if pvc creation error is because of exceeded quotas (#8903)

PipelineRun do not fail anymore if the pvc creation is due to an exceeded quota ; it will be requeued instead (until quota is available or it times out)

  • ✨ feat: override task timeouts in pipelineruns (#8636)

feature: PipelineRun can now override individual task timeouts with spec.taskRunSpecs[].timeout

Fixes

  • 🐛 check for the kubernetes sidecar implementation (#8986)

Updated the sidecar implementation to check the completion status of initContainers before marking the taskRun complete.

  • 🐛 fix: exclude pending PipelineRuns from metric (#8951)

Fixed tekton_pipelines_controller_running_pipelineruns metric to exclude pending PipelineRuns, it now counts only running PipelineRuns

  • 🐛 Fix tini-git image to be multi-arch (#8944)

Updating tini-git base image to be multi-platform, also fixing the resolvers image.

  • 🐛 fix(#8940): token-authentication header typo in git resolver (#8937)

Bug fix: Before this change, there was a regression in which the git resolver was not authenticating with the provided gitToken and gitTokenKey, breaking the git resolver's http token-based auth. After this change, all git operations performed by the git resolver use the provided gitToken for remote authentication.

  • 🐛 fix: allow finalizer updates on completed TaskRun and PipelineRuns (#9011)
  • 🐛 fix nightly-build workflow to use kind setup action from allowed list (#8939)

Misc

  • 🔨 [FIX] Remove the apt warning (#8624)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.4.10 to 1.4.12 (#8989)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8 (#8985)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 (#8984)
  • 🔨 build(deps): bump the all group in /tekton with 3 updates (#8978)
  • 🔨 build(deps): bump github/codeql-action from 3.29.8 to 3.29.10 (#8977)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.4.9 to 1.4.10 (#8976)
  • 🔨 build(deps): bump tj-actions/changed-files from f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 to 2036da178f85576f1940fedb74bb93a36cd89ab7 (#8975)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 (#8974)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.7 to 0.32.8 (#8973)
  • 🔨 build(deps): bump tj-actions/changed-files from 055970845dd036d7345da7399b7e89f2e10f2b04 to f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 (#8964)
  • 🔨 build(deps): bump github/codeql-action from 3.29.3 to 3.29.8 (#8963)
  • 🔨 build(deps): bump actions/checkout from 4 to 5 (#8962)
  • 🔨 build(deps): bump the all group in /tekton with 3 updates (#8961)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.4.6 to 1.4.9 (#8960)
  • 🔨 build(deps): bump actions/cache from 4.2.3 to 4.2.4 (#8959)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 (#8956)
  • 🔨 build(deps): bump golang.org/x/crypto from 0.39.0 to 0.41.0 (#8954)
  • 🔨 .github/workflows/nightly-builds: only run on tektoncd org (#8950)
  • 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.6 to 0.32.7 (#8894)

Docs

  • 📖 docs: Switch from deprecated Tekton Hub to ArtifactHub (#8967)

Update examples and documentation to use ArtifactHub instead of the deprecated Tekton Hub for resource discovery and management.

  • 📖 release.md: update releases with 1.2.x and 1.3.x (#8952)

Thanks

Thanks to these contributors who contributed to v1.4.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, pritidesai, and 9 other contributors
Loading
0 Join discussion

Tekton Pipeline release v1.3.2 "Maine Coon Melfina"

05 Sep 16:28
@tekton-robot tekton-robot
v1.3.2
f224e9b

Choose a tag to compare

View all tags
Tekton Pipeline release v1.3.2 "Maine Coon Melfina"

-Docs @ v1.3.2
-Examples @ v1.3.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a00888046c319538ae57e1af2654be73472fb885d0554f5181b0736e1edb7c6ed

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a00888046c319538ae57e1af2654be73472fb885d0554f5181b0736e1edb7c6ed
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.2/release.yaml
REKOR_UUID=108e9186e8c5677a00888046c319538ae57e1af2654be73472fb885d0554f5181b0736e1edb7c6ed

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v1.3.x] check for kubernetes sidecar implementation (#8997)

Updated the sidecar implementation to check the completion status of initContainers before marking the taskRun complete.

