fix(deps): update module github.com/tektoncd/pipeline to v0.62.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/tektoncd/pipeline	v0.53.3 -> v0.62.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.62.0: Tekton Pipeline release v0.62.0 "Birman HAL LTS"

Compare Source

🎉 Ignore Task Failure Promoted and native sidecars adopted with k8s 1.29 🎉

-Docs @​ v0.62.0
-Examples @​ v0.62.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml
REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ access taskRun reason in addition to status in finally task (#​8127)

Access reason in addition to the status using $(tasks.taskName.reason)

• ✨ Capture Remote StepAction Location in TaskRun Status (#​8106)

Capture Remote StepAction Location in TaskRun Status

• ✨ Add isBuildArtifact field to Artifacts (#​8103)

Add isBuildArtifact field to Artifacts.

• ✨ Promote Tasks to beta (#​8090)

Promote Ignore Task Failure to Beta

• ✨ feat(K8s native sidecar): Add support for Kubernetes native Sidecars (#​8052)

Introducing a feature to adopt Kubernetes-native sidecars, which designates sidecar containers as initContainers. This prevents the need to pull and replace a nop image, leading to faster termination of the sidecars without unnecessary pod errors. Set enable-kubernetes-sidecar to true for Kubernetes 1.29 and later to take advantage of this feature.

• ✨ kind/feat: passing artifacts between tasks (#​7978)

Support passing artifacts between tasks in a pipeline

• ✨ feat: introduce when expressions to steps (#​7746)

introduce when expressions to steps.

• ✨ [TEP-0094] Promote taskrun.spec's stepSpecs and sidecarSpecs to beta (#​8006)

Fixes

• 🐛 fix(pipelinerun): block pipelinerun spec updates once the pipelinerun has started (#​8149)

Fix: Once a PipelineRun is created, most of the fields in the spec is not allowed to be updated; only status can be updated.

• 🐛 fix(taskrun): block taskrun spec updates once the taskrun has started (#​8147)

Fix: Once a TaskRun is created, most of the fields in the spec is not allowed to be updated; only status and statusMessage can be updated.

• 🐛 DryRunValidate returns the mutated object (#​8108)

DryRunValidate returns the mutated object

• 🐛 Fix step action force replacing with default param (#​8102)

Fix incorrect param type passed to stepaction makes it use default value

• 🐛 Perform matrix results validation on only result ref params (#​8089)

Perform matrix results validation on only result ref params

• 🐛 Fix error message when a PipelineRun param is missing (#​8072)

Improved error string when a param is missing from a PipelineRun

• 🐛 fix:when debug.breakpoints.onFailure is an empty string, redundant volumes appear (#​7788)

debug.breakpoints.onFailure is not allowed to be set to an empty string.

Misc

• 🔨 Switch the image from docker.io to gcr mirror (#​8146)
• 🔨 Bump github/codeql-action from 3.25.12 to 3.25.13 (#​8144)
• 🔨 Bump step-security/harden-runner from 2.8.1 to 2.9.0 (#​8143)
• 🔨 Bump the all group in /tekton with 2 updates (#​8142)
• 🔨 Bump github.com/containerd/containerd from 1.7.18 to 1.7.20 (#​8139)
• 🔨 Bump k8s.io/client-go from 0.27.15 to 0.27.16 in /test/custom-task-ctrls/wait-task-beta (#​8138)
• 🔨 Bump k8s.io/code-generator from 0.29.6 to 0.29.7 (#​8137)
• 🔨 Bump tekton-releases/dogfooding/koparse from e6641f2 to 0535413 in /tekton in the all group across 1 directory (#​8135)
• 🔨 Bump the all group across 1 directory with 4 updates (#​8134)
• 🔨 use tagged images to take advantage of the least expensive default image pull policy (#​8133)
• 🔨 Bump k8s.io/api from 0.27.15 to 0.27.16 in /test/custom-task-ctrls/wait-task-beta (#​8132)
• 🔨 Bump k8s.io/apimachinery from 0.29.6 to 0.29.7 (#​8131)
• 🔨 Bump actions/dependency-review-action from 4.3.3 to 4.3.4 (#​8125)
• 🔨 Bump github/codeql-action from 3.25.11 to 3.25.12 (#​8124)
• 🔨 Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#​8104)
• 🔨 Released patch release: v0.59.2 (#​8098)
• 🔨 Bump go.opentelemetry.io/otel from 1.27.0 to 1.28.0 (#​8092)
• 🔨 Bump the all group in /tekton with 4 updates (#​8087)
• 🔨 Bump github/codeql-action from 3.25.10 to 3.25.11 (#​8085)
• 🔨 chore: remove unsupported configurations ScopeWhenExpressionsToTask (#​8078)
• 🔨 Create release v0.61.0. (#​8077)
• 🔨 Bump the all group in /tekton with 4 updates (#​8075)
• 🔨 Bump tj-actions/changed-files from 44.5.2 to 44.5.5 (#​8074)
• 🔨 Bump github.com/spiffe/spire-api-sdk from 1.9.6 to 1.10.0 (#​8073)
• 🔨 Using image with "full" reference in tests (#​8070)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.34 to 1.14.37 (#​8032)
• 🔨 Correct error message to differentiate the cause (#​8027)

