fix(deps): update module github.com/tektoncd/pipeline to v0.66.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/tektoncd/pipeline	v0.39.0 -> v0.66.0

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.66.0: Tekton Pipeline release v0.66.0 "American Curl AL-76"

Compare Source

-Docs @​ v0.66.0
-Examples @​ v0.66.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml
REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.66.0@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Fix StepAction support in Cluster resolver (#​8382)

Fix StepAction support in Cluster resolver

• ✨ Expose Resolvers Controller performance tuning configurations (#​8344)

We can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 fix: add missing stepaction RBAC permission for resolver (#​8397)

fix: include missing RBAC permission to allow cluster resolver to get and list StepActions

• 🐛 Use io.ReadFull to read the bundle content (#​8389)

ix an issue on bundle list command with relatively big bundles that couldn't be parsed (truncated data)

• 🐛 Fix StepAction support in Cluster resolver (#​8382)

Fix StepAction support in Cluster resolver

• 🐛 Fixes git-resolver configuration for serverUrl and scmType (#​8401)
• 🐛 Add Failed Validation group in message for the status message in PipelineRun (#​8356)
• 🐛 Run finally pipeline even if task is failed at the validation (#​8314)

Misc

• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8408)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8406)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.62.0 to 1.62.2 in /tools (#​8405)
• 🔨 build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#​8404)
• 🔨 build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#​8403)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 (#​8402)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8395)
• 🔨 build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#​8394)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.61.0 to 1.62.0 in /tools (#​8386)
• 🔨 build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#​8385)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#​8384)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 (#​8383)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8363)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8354)
• 🔨 build(deps): bump actions/dependency-review-action from 4.3.4 to 4.4.0 (#​8353)
• 🔨 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#​8351)
• 🔨 build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#​8350)
• 🔨 build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#​8349)

Docs

• 📖 Update release.md with v0.65.0 (#​8355)

Thanks

Thanks to these contributors who contributed to v0.66.0!

• ❤️ @​AverageMarcus
• ❤️ @​PuneetPunamiya
• ❤️ @​dependabot[bot]
• ❤️ @​divyansh42
• ❤️ @​khrm
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​AverageMarcus
• 😍 @​khrm
• 😍 @​vdemeester

v0.65.4: Tekton Pipeline release v0.65.4 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.4
-Examples @​ v0.65.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.4/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ac23b9e3d80fbd75881d628aa04d6e3ed7f6d21ea46c94c4856d01cdba23ae798

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ac23b9e3d80fbd75881d628aa04d6e3ed7f6d21ea46c94c4856d01cdba23ae798
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.4/release.yaml
REKOR_UUID=108e9186e8c5677ac23b9e3d80fbd75881d628aa04d6e3ed7f6d21ea46c94c4856d01cdba23ae798

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.4@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] Fixes git-resolver configuration for serverUrl and scmType (#​8409)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.4!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

v0.65.3: Tekton Pipeline release v0.65.3 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.3
-Examples @​ v0.65.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a0f1febc6adf68f4220edd3a81c9a0da1f7185512b481667c6a0f076eaed75b4d

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a0f1febc6adf68f4220edd3a81c9a0da1f7185512b481667c6a0f076eaed75b4d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.3/release.yaml
REKOR_UUID=108e9186e8c5677a0f1febc6adf68f4220edd3a81c9a0da1f7185512b481667c6a0f076eaed75b4d

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.3@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] fix: add missing stepaction RBAC permission for resolver (#​8400)

ix: include missing RBAC permission to allow cluster resolver to get and list StepActions

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.3!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.65.2: Tekton Pipeline release v0.65.2 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.2
-Examples @​ v0.65.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.2/release.yaml
REKOR_UUID=108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.2@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] Use io.ReadFull to read the bundle content (#​8390)

ix an issue on bundle list command with relatively big bundles that couldn't be parsed (truncated data)

• 🐛 [release-v0.65.x] Fix StepAction support in Cluster resolver (#​8387)

ix StepAction support in Cluster resolver

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.2!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.65.1: Tekton Pipeline release v0.65.1 "Sokoke Herbie LTS"

Compare Source

-Docs @​ v0.65.1
-Examples @​ v0.65.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677abd62783f1c644771b33f78da6ddf96863355b36a2807c1f93a433eb1e2babdeb

Obtain the attestation:

REKOR_UUID=108e9186e8c5677abd62783f1c644771b33f78da6ddf96863355b36a2807c1f93a433eb1e2babdeb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.1/release.yaml
REKOR_UUID=108e9186e8c5677abd62783f1c644771b33f78da6ddf96863355b36a2807c1f93a433eb1e2babdeb

