Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version.Release notes for Red Hat Trusted Application Pipeline 1.4
Explore new features in this release and learn about known issues.
Abstract
Preface
The release notes for Red Hat Trusted Application Pipeline summarize new features and enhancements, notable technical changes, features in Technology Preview, bug fixes, known issues, and other related advisories or information.
Chapter 1. About this release
Red Hat Trusted Application Pipeline 1.4 is now generally available. To learn more about support for all versions, refer to the RHTAP life cycle policy.
- To learn more about RHTAP, refer to the About RHTAP product overview.
- To install RHTAP, refer to Installing Red Hat Trusted Application Pipeline.
The products that the RHTAP installer deploys are production ready, but they are sized for a proof of concept or a very small team. For larger teams, manual reconfiguration of the products is most likely necessary and should be done by following procedures documented for each individual product.
Chapter 2. New features and enhancements
This section lists new features and feature enhancements available in Red Hat Trusted Application Pipeline 1.4.
You can now install RHTAP using a single container image
Starting from RHTAP 1.4, we recommend that you install RHTAP via the rhtap-cli container image available through Red Hat Ecosystem Catalog. Compared to the binary-based installation, using the RHTAP container image simplifies the installation process and is fully supported on all operating systems.
Chapter 3. Compatibility and support matrix
3.1. Products and versions
RHTAP installs on OpenShift Container Platform. The cluster where you deploy RHTAP should have the OpenShift Platform Plus subscription, as RHTAP relies on several products available through OpenShift Platform Plus. These products integrate seamlessly with RHTAP and its software templates, and the RHTAP installer automatically deploys them during installation. However, please note that these products are not included with RHTAP.
| OpenShift Platform Plus Product | Version |
|---|---|
| OpenShift Container Platform | 4.15, 4.16, 4.17 |
| OpenShift Pipelines | 1.17 |
| OpenShift GitOps | 1.15 |
| Advanced Cluster Security | 4.6 |
| Quay | 3.13 |
The RHTAP installer also deploys the following products, which form the RHTAP subscription:
| RHTAP Product | Version |
|---|---|
| Red Hat Developer Hub | 1.4 |
| Red Hat Trusted Artifact Signer | 1.1 |
| Red Hat Trusted Profile Analyzer | 1.2 |
| Enterprise Contract | 0.6.104 |
3.2. Red Hat Developer Hub plugins
RHTAP enables a selection of RHDH dynamic plugins to support creation and monitoring of trusted secure supply chain applications. Some of the plugins enabled by RHTAP include Technology Preview and community plugins that may not be functionally complete.
Regardless of the plugins levels of support, pipelines produced by the RHTAP software templates are fully supported and leverage the security features of Trusted Software Supply Chain products and features: Red Hat Trusted Application Signer, Red Hat Trusted Profile Analyzer, and Enterprise Contract.
Technology Preview and community plugins enabled by RHTAP:
| Level of support | Name |
|---|---|
| Technology Preview plugins | JFrog Artifactory |
| Community plugins |
Jenkins |
To learn more about the supported levels of the individual dynamic plugins, refer to the Developer Hub documentation.
Chapter 4. Bug fixes
This section describes bug fixes available in Red Hat Trusted Application Pipeline 1.4.
The KUBECONFIG environment variable is now supported
The RHTAP installer now supports reading the kubeconfig files provided in the KUBECONFIG environment variable. This allows you to use KUBECONFIG to specify a kubeconfig file that should be used when you access the OpenShift cluster. To learn more about the KUBECONFIG variable, refer to the Kubernetes docs on kubeconfig files.
RHTAP now automatically finds the Rekor and TUF services when running Jenkins pipelines
Previously, when you used Jenkins as a CI provider, and your Jenkins instance ran outside the RHTAP cluster, RHTAP couldn’t detect the correct Rekor and TUF URLs and reach these services. As a result, cosign was unable to sign container images, and Jenkins pipelines could fail. To work around this issue, you needed to manually hardcode the external routes for Rekor and TUF in the rhtap/env.sh file.
With this release, updating the rhtap/env.sh file is no longer required. If you prefer, you can still manually hardcode the Rekor and TUF URLs by following instructions in Customizing sample software templates for Jenkins. However, a second option is now available: you can choose to set the REKOR_HOST and TUF_MIRROR environment variables during Jenkins configuration as described in the Configuring Jenkins guide. This will allow Jenkins to reach external Rekor and TUF services.
Setting the REKOR_HOST and TUF_MIRROR CI/CD variables is also supported for GitLab CI and GitHub Actions. For instructions, refer to a corresponding guide:
The Vulnerabilities tab in RHTPA no longer shows an error
Previously, when RHTAP uploaded the SBOM to Red Hat Trusted Profile Analyzer, RHTPA accepted the SBOM but could show Internal server error in the Vulnerabilities tab. The issue is resolved in this release.
Chapter 5. Known issues
This section describes known issues in Red Hat Trusted Application Pipeline 1.4.
Pipeline fails if you create a new Deployment Namespace
When you create a new component with a new Deployment Namespace, the pipeline fails with the error tasks.tekton.dev "rhtap-dev-namespace-setup" not found. To work around this issue, use the default Deployment Namespace called rhtap-app.
View logs and View SBOM icons don’t link to correct information
After a Pipeline Run is finished, you should be able to access the build summary and SBOM by clicking the View logs and View SBOM icons in the Actions menu. However, these icons don’t always show the correct information. To access the correct steps in logs, click either of these two icons, and in the pop-up window with logs, select the step you need: show-sbom or show-summary.
RHDH doesn’t display the Image Registry tab if RHTAP cannot detect your registry type
The Red Hat Developer Hub UI doesn’t display the Image Registry tab on the component’s page if RHTAP is unable to detect which container image registry you’re using. RHTAP analyzes your registry URL to annotate your components, and if that annotation is missing, the tab will not appear in the RHDH UI. To work around this issue, you can manually enable the Image Registry tab.
Jenkins can only use one Git hosting provider
The default Jenkins configuration uses a global credential called GITOPS_AUTH_PASSWORD to authenticate when updating the gitops repository with a newly built image. Because only one such global variable is available, a single Jenkins instance can only be configured to work with one Git repository provider at a time, GitHub, GitLab, or Bitbucket Cloud.
The CI tab displays GitLab CI information for Tekton and Jenkins
When you host source code for your component in GitLab and choose Tekton or Jenkins as a CI provider, the CI tab in the RHDH UI may incorrectly display information about GitLab pipelines together with the Tekton or Jenkins pipelines. Note that if you choose Tekton or Jenkins, RHTAP only runs Tekton or Jenkins pipelines, and the CI tab section about GitLab pipelines should be ignored.
The CD and Docs tabs show an error for the GitOps resource
In the Red Hat Developer Hub UI, the CD and Docs tabs for the GitOps resource don’t generate the expected content and display an error.
The Workflow file in the -gitops repository doesn’t point to secrets
When you create a new component and use GitHub Actions as a CI provider, RHTAP generates a GitHub repository with your component. This repository contains a <your-component-name>-gitops folder with the Workflow file, which should provide a list of environment variables and references to secrets. Currently, only a list of variables is present in the Workflow file.
The task order in the CI templates is incorrect
In the Jenkins, GitLab CI and GitHub Actions templates, the update-deployment task runs after the acs-deploy-check task. This order is unexpected and doesn’t align with the Tekton pipeline configuration.
RHTAP doesn’t support some environments
RHTAP 1.4 does not support the following environments: any air-gapped environment, IBM Power Platform, IBM Z Platform, ARM64, and Federal Information Processing Standards (FIPS) mode OCP.
Uninstallation of RHTAP is not supported
Uninstallation of RHTAP is not currently supported, but it can be done by removing all rhtap namespaces from the cluster.
Revised on 2025-02-06 16:32:22 UTC
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}