Skip to content

Tekton Pipeline release v0.53.0 "Munchkin Maschinenmensch" LTS

Compare
Choose a tag to compare
@tekton-robot tekton-robot released this 27 Oct 00:08

πŸŽ‰ CEL-based when expressions, Results from Matrices, beta promotions and more πŸŽ‰

-Docs @ v0.53.0
-Examples @ v0.53.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.0/release.yaml
REKOR_UUID=24296fb24b8ad77ae1d898a8665e246adf87237e426dcb51e61a4f34dfda16ed10148ce5c80c57df

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.53.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

  • [TEP-0104] Task-level Resource Requirements in now beta
  • Matrix is now beta
  • Starting with this release, all new API driven features will be controlled by individual feature flags, and the enable-api-fields flag will be eventually phased out, once all API features currently in alpha/beta reach stability (or are removed)

Changes

Features

  • ✨ parameterize pipelineTask (#7273)

displayName can now accept params, task result references, or context variables.

  • ✨ Hub resolver: add version constraints (#7257)

hub resolver can now specify a version constraint to choose a version (example: version: ">=0.2.0,< 1.0.0")

  • ✨ Set public Tekton Hub API as default catalog (#7256)

tekton resolver now uses hub.tekton.dev by default.

  • ✨ [TEP-0145] Add CEL field to WhenExpression

    • ✨ [TEP-0145] Add CEL field to WhenExpression, and feature flag to guard the field (#7247)
    • ✨ [TEP-0145] Add sanity check for CEL expression (#7251)
    • ✨ [TEP-0145] Add CEL evaluation (#7255)
      Support CEL expression in WhenExpression to guard the execution of Tasks
  • ✨ Add a setting disallowing access to all namespaces (#7237)

Add special value * to the blocked-namespace setting for the cluster-resolver to disallow by default all namespaces and only allow the namespaces explicitly listed in allowed-namespace setting.

  • ✨ [TEP-0104] Task-level Resource Requirements to beta (#7225)

The task-level resource requirements feature allows the user to set computeResources at runtime i.e. on TaskRun. This is now enabled as part of the beta API.

  • ✨ TEP-140: Produce Results in Matrix (#7167)

Pipeline authors can now produce results from a Matrixed PipelineTask as an aggregated array and consume them in an array params. Two context variables are introduced as part of this feature, $(tasks..matrix.length) to get the length of a matrix combinations and $(tasks..matrix..length) to get a length of aggregated result.

  • ✨ Promoting Matrix to Beta πŸŽ‰ πŸŽ“ (#7164)

Matrix feature is promoted to beta and possible to utilize with enable-api-fields set to beta.

  • ✨ TEP-0107: propagate results to embedded task spec (#7100)

Results are propagated in embedded specifications without mutations.

  • ✨ [TEP0138] Add Per-feature Flag Struct for New Features (#7090)

Please use per feature flags for new API-driven feature gating.

  • ✨ feat: add ability to include reason in count metrics (#7060)

Add ability to include reason along with status in TaskRun and PipelineRun count metrics

Backwards incompatible changes

In the current release:

  • 🚨 The behaviour of the enable-api-field flag has been fixed, resulting in a slight behaviour change: when using the v1beta1 API, API features in beta are only available when the enable-api-field is set to beta or alpha. Beta features used to be enabled on the v1beta1 API regardless of the value of enable-api-field.
    Note that:

    • The default value for enable-api-field is beta
    • Users that have the flag set to alpha or beta will continue to have access to beta features on v1beta1 and v1 APIs
    • Users that have the flag set to stable will continue to not have access to beta features on the v1 API

    So in practice, there is no breaking change for users. Users of the v1beta1 API may now disable beta features, should they wish to do so, which was not possible before.

Work-in-progress

  • 🚧 TEP-0142: Introduce feature flag (#7277)

[WIP] Introduces a new feature flag "enable-step-actions: true/false" to gate the use of step actions.

  • 🚧 TEP-0142: Introducing the StepAction CRD (#7260)

Introduced the StepAction CRD as designed in https://github.com/tektoncd/community/blob/main/teps/0142-enable-step-reusability.md. The implementation is still ongoing; feature is not yet functional.

  • 🚧 [TEP-0050] Add OnError field (#7162)

Fixes

  • πŸ› Regression: fix results with out of order tasks (#7169)

Fix regression where a different order of task definition may cause result resolution to break

  • πŸ› Fix race condition in PVC deletion (#7149)

Bug fix: delete PVCs created by VolumeClaimTemplates when the owning PipelineRun is completed

  • πŸ› Recover Conversion Functions from Pipeline Resources for backwards compatibility (#7109)

Recover Conversion Functions from Pipeline Resources for backwards compatibility

  • πŸ› Different configmap for Leader Election per deployment (#7014)

Change configmap for LeaderElection of webhook to config-leader-election-webhook, event controller to config-leader-election-event and resolvers to config-leader-election-resolvers

