Questo contenuto non è disponibile nella lingua selezionata.
Chapter 1. Red Hat OpenShift Pipelines release notes
For additional information about the OpenShift Pipelines lifecycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.
Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift Pipelines releases on OpenShift Container Platform.
Red Hat OpenShift Pipelines is a cloud-native CI/CD experience based on the Tekton project which provides:
- Standard Kubernetes-native pipeline definitions (CRDs).
- Serverless pipelines with no CI server management overhead.
- Extensibility to build images using any Kubernetes tool, such as S2I, Buildah, JIB, and Kaniko.
- Portability across any Kubernetes distribution.
- Powerful CLI for interacting with pipelines.
- Integrated user experience with the Developer perspective of the OpenShift Container Platform web console.
For an overview of Red Hat OpenShift Pipelines, see Understanding OpenShift Pipelines.
1.1. Compatibility and support matrix
Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.
In the table, features are marked with the following statuses:
TP | Technology Preview |
GA | General Availability |
Red Hat OpenShift Pipelines Version | Component Version | OpenShift Version | Support Status | |||||||
---|---|---|---|---|---|---|---|---|---|---|
Operator | Pipelines | Triggers | CLI | Chains | Hub | Pipelines as Code | Results | Manual Approval Gate | ||
1.17 | 0.65.x | 0.30.x | 0.39.x | 0.23.x (GA) | 1.19.x (TP) | 0.29.x (GA) | 0.13.x (TP) | 0.4.x (TP) | 4.15, 4.16, 4.17 | GA |
1.16 | 0.62.x | 0.29.x | 0.38.x | 0.22.x (GA) | 1.18.x (TP) | 0.28.x (GA) | 0.12.x (TP) | 0.3.x (TP) | 4.15, 4.16, 4.17 | GA |
1.15 | 0.59.x | 0.27.x | 0.37.x | 0.20.x (GA) | 1.17.x (TP) | 0.27.x (GA) | 0.10.x (TP) | 0.2.x (TP) | 4.14, 4.15, 4.16 | GA |
1.14 | 0.56.x | 0.26.x | 0.35.x | 0.20.x (GA) | 1.16.x (TP) | 0.24.x (GA) | 0.9.x (TP) | NA | 4.12, 4.13, 4.14, 4.15, 4.16 | GA |
For questions and feedback, you can send an email to the product team at pipelines-interest@redhat.com.
1.2. Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
1.3. Release notes for Red Hat OpenShift Pipelines General Availability 1.17
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.17 is available on OpenShift Container Platform 4.15 and later versions.
1.3.1. New features
In addition to fixes and stability improvements, the following sections highlight what is new in Red Hat OpenShift Pipelines 1.17:
1.3.1.1. Pipelines
With this release, you can configure multiple Git providers by using the Git resolver, or you can add multiple configurations for the same Git provider, in the
TektonConfig
custom resource (CR). You can then specify a Git configuration to use in different task runs and pipeline runs by using theconfigKey
parameter.Example of multiple Git provider configurations
apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: # ... pipeline: git-resolver-config: # configuration 1 fetch-timeout: "1m" default-url: "https://github.com/tektoncd/catalog.git" default-revision: "main" scm-type: "github" server-url: "" api-token-secret-name: "" api-token-secret-key: "" api-token-secret-namespace: "default" default-org: "" # configuration 2 test1.fetch-timeout: "5m" test1.default-url: "" test1.default-revision: "stable" test1.scm-type: "github" test1.server-url: "api.internal-github.com" test1.api-token-secret-name: "test1-secret" test1.api-token-secret-key: "token" test1.api-token-secret-namespace: "test1" test1.default-org: "tektoncd" # configuration 3 test2.fetch-timeout: "10m" test2.default-url: "" test2.default-revision: "stable" test2.scm-type: "gitlab" test2.server-url: "api.internal-gitlab.com" test2.api-token-secret-name: "test2-secret" test2.api-token-secret-key: "pat" test2.api-token-secret-namespace: "test2" test2.default-org: "tektoncd-infra" # ...
Example of using a
test1
configuration in a pipeline runapiVersion: tekton.dev/v1 kind: PipelineRun metadata: name: example spec: pipelineRef: resolver: git params: # ... - name: configKey value: test1 # ...
With this update, you can now monitor the running
PipelineRun
resources at the namespace, pipeline, and pipeline run level, in addition to the cluster level. You can configure the level through theTektonConfig
custom resource by setting themetrics.running-pipelinerun.level
parameter value tonamespace
,pipeline
, orpipelinerun
. The default value is empty, which sets the monitoring at cluster level.Example of monitoring the running pipeline run at the namespace level
apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: pipeline: # ... metrics.running-pipelinerun.level: namespace # ...
