My Awesome Feature #201

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@c7d193f...1eb3cb2) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 41.0.1 to 41.1.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@716b1e1...62f4729) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

This commit migrates off the deprecated trace.NewNoopTracerProvider func. part of tektoncd#7464

This commits fixes the broken dependencies on go.opentelemetry.io/otel. It patches the tracing package with an updated tracingProvider to implement the embeddedTracingProvider with the provider in the noop pkg. /bug fixes: tektoncd#7464

This commit labels the user errors for failed PipelineRun status. This aims to communicate explicitly with users of whether the run failed could be attributed to users' responsibility. /kind misc part of tektoncd#7276

Based on discussions in tektoncd#7497 and consensus in the API WG, we disallow direct parameter substitution in scripts. While we cannot do this for inlined-steps since it is a major breaking change in `v1`, we can do this in `Step Actions`. In this PR we add validation that params cannot be directly replaced in `scripts` of `StepActions`.

fix tektoncd#7551 Adjust the behavior of how global Pod templates are merged with TaskRun or PipelineRun. The `env` and `volumes` fields are merged by the `name` value in the array elements.

This PR enables passing step results between steps. The replacements of stepresults needs to happen in the entrypointer.

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.8.5 to 1.8.7. - [Commits](spiffe/spire-api-sdk@v1.8.5...v1.8.7) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…f a pod Signed-off-by: Jeeva Kandasamy <[email protected]>

Signed-off-by: Vincent Demeester <[email protected]>

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.7.5 to 1.8.1. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.7.5...v1.8.1) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Pipelines 0.45 promoted array results and indexing into array param (proposed in TEP-0076) to beta. This commit is promoting these two features to stable such that these features can be used by the task authors and pipeline authors in a cluster when enable-api-fields is either set to alpha, beta or stable. Closes tektoncd#6816 Signed-off-by: Yongxuan Zhang [email protected]

Added v0.56 LTS

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.22.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.21.0...v1.22.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.0 to 5.11.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.10.0...v5.11.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.24 to 1.14.25. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](jenkins-x/go-scm@v1.14.24...v1.14.25) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.5 to 2.1.7. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.1.5...v2.1.7) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@1eb3cb2...694cdab) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e5f05b8...0b21cf2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/google/cel-go](https://github.com/google/cel-go) from 0.18.1 to 0.19.0. - [Release notes](https://github.com/google/cel-go/releases) - [Commits](google/cel-go@v0.18.1...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/cel-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.11 to 1.7.12. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.11...v1.7.12) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps code.gitea.io/sdk/gitea from 0.16.0 to 0.17.1. --- updated-dependencies: - dependency-name: code.gitea.io/sdk/gitea dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 41.1.1 to 42.0.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@62f4729...ae82ed4) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.25 to 1.14.26. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](jenkins-x/go-scm@v1.14.25...v1.14.26) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.22.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.21.0...v1.22.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc5 to 1.1.0-rc.6. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](opencontainers/image-spec@v1.1.0-rc5...v1.1.0-rc6) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

This commit fixes the user facing error messages for timing out Runs as well as the controller logs. /kind misc

matrix creates multiple taskRuns using the specified combination of inputs. The taskRun name in general is predictable unless it exceeds the max. number of characters (63). When the combination of a pipelineTask name and the pipelineRun name exceeds 63 characters, the taskRun names looses all their instance indices. Updating the taskRun name generation such that in case of a matrix task, when the generated taskRun name exceeds k8s restriction of 63 characters, the taskRun name is truncated and instance id of matrix is appended. Signed-off-by: Priti Desai <[email protected]>

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](google/uuid@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.1 to 1.61.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.60.1...v1.61.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.6.19 to 1.7.12. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.6.19...v1.7.12) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc3 to 1.1.0-rc.6. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](opencontainers/image-spec@v1.1.0-rc3...v1.1.0-rc6) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Updated releases.md to mark v0.44 LTS end of life. Signed-off-by: Andrea Frittoli <[email protected]>

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…meout Back with PR 5134 Tekton started using the cancel function for cleaning up underlying TaskRuns of PipelineRuns that are timing out, though separate timeout functions were used (presumably in case the timeout behavior needed to be tweaked from the cancel behavior later on). Then, in PR 5288, improvements to the baseline cancel function were made to still complete cancel processing of a PipelineRun if the underlying TaskRuns were deleted. However, that same accomodation was not made for the timeout path. This change addresses that, but still keeps the timeout codepaths separate from the 'base' cancel codepaths.

