Skip to content

Commit

Permalink
pull in upstream changes (#5)
Browse files Browse the repository at this point in the history
* cleanup - ApplyContext parameters

Instead of passing around the entire resolvedTaskResources, which is not
necessary at this point, just pass the task name.

No functional changes expected.

* use podtemplate imagepullsecrets to resolve entrypoint

* Update write_test.go

Fixed a typo

* Fix links to Why Aren't PipelineResources in Beta?

Links to the "Why Aren't PipelineResources in Beta?" section in the docs
should have `aren-t` in the fragment instead of `arent`. This can be
confirmed by clicking the link icon beside the heading and checking the
browser address bar.

* Fix tekton_pipelines_controller_taskrun_count recount bug

Added before and after condition check to avoid taskrun metrics recount bug.

* debug is an alpha feature

Documenting that the debug feature is still alpha. The feature was
introduced in pipelines release 0.26 behind enable-api-fields flag.

* Consider osversion when determining platform uniqueness

Prior to this change, an image (such as `golang:1.17`) that provided two
images that shared the same OS+architecture+variant would be considered
invalid, even if they described two different images whose platforms
differed on, for example, osversion (used by Windows images).

This change relaxes our platform uniqueness logic to take this into
account, unblocking Linux users from running such images.

There's still an issue for Windows users however, since when they
attempt to run these images they'll fail to find the correct command
taking into account their osversion. Workarounds in this case include
specifying a single-platform image, or avoiding multi-platform images
that provide two Windows images differing only by osversion.

This also updates our selection logic to take into account slightly
malformed multi-platform images that specify two images with the same
OS+architecture[+variant], so long as the duplicate entries describe the
same image by digest (e.g., anchore/syft:v0.37.10)

* [TEP-0059] Scope `when` expressions to `Task` only

In [TEP-0007: Conditions Beta][tep-0007], we introduced `when`
expressions to guard execution of `Tasks` in `Pipelines`.
To align with `Conditions`, we set scope of `when` expressions
to the guarded `Task` and its dependent `Tasks`.

In [TEP-0059: Skipping Strategies][tep-0059], we proposed changing
the scope of `when` expressions to the guarded `Task` only. This
was implemented in tektoncd#4085.
We provided a feature flag, `scope-when-expressions-to-task`, to
support migration. It defaulted to `false` for 9 months per our
[Beta API compatibility policy][policy], meaning that we continued
to guard the `Task` and its dependent `Tasks`. In this change, we
flip the flag to `true` to guard the `Task` only by default.

[tep-0007]: https://github.com/tektoncd/community/blob/main/teps/0007-conditions-beta.md
[tep-0059]: https://github.com/tektoncd/community/blob/main/teps/0059-skipping-strategies.md
[policy]: https://github.com/tektoncd/pipeline/blob/main/api_compatibility_policy.md

* Update the `scope-when-expressions-to-task` feature flag docs

In tektoncd#4580, we changed the
flag default from "false" to "true". However, the documentation
above the flag was still describing what setting it to "true" would
do. In this change, we update the documentation to focus on the
non-default option that users can choose to set - "false". We also
add a reference to TEP-0059 and relevant docs for more details.

* Patch temp GOPATH hack script to handle nounset option

Prior to this commit the setup-temporary-gopath.sh used the GOPATH variable without
first checking that it was set. When `set -o nounset` is working this
causes the script to exit with an error.

This commit adds a variable wrapping $GOPATH and setting a default if
it's missing, which should work around the `nounset`.

* use helper functions - MarkResource*

Replace updating the conditions directly with the helper functions -
MarkResourceRunning and MarkRunning.

No functional change expected.

* Update the deprecations table

The tekton.dev/task label for ClusterTasks have been removed in
tektoncd#2533, but the table
has not been updated yet, so doing it in here.

Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>

* Remove deprecated flags home-env and working-dir

This change removes two flags:

- disable-home-env-overwrite
- disable-working-dir-overwrite

That two flags that were originally introduced with default to false
and the feature associated to them was deprecated.
Nine months later (as per policy), in Dec 2020, the default value was
switched to default true and the flags were deprecated. Nine months
later we are finally removing the flags.

Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>

* Fix for some arm64 machines.

As said in GoogleContainerTools/distroless#657, in the past, distroless/base:debug used an arm32 busybox binary in its arm64 image. Which doesn't work on some arm64 machines, e.g., Ubuntu 21 arm64 on Parallel Desktop on Apple Silicon M1. It caused this error:
"
$ docker run -it gcr.io/distroless/base@sha256:cfdc553400d41b47fd231b028403469811fcdbc0e69d66ea8030c5a0b5fbac2b
standard_init_linux.go:228: exec user process caused: exec format error
"

This PR GoogleContainerTools/distroless#960 fixes this bug. Hence, update the distroless/base:debug used by Tekton Pipeline in this commit.