Docs

• 📖 Update min kubernetes version in the install doc (#​8122)
• 📖 document failureIgnored (#​8111)
• 📖 update the doc since the onError is now promoted (#​8109)

Thanks

Thanks to these contributors who contributed to v0.62.0!

• ❤️ @​AlanGreene
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​kgcarr
• ❤️ @​khrm
• ❤️ @​l-qing
• ❤️ @​piyush-garg
• ❤️ @​pritidesai
• ❤️ @​samagana
• ❤️ @​savitaashture
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​ericzzzzzzz
• 😍 @​kgcarr
• 😍 @​khrm
• 😍 @​l-qing
• 😍 @​piyush-garg
• 😍 @​pritidesai
• 😍 @​samagana

v0.61.1: Tekton Pipeline release v0.61.1 "Ragdoll Data"

Compare Source

-Docs @​ v0.61.1
-Examples @​ v0.61.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.1/release.yaml
REKOR_UUID=24296fb24b8ad77a7bf5b4e52e97f499e0dc71aed47d629395ba503bbc0cf8a16d8b49169d2db2f5

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.61.x] Handle error conditions in CheckMissingResultReferences (#​8105)

mproved error handling for some invalid result reference scenarios.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.61.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.61.0: Tekton Pipeline release v0.61.0 "Ragdoll Data"

Compare Source

-Docs @​ v0.61.0
-Examples @​ v0.61.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.61.0/release.yaml
REKOR_UUID=24296fb24b8ad77a68cb504006aa006da7ebfef6d88e038545d3f4c2d314ba34f3c1d8a57dab26a8

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.61.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Promote Larger Results via Sidecar Logs to Beta (#​8043)

Promote Larger Results via Sidecar Logs to Beta

• ✨ Add a flag on controllers to configure resyncPeriod (#​8023)

Binary file (standard input) matches

Fixes

• 🐛 Cleanup resolved object before validating through dry-run (#​8051)

Cleanup resolved object before attempting to validate it through api dry-run call

• 🐛 fix: resolve issue where results may not be obtained from sidecar logs (#​8029)

fix: resolve issue where results may not be obtained from sidecar logs

• 🐛 Fix Validation Error Merging StepTemplates with StepRef (#​7982)

Fix Validation Error Merging StepTemplates with Step's Ref

• 🐛 Bundle resolver can use ServiceAccount for auth (#​7969)

Fix bundle resolver so it could pull OCI image (bundle) manifest from AWS ECR private registry

• 🐛 Fix: Example Test point to Catalog StepAction (#​8044)

Misc

• 🔨 Remove taskref/pipelineref deprecated bundle field (#​7789)

taskRef.bundle and pipelineRef.bundle are now removed from v1beta1 API version, as they were deprecated for about a year and half. Using them will result in a error when creating an object.

action required: make sure you migrate from taskRef.bundle and pipelineRef.bundle to the bundle resolver (see https://tekton.dev/docs/pipelines/migrating-v1beta1-to-v1/#replacing-taskrefbundle-and-pipelinerefbundle-with-bundle-resolver-a-idreplacing-taskrefbundle-and-pipelinerefbundle-with-bundle-resolver-a)

• 🔨 Bump to go 1.22 and fixes (#​8035)

ektoncd/pipeline now requires go 1.22 to be built

• 🔨 Update knative/pkg to release-1.14 (#​7989)

he minimum Kubernetes version supported by Tekton is now 1.28.

