Update module github.com/tektoncd/pipeline to v1

[querti-stonesoup]

This PR contains the following updates:

Package	Type	Update	Change
github.com/tektoncd/pipeline	require	major	v0.65.2 -> v1.0.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v1.0.0: Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS

Compare Source

🎉 1.0.0 is live 🎉 StepActions are GA and Git resolvers enhancements 🎉

-Docs @​ v1.0.0
-Examples @​ v1.0.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml
REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ fix: resolve Git Anonymous Resolver excessive memory usage (#​8677)

RemoteResolutions using the Git Resolver now use the git binary instead of the Golang library go-git to shallow-clone, shallow-fetch, then checkout the provided repository at the given revision. This reduces resolution time and memory significantly. Some git providers such as Gitea may not support fetching revisions if the revision is a SHA which is not reachable via a ref or is not at a ref/head. In general, no user action is required.

See also: https://git-scm.com/docs/protocol-capabilities#\_allow_reachable_sha1\_in_want

Resolves https://github.com/tektoncd/pipeline/issues/8652

• ✨ feat(pipeline): allow variable substitution in pipeline.tasks[].onError (#​8600)

feat(pipeline): allow variable substitution in pipeline.tasks[].onError

• ✨ Add configuration for custom bundle resolver backoff (#​8574)

Enables the configuration of backoffs for a bundle resolver requests.

• ✨ feat: promote StepActions to GA (#​8546)

StepActions promoted to GA and is available by default. The enable-step-actions feature flag exists as a no-op flag to ensure that existing user workflows which might rely on this flag are not disabled. This flag will be removed completely in a later release.

• ✨ feat: add support for authenticated git clone (#​8537)

n optional token can now be passed to the git clone method (using go-git library) to
bypass token limit when using the API.

Fixes

• 🐛 fix: add stepaction as a valid kind in the hub resolver (#​8635)

the hub resolver now validates StepActions as a valid kind

• 🐛 fix: avoid fan out matrix task failed due to result ref (#​8487)

fix: avoid fan out matrix task failed due to result ref

• 🐛 fix: handle subPath directory creation errors gracefully (#​8683)

Misc

• 🔨 cleanup: [TEP-0135] remove deprecated disable-affinity-assistant feature flag (#​8603)

Binary file (standard input) matches

• 🔨 cleanup: remove clustertask support (#​8601)

Remove ClusterTask support completely

• 🔨 Bump go.mod and tools/go.mod to go 1.23 (#​8482)

Updating go to 1.23

• 🔨 misc: promote to beta (#​8343)

keep-pod-on-cancel feature flag will be enabled in default

• 🔨 build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#​8729)
• 🔨 build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 (#​8728)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8727)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.15 to 1.9.4 (#​8724)
• 🔨 build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.4 (#​8723)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8722)
• 🔨 build(deps): bump tj-actions/changed-files from be393a9 to c34c1c1 (#​8721)
• 🔨 build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 (#​8705)
• 🔨 build(deps): bump tj-actions/changed-files from 6abeaa5 to be393a9 (#​8704)
• 🔨 build(deps): bump ko-build/setup-ko from 0.8 to 0.9 (#​8703)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8702)
• 🔨 build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 (#​8690)
• 🔨 build(deps): bump tj-actions/changed-files from 27ae6b3 to 6abeaa5 (#​8689)
• 🔨 build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#​8688)
• 🔨 build(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 (#​8687)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8686)
• 🔨 build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#​8680)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#​8678)
• 🔨 build(deps): bump go.opentelemetry.io/otel from 1.34.0 to 1.35.0 (#​8676)
• 🔨 Consume release pipeline images and task bundles from GHCR (#​8674)
• 🔨 build(deps): bump k8s.io/code-generator from 0.31.6 to 0.31.7 (#​8645)

Docs

• 📖 Add v0.70 to the releases doc and fix dates of v0.64 and v0.69 releases (#​8699)
• 📖 Move Step when expressions documentation from StepActions to Tasks documetnation. (#​8672)
• 📖 Update link to section on overriding task requests (#​8650)
• 📖 chore: param enum usage example for stepaction (#​8605)

Thanks

Thanks to these contributors who contributed to v1.0.0!

• ❤️ @​AlanGreene
• ❤️ @​aThorp96
• ❤️ @​arewm
• ❤️ @​chengjoey
• ❤️ @​chmouel
• ❤️ @​dependabot[bot]
• ❤️ @​l-qing
• ❤️ @​samdoran
• ❤️ @​twoGiants
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​aThorp96
• 😍 @​arewm
• 😍 @​chengjoey
• 😍 @​chmouel
• 😍 @​l-qing
• 😍 @​vdemeester
• 😍 @​waveywaves

v0.70.0: Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

Compare Source

🎉 OpenAPI schema to Tekton CRDs 🎉

-Docs @​ v0.70.0
-Examples @​ v0.70.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml
REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.70.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• Add structural OpenAPI schema to Tekton CRDs (#​8490)

action required: The structural OpenAPI schema to Tekton CRDs are added enabling API server schema validation and supporting kubectl explain to describe fields and structure of Tekton CRDs. Due to the API server schema validation, users should make sure Tekton CRs have a valid schema when creating or updating CRs.