* Add Step and Sidecar Overrides to TaskRun API

This commit adds TaskRunStepOverrides and TaskRunSidecarOverrides to TaskRun.Spec and
PipelineRun.Spec.PipelineTaskRunSpec, gated behind the "alpha" API flag.
This is part 1 of implementing TEP-0094: Configuring Resource Requirements at Runtime.
https://github.com/tektoncd/community/blob/main/teps/0094-configuring-resources-at-runtime.md

* WIP spire.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

changed to use spiffe-csi

Add pod SPIFFE id annotation for workload registrar

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

removed spire jwt

updated obtaining trust bundle

Added SPIFFE entry registration and SVID entrypointer backoff (#2)

* Added SPIFFE entry registration and SVID entrypointer backoff

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* Allow SPIRE configuration through opts

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* Add validation of SpireConfig

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* merged upstream

Signed-off-by: pxp928 <parth.psu@gmail.com>

* added manifest check

* [WIP] Add SPIRE docs (#4)

* merged upstream

* Add several features/optimizations for SPIRE (#3)

* Record pod latency before SPIRE entry creation

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* SPIRE client connection caching

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* Optimize spire entry creation

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* Add TTL for workload entry based on taskrun timeout

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

* Add SPIRE non-falsification doc

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

Co-authored-by: pxp928 <parth.psu@gmail.com>

* merged upstream

Signed-off-by: pxp928 <parth.psu@gmail.com>

Co-authored-by: pritidesai <pdesai@us.ibm.com>
Co-authored-by: Yongxuan Zhang <yongxuanzhang@google.com>
Co-authored-by: Anupama Baskar <anu.baskar@ibm.com>
Co-authored-by: Alan Greene <github.com@alangreene.net>
Co-authored-by: Khurram Baig <kbaig@redhat.com>
Co-authored-by: Jason Hall <jasonhall@redhat.com>
Co-authored-by: Jerop <jerop@google.com>
Co-authored-by: Scott <sbws@google.com>
Co-authored-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
Co-authored-by: Meng-Yuan Huang <myh@live.com>
Co-authored-by: Lee Bernick <lee.a.bernick@gmail.com>
Co-authored-by: Dan Lorenc <dlorenc@google.com>
Co-authored-by: Brandon Lum <lumjjb@gmail.com>
  • Loading branch information
14 people authored Feb 17, 2022
1 parent 77005d3 commit 827e6e6
Show file tree
Hide file tree
Showing 87 changed files with 2,071 additions and 1,185 deletions.
4 changes: 4 additions & 0 deletions cmd/entrypoint/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ func main() {
if err := json.Unmarshal([]byte(env), &cmds); err != nil {
log.Fatal(err)
}
// NB: This value contains OS/architecture and maybe variant.
// It doesn't include osversion, which is necessary to
// disambiguate two images both for e.g., Windows, that only
// differ by osversion.
plat := platforms.DefaultString()
var err error
cmd, err = selectCommandForPlatform(cmds, plat)
Expand Down
12 changes: 0 additions & 12 deletions config/config-feature-flags.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,18 +30,6 @@ data:
# https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline
# or https://github.com/tektoncd/pipeline/pull/2630 for more info.
disable-affinity-assistant: "false"
# Setting this flag to "false" will allow Tekton to override your
# Task container's $HOME environment variable.
#
# See https://github.com/tektoncd/pipeline/issues/2013 for more
# info.
disable-home-env-overwrite: "true"
# Setting this flag to "false" will allow Tekton to override your
# Task container's working directory.
#
# See https://github.com/tektoncd/pipeline/issues/1836 for more
# info.
disable-working-directory-overwrite: "true"
# Setting this flag to "true" will prevent Tekton scanning attached
# service accounts and injecting any credentials it finds into your
# Steps.
Expand Down
4 changes: 2 additions & 2 deletions config/controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@ spec:
# This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim
"-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f",
# The shell image must be root in order to create directories and copy files to PVCs.
# gcr.io/distroless/base:debug as of October 21, 2021
# gcr.io/distroless/base:debug as of February 17, 2022
# image shall not contains tag, so it will be supported on a runtime like cri-o
"-shell-image", "gcr.io/distroless/base@sha256:cfdc553400d41b47fd231b028403469811fcdbc0e69d66ea8030c5a0b5fbac2b",
"-shell-image", "gcr.io/distroless/base@sha256:3cebc059e7e52a4f5a389aa6788ac2b582227d7953933194764ea434f4d70d64",
# for script mode to work with windows we need a powershell image
# pinning to nanoserver tag as of July 15 2021
"-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6",
Expand Down
3 changes: 3 additions & 0 deletions docs/debug.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ weight: 11
`Debug` spec is used for troubleshooting and breakpointing runtime resources. This doc helps understand the inner
workings of debug in Tekton. Currently only the `TaskRun` resource is supported.