• 🔨 Bump k8s.io/code-generator from 0.29.2 to 0.29.6 (#​8067)
• 🔨 Bump k8s.io/client-go from 0.29.2 to 0.29.6 (#​8066)
• 🔨 Bump github/codeql-action from 3.25.8 to 3.25.10 (#​8061)
• 🔨 Bump actions/checkout from 4.1.6 to 4.1.7 (#​8060)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.2.0 to 2.3.0 (#​8059)
• 🔨 Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (#​8058)
• 🔨 Bump the all group in /tekton with 4 updates (#​8057)
• 🔨 Bump k8s.io/client-go from 0.27.14 to 0.27.15 in /test/custom-task-ctrls/wait-task-beta (#​8049)
• 🔨 Bump k8s.io/apimachinery from 0.27.14 to 0.27.15 in /test/custom-task-ctrls/wait-task-beta (#​8048)
• 🔨 Remove bobcatfish and lbernick from OWNERS 😿 (#​8047)
• 🔨 Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#​8046)
• 🔨 Tests before promoting LargerResults via Sidecarlogs to Beta (#​8041)
• 🔨 Bump the all group across 1 directory with 4 updates (#​8040)
• 🔨 Bump actions/dependency-review-action from 4.3.2 to 4.3.3 (#​8039)
• 🔨 Bump github/codeql-action from 3.25.7 to 3.25.8 (#​8038)
• 🔨 Bump step-security/harden-runner from 2.8.0 to 2.8.1 (#​8037)
• 🔨 Bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /tools (#​8036)
• 🔨 README.md: fix Kubernetes min version (#​8030)
• 🔨 Bump github.com/containerd/containerd from 1.7.17 to 1.7.18 (#​8026)
• 🔨 Bump tj-actions/changed-files from 44.5.1 to 44.5.2 (#​8014)
• 🔨 Bump actions/dependency-review-action from 2.5.1 to 4.3.2 (#​8013)
• 🔨 Bump step-security/harden-runner from 2.7.0 to 2.8.0 (#​8012)
• 🔨 Bump github/codeql-action from 3.25.6 to 3.25.7 (#​8011)
• 🔨 Bump actions/checkout from 3.6.0 to 4.1.6 (#​8010)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.3 to 1.8.4 (#​8007)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.3 to 1.8.4 (#​8001)
• 🔨 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#​8000)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.3 to 1.8.4 (#​7999)
• 🔨 Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.3 to 1.8.4 (#​7998)
• 🔨 Bump the all group across 1 directory with 4 updates (#​7995)
• 🔨 Bump step-security/harden-runner from 2.7.1 to 2.8.0 (#​7993)
• 🔨 Bump tj-actions/changed-files from 44.4.0 to 44.5.1 (#​7992)
• 🔨 Bump github.com/golangci/golangci-lint from 1.58.2 to 1.59.0 in /tools (#​7991)
• 🔨 Bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#​7985)
• 🔨 Update releases.md for v0.60 (#​7976)
• 🔨 TEP0152 - Complete V1 conformance test suite (#​7913)
• 🔨 .github/workflows: add a dependency-review workflow (#​7846)

Docs

• 📖 Document that task results are not enforced (#​8053)
• 📖 Fix the document: Task Level Comp Res is beta (#​8004)
• 📖 Patch release v0.60.1 (#​7997)

Thanks

Thanks to these contributors who contributed to v0.61.0!

• ❤️ @​JeromeJu
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​dependabot[bot]
• ❤️ @​khrm
• ❤️ @​l-qing
• ❤️ @​vdemeester
• ❤️ @​wilstdu

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​l-qing
• 😍 @​vdemeester
• 😍 @​wilstdu

v0.60.2: Tekton Pipeline release v0.60.2 "Chinchilla Tobor"

Compare Source

-Docs @​ v0.60.2
-Examples @​ v0.60.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml
REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.2@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.60.x] Fix: Identify workspace usage in a Task (#​8021)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.2!