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [release-v0.65.x] Expose Resolvers Controller performance tuning configurations (#​8364)

e can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 [release-v0.65.x] Add Failed Validation group in message for the status message in PipelineRun (#​8372)
• 🐛 [release-v0.65.x] Run finally pipeline even if task is failed at the validation (#​8367)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.65.0: Tekton Pipeline release v0.65.0 "Sokoke Herbie LTS"

Compare Source

-Docs @​ v0.65.0
-Examples @​ v0.65.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aad7a1878b454249eae3ea9a5ff3b0eef665d0995b57a367880b4b34fbd42a3b4

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aad7a1878b454249eae3ea9a5ff3b0eef665d0995b57a367880b4b34fbd42a3b4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.0/release.yaml
REKOR_UUID=108e9186e8c5677aad7a1878b454249eae3ea9a5ff3b0eef665d0995b57a367880b4b34fbd42a3b4

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add support for priorityClassName in affinityAssistantPodTemplate (#​8286)

Add support for priorityClassName in affinityAssistantPodTemplate

This will help to specify default priorityClassName in affinity assistant podTemplate for affinity assistant pods.
Also value specified in pipelinerun/taskrun will be used for both affinity assistant pods and taskrun pods.

• ✨ Add support for multiple git resolver configurations (#​8263)

Add support for multiple git resolver configurations

• ✨ Add Metrics for Running PipelinesRuns at Pipeline and Namespace level (#​8280)

Fixes

Misc

• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8342)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8331)
• 🔨 build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#​8330)
• 🔨 build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 (#​8329)
• 🔨 build(deps): bump actions/cache from 4.1.0 to 4.1.1 (#​8328)
• 🔨 tekton: update bugfix-release.sh script for ghcr.io (#​8323)
• 🔨 build(deps): bump actions/cache from 4.0.2 to 4.1.0 (#​8321)
• 🔨 build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#​8320)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.2 to 45.0.3 (#​8319)
• 🔨 build(deps): bump github/codeql-action from 3.26.10 to 3.26.12 (#​8318)
• 🔨 build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#​8317)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​8316)
• 🔨 build(deps): bump actions/setup-go from 5.0.0 to 5.0.2 (#​8309)
• 🔨 build(deps): bump github/codeql-action from 3.26.8 to 3.26.10 (#​8308)
• 🔨 build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#​8307)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.60.3 to 1.61.0 in /tools (#​8254)
• 🔨 Improve how gosec G115 findings are addressed (#​8250)
• 🔨 build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#​8231)

Docs

• 📖 Update the release cheat-sheet (#​8302)

Container images in the release are stored in ghcr.io,

• 📖 docs: fix formatting in artifacts.md (#​8326)
• 📖 Improve git resolver docs (#​8311)
• 📖 Update releases.md with v0.64.0 (#​8304)

Thanks

Thanks to these contributors who contributed to v0.65.0!

• ❤️ @​SaschaSchwarze0
• ❤️ @​afrittoli
• ❤️ @​dependabot[bot]
• ❤️ @​piyush-garg
• ❤️ @​pramodbindal
• ❤️ @​tarilabs
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​afrittoli
• 😍 @​piyush-garg

v0.64.0: Tekton Pipeline release v0.64.0 "Ragamuffin Reventlov"

Compare Source

🎉 Released Container Images stored on ghcr.io 🎉

-Docs @​ v0.64.0
-Examples @​ v0.64.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.64.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.64.0/release.yaml
REKOR_UUID=108e9186e8c5677ab54c658d37a263dfad3c8244bbef3e63cced8ae2d37c05701abf89bc6fa1fdf8

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.64.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Implement set-security-context feature for affinity assistant containers (#​8182)

Affinity Assistant containers will now have a securityContext when feature flag set-security-context is enabled in ConfigMap feature-flags.

Fixes

• 🐛 Fix isolated workspaces ignored when using StepTemplate (#​8272)

Isolated workspaces are now correctly set when using in conjuction with StepTemplate

• 🐛 fix(TaskRun): fixed the issue where some step statuses might not be correctly updated in failed TaskRun (#​8270)

fix: fixed the issue where some step statuses might not be correctly updated in failed TaskRun

• 🐛 fix(pipelinerun): resolve issue with PipelineRun not timing out successfully (#​8236)

fix(pipelinerun): resolve issue with PipelineRun not timing out successfully

• 🐛 fix(e2e): stabilize TestTaskRunFailure test (#​8174)
• 🐛 Mark steps as deleted when TaskRun fails (#​8294)

