Concourse is a container-based continuous thing-doer written in Go.
Prevent open redirect to other hosts (#7460) @taylorsilva :link:
Fix github-release-resource with graphql update (https://github.com/concourse/github-release-resource/pull/107) @kirillbilchenko :link:
Backport baggageclaim v1.8.0 to release/6.7.x (#7428) @taylorsilva :link:
Use overlay driver for worker integration test [6.7.x] (#7435) @aoldershaw :link:
Fly clear-resource-cache command (#7003) @EstebanFS :link:
clear-resource-cache
, you could use this following the next format
fly -t ci clear-resource-cache -r pipeline/resource [--version some:version]
Build page shows name of who triggered the build in header line of build page (#7112) @evanchaoli :link:
Add page to view all builds/resource versions downstream/upstream from a root resource version (#7125) @chenbh :link:
--enable-resource-causality
or $CONCOURSE_ENABLE_RESOURCE_CAUSALITY=true
to enable the web UI and API endpoint.
git version: 123
is a direct input to integrate #4 & #5
, there is also an indirect link from git version: 123
-> test #19
-> ... -> intermediate-3 version:123
-> integrate #6 & #6.1
Support soft policy enforcement (#7139) @evanchaoli :link:
CONCOURSE_OPA_RESULT_ALLOWED_KEY
: specifies a key of allow flag in OPA returned resultCONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY
: specifies a key of should-block flag in OPA returned resultCONCOURSE_OPA_RESULT_MESSAGES_KEY
: specifies a key of messages in OPA returned resultFor example, if OPA returns the following result:
{
"result": {
"allow": true,
"block": true,
"reasons": ["foo", "bar"]
}
}
then CONCOURSE_OPA_RESULT_ALLOWED_KEY
should be set to result.allow
; CONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY
should be result.block
, and CONCOURSE_OPA_RESULT_MESSAGES_KEY
should be result.reasons
.
NOTE: allow
and block
in OPA result should be boolean type, because it's easy to convert other types to boolean in an OPA policy.
Add ability to comment on a build (#7147) @multimac :link:
You can now leave comments on builds. For instance, this can be used to give context to your coworkers about why a particular build failed:
If a build has a comment, it is displayed with a small marker to help you quickly find builds of interest. Hovering over the build displays a portion of the comment:
Add teamName to concourse_steps_wait_duration
metrics (#7154) @Esysc :link:
Use browser cache API for dashboard caching (#7247) @aoldershaw :link:
localStorage
limitsAllow interpolation in the across step values (#7252) @aoldershaw :link:
across
step now supports dynamic interpolation of values. For instance, this can be combined with the set_pipeline
step and instanced pipelines to set a dynamic list of pipelines:
- load_var: branches
file: branches/branches.json
- across:
- var: branch
values: ((.:branches))
set_pipeline: my-app
file: ci/pipelines/my-app.yml
instance_vars: {branch: ((.:branch))}
Cache the list of workers in memory (#7268) @aoldershaw :link:
Optimize build log collector (#7327) @evanchaoli :link:
Enable emitting dogstatsd metrics over uds (#7338) @jmhwang7 :link:
containerd: properly populate /etc/hosts and /etc/hostname (#7041) @muntac :link:
/etc/hosts
and /etc/hostname
are correctly populatedHandle 403 for vault preflight check of V2 (#7057) @xtremerui :link:
atc: across step logs errors (#7090) @taylorsilva :link:
error
event when one of the sub-steps errorscontainerd: Mount /dev/fuse
to privileged containers (#7098) @aoldershaw :link:
atc(fix): fixed a bug in resource check rate limiter. (#7102) @evanchaoli :link:
fix BaseResourceType for streamed volumes (#7108) @vito :link:
Fix worker restart issue with containerd daemon and beacon (#7113) @muntac :link:
Fix memory leak in notification bus (#7120) @aoldershaw :link:
containerd: default to root if /etc/passwd is missing (#7124) @aoldershaw :link:
/etc/passwd