• ❤️ @​tekton-robot, @​chitrangpatel

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.60.1: Tekton Pipeline release v0.60.1 "Chinchilla Tobor"

Compare Source

-Docs @​ v0.60.1
-Examples @​ v0.60.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml
REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.60.x] Fix: Allow less strict validation of the Resolver Name during Webhook. (#​7996)
• 🐛 [release-v0.60.x] Fix: Update GetNameAndNamespace Parameters (#​7994)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.1!

• ❤️ @​tekton-robot, @​Aleromerog

Extra shout-out for awesome release notes:
@​Aleromerog

v0.60.0: Tekton Pipeline release v0.60.0 "Chinchilla Tobor"

Compare Source

🎉 Artifacts through Sidecar Logs and Concise Resolver Syntax(Stage I)🎉

-Docs @​ v0.60.0
-Examples @​ v0.60.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: Surface artifacts through sidecar container logs. (#​7883)

Surface artifacts through sidecar container logs.

• ✨ add namespace label/tag to non-deprecated throttle metrics (#​7879)

Add 'namespace' label/tag to the 'tekton_pipelines_controller_running_taskruns_throttled_by_quota' and 'tekton_pipelines_controller_running_taskruns_throttled_by_node' metrics, as kubernetes quota definitions are namespace scoped, hence certain namespaces may be more susceptible to quota throttling than others, and in a multi-node environment, not all namespaces are necessarily on the same node.

To enable this new label/tag, set 'metrics.taskrun.throttle.enable-namespace' to 'true' in the 'config-observability' ConfigMap

• ✨ TEP-0154: Enable concise resolver syntax - stage 1 (#​7845)

TEP-0154: Enable concise resolver syntax

• ✨ Add reason tag to duration metrics (#​7812)

The reason tag has been added to the duration metrics of taskrun and pipelinerun.

Fixes

• 🐛 Propagate params in pipelines (#​7930)

Enable propagating params in Pipelines.

• 🐛 Fix version mismatch of aws-sdk-go-v2 (#​7921)

Fixing "401 Not Authorized" using Image from private AWS ECR without specifying "command" or "script" in Task.

• 🐛 allow for retry on typically transient k8s errors in both core controller and resolver for remote resolution (#​7894)

This fix address the lack of retry on transient kubernetes errors during remote resolution for tasks, etc.

• 🐛 Fix: Faulty Remote Resource Accepted by Remote Resolution (#​7952)
• 🐛 minor followup to PR 7894 (#​7950)
• 🐛 fix: prevent repeated setting of pipeline name label (#​7732)
• 🐛 fix: when using remote resources, the related metrics tag name is wrong (#​7731)

Misc

• 🔨 Deprecate current resolution framework (#​7945)

Mark current resolver framework as deprecated. Note: we are not removing the interface to be compatible with our Go policy.

• 🔨 misc: promote stepAction to beta (#​7920)

promote StepActions to beta

• 🔨 fix: artifactsFlag (#​7914)

fix defaultEnableArtifacts flag uses wrong name

• 🔨 Upgraded Remote Resolution Framework (#​7910)

Upgraded remote resolution framework.

• 🔨 Bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 (#​7975)
• 🔨 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.26.0 to 1.27.0 (#​7972)
• 🔨 chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#​7968)
• 🔨 chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#​7967)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.58.1 to 1.58.2 in /tools (#​7966)
• 🔨 chore(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17 (#​7961)
• 🔨 chore(deps): bump k8s.io/client-go from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#​7949)
• 🔨 chore(deps): bump k8s.io/api from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#​7948)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#​7947)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.4 to 1.9.6 (#​7946)
• 🔨 chore(deps): bump the all group in /tekton with 3 updates (#​7944)
• 🔨 chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#​7943)
• 🔨 chore(deps): bump github/codeql-action from 3.25.3 to 3.25.5 (#​7942)
• 🔨 chore(deps): bump tj-actions/changed-files from 44.3.0 to 44.4.0 (#​7941)
• 🔨 Add image replacement for amd64 specific image for entrypoint-resolution test and update docker-in-docker test image for Power. (#​7937)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /tools (#​7936)
• 🔨 chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 (#​7934)
• 🔨 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#​7933)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7932)
• 🔨 chore(deps): bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#​7931)
• 🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.30 to 1.14.34 (#​7928)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.57.2 to 1.58.0 in /tools (#​7927)
• 🔨 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#​7926)
• 🔨 chore(deps): bump the all group in /tekton with 2 updates (#​7925)
• 🔨 chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#​7924)
• 🔨 chore(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#​7923)

Docs

• 📖 Update releases.md for v0.59 (#​7917)
• 📖 v1beta1 fields updated to v1 in docs and examples (#​7873)

Thanks

Thanks to these contributors who contributed to v0.60.0!

