OpenShift docs are moving and will soon only be available at docs.redhat.com, the home of all Red Hat product documentation. Explore the new docs experience today.
  1. Documentation
    2. history bug_report picture_as_pdf
×

Red Hat OpenShift Pipelines release notes

For additional information about the OpenShift Pipelines lifecycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.

Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift Pipelines releases on OpenShift Container Platform.

Red Hat OpenShift Pipelines is a cloud-native CI/CD experience based on the Tekton project which provides:

  • Standard Kubernetes-native pipeline definitions (CRDs).

  • Serverless pipelines with no CI server management overhead.

  • Extensibility to build images using any Kubernetes tool, such as S2I, Buildah, JIB, and Kaniko.

  • Portability across any Kubernetes distribution.

  • Powerful CLI for interacting with pipelines.

  • Integrated user experience with the Developer perspective of the OpenShift Container Platform web console.

For an overview of Red Hat OpenShift Pipelines, see Understanding OpenShift Pipelines.

Compatibility and support matrix

Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.

In the table, features are marked with the following statuses:

TP

Technology Preview
GA

General Availability
Table 1. Compatibility and support matrix
Red Hat OpenShift Pipelines Version Component Version OpenShift Version Support Status

Operator

Pipelines

Triggers

CLI

Chains

Hub

Pipelines as Code

Results

Manual Approval Gate

1.17

0.65.x

0.30.x

0.39.x

0.23.x (GA)

1.19.x (TP)

0.29.x (GA)

0.13.x (TP)

0.4.x (TP)

4.15, 4.16, 4.17

GA

1.16

0.62.x

0.29.x

0.38.x

0.22.x (GA)

1.18.x (TP)

0.28.x (GA)

0.12.x (TP)

0.3.x (TP)

4.15, 4.16, 4.17

GA

1.15

0.59.x

0.27.x

0.37.x

0.20.x (GA)

1.17.x (TP)

0.27.x (GA)

0.10.x (TP)

0.2.x (TP)

4.14, 4.15, 4.16

GA

1.14

0.56.x

0.26.x

0.35.x

0.20.x (GA)

1.16.x (TP)

0.24.x (GA)

0.9.x (TP)

NA

4.12, 4.13, 4.14, 4.15, 4.16

GA

For questions and feedback, you can send an email to the product team at pipelines-interest@redhat.com.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Release notes for Red Hat OpenShift Pipelines General Availability 1.17

With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.17 is available on OpenShift Container Platform 4.15 and later versions.

New features

In addition to fixes and stability improvements, the following sections highlight what is new in Red Hat OpenShift Pipelines 1.17:

Pipelines

  • With this release, you can configure multiple Git providers by using the Git resolver, or you can add multiple configurations for the same Git provider, in the TektonConfig custom resource (CR). You can then specify a Git configuration to use in different task runs and pipeline runs by using the configKey parameter.

    Example of multiple Git provider configurations
    apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
# ...
  pipeline:
    git-resolver-config:
      # configuration 1
      fetch-timeout: "1m"
      default-url: "https://github.com/tektoncd/catalog.git"
      default-revision: "main"
      scm-type: "github"
      server-url: ""
      api-token-secret-name: ""
      api-token-secret-key: ""
      api-token-secret-namespace: "default"
      default-org: ""
      # configuration 2
      test1.fetch-timeout: "5m"
      test1.default-url: ""
      test1.default-revision: "stable"
      test1.scm-type: "github"
      test1.server-url: "api.internal-github.com"
      test1.api-token-secret-name: "test1-secret"
      test1.api-token-secret-key: "token"
      test1.api-token-secret-namespace: "test1"
      test1.default-org: "tektoncd"
      # configuration 3
      test2.fetch-timeout: "10m"
      test2.default-url: ""
      test2.default-revision: "stable"
      test2.scm-type: "gitlab"
      test2.server-url: "api.internal-gitlab.com"
      test2.api-token-secret-name: "test2-secret"
      test2.api-token-secret-key: "pat"
      test2.api-token-secret-namespace: "test2"
      test2.default-org: "tektoncd-infra"
# ...
    Example of using a test1 configuration in a pipeline run
    apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
  name: example
spec:
  pipelineRef:
    resolver: git
    params:
    # ...
    - name: configKey
      value: test1
# ...

  • With this update, you can now monitor the running PipelineRun resources at the namespace, pipeline, and pipeline run level, in addition to the cluster level. You can configure the level through the TektonConfig custom resource by setting the metrics.running-pipelinerun.level parameter value to namespace, pipeline, or pipelinerun. The default value is empty, which sets the monitoring at cluster level.

    Example of monitoring the running pipeline run at the namespace level
    apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  pipeline:
    # ...
    metrics.running-pipelinerun.level: namespace
# ...