This commit follows up tektoncd#7475 and labels user error for failed TaskRun status messages. It marks off user errors in the taskrun reconciler and communicate to users via TaskRunStatus condition messages. /kind misc part of tektoncd#7276

Signed-off-by: roman-kiselenko <[email protected]>

Use of the value of 0 for the taskrun/pipeline timeout, which per https://github.com/tektoncd/pipeline/blob/main/docs/pipelineruns.md#configuring-a-failure-timeout for example means timeout is disabled, results in the waitTime passed to the Requeue event to be negative. This had the observed behavior of Requeue'ing immediately, and intense cycles of many reconcilations per second were observed if the TaskRun's/PipelineRun's state did not in fact change. This artificially constrained the peformance of the pipeline controller. This change makes sure the wait time passed to the Requeue is not negative. rh-pre-commit.version: 2.1.0 rh-pre-commit.check-secrets: ENABLED

Related with tektoncd#7539 and tektoncd#7223 To report specific Steps termination reasons we need to know why its continer finished; we use the termination message to store a new "state" with this information. We are adding a new field to store this information per step. Co-authored-by: JeromeJu <[email protected]> Co-authored-by: Chitrang Patel <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0b21cf2...e8893c5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc3 to 1.1.0-rc6. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](opencontainers/image-spec@v1.1.0-rc3...v1.1.0-rc6) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

fixes tektoncd#7640 In tektoncd#5565, we started stopping injected sidecars with `nop` in the same way we stop explicitly defined sidecar containers. `MakeTaskRunStatus` was updated to only include explicitly defined sidecars in the `TaskRun` status, rather than just any container in the `TaskRun` pod that doesn't start with `step-`, so while the pod is running, the injected sidecar doesn't show up in the status. However, once the pod has completed and the sidecars are stopped, if the `TaskRun`'s spec contains a sidecar, `updateStoppedSidecarStatus` will be called, and that function's logic for what containers to include in `TaskRun.Status.Sidecars` is still including everything but `step-`-prefixed containers. That should be updated to behave in the same way as `MakeTaskRunStatus`. Signed-off-by: Andrew Bayer <[email protected]>

This commit releases the per feature flag test. It currently utilize minimum end-to-end tests for stable features while mocking stable, beta and alpha stability with different test envs. /kind misc

In TaskRun, the annotation `pipeline.tekton.dev/release` records the version information of the pipeline. If the Pipeline is updated, the annotation in the completed TaskRuns should not be modified.

fix tektoncd#7601

Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.22.0 to 1.23.1. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.22.0...v1.23.1) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.55.1 to 1.56.1. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.55.1...v1.56.1) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@694cdab...26f96df) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

fix tektoncd#7650

update docker-in-docker testimage for s390x

This commit uses the Per-feature flag struct for features added in between the window that the changes per TEP0138 was made. All new features should conform to the new Per-feature flag struct. /kind misc fixes: tektoncd#7285

…to ordinary task status, it cannot take effect. In fact, when cel is calculated, the expression is not replaced, and the original literal is used, such as: `"'$(tasks.a-task. status)' == 'Succeeded'"`. This commit will be ensured that the status of the referenced ordinary task is replaced before calculating the final task `when.cel`.

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.0.0 to 42.0.2. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@ae82ed4...90a06d6) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.6.19 to 1.7.13. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.6.19...v1.7.13) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@26f96df...5d5d22a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.22.0 to 1.23.1. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.22.0...v1.23.1) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

This updates the latest release to the patch release.

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.0 to 1.61.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.61.0...v1.61.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

This updates the latest release to the patch release.