• ❤️ @​Sachin-Itagi
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​gabemontero
• ❤️ @​khrm
• ❤️ @​ppitonak
• ❤️ @​seternate

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​ericzzzzzzz
• 😍 @​gabemontero
• 😍 @​khrm
• 😍 @​seternate

v0.59.2: Tekton Pipeline release v0.59.2 "Scottish Fold Sox"

Compare Source

-Docs @​ v0.59.2
-Examples @​ v0.59.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ac678677fe186a9b6d21a42b5b48289d14aa198de26de9b29caae78240eb7431a

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ac678677fe186a9b6d21a42b5b48289d14aa198de26de9b29caae78240eb7431a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.2/release.yaml
REKOR_UUID=24296fb24b8ad77ac678677fe186a9b6d21a42b5b48289d14aa198de26de9b29caae78240eb7431a

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.2@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.59.x] fix: resolve issue where results may not be obtained from sidecar logs (#​8097)

ix: resolve issue where results may not be obtained from sidecar logs

• 🐛 [release-v0.59.x] Handle error conditions in CheckMissingResultReferences (#​8093)

mproved error handling for some invalid result reference scenarios.

• 🐛 [release-v0.59.x] Cleanup resolved object before validating through dry-run (#​8063)

leanup resolved object before attempting to validate it through api dry-run call

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.59.2!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot
• 😍 @​vdemeester

v0.59.1: Tekton Pipeline release v0.59.1 "Scottish Fold Sox"

Compare Source

-Docs @​ v0.59.1
-Examples @​ v0.59.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.1/release.yaml
REKOR_UUID=24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.59.x] fix: when using remote resources, the related metrics tag name is wrong (#​7955)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.59.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.59.0: Tekton Pipeline release v0.59.0 "Scottish Fold Sox" LTS

Compare Source

🎉 Artifact Metadata, Improved StepActions and Improved Stability 🎉

-Docs @​ v0.59.0
-Examples @​ v0.59.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

Tekton v0.59 minimum Kubernetes version is 1.27.

Changes

Features

• ✨ Add a feature flag to disable inline spec (#​7844)

Add a feature flag disable-inline-spec to disable embedded spec in Pipeline(PipelineSpec/TaskSpec), Taskrun(TaskSpec), and Pipelinerun. (PipelineSpec) By default, the inline specs will be enabled. Only if the flag is set to "pipeline", "pipelinerun" and "taskrun" or a combination like "pipeline,pipelinerun" would the inline spec be disabled for Pipeline, PipelineRun, or TaskRun.

• ✨ Add description to StepActions (#​7831)

Add description to StepActions

• ✨ kind/feat: Surface artifacts through termination message (#​7714)

Surface artifact metadata through termination message

Fixes

• 🐛 fix: resolve pod creation failure on retry when using (#​7887)

fix: resolve pod creation failure on retry when using workspace.<name>.volume

• 🐛 Fix ImagePullTimeout to use Initialized (#​7882)

Fix ImagePullTimeout to use "PodInitialized" or "PodReadyToStartContainers" PodCondition transition time

• 🐛 Enable Param Substitution in StepAction resolver reference params (#​7872)

Enable Param Substitution in StepAction resolver reference params

• 🐛 validate TaskRun retries in TestRunSpec is greater than or equal to zero (#​7836)

fix: the retries value has not been verified

• 🐛 fix: stepresult intepolations does not accept multiple matches (#​7830)

fix: cannot use multiple step results at the same time for interpolation.

• 🐛 Fix the naming for Metrics as per convention (#​7810)

We introduce new metrics with compliant naming.
Gauge metrics: Gauge metrics shouldn't end with count as it implies a counter.
Counter metrics: Counter metrics shouldn't end with count as it implies a counter from the histogram. Instead, we should use total.

