Tekton Pipeline release v0.48.0 "Shorthair Bard"
π Provenance Beta, Resilient Affinity Assistant and Array Params in Matrix π
-Docs @ v0.48.0
-Examples @ v0.48.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.48.0/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.48.0/release.yaml
REKOR_UUID=24296fb24b8ad77aadae6008428d822bb60159ae252ba66b61d276e7836b724a5cd7c7402aeb0527
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.48.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
- β¨ [TEP-0091] use VerificationResult in verify (#6673)
VerificationResult is the return value for instead of error for VerifyTask and VerifyPipeline.
- β¨ feat: support to produce results from a failed task (#6510)
PipelineRun can produce task results from the failed tasks, and the final task can reference those results.
- β¨ Promote the provenance field in status (#6495)
Promote provenance
field to beta by setting the existing feature flag enable-provenance-in-status
to be true by default with the installation of Tekton Pipeline. This feature flag will be completely removed once we consider this as a stable feature. That said, users can choose to opt out this by setting this feature flag to false.
- β¨ [TEP-0091] add VerificationResult (#6663)
- β¨ [TEP-0089] Inject SpireControllerAPIClient into the Taskrun controller and reconciler. (#6627)
- β¨ [TEP-0089] SPIRE for non-falsifiable provenance. Setup the test environment. (#6553)
- β¨ [TEP-0089] Add CSI volumes to the Pods which provide the SPIRE workload API (#6539)
- β¨ Add matrix support for using references to entire PipelineRun array parameters (#6516)
Fixes
- π Bug Fixes: Update Status for Matrixed PipelineTask (#6661)
Bug Fix: A matrixed pipelineTask will accurately reflect the status of isStarted(), isScheduled(), IsBeforeFirstTaskRun(), IsConditionStatusFalse() with the correct start time based on it's TaskRuns or custom RunObjects.
- π Sync pipelinerun validation between v1beta1 and v1 (#6656)
Sync pipelinerun validation between v1beta1 and v1
- π Split array param indexing validation between reconciler and webhook (#6652)
bug fix: always perform validation of array parameter index bounds checking
- π remove beta flag check for v1beta1 object param,results and array result (#6644)
Remove beta feature flag check for v1beta1 object param, results and array result. Object param, results and array result will be enabled if the enable-api-fields feature flag is not alpha for v1beta1 CRDs (e.g. Tasks and Pipelines)
- π Add validation for array indexing in finally when expressions (#6638)
Bug fix: add validation for out-of-bounds indexing into array parameters referenced in pipeline.spec.finally.when.inputs
- π Don't mark done PipelineRuns as timed out (#6622)
Completed PipelineRuns are not anymore changed to PipelineRunTimeout status
- π Support context variable replacements in custom tasks (#6620)
A user can now define context variables in inline pipeline specs for custom tasks.
- π check beta feature flag for v1 TaskSpec's ValidateParamArrayIndex (#6613)
check beta feature flag for v1 TaskSpec's ValidateParamArrayIndex instead of alpha flag, since array indexing is beta feature
- π Fix conversion of non-object results declared in Tasks (#6606)
Fix conversion bug preventing tasks with non-object results and parameters successfully round-tripping between api versions
- π update affinity assistant creation implementation (#6596)
Resilient Affinity Assistant - make sure the Affinity Assistant pod is always on a healthy node during the entire life cycle of the pipelineRun
- π Allow references to ClusterTasks in v1 Pipeline Tasks (#6588)
Continue to allow v1beta1 ClusterTasks (deprecated) to be referenced in v1 Pipelines
- π Custom task without api version return validation error (#6505)
Custom task without api version returns validation error
- π don't return validation error when taskrun failed/skipped (#6395)
If taskrun fails and task results not emitted, pipelinerun fails because of taskrun fails rather than results validation error.
- π Remove enable-api-fields validation for array index replacements (#6646)
- π Keeps Deprecated Fields in Step and StepTemplate When Switching Versions (#6623)
- π Refactor Sidecar Containers Construction If Script Exists (#6619)
- π Add Unit Tests for Array Results using [] notation (#6577)
Misc
- π¨ Clean up Task parameter validation logic (#6650)
Some functions in pkg/substitution have been removed or renamed.
- π¨ Run events controller as separate binary (#6529)
The cloudevents controller for Run
has been moved to its own binary, with dedicated deployment, service, pod, service account, roles and role bindings. No functional change, no configuration change.
- π¨ Add results-from feature flag to config-feature-flags.yaml (#6692)
- π¨ Cleanup context-based validation of propagated params/workspaces (#6684)
- π¨ Test refactor: separate Task validation tests for propagation (#6677)
- π¨ Cleanup: Remove "substituted context" task validation (#6671)
- π¨ Refactor validation of propagated parameters and workspaces (#6660)
- π¨ Rename function that replaces variables in When Expressions (#6658)
- π¨ Refactor substituting variables in Parameter values (#6657)
- π¨ Split Pipeline validation tests into separate test classes (#6653)
- π¨ Refactor ResolvedPipelineTask and remove redundant fields (#6649)
- π¨ Refactor SequentialTasks & SequentialRuns Tests (#6648)
- π¨ Simplify + add docstrings for PipelineRun resolution (#6643)
- π¨ Refactor validation functions for indexing into array params (#6642)
- π¨ Cleanp - Adding a single variable for default configmaps. (#6639)
- π¨ Remove docstrings indicating that there is a 24h limit on timeouts (#6585)
- π¨ Bump github.com/sigstore/sigstore from 1.6.2 to 1.6.4 (#6629)
- π¨ move trusted resources verification after we resolve the remote resources (#6621)
- π¨ Clean up metrics code slightly. (#6609)
- π¨ Bump github.com/tektoncd/pipeline from 0.46.0 to 0.47.0 in /test/custom-task-ctrls/wait-task-beta (#6582)
- π¨ Bump github.com/spiffe/spire-api-sdk from 1.6.2 to 1.6.3 (#6544)
Docs
- π Docs update: CSI + projected workspaces are beta (#6700)
- π Fix code blocks in the Tasks page (#6676)
- π Update documentation to reflect stability levels and deprecations (#6568)
Thanks
Thanks to these contributors who contributed to v0.48.0!
- β€οΈ @EmmaMunley
- β€οΈ @SaschaSchwarze0
- β€οΈ @XinruZhang
- β€οΈ @Yongxuanzhang
- β€οΈ @afrittoli
- β€οΈ @chitrangpatel
- β€οΈ @chuangw6
- β€οΈ @dependabot[bot]
- β€οΈ @ijschwabacher
- β€οΈ @jagathprakash
- β€οΈ @jerop
- β€οΈ @lbernick
- β€οΈ @pritidesai
- β€οΈ @rh-hectormartinezdev
Extra shout-out for awesome release notes:
- π @EmmaMunley
- π @SaschaSchwarze0
- π @Yongxuanzhang
- π @afrittoli
- π @chitrangpatel
- π @chuangw6
- π @lbernick
- π @pritidesai