This is an alpha feature. The `enable-api-fields` feature flag [must be set to `"alpha"`](./install.md)
to specify `debug` in a `taskRun`.

## Debugging TaskRuns

The following provides explanation on how Debugging TaskRuns is possible through Tekton. To understand how to use
Expand Down
4 changes: 0 additions & 4 deletions docs/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,8 @@ being deprecated.

| Feature Being Deprecated | Deprecation Announcement | [API Compatibility Policy](https://github.com/tektoncd/pipeline/tree/main/api_compatibility_policy.md) | Earliest Date or Release of Removal |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| [`tekton.dev/task` label on ClusterTasks](https://github.com/tektoncd/pipeline/issues/2533) | [v0.12.0](https://github.com/tektoncd/pipeline/releases/tag/v0.12.0) | Beta | January 30 2021 |
| [The `TaskRun.Status.ResourceResults.ResourceRef` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2694) | [v0.14.0](https://github.com/tektoncd/pipeline/releases/tag/v0.14.0) | Beta | April 30 2021 |
| [The `PipelineRun.Spec.ServiceAccountNames` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2614) | [v0.15.0](https://github.com/tektoncd/pipeline/releases/tag/v0.15.0) | Beta | May 15 2021 |
| [`Conditions` CRD is deprecated and will be removed. Use `when` expressions instead.](https://github.com/tektoncd/community/blob/main/teps/0007-conditions-beta.md) | [v0.16.0](https://github.com/tektoncd/pipeline/releases/tag/v0.16.0) | Alpha | Nov 02 2020 |
| [The `disable-home-env-overwrite` flag will be removed](https://github.com/tektoncd/pipeline/issues/2013) | [v0.24.0](https://github.com/tektoncd/pipeline/releases/tag/v0.24.0) | Beta | February 10 2022 |
| [The `disable-working-dir-overwrite` flag will be removed](https://github.com/tektoncd/pipeline/issues/1836) | [v0.24.0](https://github.com/tektoncd/pipeline/releases/tag/v0.24.0) | Beta | February 10 2022 |
| [The `scope-when-expressions-to-task` flag will be flipped from "false" to "true"](https://github.com/tektoncd/pipeline/issues/4461) | [v0.27.0](https://github.com/tektoncd/pipeline/releases/tag/v0.27.0) | Beta | February 10 2022 |
| [The `scope-when-expressions-to-task` flag will be removed](https://github.com/tektoncd/pipeline/issues/4461) | [v0.27.0](https://github.com/tektoncd/pipeline/releases/tag/v0.27.0) | Beta | March 10 2022 |
| [`PipelineResources` are deprecated.](https://github.com/tektoncd/community/blob/main/teps/0074-deprecate-pipelineresources.md) | [v0.30.0](https://github.com/tektoncd/pipeline/releases/tag/v0.30.0) | Alpha | Dec 20 2021 |
14 changes: 3 additions & 11 deletions docs/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -338,14 +338,6 @@ To customize the behavior of the Pipelines Controller, modify the ConfigMap `fea
node in the cluster must have an appropriate label matching `topologyKey`. If some or all nodes
are missing the specified `topologyKey` label, it can lead to unintended behavior.

- `disable-home-env-overwrite` - set this flag to `false` to allow Tekton
to override the `$HOME` environment variable for the containers executing your `Steps`.
The default is `true`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/2013).

- `disable-working-directory-overwrite` - set this flag to `false` to allow Tekton
to override the working directory for the containers executing your `Steps`.
The default value is `true`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/1836).

- `running-in-environment-with-injected-sidecars`: set this flag to `"true"` to allow the
Tekton controller to set the `tekton.dev/ready` annotation at pod creation time for
TaskRuns with no Sidecars specified. Enabling this option should decrease the time it takes for a TaskRun to
Expand Down Expand Up @@ -378,7 +370,7 @@ most stable features to be used. Set it to "alpha" to allow [alpha
features](#alpha-features) to be used.