Previous Metrics are deprecated because they don't satisfy the Prometheus naming convention. Consult https://github.com/tektoncd/pipeline/blob/main/docs/metrics.md to know the updated names and tags.

• 🐛 Remove conversion configuration for (#​7796)

Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

• 🐛 Do not register for conversion (#​7795)

Removed StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.

• 🐛 fix: ensure default type for params in remote tasks to prevent pipeline failures (#​7776)

fix: resolve issues that may cause pipeline failures when using remote resources

• 🐛 fix: do not set default kind when taskRef resolver is present (#​7763)

fix: do not set default kind when taskRef resolver is present

• 🐛 fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing (#​7761)

fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing

• 🐛 Fix: Merge StepTemplate with Step containing Results and Params (#​7757)

Fix: Merge StepTemplate with Step containing Results and Params

• 🐛 fix: the params in step replace other fields in step that are not in stepaction (#​7755)

Pass only the fields in stepaction and replace these fields with the params in step.

• 🐛 Fix bugfix-release.sh behavior when there is nothing to release (#​7860)
• 🐛 [StepActions] when using a stepTemplate the ref gets removed (#​7813)

Misc

• 🔨 Update docker/docker to v26.0.0 (#​7842)

Update docker/docker dependency to v26.0.0

• 🔨 Bump knative/pkg to 1.13 and k8s.io to 0.28.5 (#​7808)

knative/pkg dependency is now 1.13 and k8s.io dependencies are 0.28.x.
In addition, this makes the minimum kubernetes version supported by tektoncd/pipeline to be 1.27.

• 🔨 Update golangci version and configuration, and fix errors (#​7832)
• 🔨 Fix: add notes for why not to import the dependency pkg for OptimisticLockErrorMsg (#​7780)
• 🔨 Fix shell for tag-images step (#​7912)
• 🔨 Fix the shell in crane image (#​7911)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.25.0 to 1.26.0 (#​7908)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 (#​7905)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7900)
• 🔨 chore(deps): bump tj-actions/changed-files from 44.0.1 to 44.3.0 (#​7899)
• 🔨 chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#​7898)
• 🔨 chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#​7897)
• 🔨 chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 (#​7896)
• 🔨 chore(deps): bump k8s.io/client-go from 0.27.11 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#​7891)
• 🔨 chore(deps): bump k8s.io/api from 0.27.12 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#​7890)
• 🔨 chore(deps): bump code.gitea.io/sdk/gitea from 0.17.1 to 0.18.0 (#​7889)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7885)
• 🔨 chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 (#​7884)
• 🔨 kind/misc: add error log (#​7874)
• 🔨 chore(deps): bump the all group in

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: task-generator/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 17 additional dependencies were updated

Details:

Package	Change
github.com/go-logr/logr	v1.4.1 -> v1.4.2
github.com/google/cel-go	v0.17.8 -> v0.20.1
github.com/grpc-ecosystem/grpc-gateway/v2	v2.16.0 -> v2.20.0
github.com/prometheus/client_model	v0.5.0 -> v0.6.0
github.com/prometheus/common	v0.48.0 -> v0.52.3
golang.org/x/exp	v0.0.0-20230307190834-24139beb5833 -> v0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/net	v0.24.0 -> v0.25.0
golang.org/x/oauth2	v0.17.0 -> v0.20.0
golang.org/x/sys	v0.19.0 -> v0.20.0
golang.org/x/term	v0.19.0 -> v0.20.0
golang.org/x/text	v0.14.0 -> v0.15.0
google.golang.org/api	v0.165.0 -> v0.181.0
google.golang.org/genproto/googleapis/api	v0.0.0-20240205150955-31a09d347014 -> v0.0.0-20240520151616-dc85e6b867a5
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240205150955-31a09d347014 -> v0.0.0-20240515191416-fc5f0ca64291
google.golang.org/grpc	v1.61.1 -> v1.64.0
google.golang.org/protobuf	v1.33.0 -> v1.34.2
knative.dev/pkg	v0.0.0-20240219120257-9227ebb57a4e -> v0.0.0-20240416145024-0f34a8815650

[MartinBasti]

/retest