chore(deps): update ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36 docker tag to v1 - autoclosed (!2123) · Merge requests · Shivering-Isles / Infrastructure GitOps

Closed Botaniker (Bot) requested to merge renovate/ghcr.io-tektoncd-pipeline-controller-10a3e32792f33651396d02b6855a6e36-1.x into main 1 month ago

This MR contains the following updates:

Package	Update	Change	OpenSSF
ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36 (source)	major	`v0.70.0` -> `v1.0.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

tektoncd/pipeline (ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36)

`v1.0.0`: Tekton Pipeline release v1.0.0 "Oriental Omnidroid" LTS

Compare Source

1.0.0 is live StepActions are GA and Git resolvers enhancements

-Docs @ v1.0.0 -Examples @ v1.0.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.0.0/release.yaml
REKOR_UUID=108e9186e8c5677a3c232a877172a3c7967bdcb84afa4bc0a3819fe35e8796e324bbc364356d4349

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.0@&#8203;sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

fix: resolve Git Anonymous Resolver excessive memory usage (#8677)

RemoteResolutions using the Git Resolver now use the git binary instead of the Golang library go-git to shallow-clone, shallow-fetch, then checkout the provided repository at the given revision. This reduces resolution time and memory significantly. Some git providers such as Gitea may not support fetching revisions if the revision is a SHA which is not reachable via a ref or is not at a ref/head. In general, no user action is required.

Resolves https://github.com/tektoncd/pipeline/issues/8652

feat(pipeline): allow variable substitution in pipeline.tasks[].onError (#8600)

feat(pipeline): allow variable substitution in pipeline.tasks[].onError

Add configuration for custom bundle resolver backoff (#8574)

Enables the configuration of backoffs for a bundle resolver requests.

feat: promote StepActions to GA (#8546)

StepActions promoted to GA and is available by default. The enable-step-actions feature flag exists as a no-op flag to ensure that existing user workflows which might rely on this flag are not disabled. This flag will be removed completely in a later release.

feat: add support for authenticated git clone (#8537)

n optional token can now be passed to the git clone method (using go-git library) to bypass token limit when using the API.

Fixes

fix: add stepaction as a valid kind in the hub resolver (#8635)

the hub resolver now validates StepActions as a valid kind

fix: avoid fan out matrix task failed due to result ref (#8487)

fix: avoid fan out matrix task failed due to result ref

fix: handle subPath directory creation errors gracefully (#8683)

Misc

cleanup: [TEP-0135] remove deprecated disable-affinity-assistant feature flag (#8603)

Binary file (standard input) matches

cleanup: remove clustertask support (#8601)

Remove ClusterTask support completely

Bump go.mod and tools/go.mod to go 1.23 (#8482)

Updating go to 1.23

misc: promote to beta (#8343)

keep-pod-on-cancel feature flag will be enabled in default

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#8729)
build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 (#8728)
build(deps): bump the all group in /tekton with 4 updates (#8727)
build(deps): bump github.com/sigstore/sigstore from 1.8.15 to 1.9.4 (#8724)
build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.4 (#8723)
build(deps): bump the all group in /tekton with 2 updates (#8722)
build(deps): bump tj-actions/changed-files from be393a9 to c34c1c1 (#8721)
build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 (#8705)
build(deps): bump tj-actions/changed-files from 6abeaa5 to be393a9 (#8704)
build(deps): bump ko-build/setup-ko from 0.8 to 0.9 (#8703)
build(deps): bump the all group in /tekton with 4 updates (#8702)
build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 (#8690)
build(deps): bump tj-actions/changed-files from 27ae6b3 to 6abeaa5 (#8689)
build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#8688)
build(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 (#8687)
build(deps): bump the all group in /tekton with 2 updates (#8686)
build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8680)
build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#8678)
build(deps): bump go.opentelemetry.io/otel from 1.34.0 to 1.35.0 (#8676)
Consume release pipeline images and task bundles from GHCR (#8674)
build(deps): bump k8s.io/code-generator from 0.31.6 to 0.31.7 (#8645)

Docs

Add v0.70 to the releases doc and fix dates of v0.64 and v0.69 releases (#8699)
Move Step when expressions documentation from StepActions to Tasks documetnation. (#8672)
Update link to section on overriding task requests (#8650)
chore: param enum usage example for stepaction (#8605)