New features added to each component:
- August 24, 2021 Postsubmit Prow jobs now support the
always_run
field. This field interacts with therun_if_changed
andskip_if_only_changed
fields as follows:- (NEW) If the field is explicitly set to
always_run: false
, then the Postsubmit will not run automatically. The intention is to allow other triggers outside of a GitHub change, such as a Pub/Sub event, to trigger the job. See this issue for the motivation. However ifrun_if_changed
orskip_if_only_changed
is also set, then those triggers are determined first; if for whatever reason they cannot be determined, then the job will not run automatically (and wait for another trigger such as a Pub/Sub event as mentioned above). - If the field is explicitly set to
always_run: true
, then the Postsubmit job will always run. Also trying to setrun_if_changed
orskip_if_only_changed
in the same Postsubmit job will result in a config error. This mutual exclusivity matches the configuration behavior of Presubmit jobs, which also disallow combiningalways_run: true
together withrun_if_changed
orskip_if_only_changed
. - If
always_run
is not set (missing from the job config):- If both
run_if_changed
andskip_if_only_changed
are not set: same as old behavior (Postsubmit job will run automatically upon a GitHub change). - If one of
run_if_changed
orskip_if_only_changed
is set: same as old behavior (running will depend onrun_if_changed
orskip_if_only_changed
).
- If both
- (NEW) If the field is explicitly set to
- May 14th, 2021: All components that interact with GitHub newly allow client-side throttling customization
via
--github-hourly-tokens
and--github-allowed-burst
parameters. A notable exception to this is Tide which has custom throttling logic and does not expose these two new options. Other existing custom options in branchprotector, peribolos, status-reconciler and needs-rebase (--tokens/--hourly-tokens
etc.) are deprecated and will be removed in August 2021. - April 12th, 2021 End of grace period for storage bucket validation, additional buckets have to be allowed
by adding them to the
deck.additional_allowed_buckets
list. - March 9th, 2021 Tide batchtesting will now continue to test a given batch even
when more PRs became eligible while a test failed. You can disable this by setting
tide.prioritize_existing_batches.<org or org/repo>: false
in your Prow config. - March 3, 2021
plank.default_decoration_configs
can optionally be replaced withplank.default_decoration_config_entries
which supports a new format that is a slice of filters with associated decoration configs rather than a map. Currently entries can filter by repo and/or cluster. The old field is still supported and will not be deprecated. - February 23, 2021 New format introduced in
plugins.yaml
. Repos can be excluded from plugin definition at org level usingexcluded_repos
notation. The previous format will be deprecated in July 2021, see kubernetes#20631. - November 2, 2020 Tide is now able to respect checkruns.
- September 15, 2020 Added validation to Deck that will restrict artifact requests based on storage buckets.
Opt-out by setting
deck.skip_storage_path_validation
in your Prow config. Buckets specified in job configs (<job>.gcs_configuration.bucket
) and plank configs (plank.default_decoration_configs[*].gcs_configuration.bucket
) are automatically allowed access. Additional buckets can be allowed by adding them to thedeck.additional_allowed_buckets
list. (This feature will be enabled by default ~Jan 2021. For now, you will begin to notice violation warnings in your logs.) - August 31th, 2020 Added
gcs_browser_prefixes
field in spyglass configuration.gcs_browser_prefix
will be deprecated in February 2021. You can now specify different values for different repositories. The format should be in org, org/repo or '*' which is the default value. - July 13th, 2020 Configuring
job_url_prefix_config
withgcs/
prefix is now deprecated. Please configure a job url prefix without thegcs/
storage provider suffix. From now on the storage provider is appended automatically so multiple storage providers can be used for builds of the same repository. For now we still handle the old configuration format, this will be removed in September 2020. To be clear handling of URLs with/view/gcs
in Deck is not deprecated. - June 23rd, 2020 An hmac tool was added to automatically reconcile webhooks and hmac tokens for the orgs and repos integrated with your prow instance.
- June 8th, 2020 A new informer-based Plank implementation was added. It can be used by deploying the new prow-controller-manager binary. We plan to gradually move all our controllers into that binary, see kubernetes#17024
- May 31, 2020 '--gcs-no-auth' in Deck is deprecated and not used anymore. We always fall back to an anonymous GCS client now, if all other options fail. This flag will be removed in July 2020.
