Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pull in upstream changes #5

Merged
merged 21 commits into from
Feb 17, 2022
Merged

pull in upstream changes #5

merged 21 commits into from
Feb 17, 2022

Commits on Feb 11, 2022

  1. cleanup - ApplyContext parameters 

    Instead of passing around the entire resolvedTaskResources, which is not
necessary at this point, just pass the task name.

No functional changes expected.
    @pritidesai @tekton-robot
    pritidesai authored and tekton-robot committed Feb 11, 2022
    Configuration menu
    Copy the full SHA
    78ef509 View commit details
    Browse the repository at this point in the history

  2. use podtemplate imagepullsecrets to resolve entrypoint

    @Yongxuanzhang @tekton-robot
    Yongxuanzhang authored and tekton-robot committed Feb 11, 2022
    Configuration menu
    Copy the full SHA
    c6bdf38 View commit details
    Browse the repository at this point in the history

Commits on Feb 14, 2022

  1. Update write_test.go 

    Fixed a typo
    @anu-baskar @tekton-robot
    anu-baskar authored and tekton-robot committed Feb 14, 2022
    Configuration menu
    Copy the full SHA
    e9c2e30 View commit details
    Browse the repository at this point in the history

  2. Fix links to Why Aren't PipelineResources in Beta? 

    Links to the "Why Aren't PipelineResources in Beta?" section in the docs
should have `aren-t` in the fragment instead of `arent`. This can be
confirmed by clicking the link icon beside the heading and checking the
browser address bar.
    @AlanGreene @tekton-robot
    AlanGreene authored and tekton-robot committed Feb 14, 2022
    Configuration menu
    Copy the full SHA
    b584225 View commit details
    Browse the repository at this point in the history

  3. Fix tekton_pipelines_controller_taskrun_count recount bug 

    Added before and after condition check to avoid taskrun metrics recount bug.
    @khrm @tekton-robot
    khrm authored and tekton-robot committed Feb 14, 2022
    Configuration menu
    Copy the full SHA
    1375219 View commit details
    Browse the repository at this point in the history

Commits on Feb 16, 2022

  1. debug is an alpha feature 

    Documenting that the debug feature is still alpha. The feature was
introduced in pipelines release 0.26 behind enable-api-fields flag.
    @pritidesai @tekton-robot
    pritidesai authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    7855cb7 View commit details
    Browse the repository at this point in the history

  2. Consider osversion when determining platform uniqueness 

    Prior to this change, an image (such as `golang:1.17`) that provided two
images that shared the same OS+architecture+variant would be considered
invalid, even if they described two different images whose platforms
differed on, for example, osversion (used by Windows images).

This change relaxes our platform uniqueness logic to take this into
account, unblocking Linux users from running such images.

There's still an issue for Windows users however, since when they
attempt to run these images they'll fail to find the correct command
taking into account their osversion. Workarounds in this case include
specifying a single-platform image, or avoiding multi-platform images
that provide two Windows images differing only by osversion.

This also updates our selection logic to take into account slightly
malformed multi-platform images that specify two images with the same
OS+architecture[+variant], so long as the duplicate entries describe the
same image by digest (e.g., anchore/syft:v0.37.10)
    @imjasonh @tekton-robot
    imjasonh authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    99d777e View commit details
    Browse the repository at this point in the history

  3. [TEP-0059] Scope when expressions to Task only 

    In [TEP-0007: Conditions Beta][tep-0007], we introduced `when`
expressions to guard execution of `Tasks` in `Pipelines`.
To align with `Conditions`, we set scope of `when` expressions
to the guarded `Task` and its dependent `Tasks`.

In [TEP-0059: Skipping Strategies][tep-0059], we proposed changing
the scope of `when` expressions to the guarded `Task` only. This
was implemented in tektoncd#4085.
We provided a feature flag, `scope-when-expressions-to-task`, to
support migration. It defaulted to `false` for 9 months per our
[Beta API compatibility policy][policy], meaning that we continued
to guard the `Task` and its dependent `Tasks`. In this change, we
flip the flag to `true` to guard the `Task` only by default.

[tep-0007]: https:/tektoncd/community/blob/main/teps/0007-conditions-beta.md
[tep-0059]: https:/tektoncd/community/blob/main/teps/0059-skipping-strategies.md
[policy]: https:/tektoncd/pipeline/blob/main/api_compatibility_policy.md
    @jerop @tekton-robot
    jerop authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    62c9b0d View commit details
    Browse the repository at this point in the history

  4. Update the scope-when-expressions-to-task feature flag docs 

    In tektoncd#4580, we changed the
flag default from "false" to "true". However, the documentation
above the flag was still describing what setting it to "true" would
do. In this change, we update the documentation to focus on the
non-default option that users can choose to set - "false". We also
add a reference to TEP-0059 and relevant docs for more details.
    @jerop @tekton-robot
    jerop authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    8aee705 View commit details
    Browse the repository at this point in the history

  5. Patch temp GOPATH hack script to handle nounset option 

    Prior to this commit the setup-temporary-gopath.sh used the GOPATH variable without
first checking that it was set. When `set -o nounset` is working this
causes the script to exit with an error.

