Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 1. Red Hat OpenShift Pipelines release notes

Note

For additional information about the OpenShift Pipelines lifecycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.

Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift Pipelines releases on OpenShift Container Platform.

Red Hat OpenShift Pipelines is a cloud-native CI/CD experience based on the Tekton project which provides:

  • Standard Kubernetes-native pipeline definitions (CRDs).
  • Serverless pipelines with no CI server management overhead.
  • Extensibility to build images using any Kubernetes tool, such as S2I, Buildah, JIB, and Kaniko.
  • Portability across any Kubernetes distribution.
  • Powerful CLI for interacting with pipelines.
  • Integrated user experience with the OpenShift Container Platform web console, up to OpenShift Container Platform version 4.19.

For an overview of Red Hat OpenShift Pipelines, see Understanding OpenShift Pipelines.

1.1. Compatibility and support matrix
Link kopieren

Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.

In the table, features are marked with the following statuses:

TP

Technology Preview

GA

General Availability

Expand
Table 1.1. Compatibility and support matrix
Red Hat OpenShift Pipelines VersionComponent VersionOpenShift VersionSupport Status

Operator

Pipelines

Triggers

CLI

Chains

Hub

Pipelines as Code

Results

Manual Approval Gate

  

1.20

1.3.x

0.33.x

0.42.x

0.25.x (GA)

1.22.x (TP)

0.37.x (GA)

0.16.x (GA)

0.6.x (TP)

4.15, 4.16, 4.17, 4.18, 4.19

GA

1.19

1.0.x

0.32.x

0.41.x

0.25.x (GA)

1.21.x (TP)

0.35.x (GA)

0.15.x (GA)

0.6.x (TP)

4.15, 4.16, 4.17, 4.18, 4.19

GA

1.18

0.68.x

0.31.x

0.40.x

0.24.x (GA)

1.20.x (TP)

0.33.x (GA)

0.14.x (GA)

0.5.x (TP)

4.15, 4.16, 4.17, 4.18

GA

For questions and feedback, you can send an email to the product team at pipelines-interest@redhat.com.

1.2. Release notes for Red Hat OpenShift Pipelines 1.20
Link kopieren

With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.20 is available on OpenShift Container Platform 4.15 and later versions.

1.2.1. New features
Link kopieren

In addition to fixes and stability improvements, the following sections highlight what is new in Red Hat OpenShift Pipelines 1.20:

Support for running in FIPS-enabled environments
Pod anti-affinity rule added to controller replicas
  • OpenShift Pipelines adds and applies the preferredDuringSchedulingIgnoredDuringExecution pod anti-affinity rule to controller replicas, except for the Tekton Chains controllers. In High Availability (HA) setups, this rule distributes replicas across different nodes instead of scheduling them on the same node, improving resiliency, load balancing, and availability. No additional configuration is required.
New buildah-ns task for improved container build security
  • OpenShift Pipelines adds the buildah-ns task. It improves container build security with user namespace isolation and remains compatible with the existing buildah task. For more information, see "Additional resources".
readOnlyRootFilesystem enabled for default deployments
  • Containers in the OpenShift Pipelines, Tekton Results, Tekton Chains, and Manual Approval Gate deployments have readOnlyRootFilesystem setting enabled by default, improving security and compliance.
Tasks display friendly names in the web console
  • Tasks in the OpenShift Container Platform web console now use the displayName property instead of technical task names, improving readability and making tasks easier to search within the Red Hat OpenShift Pipelines user interface.
OpenShift Pipelines on single-node OpenShift

  • Tech preview support for running OpenShift Pipelines on Single-Node OpenShift (SNO) is now available. This support is not intended for production deployments. OpenShift Pipelines on SNO has no additional limitations beyond the inherent constraints of a single-node cluster: limited scalability, no redundancy, and constrained concurrency. For a cluster on libvirt API, the minimum hardware requirements are:

    • 12 vCPUs
    • 64 GB RAM
    • 240 GB disk space
Important

OpenShift Pipelines on Single-Node OpenShift (SNO) is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Operator

Independent control of RBAC and CA bundle config map creation
  • With this update, you can independently control whether the OpenShift Pipelines Operator creates Role-Based Access Control (RBAC) resources and Trusted Certificate Authority (CA) bundle config maps in your cluster. This enhancement gives you more flexibility to fit your environment and helps avoid resource duplication. By default, both options are enabled to maintain the existing behavior. For more information, see "Additional resources".

