diff --git a/cicd/pipelines/op-release-notes.adoc b/cicd/pipelines/op-release-notes.adoc index c334f407d52c..4ef7ca59666b 100644 --- a/cicd/pipelines/op-release-notes.adoc +++ b/cicd/pipelines/op-release-notes.adoc @@ -23,6 +23,8 @@ include::modules/op-tkn-pipelines-compatibility-support-matrix.adoc[leveloffset= include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1] // Modules included, most to least recent +include::modules/op-release-notes-1-10.adoc[leveloffset=+1] + include::modules/op-release-notes-1-9.adoc[leveloffset=+1] include::modules/op-release-notes-1-8.adoc[leveloffset=+1] diff --git a/modules/op-release-notes-1-10.adoc b/modules/op-release-notes-1-10.adoc new file mode 100644 index 000000000000..bb3c941fe0e7 --- /dev/null +++ b/modules/op-release-notes-1-10.adoc @@ -0,0 +1,156 @@ +// Module included in the following assembly: +// +// * cicd/pipelines/op-release-notes.adoc +:_content-type: REFERENCE +[id="op-release-notes-1-10_{context}"] += Release notes for {pipelines-title} General Availability 1.10 + +With this update, {pipelines-title} General Availability (GA) 1.10 is available on {product-title} 4.11 and later versions. + +[id="new-features-1-10_{context}"] +== New features + +In addition to the fixes and stability improvements, the following sections highlight what is new in {pipelines-title} 1.10. + +[id="pipelines-new-features-1-10_{context}"] +=== Pipelines + +* With this update, for a cluster resolver, bundle resolver, and Git resolver, a pipeline sets the `ConfigSource` value to its source from where the remote resources were received. The `ConfigSource` parameter includes a source URL and hex-encoded sha256 checksum of the cluster resource. +* This update adds a new boolean flag `enable-provenance-in-status` into the `feature-flags` config map to enable the provenance field in status to be populated. The provenance field in status records authenticated metadata about how a software artifact was built. +* This update adds reconciler, event, config, and webhook support for a custom run. +* This update populates the `Status.Provenance.ConfigSource` parameter for a `TaskRun` or `PipelineRun` by using the value from the remote `ResolutionRequest` status. ++ +[NOTE] +==== +You need to set the feature flag `enable-provenance-in-status` to `true` to enable the `Status.Provenance.ConfigSource` parameter to be populated and available in a run status. +==== + +* With this update, custom tasks in pipelines are enabled by default. To disable this update, set the `enable-custom-tasks` flag to `false` in the `feature-flags` config map file. +* This update adds support for the `PipelineRun` reconciler to create a custom run. For example, custom `TaskRuns` created from `PipelineRuns` can now be of API version `v1beta1.CustomRuns` instead of `v1alpha1.Runs`, if the `custom-task-version` feature flag is set to `v1beta1`, instead of the default value `v1alpha1`. ++ +[NOTE] +==== +You need to update the custom task controller to listen for the `*v1beta1.CustomRun` API version instead of `*v1alpha1.Run` in order to respond to `v1beta1.CustomRun` requests. +==== + +* This update adds a new parameter `Retries` into `v1beta1.TaskRun` and `v1.TaskRun` API versions. +* This update includes the following changes in the trusted resources verification package: +** Enable Key Management Service (KMS) in the `VerificationPolicy` library for trusted resources. +** Add a new parameter `KMS` into `v1alpha1.VerificationPolicy` API version. Use this parameter to configure the KMS path and resolve the stored keys. +** Add KMS libraries to use KMS for verification purposes. +* This update adds support for tracing using Jaeger and OpenTelemetry. To enable this update, add the following environment variables to the controller manifest: +** `OTEL_EXPORTER_JAEGER_ENDPOINT`: Denotes the HTTP endpoint for sending spans directly to a collector. +** OTEL_EXPORTER_JAEGER_USER: Denotes the user name to be sent for authentication to the collector endpoint. This is an optional variable. +** OTEL_EXPORTER_JAEGER_PASSWORD: Denotes the password to be sent for authentication to the collector endpoint. This is an optional variable. + + +[id="triggers-new-features-1-10_{context}"] +=== Triggers + +* With this update, triggers support the creation of v1 `Pipelines`, `Tasks`, `PipelineRuns`, `TaskRuns`, and v1beta1 `CustomRuns` objects. +* With this update, GitHub Interceptor blocks a pull request trigger from being executed unless invoked by an owner or with a configurable comment by an owner. To enable or disable this update, set the value of the `githubOwners` parameter to `true` or `false` in the GitHub Interceptor configuration file. +* With this update, GitHub Interceptor has the ability to add a comma delimited list of all files that have changed for the push and pull request events. The list of changed files are added to the `changed_files` property of the event payload in the top-level extensions field. +* This update changes TLS `MinVersion` to `tls.VersionTLS12` so that triggers run on {product-title} when the Federal Information Processing Standards (FIPS) mode is enabled. + + +[id="cli-new-features-1-10_{context}"] +=== CLI + +* With this update, you can specify environment variables in a `PipelineRun` or `TaskRun` pod template to override or append the variables that are configured in a task or step. Also, you can specify environment variables in a default pod template to use those variables globally for all `PipelineRuns` and `TaskRuns`. This update also adds a new default configuration `forbidden-ends` to filter the environment variables while propagating from pod templates. +* This update adds support to pass a Container Storage Interface (CSI) file as workspace at the time of starting a `Task`, `ClusterTask` or `Pipeline`. +* This update adds v1 API support to all CLI commands associated with task, pipeline, pipeline run, and task run resources. Tekton CLI works fine with both v1beta1 and v1 APIs for these resources. +* This update adds support for an object type parameter in the `star` and `describe` commands. + + +[id="operator-new-features-1-10_{context}"] +=== Operator + +* This update adds a `default-forbidden-env` parameter in optional pipeline properties. The parameter includes forbidden environment variables that should not be propagated if provided through pod templates. +* This update adds support for custom logos in Tekton Hub UI. To add a custom logo, set the value of the `customLogo` parameter to base64 encoded URI of logo in the Tekton Hub CR. +* This update increments the version number of the git-clone task to 0.9. +* This update adds the `resource-verification-mode` and `enable-provenance-in-status` parameters into the `feature-flags` config map for pipelines. +* With this update, you can define both the `keep` and `keep-since` parameters simultaneously for a `TaskRun` or `PipelineRun` resource in the pruner configuration file. + + +[id="chains-new-features-1-10_{context}"] +=== Tekton Chains + +* This update adds annotations and labels to the `PipelineRun` and `TaskRun` attestations. +* This update adds a new format `slsa/v1`, which generates the same provenance as that generated when requesting in the `in-toto` format. +* With this update, Sigstore features are moved out from the experimental features. +* With this update, the `predicate.materials` function includes image URI and digest information from all steps and sidecars for a `TaskRun`. + + +[id="tekton-hub-new-features-1-10_{context}"] +=== {tekton-hub} + +* This update supports install, upgrade, or downgrade of Tekton resources with API versions `tekton.dev/v1beta1` and `tekton.dev/v1` on the cluster. +* This update supports adding a custom logo in place of the {tekton-hub} logo in UI. +* This update extends the `tkn hub install` command functionality by adding a flag `--type artifact`, which fetches resources from the Artifact Hub and install them on your cluster. +* This update adds support tier, catalog, and org information as labels to the resources being installed from Artifact Hub to your cluster. + + +[id="pac-new-features-1-10_{context}"] +=== {pac} + +* This update enhances incoming webhook support. For a GitHub application installed on the cluster, you do not need to provide the `git_provider` specification for an incoming webhook. Instead, {pac} detects the secret and use it for the incoming webhook. +* With this update, you can use the same token to fetch remote tasks from the same host on GitHub with a non-default branch. +* With this update, {pac} supports Tekton v1 templates. You can have v1 and v1beta1 templates, which {pac} reads for PR generation. The PR is created as v1 on cluster. +* Before this update, OpenShift console UI would use a hardcoded pipeline run template as a fallback template when a runtime template was not found in the OpenShift namespace. This update provides a default pipeline run template for the console to use, `pipelines-as-code-template-default`, in the `pipelines-as-code` config map. +* With this update, {pac} supports Tekton Pipelines 0.44.0 minimal status. +* With this update, {pac} supports Tekton v1 API, which means {pac} is now compatible with Tekton v0.44 and later. +* With this update, you can configure custom console dashboards in addition to configuring a console for OpenShift and Tekton dashboards for k8s. +* With this update, {pac} detects the installation of a GitHub application initiated using the `tkn pac create repo` command and does not require a GitHub webhook if it was installed globally. +* Before this update, if there was an error on a `PipelineRun` execution and not on the tasks attached to `PipelineRun`, {pac} would not report the failure properly. With this update, {pac} reports the error properly on the GitHub checks when a `PipelineRun` could not get created. +* With this update, {pac} includes a `target_namespace` variable, which expands to the currently running namespace where the `PipelineRun` is executed. +* With this update, {pac} lets you bypass GitHub enterprise questions in the CLI bootstrap GitHub application. +* With this update, {pac} does not report errors when the repository CR was not found. +* With this update, {pac} reports an error if multiple pipeline runs with the same name were found. + + +[id="breaking-changes-1-10_{context}"] +== Breaking changes + +* This