We have implemented imagePullBackOff as fail fast. The issue with this approach is, the node where the pod is scheduled often experiences registry rate limit. The image pull failure because of the rate limit returns the same warning (reason: Failed and message: ImagePullBackOff). The pod can potentially recover after waiting for enough time until the cap is expired. Kubernetes can then successfully pull the image and bring the pod up. Introducing a default configuration to specify cluster level timeout to allow the imagePullBackOff to retry for a given duration. Once that duration has passed, return a permanent failure. tektoncd#5987 tektoncd#7184 Signed-off-by: Priti Desai <[email protected]> wait for a given duration in case of imagePullBackOff Signed-off-by: Priti Desai <[email protected]>

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.8 to 0.27.11. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.27.8...v0.27.11) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/google/cel-go](https://github.com/google/cel-go) from 0.19.0 to 0.20.0. - [Release notes](https://github.com/google/cel-go/releases) - [Commits](google/cel-go@v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: github.com/google/cel-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc6 to 1.1.0. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](opencontainers/image-spec@v1.1.0-rc6...v1.1.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.0.2 to 42.0.4. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@90a06d6...3f54ebb) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e8893c5...3796146) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

This commit intends to isolate the feature flag tests and adds the new test env for the periodic feature flag test. /kind misc

/kind documentation

Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.14.0 to 2.15.1. - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](cloudevents/sdk-go@v2.14.0...v2.15.1) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

The previous example did not actually output results, leading to the misconception that it was not effective.

…mpatible The dependabot PR tektoncd#7522 updates other dependencies as well, this isolate the update. Signed-off-by: Vincent Demeester <[email protected]>

….wokeignore The current configuration on the `.wokeignore` file has an increasing number of warnings and some of the warnings cannot be immediately or directly resolved. These include link references to other repositories. In order to minimize noise caused by the woke scan results; a few additions are being suggested. Annotations have also been added to a few src files that still need to be scanned to suppress the warnings. `# Please enter the commit message for your changes. Lines starting

…e files The .wokeignore file has been modified to ignore these paths the annotations on the source file have been ommitted

This file is a generated file so adding it to the .wokeignore list.

Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.8.7 to 1.9.0. - [Commits](spiffe/spire-api-sdk@v1.8.7...v1.9.0) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.56.1 to 1.56.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.56.1...v1.56.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…un and TaskRun) fix tektoncd#7667 Support for variable interpolation in: * spec.workspaces[].configMap.items[].* * spec.workspaces[].secret.items[].* * spec.workspaces[].projected.sources[].configMap.items[].* * spec.workspaces[].projected.sources[].secret.items[].*

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.1 to 1.62.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.61.1...v1.62.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.0.4 to 42.0.5. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@3f54ebb...800a282) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3796146...47b3d88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…_test.go

fix tektoncd#7720 Currently, the `pipelineRef` and `pipelineSpec` are only in preview mode and not yet supported. If a user has configured this field and enabled alpha features, it might bypass validation and enter into controller logic. It is now necessary to implement relevant checks within the controller logic to clearly prompt the user, instead of causing the program to panic.

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@47b3d88...8a470fd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

This commit refactors the setup for `SYSTEM_NAMESPACE` which was previously set in the `install_pipeline_crd` helper function. But it should not be necessary to be part of the pipeline installation instead it is an env setup. This helps resolve the issue where we could not run tests before installing the current version of pipeline CRDs.

Move CRD files into the 300-crds folder to make it easier to not install CRDs in case of multi install into a single cluster. Since the release pipeline uses ko -R, this doesn't change anything for now in the release files. Signed-off-by: Andrea Frittoli <[email protected]>

Update the multi-tenancy documentation to include all aspects of multi-tenancy and explain how to install the CRDs separately from the new dedicated folder. Signed-off-by: Andrea Frittoli <[email protected]>

Otel SDK is upgraded from 1.19 to 1.21 Jaeger exporter is deprecated in otel 1.20, in favor of otel exporter Migrated jaeger to otel http exporter Signed-off-by: Jayadeep KM <[email protected]>

Implementing proposal TEP-0150. Adding a functionality where the existing displayName can be used to configure unique names for each instance using the params from each combination such that the matrix instances in the Tekton Dashboard are rendered to distinguishable names. Also, repurposing an existing name field as part of the matrix.include[].name. If specified, a fully resolved name field is available in the childReferences. Signed-off-by: Priti Desai <[email protected]>