  • With this update, after the execution of a pipeline run or task run, the YAML manifest of the resource contains a label showing the ID of the user who executed it. For a PipelineRun resource, the label is tekton.dev/PipelineRunUID. For a TaskRun resource, the label is tekton.dev/TaskRunUID.

  • With this update, when you use the spec.pipeline.performance spec in the TektonConfig CR to specify performance tuning values such as threads-per-controller, kube-api-qps, and kube-api-burst, OpenShift Pipelines applies these values to the resolver controller as well as the other controllers.

Operator

  • With this update, you can run the skopeo-copy command with additional arguments, for example, --all and --preserve-digests. You can pass these arguments as a space-separated string, as shown in the following example:

    Example command
    $ tkn task start skopeo-copy -p ARGS="--all --preserve-digests"

  • With this update, OpenShift Pipelines applies the ephemeral volume setting of any security context constraint (SCC) that you apply to a pipeline or task.

Pipelines as Code

  • With this update, the pipelines_as_code_running_pipelineruns_count metric is added to show the number of running PipelineRun resources in Pipelines as Code. The metric can be filtered by repository or by namespace.

  • With this update, the pipelines_as_code_pipelinerun_duration_seconds_sum metric is added to show the total duration in seconds taken by all PipelineRun resources in Pipelines as Code. The metric can be filtered by repository, namespace, PipelineRun status, and PipelineRun status change reason.

Tekton Results

  • With this update, you can configure Tekton Results to include certain labels and annotations from the YAML manifests of pipelines and tasks in the summary fields column in the results tables. By default, the value of the tekton.dev/pipeline label is used. To make this change, modify the TektonResult CR as shown in the following example:

    Example of configuring summary labels and annotations in the TektonResult CR
    apiVersion: operator.tekton.dev/v1
kind: TektonResult
metadata:
  name: result
spec:
  options:
    deployments:
      tekton-results-watcher:
        spec:
          template:
            spec:
              containers:
              - name: watcher
                args:
                - "--summary_labels=org.tekton.sample_label,tekton.dev/pipeline"
                - "--summary_annotations=org.tekton.sample_annotation"

Tekton Chains

  • With this update, you can configure the TektonConfig custom resource (CR) to generate the x509 key pair of the ecdsa type and use it with Tekton Chains to sign artifacts. You can generate the key pair by setting the generateSigningSecret field in the TektonConfig custom resource (CR) to true:

    Example of creating an ecdsa key pair
    apiVersion: operator.tekton.dev/v1
kind: TektonConfig
metadata:
  name: config
spec:
# ...
  chain:
    disabled: false
    generateSigningSecret: true
# ...

  • Before this update, if you did not configure Tekton Chains in the TektonConfig CR, the Operator would not pass any default Chains configuration. With this update, if you do not configure Tekton Chains in the TektonConfig CR, the Operator sets the Tekton Chains configuration with these default properties:

    apiVersion: operator.tekton.dev/v1
kind: TektonConfig
metadata:
  name: config
spec:
# ...
  chain:
    artifacts.taskrun.format: in-toto
    artifacts.taskrun.storage: oci
    artifacts.oci.storage: oci
    artifacts.oci.format: simplesigning
    artifacts.pipelinerun.format: in-toto
    artifacts.pipelinerun.storage: oci
# ...

  • With this update, Tekton Chains now supports extracting the mongo-server-url URL from a specified file that can have any name. You can now use the storage.docdb.mongo-server-url-path parameter pointing to a valid file path within the container.

Breaking changes

  • With this update, the deprecated ClusterTask resource is removed from the Operator. As an alternative, you can use the cluster resolver to access tasks that OpenShift Pipelines installs in the openshift-pipelines namespace.

    Before upgrading to OpenShift Pipelines 1.17, if you configured any pipelines that use ClusterTask resources, you must edit them to use the tasks in the openshift-pipelines namespace. Otherwise, after the upgrade, the pipelines will fail.

    For more information about using the tasks in the openshift-pipelines namespace, see Tasks provided in the OpenShift Pipelines namespace.

  • With this update, the community cluster tasks are removed from the Operator. As an alternative, you can download them from the Tekton catalog (GitHub resource). The community cluster tasks are planned to be added as tasks in a future release. The following list shows the removed community cluster tasks:

    • argocd-task-sync-and-wait

    • git-cli

    • helm-upgrade-from-repo

    • helm-upgrade-from-source

    • jib-maven

    • kubeconfig-creator

    • pull-request

    • trigger-jenkins-job

Fixed issues

  • With this update, the Pipelines as Code controller no longer processes the GitLab push event if the push event payload contains no commit. Instead, it correctly displays an error message warning the user that no commit is attached.