- May 25, 2020 Added
--blob-storage-workers
and--kubernetes-blob-storage-workers
flags to crier. The flags--gcs-workers
and--kubernetes-gcs-workers
are now deprecated and will be removed in August 2020. - May 13, 2020 Added a
decorate_all_jobs
option to job configuration that allows to control whether jobs are decorated by default. Individual jobs can use thedecorate
option to override this setting. - March 25, 2020 Added a
report_templates
option to the Plank config that allows to specify different report templates for each organization or a specific repository. Thereport_template
option is deprecated and it will be removed on September 2020 which is going to be replaced with the*
value inreport_templates
. - January 03, 2020 Added a
pr_status_base_urls
option to the Tide config that allows to specify different tide's URL for each organization or a specific repository. Thepr_status_base_url
will be deprecated on June 2020 and it will be replaced with the*
value inpr_status_base_urls
. - November 05, 2019 The
config-updater
plugin supports update configs on build clusters by usingclusters
. The fields namespace and additional_namespaces are deprecated. - October 27, 2019 The
trusted_org
functionality in trigger is being deprecated in favour of being more explicit in the fact that org members or repo collaborators are the trusted users. This option will be removed completely in January 2020. - October 07, 2019 Added a
default_decoration_configs
option to the Plank config that allows to specify different plank's default configuration for each organization or a specific repository.default_decoration_config
will be deprecated in April 2020 and it will be replaced with the*
value indefault_decoration_configs
. - August 29, 2019 Added a
batch_size_limit
option to the Tide config that allows the batch size limit to be specified globally, per org, or per repo. Values default to 0 indicating no size limit. A value of -1 disables batches. - July 30, 2019
authorized_users
inrerun_auth_config
for deck will becomegithub_users
. - July 19, 2019 deck will soon remove its default value for
--cookie-secret-file
. If you set--oauth-url
but not--cookie-secret-file
, add--cookie-secret-file=/etc/cookie-secret
to your deck instance. The default value will be removed at the end of October 2019. - July 2, 2019 prow defaults to report status for both presubmit and postsubmit jobs on GitHub now.
- June 17, 2019 It is now possible to configure the channel for the Slack reporter
directly on jobs via the
.reporter_config.slack.channel
config option - May 13, 2019 New
plank
configpod_running_timeout
is added and defaulted to two days to allow plank abort pods stuck in running state. - April 25, 2019
--job-config
inperibolos
has never been used; it is deprecated and will be removed in July 2019. Remove the flag from any calls to the tool. - April 24, 2019
file_weight_count
in blunderbuss is being deprecated in favour of the more currentmax_request_count
functionality. Please ensure your configuration is up to date before the end of May 2019. - March 12, 2019 tide now records a history of its actions and exposes a
filterable view of these actions at the
/tide-history
deck path. - March 9, 2019 prow components now support reading gzipped config files
- February 13, 2019 prow (both plank and crier) can set status on the commit
for postsubmit jobs on github now!
Type of jobs can be reported to github is gated by a config field like
now and default to report for presubmit only. *** The default will change in April to include postsubmit jobs as well *** You can also add
github_reporter: job_types_to_report: - presubmit - postsubmit
skip_report: true
to your post-submit jobs to skip reporting if you enable postsubmit reporting on. - January 15, 2019
approve
now considers self-approval and github review state by default. Configure withrequire_self_approval
andignore_review_state
. Temporarily revert to old defaults withuse_deprecated_2018_implicit_self_approve_default_migrate_before_july_2019
anduse_deprecated_2018_review_acts_as_approve_default_migrate_before_july_2019
. - January 12, 2019
blunderbluss
plugin now provides a new command,/auto-cc
, that triggers automatic review requests. - January 7, 2019
implicit_self_approve
will becomerequire_self_approval
in the second half of this year. - January 7, 2019
review_acts_as_approve
will becomeignore_review_state
in the second half of this year. - October 10, 2018
tide
now supports the-repo:foo/bar
tag in queries via theexcludedRepos
YAML field. - October 3, 2018
welcome
now supports a configurable message on a per-org, or per-repo basis. Please note that this includes a config schema change that will break previous deployments of this plugin. - August 22, 2018
spyglass
is a pluggable viewing framework for artifacts produced by Prowjobs. See a demo here! - July 13, 2018
blunderbluss
plugin will now supportrequired_reviewers
in OWNERS file to specify a person or github team to be cc'd on every PR that touches the corresponding part of the code. - June 25, 2018
updateconfig
plugin will now support update/remove keys from a glob match. - June 05, 2018
blunderbuss
plugin may now suggest approvers in addition to reviewers. Useexclude_approvers: true
to revert to previous behavior. - April 10, 2018
cla
plugin now supports/check-cla
command to force rechecking of the CLA status. - February 1, 2018
updateconfig
will now update any configmap on merge - November 14, 2017
jenkins-operator:0.58
exposes prometheus metrics. - November 8, 2017
horologium:0.14
prow periodic job now support cron triggers. See https://godoc.org/gopkg.in/robfig/cron.v2 for doc to the cron library we are using.
