Merge branch 'main' into tep-94-beta

tektoncd · Jun 18, 2024 · 7bd216b · 7bd216b
2 parents df217fd + 9b5a100
commit 7bd216b
Show file tree

Hide file tree

Showing 468 changed files with 33,102 additions and 7,921 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -49,16 +49,20 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - name: Setup go
+      uses: actions/setup-go@v5
+      with:
+        go-version: '1.22.x'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+      uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -92,4 +96,4 @@ jobs:
         make -j 4 all
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+      uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,13 +17,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
         with:
           fail-on-severity: low
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -29,11 +29,11 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
       - name: "Checkout code"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
@@ -61,6 +61,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/woke.yml b/.github/workflows/woke.yml
@@ -11,15 +11,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
       - name: 'Checkout'
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@03334d095e2739fa9ac4034ec16f66d5d01e9eba # v44.5.1
+        uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78 # v44.5.2
         with:
           write_output_files: true
           files: |

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,10 @@
 # Documentation: https://golangci-lint.run/usage/configuration/
+
 linters-settings:
+  gosec:
+    excludes:
+      - G601
+    exclude-generated: true
   errcheck:
     exclude-functions:
       - (*github.com/tektoncd/pipeline/vendor/go.uber.org/zap.SugaredLogger).Sync
@@ -80,12 +85,13 @@ linters:
   - gocyclo
   - godot
   - godox
-  - goerr113
+  - err113
   - gofumpt
   - gomnd
   - gomoddirectives
   - ireturn
   - lll
+  - mnd
   - nestif
   - nlreturn
   - nonamedreturns

diff --git a/Makefile b/Makefile
@@ -9,7 +9,8 @@ TESTPKGS = $(shell env GO111MODULE=on $(GO) list -f \
 BIN      = $(CURDIR)/.bin
 WOKE 	?= go run -modfile go.mod github.com/get-woke/woke
 
-GOLANGCI_VERSION = v1.57.2
+# Get golangci_version from tools/go.mod
+GOLANGCI_VERSION := $(shell cat tools/go.mod | grep golangci-lint | awk '{ print $$3 }')
 WOKE_VERSION     = v0.19.0
 
 GO           = go
@@ -164,9 +165,10 @@ $(BIN)/errcheck: PACKAGE=github.com/kisielk/errcheck
 errcheck: | $(ERRCHECK) ; $(info $(M) running errcheck…) ## Run errcheck
 	$Q $(ERRCHECK) ./...
 
-GOLANGCILINT = $(BIN)/golangci-lint
-$(BIN)/golangci-lint: ; $(info $(M) getting golangci-lint $(GOLANGCI_VERSION))
-	cd tools; GOBIN=$(BIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_VERSION)
+GOLANGCILINT = $(BIN)/golangci-lint-$(GOLANGCI_VERSION)
+$(BIN)/golangci-lint-$(GOLANGCI_VERSION): ; $(info $(M) getting golangci-lint $(GOLANGCI_VERSION))
+	cd tools; go mod download github.com/golangci/golangci-lint && go mod tidy 
+	cd tools; go build -o $(BIN)/golangci-lint-$(GOLANGCI_VERSION) github.com/golangci/golangci-lint/cmd/golangci-lint
 
 .PHONY: golangci-lint
 golangci-lint: | $(GOLANGCILINT) ; $(info $(M) running golangci-lint…) @ ## Run golangci-lint

diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
@@ -1,13 +1,11 @@
 aliases:
   pipeline-approvers:
   - afrittoli
-  - bobcatfish
   - dibyom
   - ImJasonH
   - vdemeester
   - pritidesai
   - jerop
-  - lbernick
   - abayer
   - wlynch
   - yongxuanzhang
@@ -16,7 +14,6 @@ aliases:
 
   pipeline-reviewers:
   - afrittoli
-  - bobcatfish
   - dibyom
   - vdemeester
   - pritidesai
@@ -26,19 +23,16 @@ aliases:
 
