Tekton Pipeline release v1.4.0 "Kurilian K-2SO"

🎉 Improved remote resolution and timeout configuration 🎉

-Docs @ v1.4.0
-Examples @ v1.4.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.4.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a040c237838848039376864340e5217f6c7c23f294d61437c3d196cb1112b91f1

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a040c237838848039376864340e5217f6c7c23f294d61437c3d196cb1112b91f1
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.4.0/release.yaml
REKOR_UUID=108e9186e8c5677a040c237838848039376864340e5217f6c7c23f294d61437c3d196cb1112b91f1

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.4.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: resolve steps referencing StepActions concurrently (#8925)

The resolution of StepActions within a TaskRun is now performed concurrently, which can significantly reduce the time it takes for a TaskRun to start, especially when using multiple remote StepActions.

• ✨ Do not fail PipelineRun if pvc creation error is because of exceeded quotas (#8903)

PipelineRun do not fail anymore if the pvc creation is due to an exceeded quota ; it will be requeued instead (until quota is available or it times out)

• ✨ feat: override task timeouts in pipelineruns (#8636)

feature: PipelineRun can now override individual task timeouts with spec.taskRunSpecs[].timeout

Fixes

• 🐛 check for the kubernetes sidecar implementation (#8986)

Updated the sidecar implementation to check the completion status of initContainers before marking the taskRun complete.

• 🐛 fix: exclude pending PipelineRuns from metric (#8951)

Fixed tekton_pipelines_controller_running_pipelineruns metric to exclude pending PipelineRuns, it now counts only running PipelineRuns

• 🐛 Fix tini-git image to be multi-arch (#8944)

Updating tini-git base image to be multi-platform, also fixing the resolvers image.

• 🐛 fix(#8940): token-authentication header typo in git resolver (#8937)

Bug fix: Before this change, there was a regression in which the git resolver was not authenticating with the provided gitToken and gitTokenKey, breaking the git resolver's http token-based auth. After this change, all git operations performed by the git resolver use the provided gitToken for remote authentication.

• 🐛 fix: allow finalizer updates on completed TaskRun and PipelineRuns (#9011)
• 🐛 fix nightly-build workflow to use kind setup action from allowed list (#8939)

Misc

• 🔨 [FIX] Remove the apt warning (#8624)
• 🔨 build(deps): bump chainguard-dev/actions from 1.4.10 to 1.4.12 (#8989)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8 (#8985)
• 🔨 build(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 (#8984)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#8978)
• 🔨 build(deps): bump github/codeql-action from 3.29.8 to 3.29.10 (#8977)
• 🔨 build(deps): bump chainguard-dev/actions from 1.4.9 to 1.4.10 (#8976)
• 🔨 build(deps): bump tj-actions/changed-files from f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 to 2036da178f85576f1940fedb74bb93a36cd89ab7 (#8975)
• 🔨 build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 (#8974)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.7 to 0.32.8 (#8973)
• 🔨 build(deps): bump tj-actions/changed-files from 055970845dd036d7345da7399b7e89f2e10f2b04 to f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 (#8964)
• 🔨 build(deps): bump github/codeql-action from 3.29.3 to 3.29.8 (#8963)
• 🔨 build(deps): bump actions/checkout from 4 to 5 (#8962)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#8961)
• 🔨 build(deps): bump chainguard-dev/actions from 1.4.6 to 1.4.9 (#8960)
• 🔨 build(deps): bump actions/cache from 4.2.3 to 4.2.4 (#8959)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 (#8956)
• 🔨 build(deps): bump golang.org/x/crypto from 0.39.0 to 0.41.0 (#8954)
• 🔨 .github/workflows/nightly-builds: only run on tektoncd org (#8950)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.6 to 0.32.7 (#8894)

Docs

• 📖 docs: Switch from deprecated Tekton Hub to ArtifactHub (#8967)

Update examples and documentation to use ArtifactHub instead of the deprecated Tekton Hub for resource discovery and management.

• 📖 release.md: update releases with 1.2.x and 1.3.x (#8952)

Thanks

Thanks to these contributors who contributed to v1.4.0!

