Tekton Pipeline release v1.9.0 LTS "Devon Rex Dreadnought"
π hostUsers support and digest validation for http resolver π
-Docs @ v1.9.0 -Examples @ v1.9.0
Installation one-liner
kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.0/release.yaml
Attestation
The Rekor UUID for this release is 108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6
Obtain the attestation:
REKOR_UUID=108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.0/release.yaml
REKOR_UUID=108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.9.0@sha256:" + .digest.sha256')
# Download the release file
curl -L "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
-
:sparkles: feat: add ServiceAccount inheritance to Affinity Assistants (#9253)
-
:sparkles: Add hostUsers field support to PodTemplate (#9227)
-
:sparkles: feat: Add digest validation support to HTTP resolver (#9171)
-
:sparkles: taskrun: include actual result size in error when exceeding maxResultSize (#8869)
Fixes
-
:bug: fix(pipelinerun): fix the issue of massive invalid status updates caused by unordered arrays, which will greatly impact the resource load and stability of the apiserver. (#9295)
-
:bug: Fix parameter resolution for defaults with references (#9271)
-
:bug: Fix duplicated protobuf tag in pod.Template struct (#9229)
-
:bug: fix: Prevent excessive reconciliation when timeout disabled (#9202)
-
:bug: fix: Detect pod configuration errors early instead of timeout (#9197)
-
:bug: chore(ci): update cherry-pick workflow to fix multi-commit PRs (#9320)
-
:bug: fix: validate taskRef.apiVersion format for custom tasks (#9045)
-
:bug: test(e2e): move flaky retry/matrix tests to no-ci temporarily (#9242)
-
:bug: fix(e2e): improve dind-sidecar probe configuration for reliability (#9241)
Misc
- :hammer: fix: reduce CRD size by shortening verbose descriptions (#9252)
- :hammer: ci: add KOCACHE to speed up ko builds in GitHub Actions (#9319)
- :hammer: Improve code consistency and fix missing test annotation (#9266)
- :hammer: Remove the GHCR migration notice from the readme (#9237)
- :hammer: fix: release pipeline feedback (#9210)
- :hammer: build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#9333)
- :hammer: build(deps): bump github.com/google/cel-go from 0.26.0 to 0.27.0 (#9330)
- :hammer: build(deps): bump github/codeql-action from 4.31.9 to 4.32.0 (#9310)
- :hammer: build(deps): bump the all group in /tekton with 3 updates (#9309)
- :hammer: build(deps): bump chainguard-dev/actions from 1.5.12 to 1.5.13 (#9308)
- :hammer: build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#9307)
- :hammer: build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 (#9306)
- :hammer: build(deps): bump the all group in /tekton with 2 updates (#9299)
- :hammer: build(deps): bump chainguard-dev/actions from 1.5.11 to 1.5.12 (#9298)
- :hammer: build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#9297)
- :hammer: build(deps): bump actions/cache from 5.0.1 to 5.0.2 (#9296)
- :hammer: build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 (#9293)
- :hammer: build(deps): bump the all group in /tekton with 2 updates (#9291)
- :hammer: build(deps): bump chainguard-dev/actions from 1.5.10 to 1.5.11 (#9290)
- :hammer: build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#9288)
- :hammer: build(deps): bump k8s.io/apiextensions-apiserver from 0.32.8 to 0.32.11 (#9286)
- :hammer: build(deps): bump the all group in /tekton with 2 updates (#9281)
- :hammer: build(deps): bump the all group in /tekton with 4 updates (#9268)
- :hammer: build(deps): bump chainguard/go from
2f71c4dto0cd4986in /tekton in the all group (#9264) - :hammer: build(deps): bump peter-evans/slash-command-dispatch from 5.0.1 to 5.0.2 (#9263)
- :hammer: build(deps): bump github.com/spiffe/spire-api-sdk from 1.12.4 to 1.14.0 (#9261)
- :hammer: build(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#9259)
- :hammer: build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.16.1 to 2.16.2 (#9258)
- :hammer: build(deps): bump k8s.io/client-go from 0.32.8 to 0.32.11 (#9256)
- :hammer: build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#9254)
- :hammer: .github/workflows: Add a comment to main for plumbing's shared workflows (#9248)
Docs
- :book: chore: fix YAML indentation in release cheat sheet (#9226)
- :book: Remove beta note from projected workspaces and csi as they are stable (#9208)
- :book: Update releases.md for 1.7 (#9205)
Thanks
Thanks to these contributors who contributed to v1.9.0!
- :heart: @AlanGreene
- :heart: @BastiaanN
- :heart: @Pangjiping
- :heart: @SarthakPandey2002
- :heart: @a-ateek
- :heart: @ab-ghosh
- :heart: @afrittoli
- :heart: @anithapriyanatarajan
- :heart: @dependabot[bot]
- :heart: @infernus01
- :heart: @khrm
- :heart: @twoGiants
- :heart: @vdemeester
- :heart: @waveywaves
- :heart: @zakisk
Extra shout-out for awesome release notes:
- :heart_eyes: @Pangjiping
- :heart_eyes: @SarthakPandey2002
- :heart_eyes: @a-ateek
- :heart_eyes: @ab-ghosh
- :heart_eyes: @khrm
- :heart_eyes: @twoGiants
- :heart_eyes: @vdemeester
- :heart_eyes: @zakisk