   apis-approvers:
   - afrittoli
-  - bobcatfish
   - dibyom
   - ImJasonH
   - vdemeester
   - pritidesai
   - jerop
-  - lbernick
   - abayer
   - wlynch
 
   productivity-approvers:
   - afrittoli
-  - bobcatfish
   - vdemeester
 
 # Alumni ❤️
@@ -48,3 +42,5 @@ aliases:
 # aaron-prindle
 # sbwsg
 # dlorenc
+# lbernick
+# bobcatfish
diff --git a/README.md b/README.md
@@ -43,7 +43,8 @@ Tekton Pipelines are **Typed**:
 - Starting from the v0.41.x release of Tekton: **Kubernetes version 1.23 or later**
 - Starting from the v0.45.x release of Tekton: **Kubernetes version 1.24 or later**
 - Starting from the v0.51.x release of Tekton: **Kubernetes version 1.25 or later**
-- Starting from the v0.59.x release of Tekton: **Kubernetes version 1.28 or later**
+- Starting from the v0.59.x release of Tekton: **Kubernetes version 1.27 or later**
+- Starting from the v0.61.x release of Tekton: **Kubernetes version 1.28 or later**
 
 ### Read the docs
 

diff --git a/config/config-feature-flags.yaml b/config/config-feature-flags.yaml
@@ -107,8 +107,7 @@ data:
   enforce-nonfalsifiability: "none"
   # Setting this flag will determine how Tekton pipelines will handle extracting results from the task.
   # Acceptable values are "termination-message" or "sidecar-logs".
-  # "sidecar-logs" is an experimental feature and thus should still be considered
-  # an alpha feature.
+  # "sidecar-logs" is now a beta feature.
   results-from: "termination-message"
   # Setting this flag will determine the upper limit of each task result
   # This flag is optional and only associated with the previous flag, results-from