…ivault Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.0.5 to 42.1.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@800a282...aa08304) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.27.11 to 0.27.12. - [Commits](kubernetes/api@v0.27.11...v0.27.12) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8a470fd...05963f4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.1.0 to 43.0.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@aa08304...77af4be) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...9bb5618) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.13 to 1.7.14. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.13...v1.7.14) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.62.0...v1.62.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.56.2 to 1.57.1. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.56.2...v1.57.1) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.15.1 to 2.15.2. - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](cloudevents/sdk-go@v2.15.1...v2.15.2) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.9.0 to 1.9.1. - [Commits](spiffe/spire-api-sdk@v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/google/cel-go](https://github.com/google/cel-go) from 0.20.0 to 0.20.1. - [Release notes](https://github.com/google/cel-go/releases) - [Commits](google/cel-go@v0.20.0...v0.20.1) --- updated-dependencies: - dependency-name: github.com/google/cel-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.0 to 0.19.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.0...v0.19.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

`ClusterTask` only exists in `v1beta1` and will never have a `v1` thus doesn't need to be registered in the conversion webhook. Prior to this commit, some tooling (like https://github.com/openshift/cluster-kube-apiserver-operator/) might assume there is a conversion webhook and then fail to communicate with it (because we do not register `ClusterTask` in the conversion webhook part) ; generating a lot of spam log. As a rules of thumb, if we are not registering/refering an object in `newConversionController` (in `cmd/webhook/main.go`), the `conversion` field in the CRD shouldn't be defined either. Signed-off-by: Vincent Demeester <[email protected]>

`StepAction` only exists in `v1alpha1` and thus doesn't need to be registered in the conversion webhook. Prior to this commit, the webhook errors out (several times) with the following: ``` custom resource \"stepactions.tekton.dev\" isn't configured for webhook conversion ``` Signed-off-by: Vincent Demeester <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.8 to 3.24.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@05963f4...1b1aada) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 43.0.0 to 43.0.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@77af4be...20576b4) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Prior to this, when we merged StepTemplate with the Spec, we would lose the Results and Params because the merged Step would overwrite the original Step. This PR adds the Results and Params when creating the new Step so that we don't lose this information. It fixes Issue tektoncd#7754 Signed-off-by: Chitrang Patel <[email protected]>

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.9.1 to 1.9.2. - [Commits](spiffe/spire-api-sdk@v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Document two patch releases - 0.53.4 and 0.56.2 Cleaning up unused references to older releases, docs and examples Signed-off-by: Priti Desai <[email protected]>

passed to `stepaction`, but it may be passed to other fields in `step`, such as: `StdoutConfig`. This commit will only pass the fields in `stepaction` and replace these fields with `params` in `step`.

- Use `actions/cache` to be able to use golang cache (uses `**/go.sum` to compute the cache hash). This should speed up compilation for any pull-requests that doesn't update dependencies. - Do not rely on autobuild, but use `make bin/*` to build all binaries (and add a `make binaries` for the future). Signed-off-by: Vincent Demeester <[email protected]>

This updates core dependencies of knative/pkg to it's latest release, 1.13. And it updates the k8s.io dependencies according to it. Note: this moves the min kubernetes version to 1.27 for tektoncd/pipeline. Signed-off-by: Vincent Demeester <[email protected]>

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.11.0 to 5.12.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.11.0...v5.12.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.26 to 1.14.29. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](jenkins-x/go-scm@v1.14.26...v1.14.29) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 43.0.1 to 44.0.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@20576b4...2d756ea) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

…ivault Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.57.1 to 1.57.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.57.1...v1.57.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.1...v1.8.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Most of the metrics aren't as per convention. This fixes it in a backward compatible way. We introduce metrics with compliant naming. Gauge metrics: Gauge metrics shouldn't end with `count` as it implies a counter. Counter metrics: Counter metrics shouldn't end with `count` as it implies a counter from histogram. Instead, we should use `total`. https://prometheus.io/docs/practices/naming/ https://www.robustperception.io/on-the-naming-of-things/

Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.7 to 2.2.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.1.7...v2.2.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

This PR adds a `description` field to StepActions. It enables users to add description for readability and UI. Fixes tektoncd#7822 Signed-off-by: Chitrang Patel <[email protected]>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.63.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.62.1...v1.63.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0. - [Commits](golang/sync@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

This is slightly related to GHSA-xw73-rw38-6vjc although not really fixing it. But this is more of a "maintenance" type of bump. Signed-off-by: Vincent Demeester <[email protected]>

- Add `step-security/harden-runner` to provide network egress filtering and runtime security. See https://github.com/step-security/harden-runner - Pin `actions/cache` by digest - Switch command to build binaries (and use the `-j` flag of `make`). Signed-off-by: Vincent Demeester <[email protected]>

- Add `step-security/harden-runner` to provide network egress filtering and runtime security. See https://github.com/step-security/harden-runner Signed-off-by: Vincent Demeester <[email protected]>

This is a relatively huge commit that updates the golangci-lint version as well as configuration. ``` make golangci-lint 🐱 running golangci-lint… WARN [linters_context] copyloopvar: this linter is disabled because the Go version (1.21) of your project is lower than Go 1.22 Compilation finished at Thu Apr 4 13:44:19 ``` Signed-off-by: Vincent Demeester <[email protected]>

…tlptracehttp Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.25.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.14 to 1.7.15. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.14...v1.7.15) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.9.2 to 1.9.3. - [Commits](spiffe/spire-api-sdk@v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Stop using archived gopkg.in/square/go-jose.v2 pkg Switch to github.com/go-jose/go-jose/v3 instead Fixes CVE-2024-28180

Adding a `bugfix-release.sh` script to automate bugfix releases. Today it is meant to be started by a maintainer, like the following ``` ./tekton/bugfix-release upstream/release-v0.47.x ``` - It will detect the old version, and commit related to the version - It will compute the new version number - It will detect the release name - If there is no different between the old version and the new one (aka, no commit in the release branch since last release), it will be exit gracefully. The idea is that, from there, we can automate the bugfix release completely. We could run this script weekly for each "supported" release branch, and it would automatically do the release for us. Signed-off-by: Vincent Demeester <[email protected]>

See https://pkg.go.dev/vuln/GO-2024-2687 Signed-off-by: Vincent Demeester <[email protected]>

Signed-off-by: lvyaoting <[email protected]>

``` ./tekton/bugfix-release.sh: line 17: return: can only `return' from a function or sourced script ``` It should be `exit` instead :) Signed-off-by: Vincent Demeester <[email protected]>

Adding links to the latest release - 0.58 Signed-off-by: Priti Desai <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.9 to 3.24.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b1aada...4355270) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.9.3 to 1.9.4. - [Commits](spiffe/spire-api-sdk@v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.0 to 1.63.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.63.0...v1.63.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 44.0.0 to 44.0.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@2d756ea...635f118) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the all group in /tekton with 4 updates: chainguard/crane, chainguard/go, tekton-releases/dogfooding/ko and tekton-releases/dogfooding/koparse. Updates `chainguard/crane` from `9030bfd` to `08a1fc1` Updates `chainguard/go` from `2428110` to `bedf4d9` Updates `tekton-releases/dogfooding/ko` from `9471f96` to `50712e3` Updates `tekton-releases/dogfooding/koparse` from `5945f70` to `cf7eb37` --- updated-dependencies: - dependency-name: chainguard/crane dependency-type: direct:production dependency-group: all - dependency-name: chainguard/go dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/ko dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/koparse dependency-type: direct:production dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

This PR fixes tektoncd#7865.

Fixing the documentation with the correct syntax. Signed-off-by: Priti Desai <[email protected]>

This commit initiates the OSS conformance test suite. It sets the standards for incrementing the V1 conformance test with the two simple test cases. /kind misc

Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.29 to 1.14.30. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](jenkins-x/go-scm@v1.14.29...v1.14.30) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

ImagePullBackOffTimeOut currently uses the "Scheduled" pod condition transition time, however a pod can be scheduled on a node far earlier than when image pulling begins which can (and does) result in Tasks failing when image pulls could be retried and succeed. We should use the transition time for "PodReadyToStartContainers" (1.29+) / "Initialized" for checking the image pull timeout as these conditions more accurately capture when the image pull began. This commit updates this logic and adds the covering tests.

Bumps code.gitea.io/sdk/gitea from 0.17.1 to 0.18.0. --- updated-dependencies: - dependency-name: code.gitea.io/sdk/gitea dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the all group in /tekton with 4 updates: chainguard/crane, chainguard/go, tekton-releases/dogfooding/ko and tekton-releases/dogfooding/koparse. Updates `chainguard/crane` from `08a1fc1` to `931e19c` Updates `chainguard/go` from `bedf4d9` to `1e9e266` Updates `tekton-releases/dogfooding/ko` from `50712e3` to `e5296fb` Updates `tekton-releases/dogfooding/koparse` from `cf7eb37` to `2eefe19` --- updated-dependencies: - dependency-name: chainguard/crane dependency-type: direct:production dependency-group: all - dependency-name: chainguard/go dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/ko dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/koparse dependency-type: direct:production dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.27.12 to 0.27.13. - [Commits](kubernetes/api@v0.27.12...v0.27.13) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 3.25.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4355270...df5a14d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.0 to 3.25.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@df5a14d...c7f9125) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 44.0.1 to 44.3.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@635f118...0874344) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the all group in /tekton with 4 updates: chainguard/crane, chainguard/go, tekton-releases/dogfooding/ko and tekton-releases/dogfooding/koparse. Updates `chainguard/crane` from `931e19c` to `a91db0e` Updates `chainguard/go` from `1e9e266` to `7c09972` Updates `tekton-releases/dogfooding/ko` from `e5296fb` to `78fc1bb` Updates `tekton-releases/dogfooding/koparse` from `2eefe19` to `e2b95b5` --- updated-dependencies: - dependency-name: chainguard/crane dependency-type: direct:production dependency-group: all - dependency-name: chainguard/go dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/ko dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/koparse dependency-type: direct:production dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.11 to 0.27.13. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.27.11...v0.27.13) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5d5d22a...6546280) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@9bb5618...1d96c77) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

By default the inline specs will be enabled. Only if flag is set to true, inline spec would be disabled. This is to increase security of pipelines.

The auth step in the publish task uses /busybox/sh in the crane image but that does not exists anymore, switch to /bin/sh Signed-off-by: Andrea Frittoli <[email protected]>

…ne failures fix tektoncd#7775 In the existing logic, resources used for ConvertTo should have default values set. Otherwise, there could be issues with incorrect parameter types being set (e.g., an array type being treated as a string type). However, resources fetched from remote sources haven't undergone the SetDefaults operation. If we directly invoke the ConvertTo operation, it might result in erroneous outcomes. For instance, a v1beta1 ClusterTask that undergoes a direct ConvertTo to convert the resource into a v1 Task for validation might be mistakenly considered invalid. Additionally, even if a v1beta1 Task passes validation, the process of converting it to a v1 Task could still incorrectly set default parameter types, leading to errors during execution.

fix tektoncd#7762 Do not set default kind when taskRef resolver is present, keep the original configuration of the user.

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.25.0 to 1.26.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Fix the shell used in the tag-images script, part of the publish task used for releases. Signed-off-by: Andrea Frittoli <[email protected]>

…ad of failing fix tektoncd#7760 Log a warning if a Secrets in service account does not exist

…e>.volume` fix tektoncd#7886 Change the naming method of the workspace volume from completely random to hashed, ensuring that the name generated during a single taskRun lifecycle is consistent each time, and is unique within all current workspaces. This way, we can reuse the logic of retrieving the taskSpec from the status, and also store the content after variable expansion in the taskSpec of the status for easy debugging; it will also not affect the reconstruction of the pod when retrying.

…tlptracehttp Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.25.0 to 1.26.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Releases v0.58 and v0.47LTS are now EOL. Signed-off-by: Andrea Frittoli <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.1 to 3.25.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c7f9125...d39d31e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@1d96c77...0ad4b8f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the all group in /tekton with 2 updates: tekton-releases/dogfooding/ko and tekton-releases/dogfooding/koparse. Updates `tekton-releases/dogfooding/ko` from `78fc1bb` to `e28efee` Updates `tekton-releases/dogfooding/koparse` from `e2b95b5` to `fb14e8f` --- updated-dependencies: - dependency-name: tekton-releases/dogfooding/ko dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/koparse dependency-type: direct:production dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps google.golang.org/protobuf from 1.33.0 to 1.34.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.57.2 to 1.58.0. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.57.2...v1.58.0) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.30 to 1.14.34. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](jenkins-x/go-scm@v1.14.30...v1.14.34) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps google.golang.org/protobuf from 1.34.0 to 1.34.1. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the all group in /tekton with 4 updates: chainguard/crane, chainguard/go, tekton-releases/dogfooding/ko and tekton-releases/dogfooding/koparse. Updates `chainguard/crane` from `a91db0e` to `75e4615` Updates `chainguard/go` from `7c09972` to `beee32f` Updates `tekton-releases/dogfooding/ko` from `e28efee` to `56e89ca` Updates `tekton-releases/dogfooding/koparse` from `fb14e8f` to `ebe7626` --- updated-dependencies: - dependency-name: chainguard/crane dependency-type: direct:production dependency-group: all - dependency-name: chainguard/go dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/ko dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/koparse dependency-type: direct:production dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@0ad4b8f...44c2b7a) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.7.0 to 2.7.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@63c24ba...a4aa98b) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.58.0 to 1.58.1. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.58.0...v1.58.1) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Back when implementing tektoncd#6744 for tektoncd#6631 we failed to realize that with k8s quota policies being namespace scoped, knowing which namespace the throttled items were in could have some diagnostic value. Now that we have been using the metric added for a bit, this realization is now very apparent. This changes introduces the namespace tag. Also, since last touching this space, the original metric was deprecated and a new one with a shorter name was added. This change only updates the non-deprecated metric with the new label. Lastly, the default behavior is preserved, and use of the new label only occurs when explicitly enabled in observability config map.

function will continuously set the pipeline name label during each `reconcile` process. This may override the results by the `storePipelineSpecAndMergeMeta` function. This may cause some remote resource names to not be set correctly. This commit, when the pipeline name label has been set, the next `reconcile` will not be reset again.

This PR implements an updated resolver framework with slight updates. This is to avoid backwards incompatibility while implementing [TEP-0154](tektoncd/community#1138). The current framework only works with Params. e.g. The interface has ValidateParams and Resolve which takes in Params. Now that we also need to pass in a `URL`, we need to add new methods and change function signatures which leads to API incompatibility with existing custom resolvers. As a result, when users upgrade to new version of Tekton Pipelines, they will be forced to be compatible with the new format because of the interface changes. This PR tries to make it future proof such that if we add new fields to the ResolutionSpec, it will be handled without the need to break users.

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 44.3.0 to 44.4.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@0874344...a29e8b5) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the all group in /tekton with 3 updates: chainguard/crane, tekton-releases/dogfooding/ko and tekton-releases/dogfooding/koparse. Updates `chainguard/crane` from `75e4615` to `8c2f747` Updates `tekton-releases/dogfooding/ko` from `56e89ca` to `ec2f12f` Updates `tekton-releases/dogfooding/koparse` from `ebe7626` to `b68675c` --- updated-dependencies: - dependency-name: chainguard/crane dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/ko dependency-type: direct:production dependency-group: all - dependency-name: tekton-releases/dogfooding/koparse dependency-type: direct:production dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.3 to 3.25.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d39d31e...b7cec75) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Added reason tag to duration metrics. Different failures cause difference in duration of pipelineruns and taskruns.

This PR updates the Godoc to declare the existing resolution as deprecated. The upgraded framework was made available in `pkg/remoteresolution` in a prior PR.

Fix version mismatch of github.com/aws/aws-sdk-go-v2 and github.com/aws/aws-sdk-go-v2/ecr due to a breaking change in aws-sdk-go-v2 of version v1.23.0. The mismatch is caused by the 2 dependencies github.com/sigstore/sigstore/pkg/signature/kms/aws and github.com/google/go-containerregistry using aws-sdk-go-v2 in v.18.x and v1.26.x. When no command or script was given to a Task, this caused the entrypoint resolve logic to fail with a "401 Not Authorized", when trying to get the manifest from a private AWS ECR.

This PR enables concise resolver syntax interface.

Bumps [github.com/spiffe/spire-api-sdk](https://github.com/spiffe/spire-api-sdk) from 1.9.4 to 1.9.6. - [Commits](spiffe/spire-api-sdk@v1.9.4...v1.9.6) --- updated-dependencies: - dependency-name: github.com/spiffe/spire-api-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.64.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.63.2...v1.64.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.27.13 to 0.27.14. - [Commits](kubernetes/api@v0.27.13...v0.27.14) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

in the pipeline-related metrics, the pipeline name tag will be set to 'anonymous'. Taskrun has the same situation. This commit added some scenarios for obtaining pipeline or task names. When the pipeline or task name cannot be determined accurately, the value is obtained through the corresponding label.

Signed-off-by: Pavol Pitonak <[email protected]>

Signed-off-by: Sachin Itagi <[email protected]>

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.13 to 0.27.14. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.27.13...v0.27.14) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…ller and resolver for remote resolution During both sides of remote resolution (core controller and resolver) typically transient kubernetes errors were being treated as permanent knative errors and no attempts at trying to reconcile again were made, leading to failures which could be avoided. Then, while diagnosing this, discovered the TaskNotFoundError was missing the Task name when identification comes from params. That is also addressed.

Prior to this, we allowed parameter propagation in an inlined pipelinerun. However, within a pipeline, we requrie a verbose spec. This was an oversight as indicated in tektoncd#7901. This PR fixes that issue by updating the validation logic in the webhook. Fixes tektoncd#7901. Propagate params in pipelines Prior to this, we allowed parameter propagation in an inlined pipelinerun. However, within a pipeline, we requrie a verbose spec. This was an oversight as indicated in tektoncd#7901. This PR fixes that issue by updating the validation logic in the webhook. Fixes tektoncd#7901.

- add comment on why we check param when generating error log - add unit test that covers getting name from non-string param type rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED

This PR fixes the issue where a bad remote resource is accepted by remote resolution.

updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.15 to 1.7.17. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.15...v1.7.17) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

updated-dependencies: - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

My Awesome Feature #201

Are you sure you want to change the base?

My Awesome Feature #201

Commits on Jan 15, 2024

Commits on Jan 16, 2024

Commits on Jan 17, 2024

Commits on Jan 18, 2024

Commits on Jan 19, 2024

Commits on Jan 22, 2024

Commits on Jan 23, 2024

Commits on Jan 24, 2024

Commits on Jan 25, 2024

Commits on Jan 26, 2024

Commits on Jan 29, 2024

Commits on Jan 30, 2024

Commits on Feb 5, 2024

Commits on Feb 6, 2024

Commits on Feb 7, 2024

Commits on Feb 8, 2024

Commits on Feb 9, 2024

Commits on Feb 12, 2024

Commits on Feb 13, 2024

Commits on Feb 15, 2024

Commits on Feb 16, 2024

Commits on Feb 19, 2024

Commits on Feb 20, 2024

Commits on Feb 21, 2024

Commits on Feb 22, 2024

Commits on Feb 26, 2024

Commits on Feb 27, 2024

Commits on Feb 29, 2024

Commits on Mar 2, 2024

Commits on Mar 4, 2024

Commits on Mar 5, 2024

Commits on Mar 6, 2024

Commits on Mar 11, 2024

Commits on Mar 12, 2024

Commits on Mar 15, 2024

Commits on Mar 18, 2024

Commits on Mar 19, 2024

Commits on Mar 20, 2024

Commits on Mar 21, 2024

Commits on Mar 25, 2024

Commits on Mar 26, 2024

Commits on Mar 27, 2024

Commits on Mar 28, 2024

Commits on Apr 2, 2024

Commits on Apr 3, 2024

Commits on Apr 5, 2024

Commits on Apr 6, 2024

Commits on Apr 8, 2024

Commits on Apr 10, 2024

Commits on Apr 11, 2024

Commits on Apr 12, 2024

Commits on Apr 15, 2024

Commits on Apr 22, 2024

Commits on Apr 24, 2024

Commits on Apr 25, 2024

Commits on Apr 26, 2024

Commits on Apr 30, 2024

Commits on May 2, 2024

Commits on May 6, 2024

Commits on May 9, 2024

Commits on May 10, 2024

Commits on May 14, 2024

Commits on May 15, 2024

Commits on May 16, 2024

Commits on May 17, 2024

Commits on May 21, 2024

Commits on May 22, 2024