-
With this update, after the execution of a pipeline run or task run, the YAML manifest of the resource contains a label showing the ID of the user who executed it. For a
PipelineRun
resource, the label istekton.dev/PipelineRunUID
. For aTaskRun
resource, the label istekton.dev/TaskRunUID
. -
With this update, when you use the
spec.pipeline.performance
spec in theTektonConfig
CR to specify performance tuning values such asthreads-per-controller
,kube-api-qps
, andkube-api-burst
, OpenShift Pipelines applies these values to the resolver controller as well as the other controllers.
1.3.1.2. Operator
With this update, you can run the
skopeo-copy
command with additional arguments, for example,--all
and--preserve-digests
. You can pass these arguments as a space-separated string, as shown in the following example:Example command
$ tkn task start skopeo-copy -p ARGS="--all --preserve-digests"
- With this update, OpenShift Pipelines applies the ephemeral volume setting of any security context constraint (SCC) that you apply to a pipeline or task.
1.3.1.3. Pipelines as Code
-
With this update, the
pipelines_as_code_running_pipelineruns_count
metric is added to show the number of runningPipelineRun
resources in Pipelines as Code. The metric can be filtered by repository or by namespace. -
With this update, the
pipelines_as_code_pipelinerun_duration_seconds_sum
metric is added to show the total duration in seconds taken by allPipelineRun
resources in Pipelines as Code. The metric can be filtered by repository, namespace,PipelineRun
status, andPipelineRun
status change reason.
1.3.1.4. Tekton Results
With this update, you can configure Tekton Results to include certain labels and annotations from the YAML manifests of pipelines and tasks in the
summary fields
column in the results tables. By default, the value of thetekton.dev/pipeline
label is used. To make this change, modify theTektonResult
CR as shown in the following example:Example of configuring summary labels and annotations in the
TektonResult
CRapiVersion: operator.tekton.dev/v1 kind: TektonResult metadata: name: result spec: options: deployments: tekton-results-watcher: spec: template: spec: containers: - name: watcher args: - "--summary_labels=org.tekton.sample_label,tekton.dev/pipeline" - "--summary_annotations=org.tekton.sample_annotation"
1.3.1.5. Tekton Chains
With this update, you can configure the
TektonConfig
custom resource (CR) to generate thex509
key pair of theecdsa
type and use it with Tekton Chains to sign artifacts. You can generate the key pair by setting thegenerateSigningSecret
field in theTektonConfig
custom resource (CR) totrue
:Example of creating an
ecdsa
key pairapiVersion: operator.tekton.dev/v1 kind: TektonConfig metadata: name: config spec: # ... chain: disabled: false generateSigningSecret: true # ...
Before this update, if you did not configure Tekton Chains in the
TektonConfig
CR, the Operator would not pass any default Chains configuration. With this update, if you do not configure Tekton Chains in theTektonConfig
CR, the Operator sets the Tekton Chains configuration with these default properties:apiVersion: operator.tekton.dev/v1 kind: TektonConfig metadata: name: config spec: # ... chain: artifacts.taskrun.format: in-toto artifacts.taskrun.storage: oci artifacts.oci.storage: oci artifacts.oci.format: simplesigning artifacts.pipelinerun.format: in-toto artifacts.pipelinerun.storage: oci # ...
-
With this update, Tekton Chains now supports extracting the
mongo-server-url
URL from a specified file that can have any name. You can now use thestorage.docdb.mongo-server-url-path
parameter pointing to a valid file path within the container.
1.3.2. Breaking changes
With this update, the deprecated
ClusterTask
resource is removed from the Operator. As an alternative, you can use the cluster resolver to access tasks that OpenShift Pipelines installs in theopenshift-pipelines
namespace.ImportantBefore upgrading to OpenShift Pipelines 1.17, if you configured any pipelines that use
ClusterTask
resources, you must edit them to use the tasks in theopenshift-pipelines
namespace. Otherwise, after the upgrade, the pipelines will fail.For more information about using the tasks in the
openshift-pipelines
namespace, see Tasks provided in the OpenShift Pipelines namespace.With this update, the community cluster tasks are removed from the Operator. As an alternative, you can download them from the Tekton catalog (GitHub resource). The community cluster tasks are planned to be added as tasks in a future release. The following list shows the removed community cluster tasks:
-
argocd-task-sync-and-wait
-
git-cli
-
helm-upgrade-from-repo
-
helm-upgrade-from-source
-
jib-maven
-
kubeconfig-creator
-
pull-request
-
trigger-jenkins-job
-
1.3.3. Fixed issues
- With this update, the Pipelines as Code controller no longer processes the GitLab push event if the push event payload contains no commit. Instead, it correctly displays an error message warning the user that no commit is attached.