diff --git a/config/resolvers/200-clusterrole.yaml b/config/resolvers/200-clusterrole.yaml
@@ -30,5 +30,5 @@ rules:
     verbs: ["get", "list"]
   # Read-only access to these.
   - apiGroups: [""]
-    resources: ["secrets"]
+    resources: ["secrets", "serviceaccounts"]
     verbs: ["get", "list", "watch"]
diff --git a/config/resolvers/bundleresolver-config.yaml b/config/resolvers/bundleresolver-config.yaml
@@ -22,5 +22,7 @@ metadata:
     app.kubernetes.io/instance: default
     app.kubernetes.io/part-of: tekton-pipelines
 data:
+  # the default service account name to use for bundle requests.
+  default-service-account: "default"
   # The default layer kind in the bundle image.
   default-kind: "task"
diff --git a/docs/additional-configs.md b/docs/additional-configs.md
@@ -377,7 +377,6 @@ Features currently in "alpha" are:
 | [Debug](./debug.md)                                                                                          | [TEP-0042](https://github.com/tektoncd/community/blob/main/teps/0042-taskrun-breakpoint-on-failure.md)               | [v0.26.0](https://github.com/tektoncd/pipeline/releases/tag/v0.26.0) |                                                  |
 | [StdoutConfig and StderrConfig](./tasks#redirecting-step-output-streams-with-stdoutConfig-and-stderrConfig) | [TEP-0011](https://github.com/tektoncd/community/blob/main/teps/0011-redirecting-step-output-streams.md)             | [v0.38.0](https://github.com/tektoncd/pipeline/releases/tag/v0.38.0) |                                                  |
 | [Trusted Resources](./trusted-resources.md)                                                                  | [TEP-0091](https://github.com/tektoncd/community/blob/main/teps/0091-trusted-resources.md)                           | [v0.49.0](https://github.com/tektoncd/pipeline/releases/tag/v0.49.0) | `trusted-resources-verification-no-match-policy` |
-| [Larger Results via Sidecar Logs](#enabling-larger-results-using-sidecar-logs)                               | [TEP-0127](https://github.com/tektoncd/community/blob/main/teps/0127-larger-results-via-sidecar-logs.md)             | [v0.43.0](https://github.com/tektoncd/pipeline/releases/tag/v0.43.0) | `results-from`                                   |
 | [Configure Default Resolver](./resolution.md#configuring-built-in-resolvers)                                 | [TEP-0133](https://github.com/tektoncd/community/blob/main/teps/0133-configure-default-resolver.md)                  | [v0.46.0](https://github.com/tektoncd/pipeline/releases/tag/v0.46.0) |                                                  |
 | [Coschedule](./affinityassistants.md)                                                                        | [TEP-0135](https://github.com/tektoncd/community/blob/main/teps/0135-coscheduling-pipelinerun-pods.md)               | [v0.51.0](https://github.com/tektoncd/pipeline/releases/tag/v0.51.0) | `coschedule`                                     |
 | [keep pod on cancel](./taskruns.md#cancelling-a-taskrun)                                                     | N/A                                                                                                                  | [v0.52.0](https://github.com/tektoncd/pipeline/releases/tag/v0.52.0) | `keep-pod-on-cancel`                             |
@@ -403,6 +402,7 @@ Features currently in "beta" are:
 | [Task-level Resource Requirements](compute-resources.md#task-level-compute-resources-configuration)   | [TEP-0104](https://github.com/tektoncd/community/blob/main/teps/0104-tasklevel-resource-requirements.md) | [v0.39.0](https://github.com/tektoncd/pipeline/releases/tag/v0.39.0) | [v0.53.0](https://github.com/tektoncd/pipeline/releases/tag/v0.53.0) |                               |
 | [Reusable Steps via StepActions](./stepactions.md)                                                           | [TEP-0142](https://github.com/tektoncd/community/blob/main/teps/0142-enable-step-reusability.md)                     | [v0.54.0](https://github.com/tektoncd/pipeline/releases/tag/v0.54.0) | `enable-step-actions`                            |
 | [Step and Sidecar Overrides](./taskruns.md#overriding-task-steps-and-sidecars)                               | [TEP-0094](https://github.com/tektoncd/community/blob/main/teps/0094-specifying-resource-requirements-at-runtime.md) | [v0.34.0](https://github.com/tektoncd/pipeline/releases/tag/v0.34.0) |                                                  | [v0.61.0](https://github.com/tektoncd/pipeline/releases/tag/v0.61.0)  |
+| [Larger Results via Sidecar Logs](#enabling-larger-results-using-sidecar-logs)                               | [TEP-0127](https://github.com/tektoncd/community/blob/main/teps/0127-larger-results-via-sidecar-logs.md)             | [v0.43.0](https://github.com/tektoncd/pipeline/releases/tag/v0.43.0) | [v0.61.0](https://github.com/tektoncd/pipeline/releases/tag/v0.61.0) | `results-from`                                   |
 
 ## Enabling larger results using sidecar logs
 

diff --git a/docs/pipelines.md b/docs/pipelines.md
@@ -1267,6 +1267,10 @@ Tasks can emit [`Results`](tasks.md#emitting-results) when they execute. A Pipel
 1. A Pipeline can pass the `Result` of a `Task` into the `Parameters` or `when` expressions of another.
 2. A Pipeline can itself emit `Results` and include data from the `Results` of its Tasks.
 
+> **Note** Tekton does not enforce that results are produced at Task level. If a pipeline attempts to
+> consume a result that was declared by a Task, but not produced, it will fail. [TEP-0048](https://github.com/tektoncd/community/blob/main/teps/0048-task-results-without-results.md)
+> propopses introducing default values for results to help Pipeline authors manage this case.
+
 ### Passing one Task's `Results` into the `Parameters` or `when` expressions of another
 
 Sharing `Results` between `Tasks` in a `Pipeline` happens via

diff --git a/docs/taskruns.md b/docs/taskruns.md
@@ -374,7 +374,7 @@ may be overridden by a TaskRun's StepSpecs and SidecarSpecs.
 