Pruner

Event-based pruner configurable in TektonConfig CR
  • You can enable and configure the event-based tektonpruner directly in the TektonConfig custom resource (CR). This update also adds observability enhancements with new pruner-specific metrics.
Important

The event-based pruner is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Tekton Triggers

Optional installation of Tekton Triggers through the Operator

  • When deploying OpenShift Pipelines through the Operator, you can choose not to install Tekton Triggers. This update provides finer control over component installation and supports environments where triggers are managed independently. The default value is false. The following is an example of TektonCofig CR with the installation disabled: 

    apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  trigger:
    disabled: true
#...
    Copy to Clipboard Toggle word wrap

Tekton Results

New flag to disable live collection in tekton-results-watcher

  • Tekton Results supports a new flag for the tekton-results-watcher controller to disable live collection of runs by setting the --disable_storing_incomplete_runs=true flag in the TektonConfig CRD: 

    #...
options:
    deployments:
      tekton-results-watcher:
        spec:
          template:
            spec:
              containers:
              - args:
                - "--disable_storing_incomplete_runs=true"
                name: watcher
                resources: {}
#...
    Copy to Clipboard Toggle word wrap

    If set to true, runs are not stored until they are complete, improving system performance. If set to false, runs are stored upon creation and continuously upserted whenever a change occurs. This is the current default behavior. The true setting is planned to become the default in a future release.

Optimization to skip processing of already stored PipelineRuns
  • Tekton Results skips processing of already stored PipelineRuns, improving performance and reducing API server calls. This optimization enhances overall efficiency and responsiveness, aiming to reduce server load and conserve resources.

Pipelines as Code

Support for JSON body in incoming webhooks

  • Pipelines as Code supports passing incoming webhook parameters in the JSON POST body, while maintaining compatibility with URL query parameters: 

    $ curl -H "Content-Type: application/json" -X POST \
"https://control.pac.url/incoming" -d '{"repository":"repo","branch":"main", \
"pipelinerun":"target-pipelinerun","secret":"very-secure-shared-secret"}'
    Copy to Clipboard Toggle word wrap

    Using the request body for sensitive information reduces exposure in logs and improves security. For more information, see Recommended (POST JSON body) method.

Detailed logging for GitHub API calls
  • Pipelines as Code supports detailed logging for GitHub API calls, providing insights into API interactions, durations, and rate-limiting. By setting the controller log level to 'debug', you can troubleshoot complex issues more efficiently. This enhancement refactors code to instrument GitHub calls and affects all types of GitHub API calls within the provider. For more information, see Debugging API interactions.
New auto-configure-repo-repository-template option
  • Pipelines as Code adds the auto-configure-repo-repository-template setting, a new option in auto-configure-new-github-repo feature setting to consolidate repository creation within a single namespace, streamlining management for those with multiple repositories. For more information, see "Additional resources".
Support for relative task references in remote Pipeline definitions
  • You can use relative paths to reference tasks from within a remote Pipeline definition. The Pipelines as Code resolver automatically builds the full URL for the task based on the location of the remote PipelineSpec definition. This enhancement improves pipeline organization and portability, particularly when working with tagged releases or branches. For more information, see Overriding tasks from a remote pipeline on a PipelineRun.
Important

Overriding tasks from a remote pipeline is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

New dynamic pull_request_number variable for push events
  • Pull requests that trigger a push event automatically populate a new Pipelines as Code dynamic pull_request_number variable, allowing for a clear reference to the specific pull request associated with the push event and improving traceability. For more information, see "Additional resources".

1.2.2. Breaking changes
Link kopieren

  • The public instance of Tekton Hub (hub.tekton.dev) is deprecated and will be removed in a future release. For more information, see "Additional resources".
  • Git resolver no longer sets TEKTON_HUB_API to the public hub. You must set the environment variable when pointing to a self-hosted hub. For more information, see Resolvers.

  • OpenShift Pipelines no longer emits deprecated metrics, such as pipelinerun_count or running_taskruns_count. You must update your dashboards and alerts with the new metrics, such as pipelinerun_total or running_pipelineruns.