This commit adds a variable wrapping $GOPATH and setting a default if
it's missing, which should work around the `nounset`.
    @tekton-robot
    Scott authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    9e8e9ee View commit details
    Browse the repository at this point in the history

  6. use helper functions - MarkResource* 

    Replace updating the conditions directly with the helper functions -
MarkResourceRunning and MarkRunning.

No functional change expected.
    @pritidesai @tekton-robot
    pritidesai authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    4ad8f33 View commit details
    Browse the repository at this point in the history

  7. Update the deprecations table 

    The tekton.dev/task label for ClusterTasks have been removed in
tektoncd#2533, but the table
has not been updated yet, so doing it in here.

Signed-off-by: Andrea Frittoli <[email protected]>
    @afrittoli @tekton-robot
    afrittoli authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    14233ff View commit details
    Browse the repository at this point in the history

  8. Remove deprecated flags home-env and working-dir 

    This change removes two flags:

- disable-home-env-overwrite
- disable-working-dir-overwrite

That two flags that were originally introduced with default to false
and the feature associated to them was deprecated.
Nine months later (as per policy), in Dec 2020, the default value was
switched to default true and the flags were deprecated. Nine months
later we are finally removing the flags.

Signed-off-by: Andrea Frittoli <[email protected]>
    @afrittoli @tekton-robot
    afrittoli authored and tekton-robot committed Feb 16, 2022
    Configuration menu
    Copy the full SHA
    2b731fb View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2022

  1. Fix for some arm64 machines. 

    As said in GoogleContainerTools/distroless#657, in the past, distroless/base:debug used an arm32 busybox binary in its arm64 image. Which doesn't work on some arm64 machines, e.g., Ubuntu 21 arm64 on Parallel Desktop on Apple Silicon M1. It caused this error:
"
$ docker run -it gcr.io/distroless/base@sha256:cfdc553400d41b47fd231b028403469811fcdbc0e69d66ea8030c5a0b5fbac2b
standard_init_linux.go:228: exec user process caused: exec format error
"

This PR GoogleContainerTools/distroless#960 fixes this bug. Hence, update the distroless/base:debug used by Tekton Pipeline in this commit.
    @MrMYHuang @tekton-robot
    MrMYHuang authored and tekton-robot committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    b6d21ed View commit details
    Browse the repository at this point in the history

  2. Add Step and Sidecar Overrides to TaskRun API 

    This commit adds TaskRunStepOverrides and TaskRunSidecarOverrides to TaskRun.Spec and
PipelineRun.Spec.PipelineTaskRunSpec, gated behind the "alpha" API flag.
This is part 1 of implementing TEP-0094: Configuring Resource Requirements at Runtime.
https:/tektoncd/community/blob/main/teps/0094-configuring-resources-at-runtime.md
    @lbernick @tekton-robot
    lbernick authored and tekton-robot committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    9605e3e View commit details
    Browse the repository at this point in the history

  3. WIP spire. 

    Signed-off-by: Dan Lorenc <[email protected]>

changed to use spiffe-csi

Add pod SPIFFE id annotation for workload registrar

Signed-off-by: Brandon Lum <[email protected]>

removed spire jwt

updated obtaining trust bundle

Added SPIFFE entry registration and SVID entrypointer backoff (#2)

* Added SPIFFE entry registration and SVID entrypointer backoff

Signed-off-by: Brandon Lum <[email protected]>

* Allow SPIRE configuration through opts

Signed-off-by: Brandon Lum <[email protected]>

* Add validation of SpireConfig

Signed-off-by: Brandon Lum <[email protected]>
    @pxp928
    Dan Lorenc authored and pxp928 committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    53e4107 View commit details
    Browse the repository at this point in the history

  4. merged upstream 

    Signed-off-by: pxp928 <[email protected]>
    @pxp928
    pxp928 committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    c29af16 View commit details
    Browse the repository at this point in the history

  5. added manifest check

    @pxp928
    pxp928 committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    882241e View commit details
    Browse the repository at this point in the history

  6. [WIP] Add SPIRE docs (#4) 

    * merged upstream

* Add several features/optimizations for SPIRE (#3)

* Record pod latency before SPIRE entry creation

Signed-off-by: Brandon Lum <[email protected]>

* SPIRE client connection caching

Signed-off-by: Brandon Lum <[email protected]>

* Optimize spire entry creation

Signed-off-by: Brandon Lum <[email protected]>

* Add TTL for workload entry based on taskrun timeout

Signed-off-by: Brandon Lum <[email protected]>

* Add SPIRE non-falsification doc

Signed-off-by: Brandon Lum <[email protected]>

Co-authored-by: pxp928 <[email protected]>
    @lumjjb @pxp928
    lumjjb and pxp928 committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    7337c08 View commit details
    Browse the repository at this point in the history

  7. merged upstream 

    Signed-off-by: pxp928 <[email protected]>
    @pxp928
    pxp928 committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    6e76c28 View commit details
    Browse the repository at this point in the history

  8. merged upstream 

    Signed-off-by: pxp928 <[email protected]>
    @pxp928
    pxp928 committed Feb 17, 2022
    Configuration menu
    Copy the full SHA
    78b1693 View commit details
    Browse the repository at this point in the history