🎉 Remote resolution integrated in tektoncd/pipeline with built-in resolvers, Object params and workspace propagation 🎉

-Docs @ v0.40.0 -Examples @ v0.40.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml

Attestation

The Rekor UUID for this release is 362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277

Obtain the attestation:

REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.40.0/release.yaml
REKOR_UUID=362f8ecba72f43264608c9d53c9d192238a7f3e707064fa13e9d670fe3ef016fe82da9ef516f9277

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.40.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• :sparkles: TEP-119 - Add TaskRun Template in v1 PipelineRun (#5491)

Add pipelineRun.spec.pipelineTaskRunTemplate with serviceAccountName and podTemplate.

• :sparkles: TEP-0111 - Propagating workspaces in pipelinerun (#5463)

Workspaces are propagated in embedded specifications of pipelinerun without mutations.

• :sparkles: Add support for git remote resolution using provider APIs with an API token (#5450)

Adds new behavior to the git remote resolver to fetch Tasks and Pipelines from GitHub, Gitlab, BitBucket via their APIs using API tokens.

• :sparkles: TEP-0075: More flexible ways to provide values for object param keys (#5427)

More flexible ways to provide values for object param keys: a subset of keys can be provided from default, and the rest is provided at runtime.

• :sparkles: Add cluster remote resolver (#5405)

Add a cluster resolver for referencing Pipeline and Task resources in other namespaces

• :sparkles: Add resolvers deployment, with release and e2e integration (#5395)

action required: The separate Resolutions project has been folded into Pipeline. If currently using Resolution, remove the tekton-remote-resolution namespace before upgrading and installing the new "resolvers.yaml".

• :sparkles: TEP-0118: matrix: add field (#5383)

action required: matrixed params must be moved under matrix.params

• :sparkles: Propagating object params (#5371)

Propagating object params

• :sparkles: Merge affinity from podtempalte and affinity-assistant (#5306)

If the user provide affinity in podtempalte it will merge with affinity-assistant's affinity

action required: Need to check podtemplate make sure the change will not cause unexpected behaviour

• :sparkles: Add types and client for Resolution (#5200)

action required: Remote resolver resource field has changed to params.

• :sparkles: TEP-0111 - Propagating workspaces in taskruns (#5081)

Workspaces are propagated in embedded specifications without mutations.

• :sparkles: Add ResolutionRequest v1beta1, without serving yet (#5495)
• :sparkles: Avoid Duplicate Reconcile Logic in Testing Wait Custom Run Controller (#5462)
• :sparkles: Move the remote resolvers deployment to a separate namespace (#5436)
• :sparkles: TEP-0114: Implements Retries in The Testing Wait Custom Task (#5435)
• :sparkles: TEP-0114: Added CustomRun references and specifications to v1beta1 (#5403)
• :sparkles: Add combined remote resolvers binary (#5391)
• :sparkles: TEP-0114: Timeout the Testing Wait Custom Task (#5389)
• :sparkles: Support parameter substitution for resolver params (#5387)
• :sparkles: Add ResolutionRequest to webhook and controller, add resolution docs (#5385)
• :sparkles: Move Resolution bundle, git, and hub resolver pkgs over (#5384)
• :sparkles: Move over the resolver framework from Resolution. (#5380)
• :sparkles: Add baseimage for windows 1809 to support AKS (#5361)
• :sparkles: TEP-0114: Tests Wait Custom Task without CRD in PipelineRun (#5356)
• :sparkles: TEP-0114: Custom Task E2E Test with A Controller Installed (#5332)

Fixes

• :bug: fix regexp for ssh (#5496)

Fix regexp for ssh.

• :bug: Allow user to specify only tasks or finally timeout (#5460)

Bug fix: allow specifying only timeouts.tasks or timeouts.finally

• :bug: de-dupe order and resource dependencies (#5446)

De-dupe task dependencies - order and resource dependencies all together. It's very common to have a task with multiple when expressions referring to the same task but different results. Maintain a set of dependencies and add only a new parent.

• :bug: Improve DAG validation for pipelines with hundreds of tasks (#5421)

bug fixes:

• https://github.com/tektoncd/pipeline/issues/5420 - Improve DAG validation for pipelines with hundreds of tasks (validation wehbook performance)

• :bug: Fix docs and remove redundant code for LimitRanges (#5351)

[Bug fix] Clarify limitrange documentation and remove functionality that's provided by k8s anyway

• :bug: Fail validation for PipelineRun params with results in value (#5350)

PipelineRuns will now fail validation for duplicate parameter names or task result references in parameter values

• :bug: Fix for ResourceQuotaConflictError (#5252)

Tekton will retry the creation of the Pod if it fails due to a conflict and results in ResourceQuotaConflictError while updating a ResourceQuota.

• :bug: Switch PipelineRun timeout -> TaskRun logic to instead signal the TaskRuns to stop (#5134)

Change PipelineRun timeout behavior for child TaskRuns and Runs to behave like cancellation rather than explicitly setting timeouts on the child tasks at runtime.

• :bug: Fix the value for APISecretNamespaceKey (#5492)
• :bug: Replace $(context...) values in resolver parameters (#5476)
• :bug: Restore results dependencies in v1 Pipeline (#5424)
• :bug: Metrics: Nil Derefence when TR/PR not found (#5388)
• :bug: Fix taskrun_validation_test Version (#5386)
• :bug: Check and/or add to sent cloud event cache in one operation (#5313)

Misc

• :hammer: petite DAG - introduce key to identify node instead of holding a (#5468)

Replace holding a Task in dag.Node with a unique string identifier.

• :hammer: hardening - params and when expressions (#5465)

Hardening looksLikeResultRef to only report a valid result references, "tasks.<taskName>.results.<resultName>" and "tasks.<taskName>.results.<objectResultName>.<individualAttribute>". Any other invalid look-a-like-result-references are treated as constants.

• :hammer: Log namespaces left in place after e2e testing. (#5370)

e2e tests log when a namespace is not deleted at test completion.

• :hammer: chore: change ghcr.io/distroless/* to distroless.dev/* (#5341)

Images are based on distroless.dev/* instead of the (equivalent) ghcr.io/distroless/* -- no effective behavior change

• :hammer: Adding template for a promotion request (#5486)

Developers - Please file a promotion request using this new template.

• :hammer: readable error message - double quote an invalid value in (#5425)

Updating error message - when step.onError is set to an invalid value, the error message now double quotes that value to easily spot it.

• :hammer: Add more unit tests for using non-exist key of an object in task step (#5411)

Add more unit tests to cover the case where non-exist individual keys of an object are used in task step.