Misc

• 🔨 Bump the all group across 1 directory with 4 updates (#​8300)
• 🔨 Pin setup-go action (#​8291)
• 🔨 Simply the path for the base image (#​8290)
• 🔨 Bump github/codeql-action from 3.26.7 to 3.26.8 (#​8289)
• 🔨 Pin alpine image used in release pipeline (#​8287)
• 🔨 Update to the latest version of koparse for the release pipeline (#​8285)
• 🔨 Bump google.golang.org/grpc from 1.64.1 to 1.67.0 (#​8281)
• 🔨 Use the new version of koparse in the build (#​8278)
• 🔨 Bump step-security/harden-runner from 2.9.1 to 2.10.1 (#​8269)
• 🔨 Bump tj-actions/changed-files from 45.0.1 to 45.0.2 (#​8268)
• 🔨 Bump github/codeql-action from 3.26.6 to 3.26.7 (#​8267)
• 🔨 Bump the all group in /tekton with 4 updates (#​8266)
• 🔨 Adapt koparse step to handle no import path (#​8261)
• 🔨 Add KO_EXTRA_ARGS (#​8260)
• 🔨 Propagate image registry regions to publish (#​8259)
• 🔨 Fix the imageRegistryUser param usage in the release pipeline (#​8256)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8253)
• 🔨 Run build and tests conditionally (#​8252)
• 🔨 Support separate bucket and image reg creds (#​8251)
• 🔨 Add OCI source label to images (#​8247)
• 🔨 Make image registry regions configurable (#​8246)
• 🔨 build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#​8245)
• 🔨 build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#​8244)
• 🔨 build(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 (#​8243)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​8235)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.0 to 45.0.1 (#​8233)
• 🔨 build(deps): bump github/codeql-action from 3.26.3 to 3.26.6 (#​8232)

Docs

• 📖 Update releases for new Tekton Pipeline Releases 0.63 (#​8229)

Thanks

Thanks to these contributors who contributed to v0.64.0!

• ❤️ @​AlanGreene
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​dependabot[bot]
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.63.0: Tekton Pipeline release v0.63.0 "Abyssinian K-9"

Compare Source

-Docs @​ v0.63.0
-Examples @​ v0.63.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml
REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.63.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ cluster-reslover: add support for StepAction (#​8199)

tepAction are now supported to a refered via the cluster resolver.

• ✨ Allow securityContext field for affinity assistant podtemplate (#​8176)

Added the ability to set the pod-level securityContext for the AffinityAssistant StatefulSet.
This can be configured by providing a default-affinity-assistant-pod-template in the config-defaults ConfigMap or by specifying a pod template in TaskRun or PipelineRun.

• ✨ Add UID label to PipelineRun and TaskRun (#​8166)

TaskRun pods have tekton.dev/taskRunUID and tekton.dev/pipelineRunUID labels

Fixes

• 🐛 Fix Artifact type to a pointer (#​8226)

Fix Artifact type to a pointer.

• 🐛 fix task name show in metric (#​8216)

fix clusterTask name show anonymous in metric

• 🐛 apply default-container-resource-requirements before LimitRange transformer (#​8197)

[Bug fix]: default-container-resource-requirements will be applied to the container before LimtRange

• 🐛 fix(pipelinerun): resolve issue where canceling active pipelinerun fails (#​8173)

fix(pipelinerun): resolve issue where canceling active pipelinerun fails

• 🐛 fix(taskrun): resolve issue with TaskRun not failing promptly after Pod OOM (#​8171)

fix(taskrun): resolve issue with TaskRun not failing promptly after Pod OOM

• 🐛 fix: If the finally timeout is set to 0s, the calculates the next queue entry time according to the pipeline timeout. (#​8056)

If the finally timeout is set to 0s, the reconciler calculates the next queue entry time according to the pipeline timeout.

• 🐛 feat(matrix): Fix matrix param type mismatch problem for ref array result from customrun scenario (#​8024)

Misc

• 🔨 build(deps): bump tj-actions/changed-files from 44.5.7 to 45.0.0 (#​8223)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.59.1 to 1.60.3 in /tools (#​8219)
• 🔨 build(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.5+incompatible (#​8218)
• 🔨 Bump the all group in /tekton with 4 updates (#​8212)
• 🔨 Bump github/codeql-action from 3.26.0 to 3.26.3 (#​8211)
• 🔨 Bump the all group in /tekton with 4 updates (#​8204)
• 🔨 Bump actions/upload-artifact from 4.3.5 to 4.3.6 (#​8203)
• 🔨 Bump step-security/harden-runner from 2.9.0 to 2.9.1 (#​8202)
• 🔨 Bump github/codeql-action from 3.25.15 to 3.26.0 (#​8201)
• 🔨 {taskrun,pipelinerun}metrics: make sure config is up-to-date (#​8187)
• 🔨 Bump the all group in /tekton with 2 updates (#​8180)
• 🔨 Bump actions/upload-artifact from 4.3.4 to 4.3.5 (#​8179)
• 🔨 Bump tj-actions/changed-files from 44.5.5 to 44.5.7 (#​8178)
• 🔨 Bump github/codeql-action from 3.25.13 to 3.25.15 (#​8162)
• 🔨 Bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#​8161)
• 🔨 Bump the all group in /tekton with 4 updates (#​8160)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.27.0 to 1.28.0 (#​8154)

Docs

• 📖 docs: fix links to Matrix examples (#​7953)

Thanks

Thanks to these contributors who contributed to v0.63.0!