file from runningFix algorithm considering reruns as new builds (#7144) @taylorsilva :link:
version: every
succeeds and is reruncontainerd: keep tasks running after concourse worker
restarts gracefully (#7148) @aoldershaw :link:
concourse worker
process gracefully restarting (e.g. via monit restart
)
Fixed build log reaper not respecting when both Days and Builds are set (#7179) @EstebanFS :link:
Apply a minimum rate limit for resource checking (#7218) @aoldershaw :link:
CONCOURSE_MAX_CHECKS_PER_SECOND
is unset, Concourse will try to distribute checks evenly over the course of the check interval to reduce the concurrent load on external systems.atc/db: prevent creation of duplicate check builds (#7221) @taylorsilva :link:
Fix browser back button after selecting a group (#7249) @aoldershaw :link:
set_pipeline
unpauses previously archived pipelines (#7255) @aoldershaw :link:
set_pipeline
step, it will be unpausedGC task caches belonging to archived pipelines (#7272) @aoldershaw :link:
containerd: Clean up networking files in /tmp (#7276) @taylorsilva :link:
/tmp
and never delete them. They are now made under the --work-dir
set for the worker and are cleaned up when the container is deleted. You can delete any lingering network files under your workers /tmp
directory after upgrading.Fix prometheus emitter not setting default attributes (#7294) @chenbh :link:
Additional metrics attributes configured by --metrics-attribute
now propagates to the prometheus emitter correctly.
run check builds GC in batch (#7323) @xtremerui :link:
Cleanup gomod and skip building fly by default in Dockerfile (#7058) @chenbh :link:
topgun: update regex for capturing instances (#7064) @taylorsilva :link:
containerd: update config to v2 format (#7078) @muntac :link:
[topgun/k8s] disable container limits failure test (#7087) @aoldershaw :link:
[topgun/k8s] disable container limits fail test (#7088) @aoldershaw :link:
use ip
command instead of ifconfig
in MTU test (#7089) @aoldershaw :link:
Merge 7.3.x branch into master (#7097) @aoldershaw :link:
fix go.sum (#7126) @aoldershaw :link:
[release/7.3.x] fix go.sum (#7127) @chenbh :link:
Move garden config tests to integration suite (#7135) @aoldershaw :link:
integration: add retries to vault initialization (#7142) @aoldershaw :link:
integration: fix package name (#7143) @aoldershaw :link:
Update README to point to GitHub discussions (#7159) @mthaddon :link:
fly: add --team flag to checklist (#7162) @tech-geek29 :link:
Reduce number of JOIN
s in builds query (#7184) @aoldershaw :link:
Treat resource types as checkable in rate limiter (#7211) @taylorsilva :link:
Remove prototype_id from builds table (#7220) @aoldershaw :link:
k8s/topgun: use regex to match error message (#7226) @taylorsilva :link:
Note that all workers need to be on the same network for p2p (#7227) @taylorsilva :link:
Revert "worker: make containerd the default runtime" (#7235) @taylorsilva :link:
Left-align job name in build header (#7236) @aoldershaw :link:
web: behavior: Fix snake_case method "button_tooltip" (#7238) @multimac :link:
Don't include check containers in worker cache (#7275) @aoldershaw :link:
containerd: split long property values into multiple chunks (#7288) @aoldershaw :link:
[containerd integration] Make host IP parsing more robust (#7293) @aoldershaw :link:
Run dependabot at midnight UTC (#7295) @chenbh :link:
Properly map version_from
within across
substep (#7310) @aoldershaw :link:
Update template (#7341) @taylorsilva :link:
Fix dogstatsd UDS file configuration (#7343) @aoldershaw :link:
Add autocomplete=off to all form tags (#6921) @taylorsilva :link:
Fix memory leak in notification bus (#7157) @taylorsilva :link:
--tracing-service-name
(CONCOURSE_TRACING_SERVICE_NAME
) rather than --tracing-honeycomb-service-name
(CONCOURSE_TRACING_HONEYCOMB_SERVICE_NAME
)Cache streamed volumes and use local cache when looking for volumes (#6660) @evanchaoli :link:
Optimize resource cache streaming and get step.