    Expand
    DeprecatedNew

    pipelinerun_count

    pipelinerun_total

    running_pipelineruns_count

    running_pipelineruns

    running_pipelineruns_waiting_on_pipeline_resolution_count

    running_pipelineruns_waiting_on_pipeline_resolution

    running_pipelineruns_waiting_on_task_resolution_count

    running_pipelineruns_waiting_on_task_resolution

    taskrun_count

    taskrun_total

    running_taskruns_count

    running_taskruns

    running_taskruns_throttled_by_quota_count

    running_taskruns_throttled_by_quota

    running_taskruns_throttled_by_node_count

    running_taskruns_throttled_by_node

Pipelines as Code

  • Pipelines as Code automatically moves from using the deprecated Tekton Hub to Artifact Hub for pipeline and task resolution. After the upgrade some task references using short version pins, such as 0.2, will not resolve correctly. You must update these pins to the full semantic version format, such as 0.2.0, to ensure correct task resolution.

  • The hub_catalog_name variable value remains set to tekton after upgrading to 1.20. As a result, the system does not fetch the git-clone task from the correct catalog on Artifact Hub. After upgrading to 1.20, you must remove the variable from the Pipelines as Code config map by running the following command: 

    $ oc patch configmap pipelines-as-code -n openshift-pipelines --type=json -p='[{"op": "remove", "path": "/data/hub-catalog-name"}]'
    Copy to Clipboard Toggle word wrap

1.2.3. Known issues
Link kopieren

Pruner

  • After upgrading from Red Hat OpenShift Pipelines 1.19 to 1.20, the tekton-pruner-default-spec config map values are overridden with default values. As a mitigation, maintain a copy of the tekton-pruner-default-spec config map before upgrade and apply the same to the TektonConfig fields post upgrade. This issue affects only upgrade path and does not occur on fresh installations.

CLI

  • Using opc pr logs in the OpenShift namespace may fail with repeated Failed to list objects from openshift namespace errors for both admin and non-admin users.

Tekton Cache

  • On IBM P and IBM Z environments, the cache-fetch step might fail with the failed to change ownership: operation not permitted error message. This issue occurs due to filesystem permission restrictions on the underlying storage.

Tekton Chains

  • Pod anti-affinity rules are not applied to tekton-chains-controller replicas.

Tekton Hub

  • The git-clone task downloaded from Tekton Hub displays version 0.9 instead of 0.10. This occurs because the system sorts version strings lexicographically rather than using semantic versioning.

1.2.4. Fixed issues
Link kopieren

Pipelines

  • Before this update, the OpenShift Pipelines controller did not apply the managed-by: tekton-pipelines label when deploying PipelineRuns and TaskRuns with Helm. In addition, pods created by the controller could have the app.kubernetes.io/managed-by label overridden by values set by a TaskRun or PipelineRun. With this update, the controller consistently applies the correct labels, and pods use the default app.kubernetes.io/managed-by value.
  • Before this update, the OpenShift Container Platform Console stated a 'Cancelling' state for PipelineRun objects with failed finally tasks, even when the actual status of the PipelineRun was Canceled, causing confusion. With this update, the issue is fixed.
  • Before this update, the PipelineRun Events tab did not show events, due to an issue with the Pipeline Console plugin. As a consequence, you could not monitor the events in real-time. With this update, the issue is fixed.
  • Before this update, the pipeline builder fetched only a limited number of tasks from Artifact Hub, resulting in some tasks not being available. This resulted in an incomplete pipeline creation. With this update, the interface fetches the complete list of tasks from Artifact Hub on search, showing all available tasks in the pipeline builder.
  • Before this update, running the Konflux-specific fbc-fips-check-oci-ta tasks during git cloning caused temporary resource unavailability, stalling the git resolver and preventing the resolution of ResolutionRequests. This resulted in a build failure with the following error message: cannot fork() for remote-https: Resource temporarily unavailable. With this update, the issue is fixed.

  • Before this update, TaskRun and CustomRun creation could fail immediately on transient mutating-webhook timeouts, causing flakiness on busy clusters. With this update, the system applies exponential backoff, configurable via the wait-exponential-backoff config map and controlled by the enable-wait-exponential-backoff setting: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: feature-flags
  namespace: tekton-pipelines
data:
  enable-wait-exponential-backoff: "true"
#...
    Copy to Clipboard Toggle word wrap
  • Before this update, the controllers used a fixed thread count, limiting concurrency. With this update, you can override threads-per-controller by setting the THREADS_PER_CONTROLLER environment variable, allowing finer control over controller concurrency.
  • Before this update, podTemplate fields in TaskRunSpec CR did not support parameter substitution, limiting matrix and multi-arch patterns. With this update, the controller substitutes parameters in podTemplate fields for all TaskRuns and TaskRunSpecs.
  • Before this update, the onError block in pipeline v1beta1 did not support variables. With this update, the controller resolves the onError variables, improving error handling flexibility.
  • Before this update, git resolver shell-outs sometimes failed to inherit environment variables, breaking environment-driven authentication or configuration. With this update, the resolver passes the pod environment correctly to all git subprocesses.
  • Before this update, git resolver deployments could leave zombie git processes running, consuming resources. With this update, resolvers use a tini-based image and entrypoint to actively clean up subprocesses.
  • Before this update, upgrading OpenShift Pipelines could cause errors when updating metadata, such as finalizers, on completed PipelineRuns or TaskRuns due to specification drift. With this update, the issue is fixed.
  • Before this update, the OpenShift git resolver did not mount the trusted CA config map into the component system CA store, potentially causing certificate verification issues. With this update, the config map is mounted correctly, ensuring secure git operations.
  • Before this update, the git-clone task failed with a No such remote 'origin' error messgae if the origin remote was missing from the repository. With this update, the task automatically adds the origin remote to the repository configuration, ensuring correct setup and successful cloning.
  • Before this update, the pipeline controller failed immediately when resource quotas were exceeded, canceling the run and interrupting user workflows. With this update, the controller retries and automatically reruns if resources become available, reducing unnecessary cancellations and improving pipeline reliability.
  • Before this update, the pipeline builder UI failed to save a pipeline when the buildah task BUILD_ARGS parameter had the default value [""]. The validation incorrectly rejected empty strings in arrays, even though the task could run successfully. With this update, the issue is fixed, allowing pipelines with default BUILD_ARGS parameter to be saved correctly.

Pipelines as Code

  • Before this update, structured logs for Pipelines as Code lacked detailed source repository information from the initiating webhook request. With this update, logs for Pipelines as Code include complete source repository details, making it easier for operators to identify user-reported issues.
  • Before this update, invalid Common Expression Language (CEL) expressions in Pipelines as Code PipelineRun failed silently. With this update, Pipelines as Code posts error comments on pull requests, making troubleshooting easier.

  • Before this update, Pipelines as Code PipelineRun posted status comments on every pull request in GitHub webhook integration, creating unnecessary noise. With this update, you can disable status comments in the Repository CR by setting the following: 

    kind: Repository
spec:
  settings:
    github:
      comment_strategy: "disable_all"
#...
    Copy to Clipboard Toggle word wrap
  • Before this update, the PipelineRun starting comment did not include a link to the OpenShift Container Platform Console, making access less convenient. With this update, the comment includes a direct link to the PipelineRun.
  • Before this update, empty commits in Bitbucket push events were processed by Pipelines as Code, causing the controller to crash. With this update, the controller ignores empty commits in the payload, preventing crashes.
  • Before this update, Pipelines as Code incorrectly annotated PipelineRun objects modified by external controllers and marked as started. With this update, PipelineRun receives proper annotations on status change, helping ensure accurate tracking.
  • Before this update, auto-merge was blocked if an unauthorized user opened a pull request (PR) and the target branch did not contain a .tekton directory. Pipelines as Code created a pending check that remained indefinitely, even after a repository admin approved the CI run with the /ok-to-test GitOps comment. With this update, the check is updated correctly after approval, allowing auto-merge to proceed as expected.

CLI

  • Before this update, opc CLI reading pod logs from already deleted pods could cause a panic, leading to application crashes. With this update, deleted pod scenarios are handled properly, preventing crashes when reading logs.
  • Before this update, the opc CLI PipelineRunPending status was displayed with incorrect coloring, making it harder to distinguish from other statuses. With this update, the Pending status color is correct for improved visual clarity.
  • Before this update, opc CLI following logs could trigger a deadlock, causing the application to hang. With this update, the deadlock scenario in the log following functionality is fixed, ensuring reliable log streaming.
  • Before this update, opc CLI log lines from different tasks and steps were not easily distinguishable, complicating debugging. With this update, log lines include a prefix showing the log source, task, and step name by default, improving readability and the debugging experience.
  • Before this update, querying logs for a running PipelineRun or TaskRun in OPC Results resulted in an unclear error message. With this update, the message clearly indicates that logs cannot be retrieved while the run is still in progress.

Tekton Triggers

  • Before this update, using a TriggerGroup with multiple triggers and extensions caused a data race and controller panic. With this update, the controller handles multiple triggers without errors.

1.2.5. Deprecated features
Link kopieren

  • The maxRetention parameter in Tekton Results retention agent is deprecated. Use defaultRetention.
  • The chain command is deprecated and will be removed in a future release.

Additional resources

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat