fix(deps): update module github.com/tektoncd/pipeline to v0.70.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/tektoncd/pipeline	v0.39.0 -> v0.70.0

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.70.0: Tekton Pipeline release v0.70.0 "Norwegian Forest Cat Number Five (Aaron Doral)"

Compare Source

🎉 OpenAPI schema to Tekton CRDs 🎉

-Docs @​ v0.70.0
-Examples @​ v0.70.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml
REKOR_UUID=108e9186e8c5677a9b98c9f620b1202d23cdf7b6bc38da3acecc1a9cb6f206d98fefed3ce02b0e09

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.70.0@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• Add structural OpenAPI schema to Tekton CRDs (#​8490)

action required: The structural OpenAPI schema to Tekton CRDs are added enabling API server schema validation and supporting kubectl explain to describe fields and structure of Tekton CRDs. Due to the API server schema validation, users should make sure Tekton CRs have a valid schema when creating or updating CRs.

Fixes

• 🐛 fix: Fix remote task params default-value substitution (#​8641)

Task Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

• 🐛 fix: configure StepAction to use conversion webhook (#​8644)

Misc

• 🔨 cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance (#​8542)

import only the writer part of the credentials package in the entrypoint so that we do not pull core v1 API indirectly into the package

• 🔨 FIPS Compliance: Refactor Entrypoint, Remove zap Dependency & Update Build Checks (#​8544)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#​8670)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8668)
• 🔨 build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#​8667)
• 🔨 build(deps): bump actions/cache from 4.2.2 to 4.2.3 (#​8666)
• 🔨 build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 (#​8665)
• 🔨 build(deps): bump tj-actions/changed-files from dcc7a0c to 27ae6b3 (#​8664)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#​8654)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8653)
• 🔨 build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#​8633)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8632)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.2 to 0.24.1 (#​8614)
• 🔨 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#​8608)
• 🔨 Refactor pipelinerun metrics tests (#​8340)

Docs

• 📖 Document ko settings for kind clusters with and without a local registry. (#​8662)
• 📖 Fix wrong entry in development documentation and other minor documentation corrections. (#​8661)
• 📖 Add release 0.69 to releases.md (#​8630)

Thanks

Thanks to these contributors who contributed to v0.70.0!

• ❤️ @​PuneetPunamiya
• ❤️ @​aThorp96
• ❤️ @​afrittoli
• ❤️ @​burigolucas
• ❤️ @​dependabot[bot]
• ❤️ @​devholic
• ❤️ @​twoGiants
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​aThorp96
• 😍 @​burigolucas
• 😍 @​waveywaves

v0.69.1: Tekton Pipeline release v0.69.1 "Oriental Longhair Omnibot"

Compare Source

-Docs @​ v0.69.1
-Examples @​ v0.69.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.1/release.yaml
REKOR_UUID=108e9186e8c5677a76ee1ec9649527ab153790fc1b5385843dcb8c6522c3d9b0db77451a35b2068f

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.69.x] fix: Fix remote task params default-value substitution (#​8651)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.69.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.69.0: Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"

Compare Source

-Docs @​ v0.69.0
-Examples @​ v0.69.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml
REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add feature flag to set readOnlyRootFilesystem for containers (#​8186)

New feature flag set-security-context-read-only-root-filesystem in ConfigMap feature-flags. The new feature sets readOnlyRootFilesystem in securityContext for taskrun and affinity assistant containers.

Fixes

• 🐛 fix: Move when condition to higher priority (#​8569)

fix: Move when condition to higher priority

• 🐛 fix: resolve panic issue in pipeline controller caused by CustomRun (#​8562)

fix: resolve panic issue in pipeline controller caused by CustomRun

Misc

• 🔨 Bump knative.dev/pkg to release-1.17 (#​8538)

Bump knative.dev/pkg to release-1.17 while keeping KUBERNETES_MIN_VERSION to 1.28.