get
can be found on some workers, then get
step will do nothing. This will reduce times of Concourse connecting to external systems, such as git, docker hub, and so on.CONCOURSE_ENABLE_CACHE_STREAMED_VOLUMES
flag.Re-ordering instanced pipelines (#6830) @EstebanFS :link:
fly -t dev oip -g groupName -p key1:var1 -p key2:var2
Enhance syslog-drainer to make it more useful (#6834) @SimonXming :link:
event_id
into syslog-drainer
entries, to get the correct order of "drained" build logs.syslog-drainer
to include more info for "drained" build logs.Enhance webhook triggered checks (#6854) @evanchaoli :link:
Allow override of container limits in task config (#6867) @BooleanCat :link:
container_limits
for reusable tasks in pipelines. Any limits set in the pipeline will override the limits set within the reusable task file.Use cursor-based pagination for build events (#6873) @aoldershaw :link:
Use display_user_id field to render username in web interface (#6970) @logyball :link:
Set Content-Security-Policy and Cache-Control Headers (#6949) @taylorsilva :link:
CONCOURSE_CONTENT_SECURITY_POLICY
no-store, private
. The value of the header is overwritten for some paths (i.e. web assets)Ensure stdin never errors when using containerd with TTY enabled (#6791) @chenbh :link:
Add trigger for deleting pipeline (#6880) @xtremerui :link:
pipeline_build_events_*
table in DB when deleting a team. Pipelines belong to the deleted team will be destroyed by DELETE CASCADE
but associated events table was not cleaned up properly.Fix volume GC query to not include volumes with children (#6902) @xtremerui :link:
volume cannot be destroyed as children are present
in web and update or delete on table "volumes" violates foreign key constraint "volumes_parent_id_fkey"
in DB.Set autocomplete to off for login form (#6920) @taylorsilva :link:
autocomplete="off"
to the top-level form
and username
tags.Scan unchecked resource-types (#6923) @EstebanFS :link:
Ignore "not found" error on process deletion for Containerd runtime (#6959) @aoldershaw :link:
worker: Set PATH based on UID instead of container's privileged state (#6982) @taylorsilva :link:
/sbin
) when a user/process was root. Only effects unprivileged containers.Fix Postgres deadlock when frequently setting pipelines (#7011) @aoldershaw :link:
containerd: allow use of non-existent uids (#7029) @muntac :link:
containerd
supports running images with non-existent UIDs such as distroless images.Add exception handling in bigint migration (#6848) @xtremerui :link:
add help text for password connector flag (#6876) @aoldershaw :link:
skip DNS proxy test with extra DNS server (#6878) @aoldershaw :link:
Optimise fake generation (#6885) @BooleanCat :link:
Refactor: Pick -> Approve (#6886) @taylorsilva :link:
Optimise fake generation (#6901) @BooleanCat :link:
re-enable k8s dns proxy test (#6906) @chenbh :link:
atc: fix asset leak in api tests (#6918) @vito :link:
web/wats: replace deprecated waitFor usage (#6922) @vito :link:
Correct a typo in project documentation (#6925) @plan-do-break-fix :link:
topgun/k8s: move dns proxy tests to integration (#6947) @chenbh :link:
Don't check resource-types from paused pipelines (#6961) @taylorsilva :link:
Add drills environment to major release template (#6967) @clarafu :link:
Using osFlag to fix windows worker error (#6971) @EstebanFS :link:
contributing: cover governance model, be brief (#6972) @vito :link:
[skip-migrations-check] bump secondary_order
migration (#6979) @aoldershaw :link:
.github: set up security scanning action (#6992) @vito :link:
Fix bugs related to caching streamed volumes (#7001) @aoldershaw :link:
Fix caching when streamed volume was also streamed (#7024) @aoldershaw :link:
Upgraded xenial to bionic stemcell (#7037) @EstebanFS :link:
7.3.x: make resource cache streaming opt-in (#7051) @taylorsilva :link:
7.3.x: Fix capture of failing topgun tests logs (#7055) @taylorsilva :link:
7.3.x: update regex for capturing instances (#7063) @taylorsilva :link:
task
steps when using the limit-active-tasks
placement strategy), the step would simply error the buildconcourse_tasks_waiting
was removed and replaced with concourse_steps_waiting{type="task"}
Add ability to navigate to resources page from build page (#6662) @chenbh :link:
UI: clicking on the version text for a get/put step in the Build page will now navigate directly to the Resource page with the corresponding version expanded
Allow using LDAP as a password connector (#6671) @aoldershaw :link:
--password-connector
($CONCOURSE_PASSWORD_CONNECTOR
) to ldap
, you can authenticate to Concourse with fly login -u ... -p ...
