Skip to content

Tekton Pipeline release v0.33.1 "Highlander HAL"
Compare
Choose a tag to compare
@tekton-robot tekton-robot released this 25 Feb 17:53
v0.33.1
6b5710c

-Docs @ v0.33.1
-Examples @ v0.33.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.1/release.yaml

Attestation

The Rekor UUID for this release is 18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb

Obtain the attestation:

REKOR_UUID=18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | base64 --decode | jq

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.33.1/release.yaml 
REKOR_UUID=18b3c02c2c35d9ef9d6c653646e37a3ced88e548ee601e353989a123011555fb

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | base64 --decode | jq -r '.subject[]|.name + ":v0.33.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do 
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Deprecation Notices

Same as v0.33.0:

The scope-when-expressions-to-task flag will be removed in the next release.
We recommend migrating Pipelines to using when expressions scoped to the guarded Task only.

Upgrade Notices

Same as v0.33.0:

🚨 Tekton v0.33.1 requires Kubernetes v1.21+ 🚨

The configuration flags disable-working-dir-overwrite and disable-home-env-overwrite and associated features are not available anymore. Users that rely on automatic workingDir and HOME overwrite must update their Tasks to explicitly them before updating to
this release.

The when expressions in a given Task are scoped to guard the Task only by default. Users that rely the Branch scope can use the scope-when-expressions-to-task to continue guarding the Task and its dependent Tasks.

Changes

Fixes

  • 🐛 Bump ggcr's pkg/authn/kubernetes and k8schain (#4620)

#4599: Reduce some spammy logs when resolving images not on ECR.
#4616: Pick up a fix in a dependency affecting Docker registry auth configs stored in Secrets where the registry string included the URL scheme ("https://", "http://"), or a registry path component ("/v1/" or "/v2/").

Thanks

Thanks to these contributors who contributed to v0.33.1!

Extra shout-out for awesome release notes:

Contributors

imjasonh and afrittoli
Assets 4
Loading
0 Join discussion