  • 🐛 [release-v1.3.x] Disable the Gitea e2e tests temporarily to unblock (#9014)

  • 🐛 [release-v1.3.x] Do not fail PipelineRun if pvc creation error is because of exceeded quotas (#9000)

  • 🐛 [release-v1.3.x] fix: exclude pending PipelineRuns from tekton_pipelines_controller_running_pipelineruns metric (#8980)

Fixed tekton_pipelines_controller_running_pipelineruns metric to exclude pending PipelineRuns, it now counts only running PipelineRuns

Thanks

Thanks to these contributors who contributed to v1.3.2!

Extra shout-out for awesome release notes:

Contributors

vdemeester, pritidesai, and 4 other contributors
Loading

Tekton Pipeline release v1.3.1 LTS "Maine Coon Melfina"

05 Aug 21:34
@tekton-robot tekton-robot
v1.3.1
a53cdad

Choose a tag to compare

View all tags
Tekton Pipeline release v1.3.1 LTS "Maine Coon Melfina"

-Docs @ v1.3.1
-Examples @ v1.3.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.1/release.yaml
REKOR_UUID=108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 [release-v1.3.x] Fix tini-git image to be multi-arch (#8948)

pdating tini-git base image to be multi-platform, also fixing the resolvers image.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v1.3.1!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Loading

Tekton Pipeline release v1.3.0 LTS "Maine Coon Melfina"

04 Aug 14:09
@tekton-robot tekton-robot
v1.3.0
4d9bc1d

Choose a tag to compare

View all tags
Tekton Pipeline release v1.3.0 LTS "Maine Coon Melfina"

-Docs @ v1.3.0
-Examples @ v1.3.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.0/release.yaml
REKOR_UUID=108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ exponential backoff in controller (#8926)

Introduced exponential backoff retry mechanism for createPod function to improve robustness against transient webhook issues in a heavy cluster during resource creation.

  • ✨ exponential backoff for and creation (#8902)
  • Introduced exponential backoff retry mechanism for createTaskRun and createCustomRun functions.
  • Retries are triggered only on mutating admission webhook timeouts (HTTP 500 with "timeout" in the error message).
  • Non-retryable errors (e.g., HTTP 400, validation failures) continue to fail immediately.
  • Feature is disabled by default. To enable, set enable-wait-exponential-backoff: "true" in the feature-flags ConfigMap.
  • Backoff parameters (duration, factor, steps) are configurable via the wait-exponential-backoff ConfigMap.
  • Improves robustness against transient webhook issues in a heavy cluster during resource creation.
  • ✨ Feature: Allow THREADS_PER_CONTROLLER env var to override default threads-per-controller value (#8890)

Default threads-per-controller value can be override by THREADS_PER_CONTROLLER env var

  • ✨ Add anti-affinity rules to controller's replicas (#8864)

As part of improving high availability (HA) for the Tekton Pipelines controller, this update adds a preferredDuringSchedulingIgnoredDuringExecution pod anti-affinity rule. This ensures that multiple replicas of the controller are preferably scheduled on different nodes, reducing the risk of service disruption in case of a node failure.

  • ✨ PodTemplate param substitution on TaskRunSpecs to enable multi-arch builds with Matrix (#8599)

TaskRuns and TaskRunSpecs now support param substitution on podTemplate fields. This allows operability with Matrix.

Fixes

  • 🐛 fix(pipeline): support variables in onError for pipeline v1beta1 (#8931)

fix(pipeline): support variables in onError for pipeline v1beta1

  • 🐛 fix: ensure git shell-out inherits environment variables (#8908)

fix: The git resolver now respects environment variables on the pod

  • 🐛 efficient polling in (#8901)

Binary file (standard input) matches

  • 🐛 Use tini-git image for the resolvers deployment (#8895)

The resolvers deployment now uses the tini init system to make sure we don't end up with a lot of git process zombies.

  • 🐛 Re-register metrics only during real update (#8863)

Misc

  • 🔨 Resolvers: remove default TEKTON_HUB_API URI (#8861)

Removing the default value of TEKTON_HUB_API in the resolvers deployment as the public instance of tektoncd/hub (hub.tekton.dev) will be shutdown in September. It's still possible to set this environment variable to a value for users who self host an instance of tektoncd/hub

  • 🔨 Remove linux/arm from platform we publish (#8657)

linux/arm images are not published anymore as part of the release. This means armv5, armv6 and armv7 are not supported anymore.

