Tekton Pipeline release v0.53.0 "Munchkin Maschinenmensch" LTS
π CEL-based when expressions, Results from Matrices, beta promotions and more π
-Docs @ v0.53.0
-Examples @ v0.53.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Upgrade Notices
- [TEP-0104] Task-level Resource Requirements in now beta
- Matrix is now beta
- Starting with this release, all new API driven features will be controlled by individual feature flags, and the
enable-api-fields
flag will be eventually phased out, once all API features currently in alpha/beta reach stability (or are removed)
Changes
Features
- β¨ parameterize pipelineTask (#7273)
displayName
can now accept params, task result references, or context variables.
- β¨ Hub resolver: add version constraints (#7257)
hub resolver can now specify a version constraint to choose a version (example: version: ">=0.2.0,< 1.0.0")
- β¨ Set public Tekton Hub API as default catalog (#7256)
tekton resolver now uses hub.tekton.dev by default.
-
β¨ [TEP-0145] Add CEL field to WhenExpression
-
β¨ Add a setting disallowing access to all namespaces (#7237)
Add special value *
to the blocked-namespace setting for the cluster-resolver to disallow by default all namespaces and only allow the namespaces explicitly listed in allowed-namespace
setting.
- β¨ [TEP-0104] Task-level Resource Requirements to beta (#7225)
The task-level resource requirements feature allows the user to set computeResources at runtime i.e. on TaskRun. This is now enabled as part of the beta API.
- β¨ TEP-140: Produce Results in Matrix (#7167)
Pipeline authors can now produce results from a Matrixed PipelineTask as an aggregated array and consume them in an array params. Two context variables are introduced as part of this feature,
- β¨ Promoting Matrix to Beta π π (#7164)
Matrix feature is promoted to beta and possible to utilize with enable-api-fields set to beta.
- β¨ TEP-0107: propagate results to embedded task spec (#7100)
Results are propagated in embedded specifications without mutations.
- β¨ [TEP0138] Add Per-feature Flag Struct for New Features (#7090)
Please use per feature flags for new API-driven feature gating.
- β¨ feat: add ability to include reason in count metrics (#7060)
Add ability to include reason
along with status
in TaskRun and PipelineRun count metrics
Backwards incompatible changes
In the current release:
-
π¨ The behaviour of the
enable-api-field
flag has been fixed, resulting in a slight behaviour change: when using thev1beta1
API, API features in beta are only available when theenable-api-field
is set tobeta
oralpha
. Beta features used to be enabled on thev1beta1
API regardless of the value ofenable-api-field
.
Note that:- The default value for
enable-api-field
isbeta
- Users that have the flag set to
alpha
orbeta
will continue to have access tobeta
features onv1beta1
andv1
APIs - Users that have the flag set to
stable
will continue to not have access tobeta
features on thev1
API
So in practice, there is no breaking change for users. Users of the
v1beta1
API may now disablebeta
features, should they wish to do so, which was not possible before. - The default value for
Work-in-progress
- π§ TEP-0142: Introduce feature flag (#7277)
[WIP] Introduces a new feature flag "enable-step-actions: true/false" to gate the use of step actions.
- π§ TEP-0142: Introducing the StepAction CRD (#7260)
Introduced the StepAction CRD as designed in https://github.com/tektoncd/community/blob/main/teps/0142-enable-step-reusability.md. The implementation is still ongoing; feature is not yet functional.