 ### Specifying Task-level `ComputeResources`
 
-**([alpha only](https://github.com/tektoncd/pipeline/blob/main/docs/additional-configs.md#alpha-features))**
+**([beta only](https://github.com/tektoncd/pipeline/blob/main/docs/additional-configs.md#beta-features))**
 
 Task-level compute resources can be configured in `TaskRun.ComputeResources`, or `PipelineRun.TaskRunSpecs.ComputeResources`.
 

diff --git a/docs/tasks.md b/docs/tasks.md
@@ -858,6 +858,12 @@ precise string you want returned from your `Task` into the result files that you
 The stored results can be used [at the `Task` level](./pipelines.md#passing-one-tasks-results-into-the-parameters-or-when-expressions-of-another)
 or [at the `Pipeline` level](./pipelines.md#emitting-results-from-a-pipeline).
 
+> **Note** Tekton does not enforce Task results unless there is a consumer: when a Task declares a result,
+> it may complete successfully even if no result was actually produced. When a Task that declares results is
+> used in a Pipeline, and a component of the Pipeline attempts to consume the Task's result, if the result
+> was not produced the pipeline will fail. [TEP-0048](https://github.com/tektoncd/community/blob/main/teps/0048-task-results-without-results.md)
+> propopses introducing default values for results to help Pipeline authors manage this case.
+
 #### Emitting Object `Results`
 Emitting a task result of type `object` is implemented based on the
 [TEP-0075](https://github.com/tektoncd/community/blob/main/teps/0075-object-param-and-result-types.md#emitting-object-results).
@@ -1017,7 +1023,7 @@ As a general rule-of-thumb, if a result needs to be larger than a kilobyte, you
 
 #### Larger `Results` using sidecar logs
 
-This is an alpha feature which is guarded behind its own feature flag.  The `results-from` feature flag must be set to
+This is a beta feature which is guarded behind its own feature flag.  The `results-from` feature flag must be set to
 [`"sidecar-logs"`](./install.md#enabling-larger-results-using-sidecar-logs) to enable larger results using sidecar logs.
 
 Instead of using termination messages to store results, the taskrun controller injects a sidecar container which monitors

diff --git a/.../v1/taskruns/alpha/large-task-result.yaml → ...s/v1/taskruns/beta/large-task-result.yaml b/.../v1/taskruns/alpha/large-task-result.yaml → ...s/v1/taskruns/beta/large-task-result.yaml
diff --git a/examples/v1/taskruns/beta/stepaction-git-resolver.yaml b/examples/v1/taskruns/beta/stepaction-git-resolver.yaml
@@ -6,11 +6,11 @@ metadata:
 spec:
   params:
     - name: pathInRepo
-      value: basic_step.yaml
+      value: stepaction/git-clone/0.1/git-clone.yaml
     - name: revision
       value: main
     - name: repoUrl
-      value: https://github.com/chitrangpatel/repo1M.git
+      value: https://github.com/tektoncd/catalog.git
   TaskSpec:
     steps:
       - name: action-runner
@@ -23,3 +23,10 @@ spec:
               value: $(params.revision)
             - name: pathInRepo
               value: $(params.pathInRepo)
+        params:
+          - name: url
+            value: https://github.com/kelseyhightower/nocode
+          - name: revision
+            value: master
+          - name: output-path
+            value: /workspace
diff --git a/examples/v1/taskruns/beta/stepactions-steptemplate.yaml b/examples/v1/taskruns/beta/stepactions-steptemplate.yaml
@@ -0,0 +1,21 @@
+apiVersion: tekton.dev/v1beta1
+kind: StepAction
+metadata:
+  name: step-action
+spec:
+  image: alpine
+  command: ["env"]
+---
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: task-run
+spec:
+  taskSpec:
+    steps:
+      - ref:
+          name: step-action
+    stepTemplate:
+      env:
+        - name: foo
+          value: bar