  • With this update, the Pipelines as Code controller no longer processes the GitLab tag delete event, which caused the controller to crash. Instead, it correctly displays an error message warning the user that deleting the tag event is not supported.

  • Before this update, some of the standard variables, header values, and body fields, for example the body.eventKey field, were not being resolved in PipelineRun resources for the Bitbucket server. With this update, the issue is fixed.

  • With this update, the skopeo-copy task supports copying multiple images by using the url.txt file if the SOURCE_IMAGE_URL and DESTINATION_IMAGE_URL parameters are left empty.

  • Before this update, running the tkn pac create repo command on an empty repository resulted in the . period symbol being generated as the name of the pipeline run in the template. With this update, the issue is fixed, and the REPO_NAME.git is now used as the pipeline run name.

  • With this update, the pipeline run failure handling is fixed to accurately report validation failures in the status.message field and consistently trigger finally tasks, even if a task fails the validation.

  • Before this update, when a pod failed because of an out-of-memory error, the task run did not immediately fail. Instead, it was unresponsive for some time and then failed. With this update, the task run immediately fails.

  • Before this update, if a CustomRun resource referred to a pipeline or task resource that returned an array as a result, a result type mismatch was reported in the log. With this update, the array result is processed correctly.

  • Before this update, when a task run failed, in some cases the statuses of some of the steps in the task were not recorded correctly in the TaskRun YAML manifest. With this update, the statuses are correctly recorded.

  • Before this update, if a step in a task failed, the subsequent steps were sometimes not marked as skipped in the YAML manifest of the task run or pipeline run. With this update, the steps are marked as skipped. c

  • Before this update, if a pipeline run included a task that failed validation, a subsequent finally task did not run, even though it is expected to run after any failures of the previous tasks. With this update, the finally task runs.

  • Before this update, when using Pipelines as Code with GitLab, if the .tekton directory contained more than 20 files, some pipeline runs failed to start. With this update, the pipeline runs start correctly.

  • Before this update, when using Pipelines as Code with BitBucket, an incorrect payload in a BitBucket event could cause the Pipelines as Code controller to crash. With this update, the controller does not crash, validates payload before processing it, and correctly reports the error.

  • Before this update, when using Pipelines as Code, when you deleted a pipeline run before it was completed, temporary Git authentication secrets remained in the OpenShift Container Platform namespace. Because of this issue, the quota for secrets could be reached, and in this case new pipeline runs failed to start. With this update, Pipelines as Code deletes temporary secrets properly.

  • Before this update, when using Pipelines as Code with BitBucket, tag-related events were not matched when a pipeline run was configured for on-target-branch, for example: on-target-branch: [refs/tags/*]. This happened because the BitBucket events payload related to a tag does not contain a refs/tags prefix. With this update, Pipelines as Code matches the tag events correctly.

  • Before this update, when a task run was canceled, Tekton Chains did not record the specification of the task. With this update, Tekton Chains records the specification of the task.

  • Before this update, in Tekton Chains, the recorded steps in the specification of a task (TaskRun.Status.steps) could mismatch, even when the task run properly executed all steps in the task. With this update, the steps in the task specification and the steps executed in the task run are recorded correctly.

  • Before this update, when a pipeline run ended because of a timeout, the log output sometimes contained error messages that were not valid and the status of the pipeline run was not reported correctly. With this update, such messages do not appear in the log and the status is reported correctly.

  • Before this update, when you specified a workspace to be mounted in one or several steps of a task, OpenShift Pipelines mounted the workspace for all steps in the task. With this update, the workspace is mounted only in the steps where it is specified.

  • Before this update, when using Pipelines as Code, if the OpenShift Container Platform cluster was very busy, some pipeline runs failed to execute because the concurrency queue was out of order and Pipelines as Code did not recover properly. With this update, Pipelines as Code properly manages the concurrency queue and executes all pipeline runs.

  • Before this update, if you specified default container resource requirements in the TektonConfig CR and then applied a LimitRange setting to a pipeline or task, the LimitRange setting was sometimes not applied because the default requirements overrode it. With this update, the LimitRange setting overrides the default container resource requirements.

  • Before this update, if a pipeline run or task run failed to execute because of a validation error, OpenShift Pipelines recorded and displayed a generic Failed status for the pipeline run or task run. With this update, OpenShift Pipelines records a Failed Validation status.

  • Before this update, when you used the tkn bundle command to read the content of a large-sized Tekton bundle, the command might fail. With this update, the tkn command-line utilities correctly handles large Tekton bundles.

  • Before this update, when you used the tkn command-line utility to view a completed pipeline run, tasks that were skipped because of conditions you set up in the pipeline were displayed as Succeeded(Completed). With this update, they are no longer displayed as completed.