Tekton Chains follows the Tekton community release policy as follows:
- Versions are numbered according to semantic versioning:
vX.Y.Z
- At a minimum four LTS release are produced. Additional releases are produced based on availability of new features to be released
- Four releases a year are chosen for
long term support (LTS).
All remaining releases are supported for approximately 1 month.
- The first Tekton Chains LTS release will be v0.13.0 in October 2022
Tekton Chains produces nightly builds, publicly available on
gcr.io/tekton-nightly
.
Before release v0.13 Tekton Chains has worked on the basis of an undocumented support period, providing patch releases when needed. While transitioning to the new support model, v0.11 and v0.12 will be supported for four months from the initial publishing date.
Tekton Chains releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as GitHub. Container images are signed by Sigstore via Tekton Chains; signatures can be verified through the public key hosted by the Tekton Chains project.
Further documentation available:
- The Tekton Chains release process
- Installing Tekton
- Standard for release notes
In general we aim for new features to be added in a backwards compatible way, but sometimes we will need to make breaking changes. This policy outlines how we will make and communicate these.
NOTE: Tekton Chains is working towards a formal beta release. Until then,
all features are technically considered alpha
(though we continue to do our
best to retain backwards compatibility).
Stability Level | Deprecation Window |
---|---|
alpha | none |
beta | 3 months or 3 minor releases (which ever is longer) |
stable | 12 months or 3 LTS minor releases (which ever is longer) |
Example: if a beta feature is announced as deprecated in v0.10.0, it can be completely removed in v0.13.0.
- User Configuration
- Input mechanisms from Pipelines (e.g. Type Hinting)
- Chains generated provenance output formats
- Exported Client Libraries (https://pkg.go.dev/github.com/tektoncd/chains)
We reserve the right to make breaking changes (regardless of stability level) under certain conditions:
-
Security
We will make breaking changes for security reasons (e.g. in response to CVEs or other vulnerabilities) if necessary.
-
Backwards incompatible changes from dependencies
We try to keep Chains up-to-date with minor versions of its dependencies with Dependabot. Chains assumes its dependencies adhere to Go module versioning for backwards compatibility. In cases where dependencies break this expectation, we will try and work around these changes as best as we can and make breaking changes as a last resort.
Example: If tektoncd/pipeline makes a breaking change to its client that renders Chains unable to operate, we will update Chains to get things working again even if it requires a breaking change to Chains config.
Deprecation notices will be included in release notes. Any relevant deprecation window timers begin from when the release is published.
Older releases are EOL and available on GitHub.