Breaking changes to external APIs (labels, GitHub interactions, configuration or deployment) will be documented in this section. Prow is in a pre-release state and no claims of backwards compatibility are made for any external API. Note: versions specified in these announcements may not include bug fixes made in more recent versions so it is recommended that the most recent versions are used when updating deployments.
- September 16th, 20201 The ProwJob CRD manifest
has been extended to specify a schema. Unfortunately, this results in a huge manifest which
in turn makes the standard
kubectl apply
fail, as the last-applied annotation it generates exceeds the maximum annotation size. If you are using Kubernetes 1.18 or newer, you can add the--server-side=true
argument to work around this. If not, you can use a schemelass manifest - September 15th, 2021
autobump
removed, please usegeneric-autobumper
instead, see example config - April 16th, 2021 Flagutil remove default value for
--github-token-path
. - April 15th, 2021 Sinker requires --dry-run=false (default is true) to function correctly in production.
- April 14th, 2021 Deck remove default value for
--cookie-secret-file
. - April 12th, 2021 Horologium now uses a cached client, which requires it to have watch permissions for Prowjobs on top of the already-required list and create.
- April 11th, 2021 The plank binary has been removed. Please use the Prow Controller Manager instead, which provides a more modern implementation of the same functionality.
- April 1st, 2021 The
owners_dir_blacklist
field in prow config has been deprecated in favor ofowners_dir_denylist
. The support ofowners_dir_blacklist
will be stopped in October 2021. - April 1st, 2021 The
labels_blacklist
field in verify-owners plugin config is deprecated in favor oflabels_denylist
. The support forlabels_blacklist
shall be stopped in October 2021. - January 24th, 2021 Planks Pod pending and Pod scheduling timeout defaults where changed from 24h each to the more reasonable 10 minutes/5 minutes, respectively.
- January 1, 2021 Support for
whitelist
andbranch_whitelist
fields in Slack merge warning configuration is discontinued. You can useexempt_users
andexempt_branches
fields instead. - November 24, 2020 The
requiresig
plugin has been removed in favor of therequire-matching-label
plugin which provides equivalent functionality (example plugin config) - November 14, 2020 The
whitelist
andbranch_whitelist
fields in Slack merge warning were deprecated on August 22, 2020 in favor of the newexempt_users
andexempt_branches
fields. The support for these fields shall be stopped in January 2021. - November 11th, 2020 The prow-controller-manager and sinker now require RBAC to be set up to manage their leader lock in the
coordination.k8s.io
group. See here - November, 2020 The deprecated
namespace
andadditional_namespaces
properties have been removed from the config updater plugin for more details. - November, 2020 The
blacklist
flag in status reconciler has been deprecated in favor ofdenylist
. The support ofblacklist
will be stopped in February 2021. - October, 2020 The
plank
binary has been deprecated in favor of the more modern implementation in the prow-controller-manager that provides the same functionality. Check out its README or check out its deployment and rbac manifest. The plank binary will be removed in February, 2021. - September 14th, 2020 Sinker now requires
LIST
andWATCH
permissions for pods - September 2, 2020 The already deprecated
namespace
andadditional_namespaces
settings in the config updater will be removed in October, 2020 - August 28, 2020
tide
now ignores archived repositories in queries. - August 28, 2020 The
Clusters
format and associated--build-cluster
flag has been removed. - August 24, 2020 The deprecated reporting functionality has been removed from Plank, use crier with
--github-workers=1
instead Use a.kube/config
with the--kubeconfig
flag to specify credentials for external build clusters. - August 22, 2020 The
whitelist
andbranch_whitelist
fields in Slack merge warning are deprecated in favor of the newexempt_users
andexempt_branches
fields. - July 17, 2020 Slack reporter will no longer report all states of a Prow job if it has
Channel
specified on the Prow job config. Instead, it will report thejob_states_to_report
configured in the Prow job or in the Prow core config if the former does not exist. - May 18, 2020
expiry
field has been replaced withcreated_at
in the HMAC secret. - April 24, 2020 Horologium now defaults to
--dry-run=true
- April 23, 2020 Explicitly setting
--config-path
is now required. - April 23, 2020 Update the
autobump
image to at leastv20200422-8c8546d74
before June 2020. - April 23, 2020 Deleted deprecated
default_decoration_config
. - April 22, 2020 Deleted the
file_weight_count
blunderbuss option. - April 16, 2020 The
docs-no-retest
prow plugin has been deleted. The plugin was deprecated in January 2020. - April 14, 2020 GitHub reporting via plank is deprecated, set --github-workers=1 on crier before July 2020.
- March 27, 2020 The deprecated
allow_cancellations
option has been removed from Plank and the Jenkins operator. - March 19, 2020 The
rerun_auth_config
config field has been deprecated in favor of the newrerun_auth_configs
field which allows configuration on a global, organization or repo level.rerun_auth_config
will be removed in July 2020. - November 21, 2019 The boskos metrics component replaced the existing prometheus
metrics with a single, label-qualified metric. Metrics are now served at
/metrics
on port 9090. This actually happened August 5th, but is being documented now. Details: kubernetes#13767 - November 18, 2019 The
mkbuild-cluster
command-line utility andbuild-cluster
format is deprecated and will be removed in May 2020. Usegencred
and thekubeconfig
format as an alternative. - November 14, 2019 The
slack_reporter
config field has been deprecated in favor of the newslack_reporter_configs
field which allows configuration on a global, organization or repo level.slack_reporter
will be removed in May 2020. - November 7, 2019 The
plank.allow_cancellations
andjenkins_operators.allow_cancellations
settings are deprecated and will be removed and set to alwaystrue
in March 2020. - October 7, 2019 Prow will drop support for the deprecated knative-builds in November 2019.
- September 24, 2019 Sending an http
GET
request to the/hook
endpoint now returns a405
(Method Not Allowed) instead of a200
(OK). - September 8, 2019 The deprecated
job_url_prefix
option has been removed from Plank. - May 2, 2019 All components exposing Prometheus metrics will now either push them
to the Prometheus PushGateway, if configured, or serve them locally on port 9090 at
/metrics
, if not configured (the default). - April 26, 2019
blunderbuss
,approve
, and other plugins that read OWNERS now treatowners_dir_blacklist
as a list of regular expressions matched against the entire (repository-relative) directory path of the OWNERS file rather than as a list of strings matched exactly against the basename only of the directory containing the OWNERS file. - April 2, 2019
hook
,deck
,horologium
,tide
,plank
andsinker
will no longer provide a default value for the--config-path
flag. It is required to explicitly provide--config-path
when upgrading to a new version of these components that were previously relying on the default--config-path=/etc/config/config.yaml
. - March 29, 2019 Custom logos should be provided as full paths in the configuration
under
deck.branding.logos
and will not implicitly be assumed to be under the static assets directory. - February 26, 2019 The
job_url_prefix
option fromplank
has been deprecated in favor of the newjob_url_prefix_config
option which allows configuration on a global, organization or repo level.job_url_prefix
will be removed in September 2019. - February 13, 2019
horologium
andsinker
deployments will soon require--dry-run=false
in production, please set this before March 15. At that time flag will default to --dry-run=true instead of --dry-run=false. - February 1, 2019 Now that
hook
andtide
will no longer post "Skipped" statuses for jobs that do not need to run, it is not possible to require those statuses with branch protection. Therefore, it is necessary to run thebranchprotector
from at least version510db59
before upgradingtide
to that version. - February 1, 2019
horologium
andsinker
now support the--dry-run
flag, so you must pass--dry-run=false
to keep the previous behavior (see Feb 13 update). - January 31, 2019
sub
no longer supports the--masterurl
flag for connecting to the infrastructure cluster. Use--kubeconfig
with--context
for this. - January 31, 2019
crier
no longer supports the--masterurl
flag for connecting to the infrastructure cluster. Use--kubeconfig
with--context
for this. - January 27, 2019 Jobs that do not run will no longer post "Skipped" statuses.
- January 27, 2019 Jobs that do not run always will no longer be required by
branch protection as they will not always produce a status. They will continue
to be required for merge by
tide
if they are configured as required. - January 27, 2019 All support for
run_after_success
jobs has been removed. Configuration of these jobs will continue to parse but will ignore the field. - January 27, 2019
hook
will now correctly honor therun_always
field on Gerrit presubmits. Previously, if this field was unset it would have defaulted totrue
; now, it will correctly default tofalse
. - January 22, 2019
sinker
prefers.kube/config
instead of the customClusters
file to specify credentials for external build clusters. The flag name has changed from--build-cluster
to--kubeconfig
. Migrate before June 2019. - November 29, 2018
plank
will no longer default jobs withdecorate: true
to haveautomountServiceAccountToken: false
in their PodSpec if unset, if the job explicitly setsserviceAccountName
- November 26, 2018 job names must now match
^[A-Za-z0-9-._]+$
. Jobs that did not match this before were allowed but did not provide a good user experience. - November 15, 2018 the
hook
service account now requires RBAC privileges to createConfigMaps
to support new functionality in theupdateconfig
plugin. - November 9, 2018 Prow gerrit client label/annotations now have a
prow.k8s.io/
namespace prefix, if you have a gerrit deployment, please bump both cmd/gerrit and cmd/crier. - November 8, 2018
plank
now defaults jobs withdecorate: true
to haveautomountServiceAccountToken: false
in their PodSpec if unset. Jobs that used the default service account should explicitly set this field to maintain functionality. - October 16, 2018 Prow tls-cert management has been migrated from kube-lego to cert-manager.
- October 12, 2018 Removed deprecated
buildId
environment variable from prow jobs. UseBUILD_ID.
- October 3, 2018
-github-token-file
replaced with-github-token-path
for consistency withbranchprotector
andperibolos
which were already using-github-token-path
.-github-token-file
will continue to work through the remainder of 2018, but it will be removed in early 2019. The following commands are affected:cherrypicker
,hook
,jenkins-operator
,needs-rebase
,phony
,plank
,refresh
, andtide
. - October 1, 2018 bazel is the one official way to build container images. Please use prow/bump.sh and/or bazel run //prow:release-push
- Sep 27, 2018 If you are setting explicit decorate configs, the format has changed from
to
- name: job-foo decorate: true timeout: 1
- name: job-foo decorate: true decoration_config: timeout: 1
- September 24, 2018 the
splice
component has been deleted following the deletion of mungegithub. - July 9, 2018
milestone
format has changed fromtomilestone: maintainers_id: <some_team_id> maintainers_team: <some_team_name>
repo_milestone
repo_milestone: <some_repo_name>: maintainers_id: <some_team_id> maintainers_team: <some_team_name>
- July 2, 2018 the
trigger
plugin will now trust PRs from repo collaborators. Useonly_org_members: true
in the trigger config to temporarily disable this behavior. - June 14, 2018 the
updateconfig
plugin will only add data to yourConfigMaps
using the basename of the updated file, instead of using that and also duplicating the data using the name of theConfigMap
as a key - June 1, 2018 all unquoted
boolean
fields in config.yaml that were unmarshall into typestring
now need to be quoted to avoid unmarshalling error. - May 9, 2018
deck
logs for jobs run asPods
will now return logs for the"test"
container only. - April 2, 2018
updateconfig
format has been changed fromtopath/to/some/other/thing: configName
path/to/some/other/thing: Name: configName # If unspecified, Namespace default to the value of ProwJobNamespace. Namespace: myNamespace
- March 15, 2018
jenkins_operator
is removed from the config in favor ofjenkins_operators
. - March 1, 2018
MilestoneStatus
has been removed from the plugins Configuration in favor of theMilestone
which is shared between two plugins: 1)milestonestatus
and 2)milestone
. The milestonestatus plugin now uses theMilestone
object to get the maintainers team ID - February 27, 2018
jenkins-operator
does not use$BUILD_ID
as a fallback to$PROW_JOB_ID
anymore. - February 15, 2018
jenkins-operator
can now accept the--tot-url
flag and will use the connection totot
to vend build identifiers asplank
does, giving control over where in GCS artifacts land to Prow and away from Jenkins. Furthermore, the$BUILD_ID
variable in Jenkins jobs will now correctly point to the build identifier vended bytot
and a new variable,$PROW_JOB_ID
, points to the identifier used to link ProwJobs to Jenkins builds.$PROW_JOB_ID
fallbacks to$BUILD_ID
for backwards-compatibility, ie. to not break in-flight jobs during the time of the jenkins-operator update. - February 1, 2018 The
config_updater
section inplugins.yaml
now uses amaps
object instead ofconfig_file
,plugin_file
strings. Please switch over before July. - November 30, 2017 If you use tide, you'll need to switch your query format and bump all prow component versions to reflect the changes in #5754.
- November 14, 2017
horologium:0.17
fixes cron job not being scheduled. - November 10, 2017 If you want to use cron feature in prow, you need to bump to:
hook:0.181
,sinker:0.23
,deck:0.62
,splice:0.32
,horologium:0.15
plank:0.60
,jenkins-operator:0.57
andtide:0.12
to avoid error spamming from the config parser. - November 7, 2017
plank:0.56
fixes bug introduced inplank:0.53
that affects controllers using an empty kubernetes selector. - November 7, 2017
jenkins-operator:0.51
provides jobs with the$BUILD_ID
variable as well as the$buildId
variable. The latter is deprecated and will be removed in a future version. - November 6, 2017
plank:0.55
providesPods
with the$BUILD_ID
variable as well as the$BUILD_NUMBER
variable. The latter is deprecated and will be removed in a future version. - November 3, 2017 Added
EmptyDir
volume type. To update tohook:0.176+
orhorologium:0.11+
the following components must have the associated minimum versions:deck:0.58+
,plank:0.54+
,jenkins-operator:0.50+
. - November 2, 2017
plank:0.53
changes thetype
label key toprow.k8s.io/type
and thejob
annotation key toprow.k8s.io/job
added in pods. - October 14, 2017
deck:0:53+
needs to be updated in conjunction withjenkins-operator:0:48+
since Jenkins logs are now exposed from the operator anddeck
needs to use theexternal_agent_logs
option in order to redirect requests to the locationjenkins-operator
exposes logs. - October 13, 2017
hook:0.174
,plank:0.50
, andjenkins-operator:0.47
drop the deprecatedgithub-bot-name
flag. - October 2, 2017
hook:0.171
: The label plugin was split into three plugins (label, sigmention, milestonestatus). Breaking changes:- The configuration key for the milestone maintainer team's ID has been
changed. Previously the team ID was stored in the plugins config at key
label
>>milestone_maintainers_id
. Now that the milestone status labels are handled in themilestonestatus
plugin instead of thelabel
plugin, the team ID is stored at keymilestonestatus
>>maintainers_id
. - The sigmention and milestonestatus plugins must be enabled on any repos that require them since their functionality is no longer included in the label plugin.
- The configuration key for the milestone maintainer team's ID has been
changed. Previously the team ID was stored in the plugins config at key
- September 3, 2017
sinker:0.17
now deletes pods labeled byplank:0.42
in order to avoid cleaning up unrelated pods that happen to be found in the same namespace prow runs pods. If you run other pods in the same namespace, you will have to manually delete or label the prow-owned pods, otherwise you can bulk-label all of them with the following command and let sinker collect them normally:kubectl label pods --all -n pod_namespace created-by-prow=true
- September 1, 2017
deck:0.44
andjenkins-operator:0.41
controllers no longer provide a default value for the--jenkins-token-file
flag. Cluster administrators should provide--jenkins-token-file=/etc/jenkins/jenkins
explicitly when upgrading to a new version of these components if they were previously relying on the default. For more context, please see this pull request. - August 29, 2017 Configuration specific to plugins is now held in the
plugins
ConfigMap
and serialized in this repo in theplugins.yaml
file. Cluster administrators upgrading tohook:0.148
or newer should move plugin configuration from the mainConfigMap
. For more context, please see this pull request.