  • πŸ› fix wait entrypoint cancellation error log output. (#7272)
  • πŸ› Flake Test fix: Sort TaskRunResults (#7254)
  • πŸ› fix waiter test is flaky (#7227)
  • πŸ› πŸ”’ Update knative/pkg 1.11 to address CVE-2023-44487 (#7210)

Misc

  • πŸ”¨ Refactor version.ValidateEnabledAPIFields to config pkg (#7206)

refactor: version.ValidateEnabledAPIFields has been moved to the config package

  • πŸ”¨ [TEP0138] Decouple v1beta1 beta feature validation (#6941)

v1beta1 CRDs with beta features now requires beta enable-api-fields. More specifically, users who have been accidentally using beta features resolvers, object array params and results with enable-api-fields set to stable now needs to change to enable-api-fields=beta

  • πŸ”¨ #7027 Cleanup cmp.Diff(want, got) for all diff.PrintWantGot() (#7209)
  • πŸ”¨ Avoid unnecessary scans for codeql on non code (#7286)
  • πŸ”¨ Bump k8s.io/client-go from 0.27.6 to 0.27.7 in /test/custom-task-ctrls/wait-task-beta (#7261)
  • πŸ”¨ Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#7246)
  • πŸ”¨ [TEP-0145] Pull in cel-go to vendor (#7245)
  • πŸ”¨ Bump github.com/tektoncd/pipeline from 0.52.0 to 0.52.1 in /test/custom-task-ctrls/wait-task-beta (#7219)
  • πŸ”¨ Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.3 to 1.7.4 (#7213)
  • πŸ”¨ Bump github.com/spiffe/spire-api-sdk from 1.8.0 to 1.8.1 (#7204)
  • πŸ”¨ Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#7203)
  • πŸ”¨ #6614 Add inclusive source scanning (#7199)
  • πŸ”¨ Rename test cases for beta feature validations (#7198)
  • πŸ”¨ Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#7197)
  • πŸ”¨ Bump github.com/containerd/containerd from 1.7.6 to 1.7.7 (#7196)
  • πŸ”¨ Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 in /test/custom-task-ctrls/wait-task-beta (#7195)
  • πŸ”¨ Add reviewers section to OWNERS file. (#7193)
  • πŸ”¨ Add @chitrangpatel as an pipelines maintainer (#7181)
  • πŸ”¨ Bump golang.org/x/sync from 0.3.0 to 0.4.0 (#7178)
  • πŸ”¨ update perl docker image with multi-arch tag (#7171)
  • πŸ”¨ Add @Yongxuanzhang as a pipelines maintainer (#7168)
  • πŸ”¨ Bump go.opentelemetry.io/otel/sdk from 1.16.0 to 1.19.0 (#7163)
  • πŸ”¨ Bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 (#7161)
  • πŸ”¨ Increase the publish timeout (#7160)
  • πŸ”¨ Bump google.golang.org/grpc from 1.58.1 to 1.58.2 (#7158)
  • πŸ”¨ Increase the publish task timeout (#7156)
  • πŸ”¨ Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#7154)
  • πŸ”¨ Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#7151)
  • πŸ”¨ Fix latest folder in releases (#7146)
  • πŸ”¨ updating an example - results using sidecar logs (#7145)
  • πŸ”¨ Bump github.com/tektoncd/pipeline from 0.51.0 to 0.52.0 in /test/custom-task-ctrls/wait-task-beta (#7142)
  • πŸ”¨ Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#7141)
  • πŸ”¨ Bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 (#7140)
  • πŸ”¨ documenting 0.51 and 0.52 releases (#7139)
  • πŸ”¨ Bump gomodules.xyz/jsonpatch/v2 from 2.2.0 to 2.4.0 (#7137)
  • πŸ”¨ Bump github.com/spiffe/spire-api-sdk from 1.7.2 to 1.8.0 (#7136)
  • πŸ”¨ Bump code.gitea.io/sdk/gitea from 0.15.1 to 0.16.0 (#7135)
  • πŸ”¨ Bump go.opentelemetry.io/otel/exporters/jaeger from 1.16.0 to 1.17.0 (#7134)
  • πŸ”¨ Bump go.opentelemetry.io/otel/trace from 1.16.0 to 1.18.0 (#7133)

Docs

  • πŸ“– Fix typos in DEVELOPMENT.md file (#7233)
  • πŸ“– Extend release timeouts in release cheatsheet (#7212)
  • πŸ“– #7190 display name link fixed in pipelines.md (#7205)
  • πŸ“– Added note to install.md to use tektoncd/operator for production installs (#7194)
  • πŸ“– Fix typo in documentation (#7176)
  • πŸ“– Add V1 Migration Guide Link in tektoncd/pipeline Readme (#7157)
  • πŸ“– Docs: Add TaskRun Status documentation section (#7147)
  • πŸ“– Fix typo in v0.52 EOL date (#7143)
  • πŸ“– [TEP0138] RFC: Add feature graduation process documentation (#7076)

Thanks

Thanks to these contributors who contributed to v0.53.0!

Extra shout-out for awesome release notes: