Skip to content

Releases: tektoncd/triggers

Tekton Triggers release v0.34.0 "Tekton Triggers"

07 Nov 12:51
@tekton-robot tekton-robot
v0.34.0
76660c5

Choose a tag to compare

View all tags
Tekton Triggers release v0.34.0 "Tekton Triggers" Latest
Latest

-Docs @ v0.34.0
-Examples @ v0.34.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/release.yaml
kubectl apply -f https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677af5fc7b3c5466e79e0ce84af7fbea9da03d09fcf1f91c05e1d34c23b20af28f3f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677af5fc7b3c5466e79e0ce84af7fbea9da03d09fcf1f91c05e1d34c23b20af28f3f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/release.yaml
REKOR_UUID=108e9186e8c5677af5fc7b3c5466e79e0ce84af7fbea9da03d09fcf1f91c05e1d34c23b20af28f3f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.34.0@sha256:" + .digest.sha256')

# Download the release file
curl -LO "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: auto fill http request content length for binding and cel eval tools (#1887)

feat: auto fill http request content length for binding and cel eval tools

  • ✨ Add tkn triggers bootstrap command for automated setup (#1890)

Fixes

  • 🐛 Update github interceptor to only validate sha-256 signature (#1899)

The GitHub interceptor now only accepts SHA-256 signatures via the X-Hub-Signature-256 header and no longer supports SHA-1 signatures via X-Hub-Signature. Standard GitHub webhooks are unaffected as GitHub sends both headers by default, but custom webhook implementations must update their HMAC signature generation from SHA-1 to SHA-256 or they will receive "no X-Hub-Signature-256 header set" errors.

  • 🐛 fix: escape Tekton variable syntax in trigger parameters (#1896)

Bugfix: escape Tekton variable syntax in trigger parameters (e.g. when $() are found in pr.body.description)

  • 🐛 fix: test instability in UpdateCACertToClusterInterceptorCRD unit test (#1878)

Misc

  • 🔨 Update release-cheat-sheet (#1910)
  • 🔨 chore: update pipelines for oracle bucket target (#1909)
  • 🔨 Change the Pipelines install location to oracle infra from gcs (#1908)
  • 🔨 Update Go version in golangci-lint workflow (#1907)
  • 🔨 Pin checkout to sha in presubmit ci tests (#1906)
  • 🔨 Bump github/codeql-action from 4.31.0 to 4.31.2 (#1905)
  • 🔨 Bump github.com/tektoncd/pipeline from 1.5.0 to 1.6.0 in the all group (#1904)
  • 🔨 Bump github/codeql-action from 3.30.6 to 4.31.0 (#1902)
  • 🔨 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#1901)
  • 🔨 Bump the all group with 7 updates (#1900)
  • 🔨 Remove condition for dependabot in golangci-lint (#1894)
  • 🔨 Pin actions by commit SHA (#1893)
  • 🔨 Add GitHub Actions workflow for go coverage job (#1891)
  • 🔨 Migrate to GH action for presubmit ci jobs (#1889)
  • 🔨 Bump the all group across 1 directory with 15 updates (#1888)
  • 🔨 Bump actions/setup-go from 5.5.0 to 6.0.0 (#1884)
  • 🔨 Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /tools (#1881)
  • 🔨 Bump actions/checkout from 4 to 5 (#1880)
  • 🔨 Update release doc with v0.33.0 (#1877)
  • 🔨 Remove linux/arm from platform we publish (#1875)

Thanks

Thanks to these contributors who contributed to v0.34.0!

Extra shout-out for awesome release notes:

Contributors

khrm, wuhuizuo, and 7 other contributors
Assets 6
Loading

Tekton Triggers release v0.33.0 "Tekton Triggers"

11 Aug 16:31
@tekton-robot tekton-robot
v0.33.0
8ff0d9c

Choose a tag to compare

View all tags
Tekton Triggers release v0.33.0 "Tekton Triggers"

-Docs @ v0.33.0
-Examples @ v0.33.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.33.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a920a272eb27aa6fcc7d307787cce0478a57a43ac0c60867837b79d610ea3608e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a920a272eb27aa6fcc7d307787cce0478a57a43ac0c60867837b79d610ea3608e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/${VERSION_TAG}/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/${VERSION_TAG}/interceptors.yaml
REKOR_UUID=108e9186e8c5677a920a272eb27aa6fcc7d307787cce0478a57a43ac0c60867837b79d610ea3608e

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.33.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add anti-affinity rules to controller's replicas (#1861)
    As part of improving high availability (HA) for the Tekton Triggers controller, this update adds a preferredDuringSchedulingIgnoredDuringExecution pod anti-affinity rule. This ensures that multiple replicas of the controller are preferably scheduled on different nodes, reducing the risk of service disruption in case of a node failure.

Fixes

  • 🐛 Fix panic on concurrent map writes (#1866)

fix data race that can occur when using a TriggerGroup that selects more than one Trigger with extensions

  • 🐛 Implement deep-copy fix for data race (#1871)
  • 🐛 Fix panic for e2e go tests (#1857)
  • 🐛 Add Security Context to Getting Started Example (#1855)
  • 🐛 fix: Issue in eventlisteners e2e when kubernetes host has a path (#1805)

Misc

  • 🔨 Bump pipelines and other dependencies (#1868)

Uodate CEL Go to v0.26.0 and Pipelines to 1.3.1.

  • 🔨 cleanup: fix golangci-lint setup in Makefile (#1849)
  • 🔨 Update the ko to v0.18.0 with go1.24.5 (#1872)
  • 🔨 Bump the all group across 1 directory with 2 updates (#1869)
  • 🔨 Add skip security context flag in e2e script (#1853)
  • 🔨 Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in /tools (#1852)
  • 🔨 Bump step-security/harden-runner from 2.12.1 to 2.12.2 (#1851)
  • 🔨 Run Integration tests on microshift (#1850)
  • 🔨 Bump step-security/harden-runner from 2.12.0 to 2.12.1 (#1848)
  • 🔨 Migrate golangci lint to version 2 (#1845)
  • 🔨 Fix subpath capitalisation (#1843)
  • 🔨 Bump the all group across 1 directory with 8 updates (#1842)
  • 🔨 Bump actions/setup-go from 5.4.0 to 5.5.0 (#1839)
  • 🔨 Update some dependancy from dependabot (#1870)
  • 🔨 fix: remove duplicated 'the' in triggers-api docs (#1847)

Docs

  • 📖 Update release doc with v0.32.0 (#1859)

Thanks

Thanks to these contributors who contributed to v0.33.0!

Extra shout-out for awesome release notes:

Contributors

khrm, AlanGreene, and 7 other contributors
Loading
0 Join discussion

Tekton Triggers release v0.32.0 "Tekton Triggers"

06 May 15:55
@tekton-robot tekton-robot
v0.32.0
4dbb0a6

Choose a tag to compare

View all tags
Tekton Triggers release v0.32.0 "Tekton Triggers"

-Docs @ v0.32.0
-Examples @ v0.32.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.32.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.32.0/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ab3a0005892bb67e811a79dfb38afdde7453855993480ace29e0146b4bbbc6662

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ab3a0005892bb67e811a79dfb38afdde7453855993480ace29e0146b4bbbc6662
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.32.0/release.yaml
REKOR_UUID=108e9186e8c5677ab3a0005892bb67e811a79dfb38afdde7453855993480ace29e0146b4bbbc6662

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":
v0.32.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add KUBERNETES_MIN_VERSION env to override k8s variable (#1818)

Add KUBERNETES_MIN_VERSION env to override k8s variable. Currently, it is set 1.28 by default.

  • ✨ Allow users to set custom securityContext in EventListener spec (#1832)
  1. Users can now define their own securityContext under the EventListener YAML.
    ex:
spec:
  serviceAccountName: tekton-triggers-example-sa
  resources:
    kubernetesResource:
      spec:
        template:
          spec:
            securityContext:
              runAsNonRoot: true
            containers:
              - resources:
                  requests:
                    memory: "64Mi"
                    cpu: "250m"
                  limits:
                    memory: "128Mi"
                    cpu: "500m"
                securityContext:
                  readOnlyRootFilesystem: true
  1. When el-security-context is true
  • If user sets a custom securityContext, it has given the priority and used same.
  • If not, a default securityContext is applied.