- `scope-when-expressions-to-task`: set this flag to "true" to scope `when` expressions to guard a `Task` only. Set it
to "false" to guard a `Task` and its dependent `Tasks`. It defaults to "false". For more information, see [guarding
to "false" to guard a `Task` and its dependent `Tasks`. It defaults to "true". For more information, see [guarding
`Task` execution using `when` expressions](pipelines.md#guard-task-execution-using-whenexpressions).

For example:
Expand All @@ -389,8 +381,6 @@ kind: ConfigMap
metadata:
name: feature-flags
data:
disable-home-env-overwrite: "true" # Tekton will not override the $HOME variable for individual Steps.
disable-working-directory-overwrite: "true" # Tekton will not override the working directory for individual Steps.
enable-api-fields: "alpha" # Allow alpha fields to be used in Tasks and Pipelines.
```
Expand All @@ -413,6 +403,8 @@ Features currently in "alpha" are:
| [Implicit `Parameters`](./taskruns.md#implicit-parameters) | [TEP-0023](https://github.com/tektoncd/community/blob/main/teps/0023-implicit-mapping.md) | [v0.28.0](https://github.com/tektoncd/pipeline/releases/tag/v0.28.0) | |
| [Windows Scripts](./tasks.md#windows-scripts) | [TEP-0057](https://github.com/tektoncd/community/blob/main/teps/0057-windows-support.md) | [v0.28.0](https://github.com/tektoncd/pipeline/releases/tag/v0.28.0) | |
| [Remote Tasks](./taskruns.md#remote-tasks) and [Remote Pipelines](./pipelineruns.md#remote-pipelines) | [TEP-0060](https://github.com/tektoncd/community/blob/main/teps/0060-remote-resolutiond.md) | | |
| [Debug](./debug.md) | [TEP-0042](https://github.com/tektoncd/community/blob/main/teps/0042-taskrun-breakpoint-on-failure.md) | [v0.26.0](https://github.com/tektoncd/pipeline/releases/tag/v0.26.0) | |
| [Step and Sidecar Overrides](./taskruns.md#overriding-task-steps-and-sidecars)| [TEP-0094](https://github.com/tektoncd/community/blob/main/teps/0094-specifying-resource-requirements-at-runtime.md) | | |

## Configuring High Availability

Expand Down
2 changes: 1 addition & 1 deletion docs/migrating-v1alpha1-to-v1beta1.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ Since then, **`PipelineResources` have been deprecated**. We encourage users to
features instead of `PipelineResources`. Read more about the deprecation in [TEP-0074](https://github.com/tektoncd/community/blob/main/teps/0074-deprecate-pipelineresources.md).

_More on the reasoning and what's left to do in
[Why aren't PipelineResources in Beta?](resources.md#why-arent-pipelineresources-in-beta)._
[Why aren't PipelineResources in Beta?](resources.md#why-aren-t-pipelineresources-in-beta)._

To ease migration away from `PipelineResources`
[some types have an equivalent `Task` in the Catalog](#replacing-pipelineresources-with-tasks).
Expand Down
2 changes: 2 additions & 0 deletions docs/pipelineruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -472,6 +472,8 @@ spec:
```

If used with this `Pipeline`, `build-task` will use the task specific `PodTemplate` (where `nodeSelector` has `disktype` equal to `ssd`).
`PipelineTaskRunSpec` may also contain `StepOverrides` and `SidecarOverrides`; see
[Overriding `Task` `Steps` and `Sidecars`](./taskruns.md#overriding-task-steps-and-sidecars) for more information.

### Specifying `Workspaces`

Expand Down
30 changes: 20 additions & 10 deletions docs/pipelines.md
Original file line number Diff line number Diff line change
Expand Up @@ -496,14 +496,24 @@ There are a lot of scenarios where `when` expressions can be really useful. Some

#### Guarding a `Task` and its dependent `Tasks`

When `when` expressions evaluate to `False`, the `Task` and its dependent `Tasks` will be skipped by default while the
rest of the `Pipeline` will execute. Dependencies between `Tasks` can be either ordering ([`runAfter`](https://github.com/tektoncd/pipeline/blob/main/docs/pipelines.md#using-the-runafter-parameter))
> :warning: **Scoping `when` expressions to a `Task` and its dependent `Tasks` is deprecated.**
>
> Consider migrating to scoping `when` expressions to the guarded `Task` only instead.
> Read more in the [documentation](#guarding-a-task-only) and [TEP-0059: Skipping Strategies][tep-0059].
>
[tep-0059]: https://github.com/tektoncd/community/blob/main/teps/0059-skipping-strategies.md

To guard a `Task` and its dependent `Tasks`, set the global default scope of `when` expressions to `Task` using the
`scope-when-expressions-to-task` field in [`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior)
by changing it to "false".