- π§ [TEP-0050] Add OnError field (#7162)
Fixes
- π Regression: fix results with out of order tasks (#7169)
Fix regression where a different order of task definition may cause result resolution to break
- π Fix race condition in PVC deletion (#7149)
Bug fix: delete PVCs created by VolumeClaimTemplates when the owning PipelineRun is completed
- π Recover Conversion Functions from Pipeline Resources for backwards compatibility (#7109)
Recover Conversion Functions from Pipeline Resources for backwards compatibility
- π Different configmap for Leader Election per deployment (#7014)
Change configmap for LeaderElection of webhook to config-leader-election-webhook, event controller to config-leader-election-event and resolvers to config-leader-election-resolvers
- π fix wait entrypoint cancellation error log output. (#7272)
- π Flake Test fix: Sort TaskRunResults (#7254)
- π fix waiter test is flaky (#7227)
- π π Update knative/pkg 1.11 to address CVE-2023-44487 (#7210)
Misc
- π¨ Refactor version.ValidateEnabledAPIFields to config pkg (#7206)
refactor: version.ValidateEnabledAPIFields has been moved to the config package
- π¨ [TEP0138] Decouple v1beta1 beta feature validation (#6941)
v1beta1 CRDs with beta features now requires beta
enable-api-fields
. More specifically, users who have been accidentally using beta features resolvers, object array params and results with enable-api-fields
set to stable
now needs to change to enable-api-fields=beta
- π¨ #7027 Cleanup
cmp.Diff(want, got)
for alldiff.PrintWantGot()
(#7209) - π¨ Avoid unnecessary scans for codeql on non code (#7286)
- π¨ Bump k8s.io/client-go from 0.27.6 to 0.27.7 in /test/custom-task-ctrls/wait-task-beta (#7261)
- π¨ Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#7246)
- π¨ [TEP-0145] Pull in cel-go to vendor (#7245)
- π¨ Bump github.com/tektoncd/pipeline from 0.52.0 to 0.52.1 in /test/custom-task-ctrls/wait-task-beta (#7219)
- π¨ Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.3 to 1.7.4 (#7213)
- π¨ Bump github.com/spiffe/spire-api-sdk from 1.8.0 to 1.8.1 (#7204)
- π¨ Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#7203)
- π¨ #6614 Add inclusive source scanning (#7199)
- π¨ Rename test cases for beta feature validations (#7198)
- π¨ Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#7197)
- π¨ Bump github.com/containerd/containerd from 1.7.6 to 1.7.7 (#7196)
- π¨ Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 in /test/custom-task-ctrls/wait-task-beta (#7195)
- π¨ Add reviewers section to OWNERS file. (#7193)
- π¨ Add @chitrangpatel as an pipelines maintainer (#7181)
- π¨ Bump golang.org/x/sync from 0.3.0 to 0.4.0 (#7178)
- π¨ update perl docker image with multi-arch tag (#7171)
- π¨ Add @Yongxuanzhang as a pipelines maintainer (#7168)
- π¨ Bump go.opentelemetry.io/otel/sdk from 1.16.0 to 1.19.0 (#7163)
- π¨ Bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 (#7161)
- π¨ Increase the publish timeout (#7160)
- π¨ Bump google.golang.org/grpc from 1.58.1 to 1.58.2 (#7158)
- π¨ Increase the publish task timeout (#7156)
- π¨ Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#7154)
- π¨ Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#7151)
- π¨ Fix latest folder in releases (#7146)
- π¨ updating an example - results using sidecar logs (#7145)
- π¨ Bump github.com/tektoncd/pipeline from 0.51.0 to 0.52.0 in /test/custom-task-ctrls/wait-task-beta (#7142)
- π¨ Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#7141)
- π¨ Bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 (#7140)
- π¨ documenting 0.51 and 0.52 releases (#7139)
- π¨ Bump gomodules.xyz/jsonpatch/v2 from 2.2.0 to 2.4.0 (#7137)
- π¨ Bump github.com/spiffe/spire-api-sdk from 1.7.2 to 1.8.0 (#7136)
- π¨ Bump code.gitea.io/sdk/gitea from 0.15.1 to 0.16.0 (#7135)
- π¨ Bump go.opentelemetry.io/otel/exporters/jaeger from 1.16.0 to 1.17.0 (#7134)
- π¨ Bump go.opentelemetry.io/otel/trace from 1.16.0 to 1.18.0 (#7133)
Docs
- π Fix typos in DEVELOPMENT.md file (#7233)
- π Extend release timeouts in release cheatsheet (#7212)
- π #7190 display name link fixed in pipelines.md (#7205)
- π Added note to install.md to use tektoncd/operator for production installs (#7194)
- π Fix typo in documentation (#7176)
- π Add V1 Migration Guide Link in tektoncd/pipeline Readme (#7157)
- π Docs: Add TaskRun Status documentation section (#7147)
- π Fix typo in v0.52 EOL date (#7143)
- π [TEP0138] RFC: Add feature graduation process documentation (#7076)
Thanks
Thanks to these contributors who contributed to v0.53.0!
- β€οΈ @AlanGreene
- β€οΈ @Areadrill
- β€οΈ @AverageMarcus
- β€οΈ @Basavaraju-G
- β€οΈ @EmmaMunley
- β€οΈ @HamzaMateen
- β€οΈ @JGustafsonIII
- β€οΈ @JeromeJu
- β€οΈ @QuanZhang-William
- β€οΈ @Yongxuanzhang
- β€οΈ @afrittoli
- β€οΈ @chengjoey
- β€οΈ @chitrangpatel
- β€οΈ @chmouel
- β€οΈ @dependabot[bot]
- β€οΈ @dibyom
- β€οΈ @khrm
- β€οΈ @minhoryang
- β€οΈ @prestonvasquez
- β€οΈ @pritidesai
- β€οΈ @shankarpentyala07
- β€οΈ @vavrajosef
- β€οΈ @wlynch
Extra shout-out for awesome release notes:
- π @AverageMarcus
- π @EmmaMunley
- π @JeromeJu
- π @QuanZhang-William
- π @Yongxuanzhang
- π @afrittoli
- π @chengjoey
- π @chitrangpatel
- π @chmouel
- π @khrm
- π @pritidesai