update removes support for cluster and `CloudEvent` pipeline resources from Tekton CLI. You cannot create pipeline resources by using the `tkn pipelineresource create` command. Also, the pipeline resources are not supported anymore in the `start` command of a task, cluster task, and pipeline. +* This update removes `tekton` as a provenance format from Tekton Chains. + + +[id="deprecated-features-1-10_{context}"] +== Deprecated and removed features + +* In {pipelines-title} 1.10, the `ClusterTask` commands are now deprecated and are planned to be removed in a future release. The `tkn task create` command is also deprecated with this update. +* In {pipelines-title} 1.10, the flags `-i` and `-o` that were used with the `tkn task start` command are now deprecated because the v1 API does not support pipeline resources. +* In {pipelines-title} 1.10, the flag `-r` that was used with the `tkn pipeline start` command is deprecated because the v1 API does not support pipeline resources. +* In {pipelines-title} 1.10, the pipeline default embedded status will be moved to minimal in a future release. This update sets the `openshiftDefaultEmbeddedStatus` parameter to `both` with full and embedded status. Also, the flag to change the default embedded status will be removed in a future release. + +[id="known-issues-1-10_{context}"] +== Known issues + +* This update includes the following backward incompatible changes: +** Change in the default value of `EmbeddedStatus`, which is now set to `minimal`. +** Removal of cluster `PipelineResources`. +** Removal of cloud event `PipelineResources`. + + +[id="fixed-issues-1-10_{context}"] +== Fixed issues + +* Before this update, the `opc pac` command generated a runtime error instead of showing any help. This update fixes the `opc pac` command to show the help message. +* Before this update, running the `tkn pac create repo` command needed the webhook details for creating a repository. With this update, the `tkn-pac create repo` command does not configure a webhook when your GitHub application is installed. +* Before this update, Pipelines as Code would not report a pipeline run creation error when Tekton Pipelines had issues creating the `PipelineRun` resource. For example, a non-existing task in a pipeline run would show no status. With this update, PAC shows the proper error message coming from `tekton/pipeline` along with the task that is missing. +* This update fixes UI page redirection after a successful authentication. Now, you are redirected to the same page where you had attempted to log in to Tekton Hub. +* This update fixes the `list` command with these flags, `--all-namespaces` and `--output=yaml`, for a cluster task, an individual task, and a pipeline. +* This update removes the forward slash in the end of the `repo.spec.url` URL so that it matches with the URL coming from GitHub. +* Before this update, the `marshalJSON` function would not marshal a list of objects. With this update, the `marshalJSON` function marshals the list of objects. +* With this update, PAC lets you bypass GitHub enterprise questions in the CLI bootstrap GitHub application. +* This update fixes the GitHub collaborator check when your repository has more than 100 users. +* With this update, the `sign` and `verify` commands for a task or pipeline work fine without the kubernetes configuration file. +* With this update, Tekton Operator cleans leftover pruner cron jobs if pruner has been skipped on a namespace. +* Before this update, the API `ConfigMap` would not be updated with user configured value for catalog refresh interval. This update fixes the `CATALOG_REFRESH_INTERVAL` API in the Tekon Hub CR. +* This update fixes reconciling of `PipelineRunStatus` when changing the `EmbeddedStatus` feature flag. This update resets the following parameters: +** Reset the `status.runs` and `status.taskruns` parameters to `nil` with `minimal EmbeddedStatus` +** Reset the `status.childReferences` parameter to `nil` with `full EmbeddedStatus` +* This update adds a conversion configuration to the `ResolutionRequest` CRD. This update properly configures conversion from `v1alpha1.ResolutionRequest` to `v1beta1.ResolutionRequest`. +* This update checks for duplicate workspaces associated with a pipeline task. +* This update fixes the default value for enabling resolvers in the code. +* This update fixes `TaskRef` and `PipelineRef` names conversion by using a resolver. \ No newline at end of file diff --git a/modules/op-tkn-pipelines-compatibility-support-matrix.adoc b/modules/op-tkn-pipelines-compatibility-support-matrix.adoc index 8a0a32791554..d822dfde35a6 100644 --- a/modules/op-tkn-pipelines-compatibility-support-matrix.adoc +++ b/modules/op-tkn-pipelines-compatibility-support-matrix.adoc @@ -18,6 +18,7 @@ GA:: General Availability | {pipelines-title} Version 7+| Component Version | OpenShift Version | Support Status | Operator | Pipelines | Triggers | CLI | Catalog | Chains | Hub | {pac} | | +|1.10 | 0.44.x | 0.23.x | 0.30.x | NA | 0.15.x (TP) | 1.12.x (TP) | 0.17.x (GA) | 4.11, 4.12, 4.13 (planned) | GA |1.9 | 0.41.x | 0.22.x | 0.28.x | NA | 0.13.x (TP) | 1.11.x (TP) | 0.15.x (GA) | 4.11, 4.12, 4.13 (planned) | GA