- With this update, the Pipelines as Code controller no longer processes the GitLab tag delete event, which caused the controller to crash. Instead, it correctly displays an error message warning the user that deleting the tag event is not supported.
-
Before this update, some of the standard variables, header values, and body fields, for example the
body.eventKey
field, were not being resolved inPipelineRun
resources for the Bitbucket server. With this update, the issue is fixed. -
With this update, the
skopeo-copy
task supports copying multiple images by using theurl.txt
file if theSOURCE_IMAGE_URL
andDESTINATION_IMAGE_URL
parameters are left empty. -
Before this update, running the
tkn pac create repo
command on an empty repository resulted in the.
period symbol being generated as the name of the pipeline run in the template. With this update, the issue is fixed, and theREPO_NAME.git
is now used as the pipeline run name. -
With this update, the pipeline run failure handling is fixed to accurately report validation failures in the
status.message
field and consistently triggerfinally
tasks, even if a task fails the validation. - Before this update, when a pod failed because of an out-of-memory error, the task run did not immediately fail. Instead, it was unresponsive for some time and then failed. With this update, the task run immediately fails.
-
Before this update, if a
CustomRun
resource referred to a pipeline or task resource that returned an array as a result, a result type mismatch was reported in the log. With this update, the array result is processed correctly. -
Before this update, when a task run failed, in some cases the statuses of some of the steps in the task were not recorded correctly in the
TaskRun
YAML manifest. With this update, the statuses are correctly recorded. - Before this update, if a step in a task failed, the subsequent steps were sometimes not marked as skipped in the YAML manifest of the task run or pipeline run. With this update, the steps are marked as skipped. c
-
Before this update, if a pipeline run included a task that failed validation, a subsequent
finally
task did not run, even though it is expected to run after any failures of the previous tasks. With this update, thefinally
task runs. -
Before this update, when using Pipelines as Code with GitLab, if the
.tekton
directory contained more than 20 files, some pipeline runs failed to start. With this update, the pipeline runs start correctly. - Before this update, when using Pipelines as Code with BitBucket, an incorrect payload in a BitBucket event could cause the Pipelines as Code controller to crash. With this update, the controller does not crash, validates payload before processing it, and correctly reports the error.
- Before this update, when using Pipelines as Code, when you deleted a pipeline run before it was completed, temporary Git authentication secrets remained in the OpenShift Container Platform namespace. Because of this issue, the quota for secrets could be reached, and in this case new pipeline runs failed to start. With this update, Pipelines as Code deletes temporary secrets properly.
-
Before this update, when using Pipelines as Code with BitBucket, tag-related events were not matched when a pipeline run was configured for
on-target-branch
, for example:on-target-branch: [refs/tags/*]
. This happened because the BitBucket events payload related to a tag does not contain arefs/tags
prefix. With this update, Pipelines as Code matches the tag events correctly. - Before this update, when a task run was canceled, Tekton Chains did not record the specification of the task. With this update, Tekton Chains records the specification of the task.
-
Before this update, in Tekton Chains, the recorded steps in the specification of a task (
TaskRun.Status.steps
) could mismatch, even when the task run properly executed all steps in the task. With this update, the steps in the task specification and the steps executed in the task run are recorded correctly. - Before this update, when a pipeline run ended because of a timeout, the log output sometimes contained error messages that were not valid and the status of the pipeline run was not reported correctly. With this update, such messages do not appear in the log and the status is reported correctly.
- Before this update, when you specified a workspace to be mounted in one or several steps of a task, OpenShift Pipelines mounted the workspace for all steps in the task. With this update, the workspace is mounted only in the steps where it is specified.
- Before this update, when using Pipelines as Code, if the OpenShift Container Platform cluster was very busy, some pipeline runs failed to execute because the concurrency queue was out of order and Pipelines as Code did not recover properly. With this update, Pipelines as Code properly manages the concurrency queue and executes all pipeline runs.
-
Before this update, if you specified default container resource requirements in the
TektonConfig
CR and then applied aLimitRange
setting to a pipeline or task, theLimitRange
setting was sometimes not applied because the default requirements overrode it. With this update, theLimitRange
setting overrides the default container resource requirements. -
Before this update, if a pipeline run or task run failed to execute because of a validation error, OpenShift Pipelines recorded and displayed a generic
Failed
status for the pipeline run or task run. With this update, OpenShift Pipelines records aFailed Validation
status. -
Before this update, when you used the
tkn bundle
command to read the content of a large-sized Tekton bundle, the command might fail. With this update, thetkn
command-line utilities correctly handles large Tekton bundles. -
Before this update, when you used the
tkn
command-line utility to view a completed pipeline run, tasks that were skipped because of conditions you set up in the pipeline were displayed asSucceeded(Completed)
. With this update, they are no longer displayed as completed.