• 🔨 cleanup: use pkg/platforms instead of containerd/platforms to … (#​8579)
• 🔨 cleanup: add disable_spire build tag for entrypoint command (#​8548)
• 🔨 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#​8619)
• 🔨 build(deps): bump k8s.io/client-go from 0.31.4 to 0.31.6 (#​8618)
• 🔨 build(deps): bump k8s.io/code-generator from 0.31.4 to 0.31.6 (#​8615)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.12 to 1.8.15 (#​8613)
• 🔨 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#​8612)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8611)
• 🔨 build(deps): bump actions/cache from 4.2.1 to 4.2.2 (#​8610)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.6 to 45.0.7 (#​8609)
• 🔨 chore: add yaml linting to pre-commit (#​8606)
• 🔨 .github/workflow: add only-new-issues on lint (#​8604)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.12 to 1.8.15 (#​8598)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.11.1 to 1.11.2 (#​8597)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.12 to 1.8.15 (#​8596)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.15 (#​8595)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 (#​8594)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 (#​8593)
• 🔨 build(deps): bump github/codeql-action from 3.28.8 to 3.28.10 (#​8592)
• 🔨 build(deps): bump actions/setup-go from 5.1.0 to 5.3.0 (#​8591)
• 🔨 build(deps): bump actions/cache from 4.2.0 to 4.2.1 (#​8590)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8589)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.12 to 1.8.15 (#​8585)
• 🔨 build(deps): bump k8s.io/api from 0.31.4 to 0.31.6 (#​8584)
• 🔨 .github/workflows: add a build and test workflows (#​8577)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.14.37 to 1.14.56 (#​8576)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8573)
• 🔨 .github/workflows: force go to 1.23 for the lint job (#​8570)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.63.4 to 1.64.5 in /tools (#​8568)
• 🔨 build(deps): bump k8s.io/client-go from 0.29.13 to 0.29.14 (#​8567)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8560)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#​8557)
• 🔨 build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#​8554)
• 🔨 build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 (#​8552)
• 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 (#​8551)
• 🔨 build(deps): bump github.com/google/cel-go from 0.23.1 to 0.23.2 (#​8550)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8549)
• 🔨 tekton: fix micro typo on release-cheat-sheet (#​8545)

Docs

• 📖 releases.md: add 0.68.0 LTS and update other releases (#​8559)
• 📖 chore: fix some comments (#​8524)
• 📖 fix broken link to tutorials.md page (#​8444)

Thanks

Thanks to these contributors who contributed to v0.69.0!

• ❤️ @​Allda
• ❤️ @​clintonsteiner
• ❤️ @​damuzhi0810
• ❤️ @​dependabot[bot]
• ❤️ @​jkhelil
• ❤️ @​kristofferchr
• ❤️ @​l-qing
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​Allda
• 😍 @​kristofferchr
• 😍 @​l-qing
• 😍 @​vdemeester

v0.68.1: Tekton Pipeline release v0.68.1 "LaPerm Giskard Reventlov" LTS

Compare Source

-Docs @​ v0.68.1
-Examples @​ v0.68.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.1/release.yaml
REKOR_UUID=108e9186e8c5677aff6b780d606f71d6cc2d430e71ac429ad21e107c13490490d164ab33f980851b

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.68.x] fix: Fix remote task params default-value substitution (#​8646)

ask Param defaults will now be correctly substituted in Steps when the Task is referenced by a TaskRun

Misc

• 🔨 [release-v0.68.x] .github/workflows: add a build and test workflows (#​8583)

Docs

Thanks

Thanks to these contributors who contributed to v0.68.1!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.68.0: Tekton Pipeline release v0.68.0 "LaPerm Giskard Reventlov" LTS

Compare Source

-Docs @​ v0.68.0
-Examples @​ v0.68.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.68.0/release.yaml
REKOR_UUID=108e9186e8c5677a666d35f8508100e4c8e112033d805978d152a05eef3872377816f3756a588089

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.68.0@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: improve step.Script variables references validation message (#​8312)

improve step.Script variables references validation message

Fixes

• 🐛 fix: reference params in default values, allow chained references in stepactions (#​8536)

fixes https://github.com/tektoncd/pipeline/issues/7935 allowing users to reference other parameters in default values

• 🐛 fix: avoid panic when validate enum param with special matrix task (#​8465)

fix: avoid panic when validate enum param with special matrix task

• 🐛 Bump go-billy to latest main to fix a git resolver issue (#​8306)

Binary file (standard input) matches

• 🐛 fix: improve parsing logic to handle empty results (#​8484)
• 🐛 fix: minor version check for sidecar logic (#​8447)
• 🐛 fix(computeresource/tasklevel): Fixed a bug where abnormal calculatio… (#​8399)