• ❤️ @Maximilien-R
• ❤️ @aThorp96
• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]
• ❤️ @divyansh42
• ❤️ @infernus01
• ❤️ @khrm
• ❤️ @leshikus
• ❤️ @pritidesai
• ❤️ @vdemeester
• ❤️ @waveywaves

Extra shout-out for awesome release notes:

• 😍 @Maximilien-R
• 😍 @aThorp96
• 😍 @divyansh42
• 😍 @infernus01
• 😍 @pritidesai
• 😍 @vdemeester
• 😍 @waveywaves

Tekton Pipeline release v1.3.2 "Maine Coon Melfina"

-Docs @ v1.3.2
-Examples @ v1.3.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a00888046c319538ae57e1af2654be73472fb885d0554f5181b0736e1edb7c6ed

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a00888046c319538ae57e1af2654be73472fb885d0554f5181b0736e1edb7c6ed
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.2/release.yaml
REKOR_UUID=108e9186e8c5677a00888046c319538ae57e1af2654be73472fb885d0554f5181b0736e1edb7c6ed

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v1.3.x] check for kubernetes sidecar implementation (#8997)

Updated the sidecar implementation to check the completion status of initContainers before marking the taskRun complete.

• 🐛 [release-v1.3.x] Disable the Gitea e2e tests temporarily to unblock (#9014)

• 🐛 [release-v1.3.x] Do not fail PipelineRun if pvc creation error is because of exceeded quotas (#9000)

• 🐛 [release-v1.3.x] fix: exclude pending PipelineRuns from tekton_pipelines_controller_running_pipelineruns metric (#8980)

Fixed tekton_pipelines_controller_running_pipelineruns metric to exclude pending PipelineRuns, it now counts only running PipelineRuns

Thanks

Thanks to these contributors who contributed to v1.3.2!

• ❤️ @mbpavan
• ❤️ @divyansh42
• ❤️ @khrm
• ❤️ @pritidesai
• ❤️ @vdemeester
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @pritidesai
• 😍 @divyansh42
• 😍 @tekton-robot

Tekton Pipeline release v1.3.1 LTS "Maine Coon Melfina"

-Docs @ v1.3.1
-Examples @ v1.3.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.1/release.yaml
REKOR_UUID=108e9186e8c5677a77b37b5b643558bf2653e7f5a4673c506372b8892e9c8634dc7cae29721d15de

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v1.3.x] Fix tini-git image to be multi-arch (#8948)

pdating tini-git base image to be multi-platform, also fixing the resolvers image.

Misc

Docs

Thanks

Thanks to these contributors who contributed to v1.3.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

Tekton Pipeline release v1.3.0 LTS "Maine Coon Melfina"

-Docs @ v1.3.0
-Examples @ v1.3.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.3.0/release.yaml
REKOR_UUID=108e9186e8c5677a690a6f48618080e44983b879f4ffb9b371b7107159bb3d4ab3052aa68e47dc74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.3.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ exponential backoff in controller (#8926)

Introduced exponential backoff retry mechanism for createPod function to improve robustness against transient webhook issues in a heavy cluster during resource creation.

• ✨ exponential backoff for and creation (#8902)

• Introduced exponential backoff retry mechanism for createTaskRun and createCustomRun functions.
• Retries are triggered only on mutating admission webhook timeouts (HTTP 500 with "timeout" in the error message).
• Non-retryable errors (e.g., HTTP 400, validation failures) continue to fail immediately.
• Feature is disabled by default. To enable, set enable-wait-exponential-backoff: "true" in the feature-flags ConfigMap.
• Backoff parameters (duration, factor, steps) are configurable via the wait-exponential-backoff ConfigMap.
• Improves robustness against transient webhook issues in a heavy cluster during resource creation.

• ✨ Feature: Allow THREADS_PER_CONTROLLER env var to override default threads-per-controller value (#8890)

Default threads-per-controller value can be override by THREADS_PER_CONTROLLER env var

• ✨ Add anti-affinity rules to controller's replicas (#8864)

As part of improving high availability (HA) for the Tekton Pipelines controller, this update adds a preferredDuringSchedulingIgnoredDuringExecution pod anti-affinity rule. This ensures that multiple replicas of the controller are preferably scheduled on different nodes, reducing the risk of service disruption in case of a node failure.

• ✨ PodTemplate param substitution on TaskRunSpecs to enable multi-arch builds with Matrix (#8599)

TaskRuns and TaskRunSpecs now support param substitution on podTemplate fields. This allows operability with Matrix.

Fixes

• 🐛 fix(pipeline): support variables in onError for pipeline v1beta1 (#8931)

fix(pipeline): support variables in onError for pipeline v1beta1

• 🐛 fix: ensure git shell-out inherits environment variables (#8908)

fix: The git resolver now respects environment variables on the pod

• 🐛 efficient polling in (#8901)

Binary file (standard input) matches

• 🐛 Use tini-git image for the resolvers deployment (#8895)

The resolvers deployment now uses the tini init system to make sure we don't end up with a lot of git process zombies.

• 🐛 Re-register metrics only during real update (#8863)

Misc

• 🔨 Resolvers: remove default TEKTON_HUB_API URI (#8861)

Removing the default value of TEKTON_HUB_API in the resolvers deployment as the public instance of tektoncd/hub (hub.tekton.dev) will be shutdown in September. It's still possible to set this environment variable to a value for users who self host an instance of tektoncd/hub

• 🔨 Remove linux/arm from platform we publish (#8657)

linux/arm images are not published anymore as part of the release. This means armv5, armv6 and armv7 are not supported anymore.

• 🔨 Stop emitting deprecated metrics (#8875)

BREAKING CHANGE:

This commit removes the following deprecated metrics that have been replaced
by newer, more descriptive metrics:

PipelineRun Metrics:

• pipelinerun_count → replaced by pipelinerun_total
• running_pipelineruns_count → replaced by running_pipelineruns
• running_pipelineruns_waiting_on_pipeline_resolution_count → replaced by running_pipelineruns_waiting_on_pipeline_resolution
• running_pipelineruns_waiting_on_task_resolution_count → replaced by running_pipelineruns_waiting_on_task_resolution

TaskRun Metrics:

• taskrun_count → replaced by taskrun_total
• running_taskruns_count → replaced by running_taskruns
• running_taskruns_throttled_by_quota_count → replaced by running_taskruns_throttled_by_quota
• running_taskruns_throttled_by_node_count → replaced by running_taskruns_throttled_by_node

The replacement metrics provide the same functionality with improved naming
conventions and are already being recorded in the codebase.

• 🔨 Make sure we do not validate ResolutionRequest on DELETE (#8857)

esolutionRequest are no more validated on DELETE, which is consistent with the rest of the pipeline's objects.

• 🔨 Move ConfigMap helpers to testing framework and cleanup 🧹 pipelinerun_test.go 🧹. (#8920)
• 🔨 Remove all reference to gcr.io tekton projects (#8885)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.1 to 1.15.4 (#8935)
• 🔨 build(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 (#8922)
• 🔨 refactor getSidecarLogPollingInterval() (#8909)
• 🔨 build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 (#8907)
• 🔨 build(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 (#8900)
• 🔨 build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#8899)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#8898)
• 🔨 nightly builds with gh actions (#8897)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.6 to 0.32.7 (#8896)
• 🔨 build(deps): bump k8s.io/code-generator from 0.32.6 to 0.32.7 (#8893)
• 🔨 build(deps): bump github.com/google/cel-go from 0.25.0 to 0.26.0 (#8892)
• 🔨 build(deps): bump k8s.io/api from 0.32.6 to 0.32.7 (#8888)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.59 to 1.15.1 (#8884)
• 🔨 build(deps): bump tj-actions/changed-files from cf79a64fed8a943fb1073260883d08fe0dfb4e56 to 055970845dd036d7345da7399b7e89f2e10f2b04 (#8883)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8882)
• 🔨 Add Stanislav (twoGiants) as reviewer to Tekton Pipeline repository. (#8880)
• 🔨 build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 (#8871)
• 🔨 build(deps): bump tj-actions/changed-files from e8772ff27de71367c2771ef3e8b5b2075b3f8282 to cf79a64fed8a943fb1073260883d08fe0dfb4e56 (#8867)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8866)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.58 to 1.14.59 (#8865)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.12.0 to 1.12.4 (#8860)
• 🔨 build(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2 (#8856)
• 🔨 build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 (#8855)
• 🔨 build(deps): bump tj-actions/changed-files from d52d20fa3f981cb852b861fd8f55308b5fe29637 to e8772ff27de71367c2771ef3e8b5b2075b3f8282 (#8854)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8853)
• 🔨 build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 (#8852)
• 🔨 Update kubernetes version of the CI (#8758)
• 🔨 Add a tool to generate the release name (#8629)

Docs

• 📖 Document controller debugging configuration. (#8881)

Developer documentation in DEVELOPMENT.md contains a "Debugging" section explaining how to setup VSCode for debugging Tekton controllers running in a k8 cluster.

• 📖 docs: fix typo in pipelineruns.md (#8851)

Thanks

Thanks to these contributors who contributed to v1.3.0!

• ❤️ @aThorp96
• ❤️ @afrittoli
• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]
• ❤️ @dorzel
• ❤️ @jkhelil
• ❤️ @khrm
• ❤️ @l-qing
• ❤️ @pritidesai
• ❤️ @twoGiants
• ❤️ @valAndre07
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @aThorp96
• 😍 @dorzel
• 😍 @jkhelil
• 😍 @khrm
• 😍 @l-qing
• 😍 @pritidesai
• 😍 @twoGiants
• 😍 @valAndre07
• 😍 @vdemeester

Tekton Pipeline release v1.2.0 "Dragon Li Dreadnought"

🎉 Bug fixes and documentation enhancements 🎉

-Docs @ v1.2.0
-Examples @ v1.2.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.2.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a754b4d7d26d7ac445cc63785908c6df49e449f3da28b067511a0f2298767d8be

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a754b4d7d26d7ac445cc63785908c6df49e449f3da28b067511a0f2298767d8be
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.2.0/release.yaml
REKOR_UUID=108e9186e8c5677a754b4d7d26d7ac445cc63785908c6df49e449f3da28b067511a0f2298767d8be

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.2.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 Do not propagate managed-by annotation to Pods (#8846)

od created by the Pipeline controller will now always have app.kubernetes.io/managed-by set to the default configuration. Prior to this change, it would be overriden by the value of that label set on TaskRun (or PipelineRun).

• 🐛 fix: Avoid errors in PVC handler if PVC is already deleted (#8811)

PVCs that have already been deleted will no longer cause errors during resource cleanup operations.

Misc

• 🔨 refactor: replace go-multierror with errors.Join for native error aggregation (#8791)

Replaced external go-multierror dependency with Go's built-in errors.Join for error aggregation, reducing dependencies and improving code maintainability.

• 🔨 fix: Remove direct usage of testify from pkg/spire/ (#8788)

Removed direct dependency on testify in pkg/spire to simplify testing and reduce external dependencies.

• 🔨 [TEP-0056]: Extract common status helper functions from pipelinerun_test.go. (#8850)
• 🔨 [TEP-0056]: Refactor names and fix typos. (#8806)
• 🔨 Move Step step action reference test to container_validation_test.go. (#8779)
• 🔨 Move Step Validate and ValidateError tests to container_validation_test.go. (#8778)
• 🔨 Move Step ResultRef and ArtifactsRef tests to container_validation_test.go. (#8777)
• 🔨 Move Step onError and API version tests to container_validation_test.go. (#8773)
• 🔨 Move Step ref tests to container_validation_test.go. (#8772)
• 🔨 Move Step artifacts flag tests to container_validation_test.go. (#8769)
• 🔨 Fix CRD Generation Errors (#8726)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.36.0 to 1.37.0 (#8848)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8844)
• 🔨 build(deps): bump k8s.io/code-generator from 0.32.5 to 0.32.6 (#8842)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.5 to 0.32.6 (#8840)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.5 to 0.32.6 (#8837)
• 🔨 build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.16.0 to 2.16.1 (#8836)
• 🔨 build(deps): bump github.com/google/go-containerregistry from 0.20.5 to 0.20.6 (#8835)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8834)
• 🔨 build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1 (#8833)
• 🔨 build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 (#8832)
• 🔨 build(deps): bump tj-actions/changed-files from 4140eb99d2cced9bfd78375c2088371853262f79 to d52d20fa3f981cb852b861fd8f55308b5fe29637 (#8831)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.9.4 to 1.9.5 (#8826)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.9.4 to 1.9.5 (#8823)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.4 to 1.9.5 (#8822)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.9.4 to 1.9.5 (#8821)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.4 to 1.9.5 (#8820)
• 🔨 build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 (#8819)
• 🔨 build(deps): bump tj-actions/changed-files from c6634ca281a9fc05b03bee224ba00910cb78ab6e to 4140eb99d2cced9bfd78375c2088371853262f79 (#8818)
• 🔨 build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0 (#8817)
• 🔨 build(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 (#8816)
• 🔨 Fix the sed command with crane (#8812)
• 🔨 fix(lint): resolve golangci-lint errors in testing context (#8810)
• 🔨 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#8808)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8807)

Docs

• 📖 docs: clarify container entrypoint behavior (#8696)

docs: clarify container contract documentation to avoid ambiguity

• 📖 Update releases.md for 1.1.0 (#8814)
• 📖 fix(docs): remove duplicated block from artifacts.md (#8802)

Thanks

Thanks to these contributors who contributed to v1.2.0!

• ❤️ @afrittoli
• ❤️ @alex-cobas
• ❤️ @arthur-c
• ❤️ @dependabot[bot]
• ❤️ @fambelic
• ❤️ @infernus01
• ❤️ @l-qing
• ❤️ @tricktron
• ❤️ @twoGiants
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @fambelic
• 😍 @infernus01
• 😍 @l-qing
• 😍 @vdemeester

Tekton Pipeline release v1.1.0 "Selkirk Rex Saul Tigh"

-Docs @ v1.1.0
-Examples @ v1.1.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.1.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.1.0/release.yaml
REKOR_UUID=108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.1.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 fix: Ensure retryable errors during validation do not fail Runs (#8746)

Retryable errors during dry-run Task validation will no longer cause a PipelineRun to be failed.

• 🐛 Add oomkilled reason (#8709)

TaskRuns that fail due to Out of Memory (OOM) conditions will now show the termination reason in their failure message.

Misc

• 🔨 refactor: use os.UserHomeDir instead of go-homedir (#8774)
• 🔨 Remove temporary GOPATH generation in in update-codegen.sh and update-openapigen.sh. (#8719)
• 🔨 Refactor Step validation to implement apis.Validatable. (#8717)
• 🔨 Raise test coverage in task_validation.go and container_validation.go. (#8714)
• 🔨 Refactor sidecar validation to implement apis.Validatable. (#8710)
• 🔨 Move Steps and Sidecars validation to container_validation.go. (#8685)
• 🔨 build(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2 (#8801)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8800)
• 🔨 build(deps): bump tj-actions/changed-files from 480f49412651059a414a6a5c96887abb1877de8a to c6634ca281a9fc05b03bee224ba00910cb78ab6e (#8799)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.35.0 to 1.36.0 (#8798)
• 🔨 build(deps): bump github.com/google/go-containerregistry from 0.20.3 to 0.20.5 (#8796)
• 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.35.0 to 1.36.0 (#8794)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.35.0 to 1.36.0 (#8793)
• 🔨 Fix subpath capitalisation (#8790)
• 🔨 build(deps): bump k8s.io/code-generator from 0.32.4 to 0.32.5 (#8789)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8787)
• 🔨 build(deps): bump actions/dependency-review-action from 4.7.0 to 4.7.1 (#8786)
• 🔨 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 (#8785)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.4 to 0.32.5 (#8783)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.4 to 0.32.5 (#8781)
• 🔨 build(deps): bump k8s.io/api from 0.32.4 to 0.32.5 (#8780)
• 🔨 build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 (#8771)
• 🔨 build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (#8766)
• 🔨 build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#8765)
• 🔨 build(deps): bump tj-actions/changed-files from 4168bb487d5b82227665ab4ec90b67ce02691741 to 480f49412651059a414a6a5c96887abb1877de8a (#8764)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8763)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.1 to 0.32.4 (#8762)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.56 to 1.14.58 (#8754)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.34.0 to 1.35.0 (#8753)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.15 to 1.9.4 (#8752)
• 🔨 build(deps): bump github.com/google/cel-go from 0.24.1 to 0.25.0 (#8751)
• 🔨 build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 (#8749)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.15 to 1.9.4 (#8748)
• 🔨 build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 (#8747)
• 🔨 Migration to golangci-lint v2… (#8745)
• 🔨 Add @waveywaves as a maintainer (#8743)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8742)
• 🔨 build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (#8741)
• 🔨 build(deps): bump tj-actions/changed-files from 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f to 4168bb487d5b82227665ab4ec90b67ce02691741 (#8739)
• 🔨 build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.2 to 2.16.0 (#8737)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.15 to 1.9.4 (#8736)
• 🔨 build(deps): bump k8s.io/code-generator from 0.32.2 to 0.32.4 (#8735)
• 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.34.0 to 1.35.0 (#8734)
• 🔨 build(deps): bump code.gitea.io/sdk/gitea from 0.20.0 to 0.21.0 (#8733)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.2 to 0.32.4 (#8732)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.2 to 1.12.0 (#8731)
• 🔨 build(deps): bump tj-actions/changed-files from c34c1c13a740b06851baff92ab9a653d93ad6ce7 to 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f (#8730)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.15 to 1.9.4 (#8725)
• 🔨 build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 in /test/resolver-with-timeout (#8708)
• 🔨 build(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 in /test/resolver-with-timeout (#8706)
• 🔨 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 in /test/custom-task-ctrls/wait-task-beta (#8588)

Docs

• 📖 docs: add more explicit language in the Pipelines in Pipelines docs (#8767)
• 📖 Update releases.md after v1.0.0 (#8761)
• 📖 fix(docs): correct documentation link errors related to sidecar-logs (#8744)
• 📖 Add ghcr.io migration banner to README.md. (#8693)

Thanks

Thanks to these contributors who contributed to v1.1.0!

• ❤️ @AlanGreene
• ❤️ @aThorp96
• ❤️ @afrittoli
• ❤️ @dependabot[bot]
• ❤️ @infernus01
• ❤️ @l-qing
• ❤️ @twoGiants
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @aThorp96
• 😍 @infernus01

Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS

🎉 1.0.0 is live 🎉 StepActions are GA and Git resolvers enhancements 🎉

-Docs @ v1.0.0
-Examples @ v1.0.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml
REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ fix: resolve Git Anonymous Resolver excessive memory usage (#8677)

RemoteResolutions using the Git Resolver now use the git binary instead of the Golang library go-git to shallow-clone, shallow-fetch, then checkout the provided repository at the given revision. This reduces resolution time and memory significantly. Some git providers such as Gitea may not support fetching revisions if the revision is a SHA which is not reachable via a ref or is not at a ref/head. In general, no user action is required.

See also: https://git-scm.com/docs/protocol-capabilities#_allow_reachable_sha1_in_want

Resolves #8652

• ✨ feat(pipeline): allow variable substitution in pipeline.tasks[].onError (#8600)

feat(pipeline): allow variable substitution in pipeline.tasks[].onError

• ✨ Add configuration for custom bundle resolver backoff (#8574)

Enables the configuration of backoffs for a bundle resolver requests.

• ✨ feat: promote StepActions to GA (#8546)

StepActions promoted to GA and is available by default. The enable-step-actions feature flag exists as a no-op flag to ensure that existing user workflows which might rely on this flag are not disabled. This flag will be removed completely in a later release.

• ✨ feat: add support for authenticated git clone (#8537)

n optional token can now be passed to the git clone method (using go-git library) to
bypass token limit when using the API.

Fixes

• 🐛 fix: add stepaction as a valid kind in the hub resolver (#8635)

the hub resolver now validates StepActions as a valid kind

• 🐛 fix: avoid fan out matrix task failed due to result ref (#8487)

fix: avoid fan out matrix task failed due to result ref

• 🐛 fix: handle subPath directory creation errors gracefully (#8683)

Misc

• 🔨 cleanup: [TEP-0135] remove deprecated disable-affinity-assistant feature flag (#8603)

Binary file (standard input) matches

• 🔨 cleanup: remove clustertask support (#8601)

Remove ClusterTask support completely

• 🔨 Bump go.mod and tools/go.mod to go 1.23 (#8482)

Updating go to 1.23

• 🔨 misc: promote to beta (#8343)

keep-pod-on-cancel feature flag will be enabled in default

• 🔨 build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#8729)
• 🔨 build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 (#8728)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8727)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.15 to 1.9.4 (#8724)
• 🔨 build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.4 (#8723)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#8722)
• 🔨 build(deps): bump tj-actions/changed-files from be393a90381e27c9fec2c8c2e02b00f005710145 to c34c1c13a740b06851baff92ab9a653d93ad6ce7 (#8721)
• 🔨 build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 (#8705)
• 🔨 build(deps): bump tj-actions/changed-files from 6abeaa506a419f85fa9e681260b443adbeebb3d4 to be393a90381e27c9fec2c8c2e02b00f005710145 (#8704)
• 🔨 build(deps): bump ko-build/setup-ko from 0.8 to 0.9 (#8703)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#8702)
• 🔨 build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 (#8690)
• 🔨 build(deps): bump tj-actions/changed-files from 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 to 6abeaa506a419f85fa9e681260b443adbeebb3d4 (#8689)
• 🔨 build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#8688)
• 🔨 build(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 (#8687)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#8686)
• 🔨 build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8680)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#8678)
• 🔨 build(deps): bump go.opentelemetry.io/otel from 1.34.0 to 1.35.0 (#8676)
• 🔨 Consume release pipeline images and task bundles from GHCR (#8674)
• 🔨 build(deps): bump k8s.io/code-generator from 0.31.6 to 0.31.7 (#8645)

Docs

• 📖 Add v0.70 to the releases doc and fix dates of v0.64 and v0.69 releases (#8699)
• 📖 Move Step when expressions documentation from StepActions to Tasks documetnation. (#8672)
• 📖 Update link to section on overriding task requests (#8650)
• 📖 chore: param enum usage example for stepaction (#8605)

Thanks

Thanks to these contributors who contributed to v1.0.0!

• ❤️ @AlanGreene
• ❤️ @aThorp96
• ❤️ @arewm
• ❤️ @chengjoey
• ❤️ @chmouel
• ❤️ @dependabot[bot]
• ❤️ @l-qing
• ❤️ @samdoran
• ❤️ @twoGiants
• ❤️ @vdemeester
• ❤️ @waveywaves

Extra shout-out for awesome release notes:

• 😍 @aThorp96
• 😍 @arewm
• 😍 @chengjoey
• 😍 @chmouel
• 😍 @l-qing
• 😍 @vdemeester
• 😍 @waveywaves

Tekton Pipeline release v0.59.6 "Scottish Fold Sox"

-Docs @ v0.59.6
-Examples @ v0.59.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.6/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.6/release.yaml
REKOR_UUID=108e9186e8c5677a3b6f02cfe11967af07cb62f2f7ade3716195d8cd4e8ae04533c64fab45285a74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.6@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.59.x] fix: avoid panic when validate enum param with special matrix task (#8517)

ix: avoid panic when validate enum param with special matrix task

Misc

• 🔨 [release-v0.59.x] .github/workflows: add a build and test workflows (#8580)
• 🔨 [release-v0.59.x] .github/workflows: backport e2e workflows (#8450)

Docs

Thanks

Thanks to these contributors who contributed to v0.59.6!

• ❤️ @tekton-robot
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @tekton-robot

Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

🎉 OpenAPI schema to Tekton CRDs 🎉

-Docs @ v0.70.0
-Examples @ v0.70.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml
REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.70.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• Add structural OpenAPI schema to Tekton CRDs (#8490)

action required: The structural OpenAPI schema to Tekton CRDs are added enabling API server schema validation and supporting kubectl explain to describe fields and structure of Tekton CRDs. Due to the API server schema validation, users should make sure Tekton CRs have a valid schema when creating or updating CRs.

Fixes

• 🐛 fix: Fix remote task params default-value substitution (#8641)

Task Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

• 🐛 fix: configure StepAction to use conversion webhook (#8644)

Misc

• 🔨 cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance (#8542)

import only the writer part of the credentials package in the entrypoint so that we do not pull core v1 API indirectly into the package

• 🔨 FIPS Compliance: Refactor Entrypoint, Remove zap Dependency & Update Build Checks (#8544)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8670)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#8668)
• 🔨 build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#8667)
• 🔨 build(deps): bump actions/cache from 4.2.2 to 4.2.3 (#8666)
• 🔨 build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 (#8665)
• 🔨 build(deps): bump tj-actions/changed-files from dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 (#8664)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#8654)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#8653)
• 🔨 build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#8633)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#8632)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.2 to 0.24.1 (#8614)
• 🔨 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#8608)
• 🔨 Refactor pipelinerun metrics tests (#8340)

Docs

• 📖 Document ko settings for kind clusters with and without a local registry. (#8662)
• 📖 Fix wrong entry in development documentation and other minor documentation corrections. (#8661)
• 📖 Add release 0.69 to releases.md (#8630)

Thanks

Thanks to these contributors who contributed to v0.70.0!

• ❤️ @PuneetPunamiya
• ❤️ @aThorp96
• ❤️ @afrittoli
• ❤️ @burigolucas
• ❤️ @dependabot[bot]
• ❤️ @devholic
• ❤️ @twoGiants
• ❤️ @waveywaves

Extra shout-out for awesome release notes:

• 😍 @aThorp96
• 😍 @burigolucas
• 😍 @waveywaves

Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

-Docs @ v0.69.1
-Examples @ v0.69.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml
REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.69.x] fix: Fix remote task params default-value substitution (#8651)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.69.1!

• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @tekton-robot