Tekton Pipelines follows the Tekton community [release policy][release-policy]
as follows:
Versions are numbered according to semantic versioning: vX.Y.Z
A new release is produced on a monthly basis
Four releases a year are chosen for long term support (LTS).
All remaining releases are supported for approximately 1 month (until the next
release is produced)
LTS releases take place in January, April, July and October every year
The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
Releases happen towards the middle of the month, between the 13th and the
20th, depending on week-ends and readiness
Tekton Pipelines produces nightly builds, publicly available on
gcr.io/tekton-nightly.
Transition Process
Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented
support period of four months, which will be maintained for the releases between
v0.37 and v0.40.
Release Process
Tekton Pipeline releases are made of YAML manifests and container images.
Manifests are published to cloud object-storage as well as
[GitHub][tekton-pipeline-releases]. Container images are signed by
[Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be
verified through the [public key][chains-public-key] hosted by the Tekton Chains
project.
Further documentation available:
The Tekton Pipeline [release process][tekton-releases-docs]
[Installing Tekton][tekton-installation]
Standard for [release notes][release-notes-standards]
I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
This pull-request has been approved by:
To complete the pull request process, please assign lcarva after the PR has been reviewed.
You can assign the PR to them by writing /assign @lcarva in a comment when ready.
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
- **[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)**
Approvers can indicate their approval by writing `/approve` in a comment
Approvers can cancel approval by writing `/approve cancel` in a comment
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
Bumps the all group with 13 updates:
1.38.0
1.39.1
2.2.2
2.2.3
1.8.1
1.8.2
1.8.1
1.8.2
1.8.1
1.8.2
1.8.1
1.8.2
1.8.1
1.8.2
1.8.4
1.9.0
0.56.1
0.57.0
1.26.0
1.27.0
0.19.0
0.20.0
1.61.1
1.62.0
1.32.0
1.33.0
Updates
cloud.google.com/go/storage
from 1.38.0 to 1.39.1Release notes
Sourced from cloud.google.com/go/storage's releases.
Commits
71dc4c6
chore(main): release storage 1.39.1 (#9524)ae7dc65
chore(apphub): add config to generate apiv1 (#9550)50fcc6e
chore(main): release bigtable 1.22.0 (#9551)74dcd1f
chore(securitycenter): add config to generate apiv2 (#9549)3f4d7c2
chore(cloudcontrolspartner): add config to generate apiv1 (#9548)48614ab
chore(bigtable): release 1.22.0 (#9547)511d9b2
fix(vertexai): clarify Client.GenerativeModel documentation (#9533)f0a2781
chore: re-drop weak refs to parent modules and tag (#9545)bdf2f17
chore(main): release auth 0.1.1 (#8920)9b97ce7
feat(spanner/spansql): support Table rename & Table synonym (#9275)Updates
github.com/sigstore/cosign/v2
from 2.2.2 to 2.2.3Release notes
Sourced from github.com/sigstore/cosign/v2's releases.
Changelog
Sourced from github.com/sigstore/cosign/v2's changelog.
Commits
493e6e2
Add changelog for v2.2.3 (#3513)628df78
chore(deps): bump cpanato/vault-installer from 0.0.2 to 1.0.0 (#3510)7be8de0
chore(deps): bump google.golang.org/api from 0.157.0 to 0.159.0 (#3508)554015c
chore(deps): bump the actions group with 3 updates (#3509)8395d97
chore(deps): bump github.com/go-openapi/runtime from 0.26.2 to 0.27.1 (#3507)1c90a3a
chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#3505)3f20bde
chore(deps): bump github.com/buildkite/agent/v3 from 3.61.0 to 3.62.0 (#3506)5d79ebf
chore(deps): bump the gomod group with 2 updates (#3504)381c657
fix cross test (#3502)a445167
Fix CI test failing (#3501)Updates
github.com/sigstore/sigstore
from 1.8.1 to 1.8.2Release notes
Sourced from github.com/sigstore/sigstore's releases.
Commits
01aee87
build(deps): Bump the all group with 2 updates (#1647)7dd77e3
build(deps): Bump the all group with 2 updates (#1640)8f9b512
build(deps): Bump the all group (#1641)2cbe097
fix: adds TSA URI for customMetadata. (#1646)0bfcc5b
build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 updatefbeebcb
build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates0e830c5
Add support for autoclosing oauth flow window (#1618)b80197f
build(deps): Bump the all group7664feb
build(deps): Bump the all group with 1 update44c6e90
build(deps): Bump the all group in /pkg/signature/kms/aws with 5 updatesUpdates
github.com/sigstore/sigstore/pkg/signature/kms/aws
from 1.8.1 to 1.8.2Release notes
Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.
Commits
01aee87
build(deps): Bump the all group with 2 updates (#1647)7dd77e3
build(deps): Bump the all group with 2 updates (#1640)8f9b512
build(deps): Bump the all group (#1641)2cbe097
fix: adds TSA URI for customMetadata. (#1646)0bfcc5b
build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 updatefbeebcb
build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates0e830c5
Add support for autoclosing oauth flow window (#1618)b80197f
build(deps): Bump the all group7664feb
build(deps): Bump the all group with 1 update44c6e90
build(deps): Bump the all group in /pkg/signature/kms/aws with 5 updatesUpdates
github.com/sigstore/sigstore/pkg/signature/kms/azure
from 1.8.1 to 1.8.2Release notes
Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.
Commits
01aee87
build(deps): Bump the all group with 2 updates (#1647)7dd77e3
build(deps): Bump the all group with 2 updates (#1640)8f9b512
build(deps): Bump the all group (#1641)2cbe097
fix: adds TSA URI for customMetadata. (#1646)0bfcc5b
build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 updatefbeebcb
build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates0e830c5
Add support for autoclosing oauth flow window (#1618)b80197f
build(deps): Bump the all group7664feb
build(deps): Bump the all group with 1 update44c6e90
build(deps): Bump the all group in /pkg/signature/kms/aws with 5 updatesUpdates
github.com/sigstore/sigstore/pkg/signature/kms/gcp
from 1.8.1 to 1.8.2Release notes
Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.
Commits
01aee87
build(deps): Bump the all group with 2 updates (#1647)7dd77e3
build(deps): Bump the all group with 2 updates (#1640)8f9b512
build(deps): Bump the all group (#1641)2cbe097
fix: adds TSA URI for customMetadata. (#1646)0bfcc5b
build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 updatefbeebcb
build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates0e830c5
Add support for autoclosing oauth flow window (#1618)b80197f
build(deps): Bump the all group7664feb
build(deps): Bump the all group with 1 update44c6e90
build(deps): Bump the all group in /pkg/signature/kms/aws with 5 updatesUpdates
github.com/sigstore/sigstore/pkg/signature/kms/hashivault
from 1.8.1 to 1.8.2Release notes
Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.
Commits
01aee87
build(deps): Bump the all group with 2 updates (#1647)7dd77e3
build(deps): Bump the all group with 2 updates (#1640)8f9b512
build(deps): Bump the all group (#1641)2cbe097
fix: adds TSA URI for customMetadata. (#1646)0bfcc5b
build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 updatefbeebcb
build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates0e830c5
Add support for autoclosing oauth flow window (#1618)b80197f
build(deps): Bump the all group7664feb
build(deps): Bump the all group with 1 update44c6e90
build(deps): Bump the all group in /pkg/signature/kms/aws with 5 updatesUpdates
github.com/stretchr/testify
from 1.8.4 to 1.9.0Release notes
Sourced from github.com/stretchr/testify's releases.
... (truncated)
Commits
bb548d0
Merge pull request #1552 from stretchr/dependabot/go_modules/github.com/stret...814075f
build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2e045612
Merge pull request #1339 from bogdandrutu/uintptr5b6926d
Merge pull request #1385 from hslatman/not-implements9f97d67
Merge pull request #1550 from stretchr/release-notesbcb0d3f
Include the auto-release notes in releasesfb770f8
Merge pull request #1247 from ccoVeille/typos85d8bb6
fix typos in comments, tests and github templatese2741fa
Merge pull request #1548 from arjunmahishi/msgAndArgs6e59f20
http_assertions: assert that the msgAndArgs actually works in testsUpdates
github.com/tektoncd/pipeline
from 0.56.1 to 0.57.0Release notes
Sourced from github.com/tektoncd/pipeline's releases.
... (truncated)
Changelog
Sourced from github.com/tektoncd/pipeline's changelog.
... (truncated)
Commits
d714545
Isolate new env nightly feature flag testf3d4fe6
chore(deps): bump github/codeql-action from 3.24.0 to 3.24.33d1ec13
chore(deps): bump tj-actions/changed-files from 42.0.2 to 42.0.460dde23
chore(deps): bump github.com/opencontainers/image-spec1f44652
chore(deps): bump github.com/google/cel-go from 0.19.0 to 0.20.0e160b59
chore(deps): bump k8s.io/client-go123f4a2
Update e2e-test script for per feature flag test73bac5a
Fix typo in publish taskfd17c74
wait for a given duration in case of imagePullBackOff9fd9383
Patch Release v0.56.1Updates
go.uber.org/zap
from 1.26.0 to 1.27.0Release notes
Sourced from go.uber.org/zap's releases.
Changelog
Sourced from go.uber.org/zap's changelog.
Commits
fcf8ee5
Release v1.27.0 (#1419)e5a56ee
Add WithPanicHook logger option for panic log tests (#1416)0e2aa4e
assets: Fix logo color profile (#1418)956a21c
Add methods for logging with level as argument (#1406)2a893f6
build(deps): bump golangci/golangci-lint-action from 3 to 4 (#1417)e5745d6
ci: Test with Go 1.22 (#1409)7db06bc
zapslog: rename Option to HandlerOption (#1411)35ded09
zapslog: fix all with slogtest, support inline group, ignore empty group. (#1...27b96e3
Make zaptest.NewTestingWriter public (#1399)70f61bb
zapslog: Bump zap from v1.24.0 to v1.26.0 (#1404)Updates
golang.org/x/crypto
from 0.19.0 to 0.20.0Commits
0aab8d0
all: update go.mod x/net dependency5bead59
ocsp: don't use iota for externally defined constants1a86580
x/crypto/internal/poly1305: improve sum_ppc64le.s1c981e6
ssh/test: don't use DSA keys in integrations tests, update test RSA key62c9f17
x509roots/nss: manually exclude a confusingly constrained rootUpdates
google.golang.org/grpc
from 1.61.1 to 1.62.0Release notes
Sourced from google.golang.org/grpc's releases.
Hi @dependabot[bot]. Thanks for your PR.
I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with
/ok-to-test
on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.Once the patch is verified, the new status will be reflected by the
ok-to-test
label.I understand the commands that are listed here.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: To complete the pull request process, please assign lcarva after the PR has been reviewed. You can assign the PR to them by writing
/assign @lcarva
in a comment when ready.The full list of commands accepted by this bot can be found here.
@dependabot[bot]: The following tests failed, say
/retest
to rerun all failed tests or/retest-required
to rerun all mandatory failed tests:/test pull-tekton-chains-unit-tests
/test pull-tekton-chains-build-tests
/test pull-tekton-chains-integration-tests
Full PR test history. Your PR dashboard.
Looks like these dependencies are updatable in another way, so this is no longer needed.