• :hammer: Revert "Add baseimage for windows 1809" (#5502)
• :hammer: Improve DAG validation - v1beta1 tests (#5434)
• :hammer: Bump github.com/emicklei/go-restful from v2.15.0+incompatible to v2.16.0+incompatible (#5422)
• :hammer: Updated clock to use k8s.io/utils/clock (#5413)
• :hammer: test: use T.Setenv to set env vars in tests (#5398)
• :hammer: Get rid 'pipelienrun' (#5382)
• :hammer: Move bespoke functionality out of TaskRun API (#5377)
• :hammer: Remove @sbwsg -- account deleted. (#5367)
• :hammer: Fail linting if k8s.io/apimachinery/pkg/util/clock is imported (#5498)
• :hammer: Update location of clock (#5494)
• :hammer: Bump code.gitea.io/sdk/gitea from 0.14.0 to 0.15.1 (#5488)
• :hammer: V1: add conversion for PipelineRunSpec.PipelineRef.Bundle (#5477)
• :hammer: Remove a stray println from resolvers main (#5469)
• :hammer: Bump codeql-action to v2 (#5467)
• :hammer: Add V1 version of PipelineRun CRD (#5464)
• :hammer: Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#5458)
• :hammer: Add examples for some resolvers (#5451)
• :hammer: Switch remaining clock references to k8s.io/utils/clock (#5448)
• :hammer: Add successful git resolver e2e test (#5428)
• :hammer: Add conversion for v1 PipelineRun (#5426)
• :hammer: Add docs/pipeline-api.md.backup to .gitignore (#5418)
• :hammer: git-resolver.md should refer to default-revision, not default-branch (#5410)
• :hammer: Fix TestYamls for change in ko create (#5396)
• :hammer: V1: Add conversion for TaskRunSpec.TaskRef.Bundle (#5381)
• :hammer: Add V1 version of TaskRun CRD (#5379)
• :hammer: V1: Add conversion for TaskRun.Resources (#5378)
• :hammer: Move over Resolution's reconciler-related code, update existing code to point to it (#5372)
• :hammer: Bump go.uber.org/zap from 1.22.0 to 1.23.0 (#5368)
• :hammer: knative/pkg: bump to release-1.7. (#5360)
• :hammer: Add CSI and Projected Workspace to V1 (#5354)
• :hammer: Add V1 version of Pipeline CRD (#5349)
• :hammer: Update go.mod to go 1.18 (#5338)
• :hammer: V1: Add conversion for Pipeline.Resources (#5331)
• :hammer: Add V1 PipelineRun Golang struct (#5324)
• :hammer: Bump github.com/containerd/containerd from 1.5.13 to 1.6.8 (#5285)
• :hammer: Add conversion for v1 TaskRun (#5274)
• :hammer: Add V1 TaskRun Golang structs (#5264)
• :hammer: Clarify error message for verify-codegen.sh (#5256)

Docs

• :book: Move and update v1beta1 to v1 migration doc from Indexed (#5466)

The document has been added that describes the changes needed when migrating from v1beta1 to v1.

• :book: Doc about migrating from v1beta1 to v1 (#5415)

The document has been added that describes the changes needed when migrating from v1beta1 to v1.

• :book: updating readme with the last two releases (#5347)

Updating README to include last two releases details - 0.39 and 0.38.3.

• :book: Update releases in deprecations table (#5473)
• :book: Fix alpha features and alpha release links for remote resolution (#5472)
• :book: Describe Runtime Envs of E2E Tests (#5449)
• :book: Update docs for testing and enabling alpha features (#5437)
• :book: Add the enable-*-resolver flags to the Pipeline controller customization docs (#5419)
• :book: Add instructions for enabling alpha features (#5406)
• :book: Update the release cheatsheet to include release resources (#5366)

Thanks

Thanks to these contributors who contributed to v0.40.0!

• :heart: @Jefftree
• :heart: @JeromeJu
• :heart: @Juneezee
• :heart: @SaschaSchwarze0
• :heart: @Transmitt0r
• :heart: @XinruZhang
• :heart: @abayer
• :heart: @afrittoli
• :heart: @bendory
• :heart: @chengjoey
• :heart: @chitrangpatel
• :heart: @chuangw6
• :heart: @cleverhu
• :heart: @dependabot[bot]
• :heart: @imjasonh
• :heart: @khrm
• :heart: @lbernick
• :heart: @perithompson
• :heart: @pritidesai
• :heart: @rafalbigaj
• :heart: @vdemeester
• :heart: @vsinghai
• :heart: @xchapter7x
• :heart: @yachna
• :heart: @yuzp1996

Extra shout-out for awesome release notes:

• :heart_eyes: @JeromeJu
• :heart_eyes: @abayer
• :heart_eyes: @bendory
• :heart_eyes: @chengjoey
• :heart_eyes: @chitrangpatel
• :heart_eyes: @chuangw6
• :heart_eyes: @cleverhu
• :heart_eyes: @imjasonh
• :heart_eyes: @lbernick
• :heart_eyes: @pritidesai
• :heart_eyes: @rafalbigaj
• :heart_eyes: @yachna
• :heart_eyes: @yuzp1996