When `when` expressions evaluate to `False`, and `scope-when-expressions-to-task` is set to "false", the `Task` and
its dependent `Tasks` will be skipped while the rest of the `Pipeline` will execute. Dependencies between `Tasks` can
be either ordering ([`runAfter`](https://github.com/tektoncd/pipeline/blob/main/docs/pipelines.md#using-the-runafter-parameter))
or resource (e.g. [`Results`](https://github.com/tektoncd/pipeline/blob/main/docs/pipelines.md#using-results))
dependencies, as further described in [configuring execution order](#configuring-the-task-execution-order). The global
default scope of `when` expressions is set to a `Task` and its dependent`Tasks`; `scope-when-expressions-to-task` field
in [`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior) defaults to "false".

**Note:** Scoping `when` expressions to a `Task` and its dependent `Tasks` is deprecated
default scope of `when` expressions is set to a `Task` only; `scope-when-expressions-to-task` field in
[`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior) defaults to "true".

To guard a `Task` and its dependent Tasks:
- cascade the `when` expressions to the specific dependent `Tasks` to be guarded as well
Expand Down Expand Up @@ -646,9 +656,7 @@ tasks:

#### Guarding a `Task` only

To guard a `Task` only and unblock execution of its dependent `Tasks`, set the global default scope of `when` expressions
to `Task` using the `scope-when-expressions-to-task` field in [`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior)
by changing it to "true"
When `when` expressions evaluate to `False`, the `Task` will be skipped and:
- The ordering-dependent `Tasks` will be executed
- The resource-dependent `Tasks` (and their dependencies) will be skipped because of missing `Results` from the skipped
parent `Task`. When we add support for [default `Results`](https://github.com/tektoncd/community/pull/240), then the
Expand All @@ -657,6 +665,8 @@ by changing it to "true"
to handle the execution of the child `Task` in case the expected file is missing from the `Workspace` because the
guarded parent `Task` is skipped.

On the other hand, the rest of the `Pipeline` will continue executing.

```
tests
|
Expand Down Expand Up @@ -706,7 +716,7 @@ tasks:
name: slack-msg
```

With `when` expressions scoped to `Task`, if `manual-approval` is skipped, execution of it's dependent `Tasks`
With `when` expressions scoped to `Task`, if `manual-approval` is skipped, execution of its dependent `Tasks`
(`slack-msg`, `build-image` and `deploy-image`) would be unblocked regardless:
- `build-image` and `deploy-image` should be executed successfully
- `slack-msg` will be skipped because it is missing the `approver` `Result` from `manual-approval`
Expand Down
34 changes: 34 additions & 0 deletions docs/podtemplates.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,40 @@ Pod templates support fields listed in the table below.
</tbody>
</table>

## Use `imagePullSecrets` to lookup entrypoint

If no command is configured in `task` and `imagePullSecrets` is configured in `podTemplate`, the Tekton Controller will look up the entrypoint of image with `imagePullSecrets`. The Tekton controller's service account is given access to secrets by default. See [this](https://github.com/tektoncd/pipeline/blob/main/config/200-clusterrole.yaml) for reference. If the Tekton controller's service account is not granted the access to secrets in different namespace, you need to grant the access via `RoleBinding`:

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: creds-getter
namespace: my-ns
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["creds"]
verbs: ["get"]
```
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: creds-getter-binding
namespace: my-ns
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller
namespace: tekton-pipelines
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: creds-getter
apiGroup: rbac.authorization.k8s.io
```
---
Except as otherwise noted, the content of this page is licensed under the
Expand Down
4 changes: 2 additions & 2 deletions docs/resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ For example:
> which lists each PipelineResource type and a suggested option for replacing it.
>
> For more information on why PipelineResources are remaining alpha [see the description
> of their problems, along with next steps, below](#why-arent-pipelineresources-in-beta).
> of their problems, along with next steps, below](#why-aren-t-pipelineresources-in-beta).
--------------------------------------------------------------------------------

Expand All @@ -52,7 +52,7 @@ For example:
- [Storage Resource](#storage-resource)
- [GCS Storage Resource](#gcs-storage-resource)
- [Cloud Event Resource](#cloud-event-resource)
- [Why Aren't PipelineResources in Beta?](#why-arent-pipelineresources-in-beta)
- [Why Aren't PipelineResources in Beta?](#why-aren-t-pipelineresources-in-beta)

## Syntax

Expand Down
Loading

0 comments on commit 827e6e6

Please sign in to comment.