Misc

• 🔨 better step result referencing and docs for step param substitution order and (#​8528)
• 🔨 build(deps): bump github.com/google/cel-go from 0.22.1 to 0.23.1 (#​8541)
• 🔨 Fix deprecated golangci-lint configuration (#​8540)
• 🔨 build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 (#​8534)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8533)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#​8530)
• 🔨 build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#​8527)
• 🔨 build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#​8525)
• 🔨 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.27.0 to 1.34.0 (#​8520)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.10.0 to 1.11.1 (#​8519)
• 🔨 build(deps): bump github.com/google/cel-go from 0.20.1 to 0.22.1 (#​8518)
• 🔨 build(deps): bump github/codeql-action from 3.28.0 to 3.28.1 (#​8509)
• 🔨 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#​8508)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4 (#​8507)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8506)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.33.0 to 1.34.0 (#​8505)
• 🔨 build(deps): bump k8s.io/client-go from 0.29.6 to 0.29.13 (#​8504)
• 🔨 build(deps): bump github.com/containerd/containerd from 1.7.20 to 1.7.25 (#​8503)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.4 to 1.8.12 (#​8502)
• 🔨 build(deps): bump google.golang.org/grpc from 1.67.3 to 1.69.4 (#​8500)
• 🔨 build(deps): bump k8s.io/code-generator from 0.29.7 to 0.29.13 (#​8499)
• 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.29.0 to 1.33.0 (#​8498)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 (#​8497)
• 🔨 build(deps): bump k8s.io/api from 0.29.6 to 0.29.13 (#​8496)
• 🔨 build(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 (#​8494)
• 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.3.0 to 2.4.0 (#​8493)
• 🔨 build(deps): bump code.gitea.io/sdk/gitea from 0.18.0 to 0.20.0 (#​8491)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to 1.33.0 (#​8488)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8481)
• 🔨 Migrate golangci-lint to a github workflow (#​8480)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.4 to 1.8.12 (#​8478)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.4 to 1.8.12 (#​8477)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.4 to 1.8.12 (#​8476)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.12 (#​8475)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.62.2 to 1.63.4 in /tools (#​8472)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8471)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.5 to 45.0.6 (#​8470)
• 🔨 Fixed make goimports (#​8461)
• 🔨 build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#​8459)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8458)
• 🔨 .github/workflows: run e2e-matrix on all pull-request (#​8454)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8440)
• 🔨 build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#​8439)
• 🔨 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#​8431)
• 🔨 build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 (#​8430)
• 🔨 build(deps): bump chainguard/go from 551fd4c to 2cc6974 in /tekton in the all group (#​8428)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 (#​8426)
• 🔨 build(deps): bump actions/cache from 4.1.1 to 4.2.0 (#​8425)
• 🔨 build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#​8424)
• 🔨 Improve gha k8s e2e tests names (#​8423)
• 🔨 Ignore failures when rerunning jobs (#​8421)
• 🔨 Remove extra pip symbol (#​8420)
• 🔨 Fix getting the commit sha from comment event (#​8419)
• 🔨 Add /retest chatops command (#​8417)
• 🔨 chore: fix some function name in comment (#​8415)
• 🔨 Run e2e tests in GHA (#​8411)
• 🔨 tekton: fix bugfix-release.sh script (#​8375)
• 🔨 Make resolvers' maximum resolution timeout configurable (#​8366)

Docs

• 📖 Add PipelineRun pipeline-timeout note to pipeline docs (#​8510)
• 📖 Fix dead admission-webhook blog link in developer docs (#​8489)
• 📖 typo fix (#​8437)
• 📖 docs: replace link to link to page with link to page (#​8429)
• 📖 Updated releases.md for v0.66.0 (#​8414)
• 📖 Remove bad links from StepActions TOC (#​8412)

Thanks

Thanks to these contributors who contributed to v0.68.0!

• ❤️ @​AlanGreene
• ❤️ @​Ccheers
• ❤️ @​RenuBhati
• ❤️ @​SaschaSchwarze0
• ❤️ @​aThorp96
• ❤️ @​afrittoli
• ❤️ @​chengjoey
• ❤️ @​chmouel
• ❤️ @​clintonsteiner
• ❤️ @​dependabot[bot]
• ❤️ @​jkhelil
• ❤️ @​justinabrahms
• ❤️ @​l-qing
• ❤️ @​lvyaoting
• ❤️ @​say5
• ❤️ @​vdemeester
• ❤️ @​waveywaves
• ❤️ @​zou2699

Extra shout-out for awesome release notes:

• 😍 @​chengjoey
• 😍 @​l-qing
• 😍 @​vdemeester
• 😍 @​waveywaves

v0.66.0: Tekton Pipeline release v0.66.0 "American Curl AL-76"

Compare Source

-Docs @​ v0.66.0
-Examples @​ v0.66.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml
REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.66.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Fix StepAction support in Cluster resolver (#​8382)

Fix StepAction support in Cluster resolver

• ✨ Expose Resolvers Controller performance tuning configurations (#​8344)

We can specify custom performance tuning values in the watcher's deployment - controller container via threads-per-controller, kube-api-qps and kube-api-burst flags.