Fixes

Misc

  • 🔨 Bump the all group across 1 directory with 8 updates (#1838)
  • 🔨 Bump golangci/golangci-lint-action from 6.2.0 to 8.0.0 (#1837)
  • 🔨 Bump step-security/harden-runner from 2.11.1 to 2.12.0 (#1835)
  • 🔨 Move Integration tests to GH action and Kind Cluster (#1829)
  • 🔨 Consume release pipeline images and task bundles from GHCR (#1821)
  • 🔨 Bump actions/setup-go from 5.3.0 to 5.4.0 (#1820)
  • 🔨 Bump golangci/golangci-lint-action from 6.2.0 to 6.5.2 (#1819)
  • 🔨 Enable GolangCI Linter used in Pipeline repo (#1647)
  • 🔨 Update to latest pipeline and knative/pkg (#1825)

Docs

  • 📖 Add ghcr.io migration banner to README.md. (#1828)

Thanks

Thanks to these contributors who contributed to v0.32.0!

Extra shout-out for awesome release notes:

Contributors

khrm, twoGiants, and 3 other contributors
Loading

Tekton Triggers release v0.31.0 "Tekton Triggers"

05 Feb 17:24
@tekton-robot tekton-robot
v0.31.0
66a7b7d

Choose a tag to compare

View all tags
Tekton Triggers release v0.31.0 "Tekton Triggers"

-Docs @ v0.31.0
-Examples @ v0.31.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.31.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.31.0/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a07cc569190ef56db5be79598a0427d17fbb556b35148f100226157292f46d460

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a07cc569190ef56db5be79598a0427d17fbb556b35148f100226157292f46d460
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.31.0/release.yaml
REKOR_UUID=108e9186e8c5677a07cc569190ef56db5be79598a0427d17fbb556b35148f100226157292f46d460

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.31.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Triggers now support adding ImagePullSecrets field as part of EventListener object (#1787)
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
  name: fission-ci-listener-test
spec:
  serviceAccountName: tekton-triggers-example-sa
  resources:
    kubernetesResource:
      spec:
        template:
          spec:
            imagePullSecrets:
              - name: docker-login

Misc

  • 🔨 Bump the all group across 1 directory with 15 updates (#1804)
  • 🔨 Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#1803)
  • 🔨 Bump actions/setup-go from 5.2.0 to 5.3.0 (#1802)
  • 🔨 Migrate to GitHubAction for GolangCI Lint (#1795)
  • 🔨 Bump actions/checkout from 2 to 4 (#1794)
  • 🔨 Bump github/codeql-action from 2 to 3 (#1793)
  • 🔨 Update release doc with v0.30.0 (#1781)

Docs

  • 📖 Point Gitlab Interceptors docs to more direct Webhook event types link (#1786)
  • 📖 Update DEVELOPMENT.md (#1783)

Thanks

Thanks to these contributors who contributed to v0.31.0!

Extra shout-out for awesome release notes:

Contributors

khrm, lx1036, and 3 other contributors
Loading

Tekton Triggers release v0.30.1 "Tekton Triggers"

02 Jan 17:50
@tekton-robot tekton-robot
v0.30.1
b27feb0

Choose a tag to compare

View all tags
Tekton Triggers release v0.30.1 "Tekton Triggers"

-Docs @ v0.30.1
-Examples @ v0.30.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.30.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.30.1/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a6acf7d6fb9d83f562974223e03ced6fa0dc9fda20c2b47ff279c4b1a238f3185

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a6acf7d6fb9d83f562974223e03ced6fa0dc9fda20c2b47ff279c4b1a238f3185
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.30.1/release.yaml
REKOR_UUID=108e9186e8c5677a6acf7d6fb9d83f562974223e03ced6fa0dc9fda20c2b47ff279c4b1a238f3185

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.30.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

  • 🐛 [release-v0.30.x] Upgrade golang.org/x/crypto to 0.31.0 (#1785)

Misc

  • 🔨 [release-v0.30.x] Fix the release cheat sheet - Rekor ID Fetch (#1790)

Thanks

Thanks to these contributors who contributed to v0.30.1!

Extra shout-out for awesome release notes:

Contributors

savitaashture and tekton-robot
Loading

Tekton Triggers release v0.29.2 "Tekton Triggers"

02 Jan 15:47
@tekton-robot tekton-robot
v0.29.2
c2461e1

Choose a tag to compare

View all tags
Tekton Triggers release v0.29.2 "Tekton Triggers"

-Docs @ v0.29.2
-Examples @ v0.29.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.2/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.2/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a2dae70ab726277f2c4c5ba39bcc1ac1bfd845967f596e06890934f5e86820376

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a2dae70ab726277f2c4c5ba39bcc1ac1bfd845967f596e06890934f5e86820376
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.2/release.yaml
REKOR_UUID=108e9186e8c5677a2dae70ab726277f2c4c5ba39bcc1ac1bfd845967f596e06890934f5e86820376

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.29.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Security Fixes

  • 🐛 [release-v0.29.x] Upgrade golang.org/x/crypto to 0.31.0 (#1784)

Misc

  • 🔨 [release-v0.29.x] Update the relese cheat-sheet (#1791)
  • 🔨 [release-v0.29.x] Fix the release cheat sheet - Rekor ID Fetch (#1789)
  • 🔨 [release-v0.29.x] Migrate nightly builds and releases to ghcr.io (#1788)

Thanks

Thanks to these contributors who contributed to v0.29.2!

Extra shout-out for awesome release notes:

Contributors

savitaashture and tekton-robot
Loading

Tekton Triggers release v0.30.0 "Tekton Triggers"

05 Nov 20:28
@tekton-robot tekton-robot
v0.30.0
c6d2a8d

Choose a tag to compare

View all tags
Tekton Triggers release v0.30.0 "Tekton Triggers"

-Docs @ v0.30.0
-Examples @ v0.30.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.30.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a05ca2593a924c2abaf6290c29d6d5192c8d918d7d74b054734c58b63ec6c8562

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a05ca2593a924c2abaf6290c29d6d5192c8d918d7d74b054734c58b63ec6c8562
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/${VERSION_TAG}/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/${VERSION_TAG}/interceptors.yaml
REKOR_UUID=108e9186e8c5677a05ca2593a924c2abaf6290c29d6d5192c8d918d7d74b054734c58b63ec6c8562

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.30.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

Misc

  • 🔨 Bump pipeline 0.65.0 LTS (#1775)
  • 🔨 Bump the CEl-GO to v0.21.0 (#1776)
  • 🔨 Rename Decade to Century (#1773)
  • 🔨 Migrate nightly builds and releases to ghcr.io (#1767)
  • 🔨 Add dependabot to update go mod and github action dependencies (#1770)

Docs

  • 📖 Update the release cheat-sheet (#1769)
  • 📖 Update release doc with v0.29.0 LTS (#1759)

Thanks

Thanks to these contributors who contributed to v0.30.0!

Contributors

khrm, afrittoli, and 2 other contributors
Loading
0 Join discussion

Tekton Triggers release v0.29.1 "Tekton Triggers"

04 Sep 15:43
@tekton-robot tekton-robot
v0.29.1
616cae1

Choose a tag to compare

View all tags
Tekton Triggers release v0.29.1 "Tekton Triggers"

-Docs @ v0.29.1
-Examples @ v0.29.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.1/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a689b63ad4f04407989836cf4ad5a48b04c6a5ccbe0e7ae9335e54f8df273e509

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a689b63ad4f04407989836cf4ad5a48b04c6a5ccbe0e7ae9335e54f8df273e509
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.1/release.yaml
REKOR_UUID=108e9186e8c5677a689b63ad4f04407989836cf4ad5a48b04c6a5ccbe0e7ae9335e54f8df273e509

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.29.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Set readOnlyRootFilesystem as true in Interceptor (#1763)

Interceptor's Deployment security context readOnlyRootFilesystem are set to true to increase the security and to avoid being flagged by the security scanner

Fixes

Misc

  • 🔨 Bump Pipeline to v0.62.3 (#1762)

Bumping Pipeline to v0.62.3 to make client compatible with old pipeline versions

Docs

Thanks

Thanks to these contributors who contributed to v0.29.1!

Extra shout-out for awesome release notes:

Contributors

tekton-robot
Loading

Tekton Triggers release v0.29.0 "Tekton Triggers LTS"

21 Aug 09:56
@tekton-robot tekton-robot
v0.29.0
b133ef7

Choose a tag to compare

View all tags
Tekton Triggers release v0.29.0 "Tekton Triggers LTS"

-Docs @ v0.29.0
-Examples @ v0.29.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.0/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ad076cc4e98758a3298fe82176ab9bd6ab7d90e9ae59a0ccc9104b0d7ae540aa4

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ad076cc4e98758a3298fe82176ab9bd6ab7d90e9ae59a0ccc9104b0d7ae540aa4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.29.0/release.yaml
REKOR_UUID=108e9186e8c5677ad076cc4e98758a3298fe82176ab9bd6ab7d90e9ae59a0ccc9104b0d7ae540aa4

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.29.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add new flag set-read-only-root-filesystem to set readOnlyRootFilesys… (#1742)

Added a new flag el-read-only-root-filesystem to the tekton-triggers-controller container. This flag, which is set to true by default, configures the EventListener container's securityContext.readOnlyRootFilesystem to true. This change aligns with Azure AKS best practices and enhances security.

  • ✨ Update eventlistener podSeurityContext to adhere to restricted pod security (#1740)

Eventlistener podTemplate now includes securityContext settings: seccompProfile, runAsUser, runAsGroup, and fsGroup when flag el-security-context is true.

Breaking Changes

  • 🚨 Metric name for eventlistener is changed from eventlistener_event_count
    to eventlistener_event_received_count (#1755)

Misc

  • 🔨 Install latest pipeline release in tests (#1758)

Install latest pipeline release in tests

  • 🔨 Bump Pipelines to v0.62.1 (#1754)

Bump Pipelines to v0.62.1

  • 🔨 Add runAsUser and runAsGroup under setSecurityContext flag (#1756)

Docs

  • 📖 Remove duplicate Triggers reference from TriggerGroup section of documentation (#1757)

Updated Documentation on TriggerGroups

  • 📖 Updated URL's on eventlisteners.md (#1750)
  • 📖 fix(example): update default branch name in examples (#1748)
  • 📖 Fixes eventlistener link and cel expression yaml example in docs (#1746)

Thanks

Thanks to these contributors who contributed to v0.29.0!

Extra shout-out for awesome release notes:

Contributors

johankok, khrm, and 8 other contributors
Loading

Tekton Triggers release v0.28.0 "Tekton Triggers"

08 Jul 08:02
@tekton-robot tekton-robot
v0.28.0
87e123e

Choose a tag to compare

View all tags
Tekton Triggers release v0.28.0 "Tekton Triggers"

-Docs @ v0.28.0
-Examples @ v0.28.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.28.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.28.0/interceptors.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ab8d7c9926b0e67fa6a87b50dacf2e91bcaeb6c964a25d5e562dc0518c48a37fd

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ab8d7c9926b0e67fa6a87b50dacf2e91bcaeb6c964a25d5e562dc0518c48a37fd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.28.0/release.yaml
REKOR_UUID=24296fb24b8ad77ab8d7c9926b0e67fa6a87b50dacf2e91bcaeb6c964a25d5e562dc0518c48a37fd

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.28.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Set readOnlyRootFilesystem as true in Controller and Webhook (#1735)

    • Controller's and Webhook's Deployment security context readOnlyRootFilesystem are set to true to increase the security and to avoid being flagged by the security scanner

  • ✨ Update securityContext to include required configurations when the flag el-security-context is enabled (#1736) and (#1747)

    • Added new field default-run-as-non-root to configmap so that RunAsNonRoot can be now configured through config-defaults-triggers ConfigMap
      • Defaults values for RunAsNonRoot is true
    • Added new fields default-run-as-user and default-run-as-group to config-defaults-triggers configmap so that RunAsUser and RunAsGroup can be now configured through ConfigMap
      • Defaults values for RunAsUser and RunAsGroup 65532

Misc

  • 🔨 Bump 0.61.0 pipeline release (#1745)
  • 🔨 Bump github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.7 (#1738)
  • 🔨 Handle validation when value for runAsGroup and runAsUser is empty (#1747)
  • 🔨 Bump knative.dev/serving from 0.38.6 to 0.39.0 (#1733)

Docs

  • 📖 fix: Markdown syntax error for Note in events.md (#1743)
  • 📖 Add v0.26.x and v0.27.x doc (#1732)

Thanks

Thanks to these contributors who contributed to v0.28.0!

Extra shout-out for awesome release notes:

Contributors

khrm, danielfbm, and 2 other contributors
Loading