• ❤️ @​AverageMarcus
• ❤️ @​chengjoey
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​hittyt
• ❤️ @​jkandasa
• ❤️ @​khrm
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​chengjoey
• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​jkandasa
• 😍 @​khrm
• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.62.6: Tekton Pipeline release v0.62.6 "Ragamuffin Reventlov"

Compare Source

-Docs @​ v0.62.6
-Examples @​ v0.62.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.6/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677af1a0ed2d80855987d4306c847fcf23a27a17cf11a60feff4f8bfb6a0918063a7

Obtain the attestation:

REKOR_UUID=108e9186e8c5677af1a0ed2d80855987d4306c847fcf23a27a17cf11a60feff4f8bfb6a0918063a7
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.6/release.yaml
REKOR_UUID=108e9186e8c5677af1a0ed2d80855987d4306c847fcf23a27a17cf11a60feff4f8bfb6a0918063a7

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.6@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Use io.ReadFull to read the bundle content (#​8391)

ix an issue on bundle list command with relatively big bundles that couldn't be parsed (truncated data)

• 🐛 fix(pipelinerun): resolve issue with PipelineRun not timing out successfully (#​8376)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.6!

• ❤️ @​l-qing
• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.5: Tekton Pipeline release v0.62.5 "Ragamuffin Reventlov"

Compare Source

-Docs @​ v0.62.5
-Examples @​ v0.62.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.5/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a02a8666fc6bbbd2549e455aac7f2fb8f4cf66f07b8e0c6dd992c7e05ec7ba52a

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a02a8666fc6bbbd2549e455aac7f2fb8f4cf66f07b8e0c6dd992c7e05ec7ba52a
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.5/release.yaml
REKOR_UUID=108e9186e8c5677a02a8666fc6bbbd2549e455aac7f2fb8f4cf66f07b8e0c6dd992c7e05ec7ba52a

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.5@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ [release-v0.62.x] Expose Resolvers Controller performance tuning configurations (#​8365)

e can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 [release-v0.62.x] Add Failed Validation group in message for the status message in PipelineRun (#​8373)
• 🐛 [release-v0.62.x] Run finally pipeline even if task is failed at the validation (#​8368)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.5!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.4: Tekton Pipeline release v0.62.4 "Ragamuffin Reventlov"

Compare Source

-Docs @​ v0.62.4
-Examples @​ v0.62.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.4/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a294d223044005f4caffd3b6b20afcfcc96849fd9b2cdbcb170ca741ab440fb83

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a294d223044005f4caffd3b6b20afcfcc96849fd9b2cdbcb170ca741ab440fb83
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.4/release.yaml
REKOR_UUID=108e9186e8c5677a294d223044005f4caffd3b6b20afcfcc96849fd9b2cdbcb170ca741ab440fb83

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.4@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Fix isolated workspaces ignored when using StepTemplate (#​8273)

solated workspaces are now correctly set when using in conjuction with StepTemplate

• 🐛 [release-v0.62.x] Mark steps as deleted when TaskRun fails (#​8295)

Misc

• 🔨 [release-v0.62.x] Backport release "scripts" changes from main… (#​8332)

Docs

Thanks

Thanks to these contributors who contributed to v0.62.4!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.62.3: Tekton Pipeline release v0.62.3 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.3
-Examples @​ v0.62.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.3/release.yaml
REKOR_UUID=108e9186e8c5677aa407357ea4e4be089c72e70eb6e12acb4d1bc92eec85f0c0fba54abc89790342

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.3@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.62.x] Fix Artifact type to a pointer (#​8228)

Fix Artifact type to a pointer.

• 🐛 [release-v0.62.x] apply default-container-resource-requirements before LimitRange transformer (#​8227)

[Bug fix]: default-container-resource-requirements will be applied to the container before LimtRange

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.62.3!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot
• 😍 @​vdemeester

v0.62.2: Tekton Pipeline release v0.62.2 "Birman HAL LTS"

Compare Source

-Docs @​ v0.62.2
-Examples @​ v0.62.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a6e62d0e6c909ccb98a5768c17110fecb8c493b0a3c670644a0e1d3cdf4a584b5

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a6e62d0e6c909ccb98a5768c17

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/PingCAP-QE/ee-apps).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yOTMuMCIsInVwZGF0ZWRJblZlciI6IjM5LjQyLjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

[ti-chi-bot]

I Skip it since the diff size(191536 bytes > 80000 bytes) is too large

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wuhuizuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• cloudevents-server/OWNERS
• tibuild/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187797 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187887 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(186883 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187014 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193614 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193521 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202450 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(201134 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(205776 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(202399 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large