Fixes

• 🐛 fix: add missing stepaction RBAC permission for resolver (#​8397)

fix: include missing RBAC permission to allow cluster resolver to get and list StepActions

• 🐛 Use io.ReadFull to read the bundle content (#​8389)

ix an issue on bundle list command with relatively big bundles that couldn't be parsed (truncated data)

• 🐛 Fix StepAction support in Cluster resolver (#​8382)

Fix StepAction support in Cluster resolver

• 🐛 Fixes git-resolver configuration for serverUrl and scmType (#​8401)
• 🐛 Add Failed Validation group in message for the status message in PipelineRun (#​8356)
• 🐛 Run finally pipeline even if task is failed at the validation (#​8314)

Misc

• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8408)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8406)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.62.0 to 1.62.2 in /tools (#​8405)
• 🔨 build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#​8404)
• 🔨 build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#​8403)
• 🔨 build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 (#​8402)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​8395)
• 🔨 build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#​8394)
• 🔨 build(deps): bump github.com/golangci/golangci-lint from 1.61.0 to 1.62.0 in /tools (#​8386)
• 🔨 build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#​8385)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#​8384)
• 🔨 build(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 (#​8383)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8363)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​8354)
• 🔨 build(deps): bump actions/dependency-review-action from 4.3.4 to 4.4.0 (#​8353)
• 🔨 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#​8351)
• 🔨 build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#​8350)
• 🔨 build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#​8349)

Docs

• 📖 Update release.md with v0.65.0 (#​8355)

Thanks

Thanks to these contributors who contributed to v0.66.0!

• ❤️ @​AverageMarcus
• ❤️ @​PuneetPunamiya
• ❤️ @​dependabot[bot]
• ❤️ @​divyansh42
• ❤️ @​khrm
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​AverageMarcus
• 😍 @​khrm
• 😍 @​vdemeester

v0.65.6: Tekton Pipeline release v0.65.6 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.6
-Examples @​ v0.65.6

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.6/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677accfc27cf999e8bd5070325041d2c2c9f8c2f3c11f9d61d945fa7cf83cea13e44

Obtain the attestation:

REKOR_UUID=108e9186e8c5677accfc27cf999e8bd5070325041d2c2c9f8c2f3c11f9d61d945fa7cf83cea13e44
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.6/release.yaml
REKOR_UUID=108e9186e8c5677accfc27cf999e8bd5070325041d2c2c9f8c2f3c11f9d61d945fa7cf83cea13e44

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.6@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] fix: avoid panic when validate enum param with special matrix task (#​8516)

ix: avoid panic when validate enum param with special matrix task

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.6!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.65.5: Tekton Pipeline release v0.65.5 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.5
-Examples @​ v0.65.5

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.5/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677afaf4dd67a6bf554edae83a8bead2e6eb86b6e069671346005aaa220900d35ae6

Obtain the attestation:

REKOR_UUID=108e9186e8c5677afaf4dd67a6bf554edae83a8bead2e6eb86b6e069671346005aaa220900d35ae6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.5/release.yaml
REKOR_UUID=108e9186e8c5677afaf4dd67a6bf554edae83a8bead2e6eb86b6e069671346005aaa220900d35ae6

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.5@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 (#​8438)·

Misc

• 🔨 [release-v0.65.x] .github/workflows: backport e2e workflows (#​8453)

Docs

Thanks

Thanks to these contributors who contributed to v0.65.5!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.65.4: Tekton Pipeline release v0.65.4 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.4
-Examples @​ v0.65.4

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.4/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ac23b9e3d80fbd75881d628aa04d6e3ed7f6d21ea46c94c4856d01cdba23ae798

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ac23b9e3d80fbd75881d628aa04d6e3ed7f6d21ea46c94c4856d01cdba23ae798
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.4/release.yaml
REKOR_UUID=108e9186e8c5677ac23b9e3d80fbd75881d628aa04d6e3ed7f6d21ea46c94c4856d01cdba23ae798

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.4@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] Fixes git-resolver configuration for serverUrl and scmType (#​8409)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.4!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

v0.65.3: Tekton Pipeline release v0.65.3 "Sokoke Herbie"

Compare Source

-Docs @​ v0.65.3
-Examples @​ v0.65.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a0f1febc6adf68f4220edd3a81c9a0da1f7185512b481667c6a0f076eaed75b4d

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a0f1febc6adf68f4220edd3a81c9a0da1f7185512b481667c6a0f076eaed75b4d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.3/release.yaml
REKOR_UUID=108e9186e8c5677a0f1febc6adf68f4220edd3a81c9a0da1f7185512b481667c6a0f076eaed75b4d

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.3@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.65.x] fix: add missing stepaction RBAC permission for resolver (#​8400)

ix: include missing RBAC permission to allow cluster resolver to get and list StepActions

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.65.3!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

[v0.65.2](https://redirect.github.com/tektoncd/pipeline/releases/

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[ti-chi-bot]

I Skip it since the diff size(191536 bytes > 80000 bytes) is too large

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wuhuizuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• cloudevents-server/OWNERS
• tibuild/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187797 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187887 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(186883 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187014 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193614 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193521 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(154546 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(155685 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(175816 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(175019 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(180617 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(180617 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(180617 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(177323 bytes > 80000 bytes) is too large