▶ [MAJOR] #7082
This change comprises three elements:
D2G now executes tasks under docker rather than podman if the Docker
Worker task has the privileged capability enabled. This should result in
fewer tasks failing due to differences in default behaviour between docker
and podman privileged containers.
D2G generated task scopes are now sorted.
A bug has been fixed where D2G was granting scopes to generated tasks
based on the declared capabilities of the Docker Worker task it was
converting, rather than deriving the target Generic Worker scopes solely
from the original Docker Worker task scopes. This allowed a task with
insufficient scopes under Docker Worker to gain elevated privileges under
Generic Worker.
v65.4.0
USERS
▶ [patch] #7083
Fixes query validation in pagination queries that were throwing 500 InternalServerError instead of 400 InputError
DEVELOPERS
▶ [minor] #7089
Fixes an issue when cancelling a task didn't remove it from the pending queue.
This made worker-manager think there are more pending tasks than there actually were, and create more workers.
v65.3.0
GENERAL
▶ [patch]
Upgrades to node v20.14.0 and go1.22.4 (SECURITY release).
DEPLOYERS
▶ [minor] #7035
Helm chart allows conditional deployment of several resource types:
Secret
ConfigMap
Ingress
ServiceAccount
This might be useful in the deployments that use custom Ingress or manage secrets and configs externally.
Example usage: helm template --values .. --set "skipResourceTypes[0]"=ingress --set "skipResourceTypes[0]"=secert .
▶ [MAJOR] #7082
This change comprises three elements:
D2G now executes tasks under docker rather than podman if the Docker
Worker task has the privileged capability enabled. This should result in
fewer tasks failing due to differences in default behaviour between docker
and podman privileged containers.
D2G generated task scopes are now sorted.
A bug has been fixed where D2G was granting scopes to generated tasks
based on the declared capabilities of the Docker Worker task it was
converting, rather than deriving the target Generic Worker scopes solely
from the original Docker Worker task scopes. This allowed a task with
insufficient scopes under Docker Worker to gain elevated privileges under
Generic Worker.
v65.4.0
USERS
▶ [patch] #7083
Fixes query validation in pagination queries that were throwing 500 InternalServerError instead of 400 InputError
DEVELOPERS
▶ [minor] #7089
Fixes an issue when cancelling a task didn't remove it from the pending queue.
This made worker-manager think there are more pending tasks than there actually were, and create more workers.
v65.3.0
GENERAL
▶ [patch]
Upgrades to node v20.14.0 and go1.22.4 (SECURITY release).
DEPLOYERS
▶ [minor] #7035
Helm chart allows conditional deployment of several resource types:
Secret
ConfigMap
Ingress
ServiceAccount
This might be useful in the deployments that use custom Ingress or manage secrets and configs externally.
Example usage: helm template --values .. --set "skipResourceTypes[0]"=ingress --set "skipResourceTypes[0]"=secert .
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps taskcluster from 64.2.1 to 66.0.0.
Release notes
Sourced from taskcluster's releases.
... (truncated)
Changelog
Sourced from taskcluster's changelog.
... (truncated)
Commits
d782dea
v66.0.01a79fbb
Merge pull request #7092 from taskcluster/issue70822e217d4
Issue 7082 - D2G: use docker (instead of podman) for privileged tasks26776f0
v65.4.0d252029
Merge pull request #7090 from taskcluster/feat/7089-cancelled-tasks-no-pending2d648a6
feat(queue): resolved tasks are removed from pending queue2d83877
Merge pull request #7084 from taskcluster/feat/7083-pagination-query-validation40a9856
feat(api): graceful query handling for pagination150c90a
v65.3.0866d20c
Merge pull request #7079 from taskcluster/issue7076You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show