  • 🔨 Stop emitting deprecated metrics (#8875)

BREAKING CHANGE:

This commit removes the following deprecated metrics that have been replaced
by newer, more descriptive metrics:

PipelineRun Metrics:

  • pipelinerun_count → replaced by pipelinerun_total
  • running_pipelineruns_count → replaced by running_pipelineruns
  • running_pipelineruns_waiting_on_pipeline_resolution_count → replaced by running_pipelineruns_waiting_on_pipeline_resolution
  • running_pipelineruns_waiting_on_task_resolution_count → replaced by running_pipelineruns_waiting_on_task_resolution

TaskRun Metrics:

  • taskrun_count → replaced by taskrun_total
  • running_taskruns_count → replaced by running_taskruns
  • running_taskruns_throttled_by_quota_count → replaced by running_taskruns_throttled_by_quota
  • running_taskruns_throttled_by_node_count → replaced by running_taskruns_throttled_by_node

The replacement metrics provide the same functionality with improved naming
conventions and are already being recorded in the codebase.

  • 🔨 Make sure we do not validate ResolutionRequest on DELETE (#8857)

esolutionRequest are no more validated on DELETE, which is consistent with the rest of the pipeline's objects.

  • 🔨 Move ConfigMap helpers to testing framework and cleanup 🧹 pipelinerun_test.go 🧹. (#8920)
  • 🔨 Remove all reference to gcr.io tekton projects (#8885)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.1 to 1.15.4 (#8935)
  • 🔨 build(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 (#8922)
  • 🔨 refactor getSidecarLogPollingInterval() (#8909)
  • 🔨 build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 (#8907)
  • 🔨 build(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 (#8900)
  • 🔨 build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#8899)
  • 🔨 build(deps): bump the all group in /tekton with 3 updates (#8898)
  • 🔨 nightly builds with gh actions (#8897)
  • 🔨 build(deps): bump k8s.io/client-go from 0.32.6 to 0.32.7 (#8896)
  • 🔨 build(deps): bump k8s.io/code-generator from 0.32.6 to 0.32.7 (#8893)
  • 🔨 build(deps): bump github.com/google/cel-go from 0.25.0 to 0.26.0 (#8892)
  • 🔨 build(deps): bump k8s.io/api from 0.32.6 to 0.32.7 (#8888)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.59 to 1.15.1 (#8884)
  • 🔨 build(deps): bump tj-actions/changed-files from cf79a64fed8a943fb1073260883d08fe0dfb4e56 to 055970845dd036d7345da7399b7e89f2e10f2b04 (#8883)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#8882)
  • 🔨 Add Stanislav (twoGiants) as reviewer to Tekton Pipeline repository. (#8880)
  • 🔨 build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 (#8871)
  • 🔨 build(deps): bump tj-actions/changed-files from e8772ff27de71367c2771ef3e8b5b2075b3f8282 to cf79a64fed8a943fb1073260883d08fe0dfb4e56 (#8867)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#8866)
  • 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.58 to 1.14.59 (#8865)
  • 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.12.0 to 1.12.4 (#8860)
  • 🔨 build(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2 (#8856)
  • 🔨 build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 (#8855)
  • 🔨 build(deps): bump tj-actions/changed-files from d52d20fa3f981cb852b861fd8f55308b5fe29637 to e8772ff27de71367c2771ef3e8b5b2075b3f8282 (#8854)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#8853)
  • 🔨 build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 (#8852)
  • 🔨 Update kubernetes version of the CI (#8758)
  • 🔨 Add a tool to generate the release name (#8629)

Docs

  • 📖 Document controller debugging configuration. (#8881)

Developer documentation in DEVELOPMENT.md contains a "Debugging" section explaining how to setup VSCode for debugging Tekton controllers running in a k8 cluster.

  • 📖 docs: fix typo in pipelineruns.md (#8851)

Thanks

Thanks to these contributors who contributed to v1.3.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, pritidesai, and 10 other contributors
Loading