Chapter 1. Red Hat OpenShift Pipelines release notes
For additional information about the OpenShift Pipelines lifecycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.
Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift Pipelines releases on OpenShift Container Platform.
Red Hat OpenShift Pipelines is a cloud-native CI/CD experience based on the Tekton project which provides:
- Standard Kubernetes-native pipeline definitions (CRDs).
- Serverless pipelines with no CI server management overhead.
- Extensibility to build images using any Kubernetes tool, such as S2I, Buildah, JIB, and Kaniko.
- Portability across any Kubernetes distribution.
- Powerful CLI for interacting with pipelines.
- Integrated user experience with the Developer perspective of the OpenShift Container Platform web console.
For an overview of Red Hat OpenShift Pipelines, see Understanding OpenShift Pipelines.
1.1. Compatibility and support matrix
Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.
In the table, features are marked with the following statuses:
| TP | Technology Preview |
| GA | General Availability |
| Red Hat OpenShift Pipelines Version | Component Version | OpenShift Version | Support Status | |||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Operator | Pipelines | Triggers | CLI | Chains | Hub | Pipelines as Code | Results | Manual Approval Gate | ||
| 1.17 | 0.65.x | 0.30.x | 0.39.x | 0.23.x (GA) | 1.19.x (TP) | 0.29.x (GA) | 0.13.x (TP) | 0.4.x (TP) | 4.15, 4.16, 4.17 | GA |
| 1.16 | 0.62.x | 0.29.x | 0.38.x | 0.22.x (GA) | 1.18.x (TP) | 0.28.x (GA) | 0.12.x (TP) | 0.3.x (TP) | 4.15, 4.16, 4.17 | GA |
| 1.15 | 0.59.x | 0.27.x | 0.37.x | 0.20.x (GA) | 1.17.x (TP) | 0.27.x (GA) | 0.10.x (TP) | 0.2.x (TP) | 4.14, 4.15, 4.16 | GA |
| 1.14 | 0.56.x | 0.26.x | 0.35.x | 0.20.x (GA) | 1.16.x (TP) | 0.24.x (GA) | 0.9.x (TP) | NA | 4.12, 4.13, 4.14, 4.15, 4.16 | GA |
For questions and feedback, you can send an email to the product team at pipelines-interest@redhat.com.
1.2. Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
1.3. Release notes for Red Hat OpenShift Pipelines General Availability 1.17
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.17 is available on OpenShift Container Platform 4.15 and later versions.
1.3.1. New features
In addition to fixes and stability improvements, the following sections highlight what is new in Red Hat OpenShift Pipelines 1.17:
1.3.1.1. Pipelines
With this release, you can configure multiple Git providers by using the Git resolver, or you can add multiple configurations for the same Git provider, in the
TektonConfigcustom resource (CR). You can then specify a Git configuration to use in different task runs and pipeline runs by using theconfigKeyparameter.Example of multiple Git provider configurations
apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: # ... pipeline: git-resolver-config: # configuration 1 fetch-timeout: "1m" default-url: "https://github.com/tektoncd/catalog.git" default-revision: "main" scm-type: "github" server-url: "" api-token-secret-name: "" api-token-secret-key: "" api-token-secret-namespace: "default" default-org: "" # configuration 2 test1.fetch-timeout: "5m" test1.default-url: "" test1.default-revision: "stable" test1.scm-type: "github" test1.server-url: "api.internal-github.com" test1.api-token-secret-name: "test1-secret" test1.api-token-secret-key: "token" test1.api-token-secret-namespace: "test1" test1.default-org: "tektoncd" # configuration 3 test2.fetch-timeout: "10m" test2.default-url: "" test2.default-revision: "stable" test2.scm-type: "gitlab" test2.server-url: "api.internal-gitlab.com" test2.api-token-secret-name: "test2-secret" test2.api-token-secret-key: "pat" test2.api-token-secret-namespace: "test2" test2.default-org: "tektoncd-infra" # ...Example of using a
test1configuration in a pipeline runapiVersion: tekton.dev/v1 kind: PipelineRun metadata: name: example spec: pipelineRef: resolver: git params: # ... - name: configKey value: test1 # ...With this update, you can now monitor the running
PipelineRunresources at the namespace, pipeline, and pipeline run level, in addition to the cluster level. You can configure the level through theTektonConfigcustom resource by setting themetrics.running-pipelinerun.levelparameter value tonamespace,pipeline, orpipelinerun. The default value is empty, which sets the monitoring at cluster level.Example of monitoring the running pipeline run at the namespace level
apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: pipeline: # ... metrics.running-pipelinerun.level: namespace # ...
1.3.1.2. Operator
With this update, you can run the
skopeo-copycommand with additional arguments, for example,--alland--preserve-digests. You can pass these arguments as a space-separated string, as shown in the following example:Example command
$ tkn task start skopeo-copy -p ARGS="--all --preserve-digests"
1.3.1.3. Pipelines as Code
-
With this update, the
pipelines_as_code_running_pipelineruns_countmetric is added to show the number of runningPipelineRunresources in Pipelines as Code. The metric can be filtered by repository or by namespace. -
With this update, the
pipelines_as_code_pipelinerun_duration_seconds_summetric is added to show the total duration in seconds taken by allPipelineRunresources in Pipelines as Code. The metric can be filtered by repository, namespace,PipelineRunstatus, andPipelineRunstatus change reason.
1.3.1.4. Tekton Chains
With this update, you can configure the
TektonConfigcustom resource (CR) to generate thex509key pair of theecdsatype and use it with Tekton Chains to sign artifacts. You can generate the key pair by setting the thegenerateSigningSecretfield in theTektonConfigcustom resource (CR) totrue:Example of creating an
ecdsakey pairapiVersion: operator.tekton.dev/v1 kind: TektonConfig metadata: name: config spec: # ... chain: disabled: false generateSigningSecret: true # ...Before this update, if you did not configure Tekton Chains in the
TektonConfigCR, the Operator would not pass any default Chains configuration. With this update, if you do not configure Tekton Chains in theTektonConfigCR, the Operator sets the Tekton Chains configuration with these default properties:apiVersion: operator.tekton.dev/v1 kind: TektonConfig metadata: name: config spec: # ... chain: artifacts.taskrun.format: in-toto artifacts.taskrun.storage: oci artifacts.oci.storage: oci artifacts.oci.format: simplesigning artifacts.pipelinerun.format: in-toto artifacts.pipelinerun.storage: oci # ...-
With this update, Tekton Chains now supports extracting the
mongo-server-urlURL from a specified file that can have any name. You can now use thestorage.docdb.mongo-server-url-pathparameter pointing to a valid file path within the container.
1.3.2. Breaking changes
With this update, the deprecated
ClusterTaskresource is removed from the Operator. As an alternative, you can use the cluster resolver to access tasks that OpenShift Pipelines installs in theopenshift-pipelinesnamespace.ImportantBefore upgrading to OpenShift Pipelines 1.17, if you configured any pipelines that use
ClusterTaskresources, you must edit them to use the tasks in theopenshift-pipelinesnamespace. Otherwise, after the upgrade, the pipelines will fail.For more information about using the tasks in the
openshift-pipelinesnamespace, see Tasks provided in the OpenShift Pipelines namespace.With this update, the community cluster tasks are removed from the Operator. As an alternative, you can download them from the Tekton catalog (GitHub resource). The community cluster tasks are planned to be added as tasks in a future release. The following list shows the removed community cluster tasks:
-
argocd-task-sync-and-wait -
git-cli -
helm-upgrade-from-repo -
helm-upgrade-from-source -
jib-maven -
kubeconfig-creator -
pull-request -
trigger-jenkins-job
-
1.3.3. Fixed issues
- With this update, the Pipelines as Code controller no longer processes the GitLab push event if the push event payload contains no commit. Instead, it correctly displays an error message warning the user that no commit is attached.
- With this update, the Pipelines as Code controller no longer processes the GitLab tag delete event, which caused the controller to crash. Instead, it correctly displays an error message warning the user that deleting the tag event is not supported.
-
Before this update, some of the standard variables, header values, and body fields, for example the
body.eventKeyfield, were not being resolved inPipelineRunresources for the Bitbucket server. With this update, the issue is fixed. -
With this update, the
skopeo-copytask supports copying multiple images by using theurl.txtfile if theSOURCE_IMAGE_URLandDESTINATION_IMAGE_URLparameters are left empty. -
Before this update, running the
tkn pac create repocommand on an empty repository resulted in the.period symbol being generated as the name of the pipeline run in the template. With this update, the issue is fixed, and theREPO_NAME.gitis now used as the pipeline run name. -
With this update, the pipeline run failure handling is fixed to accurately report validation failures in the
status.messagefield and consistently triggerfinallytasks, even if a task fails the validation.