Fixes

• 🐛 fix: Fix remote task params default-value substitution (#​8641)

Task Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

• 🐛 fix: configure StepAction to use conversion webhook (#​8644)

Misc

• 🔨 cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance (#​8542)

import only the writer part of the credentials package in the entrypoint so that we do not pull core v1 API indirectly into the package

• 🔨 FIPS Compliance: Refactor Entrypoint, Remove zap Dependency & Update Build Checks (#​8544)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#​8670)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8668)
• 🔨 build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#​8667)
• 🔨 build(deps): bump actions/cache from 4.2.2 to 4.2.3 (#​8666)
• 🔨 build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 (#​8665)
• 🔨 build(deps): bump tj-actions/changed-files from dcc7a0c to 27ae6b3 (#​8664)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#​8654)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8653)
• 🔨 build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#​8633)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8632)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.2 to 0.24.1 (#​8614)
• 🔨 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#​8608)
• 🔨 Refactor pipelinerun metrics tests (#​8340)

Docs

• 📖 Document ko settings for kind clusters with and without a local registry. (#​8662)
• 📖 Fix wrong entry in development documentation and other minor documentation corrections. (#​8661)
• 📖 Add release 0.69 to releases.md (#​8630)

Thanks

Thanks to these contributors who contributed to v0.70.0!

• ❤️ @​PuneetPunamiya
• ❤️ @​aThorp96
• ❤️ @​afrittoli
• ❤️ @​burigolucas
• ❤️ @​dependabot[bot]
• ❤️ @​devholic
• ❤️ @​twoGiants
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​aThorp96
• 😍 @​burigolucas
• 😍 @​waveywaves

v0.69.1: Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

Compare Source

-Docs @​ v0.69.1
-Examples @​ v0.69.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml
REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.69.x] fix: Fix remote task params default-value substitution (#​8651)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.69.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.69.0: Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"

Compare Source

-Docs @​ v0.69.0
-Examples @​ v0.69.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml
REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add feature flag to set readOnlyRootFilesystem for containers (#​8186)

New feature flag set-security-context-read-only-root-filesystem in ConfigMap feature-flags. The new feature sets readOnlyRootFilesystem in securityContext for taskrun and affinity assistant containers.

Fixes

• 🐛 fix: Move when condition to higher priority (#​8569)

fix: Move when condition to higher priority

• 🐛 fix: resolve panic issue in pipeline controller caused by CustomRun (#​8562)

fix: resolve panic issue in pipeline controller caused by CustomRun

Misc

• 🔨 Bump knative.dev/pkg to release-1.17 (#​8538)

Bump knative.dev/pkg to release-1.17 while keeping KUBERNETES_MIN_VERSION to 1.28.

• 🔨 cleanup: use pkg/platforms instead of containerd/platforms to … (#​8579)
• 🔨 cleanup: add disable_spire build tag for entrypoint command (#​8548)
• 🔨 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#​8619)
• 🔨 build(deps): bump k8s.io/client-go from 0.31.4 to 0.31.6 (#​8618)
• 🔨 build(deps): bump k8s.io/code-generator from 0.31.4 to 0.31.6 (#​8615)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.12 to 1.8.15 (#​8613)
• 🔨 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#​8612)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8611)
• 🔨 build(deps): bump actions/cache from 4.2.1 to 4.2.2 (#​8610)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.6 to 45.0.7 (#​8609)
• 🔨 chore: add yaml linting to pre-commit (#​8606)
• 🔨 .github/workflow: add only-new-issues on lint (#​8604)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.12 to 1.8.15 (#​8598)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.1 to 1.11.2 (#​8597)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.12 to 1.8.15 (#​8596)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.15 (#​8595)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 (#​8594)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 (#​8593)
• 🔨 build(deps): bump github/codeql-action from 3.28.8 to 3.28.10 (#​8592)
• 🔨 build(deps): bump actions/setup-go from 5.1.0 to 5.3.0 (#​8591)
• 🔨 build(deps): bump actions/cache from 4.2.0 to 4.2.1 (#​8590)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8589)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.12 to 1.8.15 (#​8585)
• 🔨 build(deps): bump k8s.io/api from 0.31.4 to 0.31.6 (#​8584)
• 🔨 .github/workflows: add a build and test workflows (#​8577)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.37 to 1.14.56 (#​8576)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8573)
• 🔨 .github/workflows: force go to 1.23 for the lint job (#​8570)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.63.4 to 1.64.5 in /tools (#​8568)
• 🔨 build(deps): bump k8s.io/client-go from 0.29.13 to 0.29.14 (#​8567)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8560)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#​8557)
• 🔨 build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#​8554)
• 🔨 build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 (#​8552)
• 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 (#​8551)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.1 to 0.23.2 (#​8550)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8549)
• 🔨 tekton: fix micro typo on release-cheat-sheet (#​8545)

Docs

• 📖 releases.md: add 0.68.0 LTS and update other releases (#​8559)
• 📖 chore: fix some comments (#​8524)
• 📖 fix broken link to tutorials.md page (#​8444)

Thanks

Thanks to these contributors who contributed to v0.69.0!

• ❤️ @​Allda
• ❤️ @​clintonsteiner
• ❤️ @​damuzhi0810
• ❤️ @​dependabot[bot]
• ❤️ @​jkhelil
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​Allda
• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.68.1: Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

Compare Source

-Docs @​ v0.68.1
-Examples @​ v0.68.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml
REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.68.x] fix: Fix remote task params default-value substitution (#​8646)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

• 🔨 [release-v0.68.x] .github/workflows: add a build and test workflows (#​8583)

Docs

Thanks

Thanks to these contributors who contributed to v0.68.1!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.68.0: Tekton Pipeline release v0.68.0 "LaPerm Giskard Reventlov" LTS

Compare Source

-Docs @​ v0.68.0
-Examples @​ v0.68.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml
REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: improve step.Script variables references validation message (#​8312)

improve step.Script variables references validation message

Fixes

• 🐛 fix: reference params in default values, allow chained references in stepactions (#​8536)

fixes https://github.com/tektoncd/pipeline/issues/7935 allowing users to reference other parameters in default values

• 🐛 fix: avoid panic when validate enum param with special matrix task (#​8465)

fix: avoid panic when validate enum param with special matrix task

• 🐛 Bump go-billy to latest main to fix a git resolver issue (#​8306)

Binary file (standard input) matches

• 🐛 fix: improve parsing logic to handle empty results (#​8484)
• 🐛 fix: minor version check for sidecar logic (#​8447)
• 🐛 fix(computeresource/tasklevel): Fixed a bug where abnormal calculatio… (#​8399)

Misc

• 🔨 better step result referencing and docs for step param substitution order and (#​8528)
• 🔨 build(deps): bump github.com/google/cel-go from 0.22.1 to 0.23.1 (#​8541)
• 🔨 Fix deprecated golangci-lint configuration (#​8540)
• 🔨 build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 (#​8534)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8533)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#​8530)
• 🔨 build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#​8527)
• 🔨 build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#​8525)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.27.0 to 1.34.0 (#​8520)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.10.0 to 1.11.1 (#​8519)
• 🔨 build(deps): bump github.com/google/cel-go from 0.20.1 to 0.22.1 (#​8518)
• 🔨 build(deps): bump github/codeql-action from 3.28.0 to 3.28.1 (#​8509)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#​8508)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4 (#​8507)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8506)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.33.0 to 1.34.0 (#​8505)
• 🔨 build(deps): bump k8s.io/client-go from 0.29.6 to 0.29.13 (#​8504)
• 🔨 build(deps): bump github.com/containerd/containerd from 1.7.20 to 1.7.25 (#​8503)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.4 to 1.8.12 (#​8502)
• 🔨 build(deps): bump google.golang.org/grpc from 1.67.3 to 1.69.4 (#​8500)
• 🔨 build(deps): bump k8s.io/code-generator from 0.29.7 to 0.29.13 (#​8499)
• 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.29.0 to 1.33.0 (#​8498)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 (#​8497)
• 🔨 build(deps): bump k8s.io/api from 0.29.6 to 0.29.13 (#​8496)
• 🔨 build(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 (#​8494)
• 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.3.0 to 2.4.0 (#​8493)
• 🔨 build(deps): bump code.gitea.io/sdk/gitea from 0.18.0 to 0.20.0 (#​8491)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to 1.33.0 (#​8488)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8481)
• 🔨 Migrate golangci-lint to a github workflow (#​8480)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.4 to 1.8.12 (#​8478)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.4 to 1.8.12 (#​8477)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.4 to 1.8.12 (#​8476)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.12 (#​8475)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.62.2 to 1.63.4 in /tools (#​8472)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8471)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.5 to 45.0.6 (#​8470)
• 🔨 Fixed make goimports (#​8461)
• 🔨 build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#​8459)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8458)
• 🔨 .github/workflows: run e2e-matrix on all pull-request (#​8454)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8440)
• 🔨 build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#​8439)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#​8431)
• 🔨 build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 (#​8430)
• 🔨 build(deps): bump chainguard/go from 551fd4c to 2cc6974 in /tekton in the all group (#​8428)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 (#​8426)
• 🔨 build(deps): bump actions/cache from 4.1.1 to 4.2.0 (#​8425)
• 🔨 build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#​8424)
• 🔨 Improve gha k8s e2e tests names (#​8423)
• 🔨 Ignore failures when rerunning jobs (#​8421)
• 🔨 Remove extra pip symbol (#​8420)
• 🔨 Fix getting the commit sha from comment event (#​8419)
• 🔨 Add /retest chatops command (#​8417)
• 🔨 chore: fix some function name in comment (#​8415)
• 🔨 Run e2e tests in GHA (#​8411)
• 🔨 tekton: fix bugfix-release.sh script (#​8375)
• 🔨 Make resolvers' maximum resolution timeout configurable (#​8366)

Docs

• 📖 Add PipelineRun pipeline-timeout note to pipeline docs (#​8510)
• 📖 Fix dead admission-webhook blog link in developer docs (#​8489)
• 📖 typo fix (#​8437)
• 📖 docs: replace link to link to page with link to page (#​8429)
• 📖 Updated releases.md for v0.66.0 (#​8414)
• 📖 Remove bad links from StepActions TOC (#​8412)

Thanks

Thanks to these contributors who contributed to v0.68.0!

• ❤️ @​AlanGreene
• ❤️ @​Ccheers
• ❤️ @​RenuBhati
• ❤️ @​SaschaSchwarze0
• ❤️ @​aThorp96
• ❤️ @​afrittoli
• ❤️ @​chengjoey
• ❤️ @​chmouel
• ❤️ @​clintonsteiner
• ❤️ @​dependabot[bot]
• ❤️ @​jkhelil
• ❤️ @​justinabrahms
• ❤️ @​l-qing
• ❤️ @​lvyaoting
• ❤️ @​say5
• ❤️ @​vdemeester
• ❤️ @​waveywaves
• ❤️ @​zou2699

Extra shout-out for awesome release notes:

• 😍 @​chengjoey
• 😍 @​l-qing
• 😍 @​vdemeester
• 😍 @​waveywaves

v0.66.0: Tekton Pipeline release v0.66.0 "American Curl AL-76"

Compare Source

-Docs @​ v0.66.0
-Examples @​ v0.66.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml
REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.66.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Fix StepAction support in Cluster resolver (#​8382)

Fix StepAction support in Cluster resolver

• ✨ Expose Resolvers Controller performance tuning configurations (#​8344)

We can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 fix: add missing stepaction RBAC permission for resolver (#​8397)

fix: include missing RBAC permission to allow cluster resolver to get and list StepActions

• 🐛 Use io.ReadFull to read the bundle content (#​8389)

ix an issue on bundle list command with relatively big bundles that couldn't be parsed (truncated data)

• 🐛 Fix StepAction support in Cluster resolver (#​8382)

Fix StepAction support in Cluster resolver

• 🐛 Fixes git-resolver configuration for serverUrl and scmType (#​8401)
• 🐛 Add Failed Validation group in message for the status message in PipelineRun (#​8356)
• 🐛 Run finally pipeline even if task is failed at the validation (#​8314)

Misc

• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8408)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8406)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.62.0 to 1.62.2 in /tools (#​8405)
• 🔨 build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#​8404)
• 🔨 build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#​8403)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 (#​8402)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8395)
• 🔨 build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#​8394)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.61.0 to 1.62.0 in /tools (#​8386)
• 🔨 build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#​8385)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#​8384)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 (#​8383)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8363)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8354)
• 🔨 build(deps): bump actions/dependency-review-action from 4.3.4 to 4.4.0 (#​8353)
• 🔨 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#​8351)
• 🔨 build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#​8350)
• 🔨 build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#​8349)

Docs

• 📖 Update release.md with v0.65.0 (#​8355)

Thanks

Thanks to these contributors who contributed to v0.66.0!

• ❤️ @​AverageMarcus
• ❤️ @​PuneetPunamiya
• ❤️ @​dependabot[bot]
• ❤️ @​divyansh42
• ❤️ @​khrm
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​AverageMarcus
• 😍 @​khrm
• 😍 @​vdemeester

v0.65.7: Tekton Pipeline release v0.65.7 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.7
-Examples @​ v0.65.7

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.7/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a4451b55ed407136509b724c04f77a0f15668f8616be979211288bcf494310f2e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the

---

Configuration

📅 Schedule: Branch creation - "after 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).