using your LDAP credentials
--username-prompt
($CONCOURSE_USERNAME_PROMPT
) to change the help text when logging in via the UIOptimize check creation in DB (#6845) @aoldershaw :link:
Add DB index to optimize paginating job builds (#6871) @aoldershaw :link:
enhance put.inputs
detect
to ignore prefixed . and .. (#6705) @evanchaoli :link:
input: detect
now can handle paths prefixed by .
and ..
.Fix empty worker tags (#6057) @aholyoake-bc :link:
runtime: check if swap limits is enabled (#6652) @taylorsilva :link:
runtime: timeout set to 0 means there is no timeout (#6655) @EstebanFS :link:
CONCOURSE_CONTAINERD_REQUEST_TIMEOUT
is set to 0 that means there is no timeoutfeat(atc): add check build metrics. (#6656) @evanchaoli :link:
BuildsStarted
, BuildsRunning
, BuildStarted
, BuildFinsished
to exclude check builds.CheckBuildsStarted
, CheckBuildsRunning
, CheckBuildStarted
, CheckBuildFinsished
better handling for containerd error message (#6668) @muntac :link:
containerd
runtime where gracefully stopping a container might have failed with an unhandled error. Now it gracefully shuts down.Prevent UI from stalling when you keep the resource page open for a while (#6703) @aoldershaw :link:
move migration table updating SQL into a migration transaction (#6727) @xtremerui :link:
Fix a bug where a completed migration was not recorded in migrations_history
table
Build image resource caches foreign key constraint to job ids should be on delete cascade (#6757) @clarafu :link:
500 error
. This was caused by a foreign key constraint within the build_image_resource_caches
table referencing a job in the jobs
table.Fix race condition in containerd
runtime resulting in lost output for quickly printing-then-exiting processes (#6776) @vito :link:
update check metrics comments. (#6858) @evanchaoli :link:
Bump dex to 0.4.0 and remove pkger (#6669) @aoldershaw :link:
github config updates (#6672) @vito :link:
Add "misc" label to dependabot (#6700) @chenbh :link:
fix go mod (#6716) @aoldershaw :link:
more lenient context deadline checking for containerd graceful process termination (#6717) @aoldershaw :link:
Very rarely graceful shutdowns will return a context timeout error instead of gracefully shutting down.
fix font antialiasing issue due to less
dependency bump (#6739) @aoldershaw :link:
Don't enforce step timeout during worker selection (#6760) @aoldershaw :link:
Avoid task specific error in load_var
file
artifact look-up (#6829) @kjgorman :link:
remove accidentally committed sql in migration (#6841) @xtremerui :link:
add release/undocumented
labels to dependabot (#6842) @chenbh :link:
.github: add template for rfc tracking issue (#6844) @vito :link:
Remove unused ci folders (#6870) @taylorsilva :link:
[release/7.2.x] fast-forward (#6875) @chenbh :link:
[release/7.2.x] add help text for password connector flag (#6877) @aoldershaw :link:
backport #6197: Prevent retrying on worker error when build is aborted (#6598) @evanchaoli :link:
Bump lib/pq to 1.10.0 which fixes a regression in lib/pq where under certain circumstances the driver would not drop dead connections and never recover. (#6746) @taylorsilva :link:
Fix a panic in the New Relic metrics emitter (#6747) @taylorsilva :link:
Fix unit test after go 1.16 (#6553) @chenbh :link:
6.7 remove packr backport (#6585) @xtremerui :link:
switch base_image
build arg to lowercase (#6754) @aoldershaw :link:
Allow favoriting instance groups (#6465) @aoldershaw :link:
Start non-privileged containers in their own cgroup namespace (#6492) @muntac :link:
Change SideBar "menu" icon (#6516) @chenbh :link:
Adjust spacing and padding for elements in pipeline card view in Dashboard (#6539) @xtremerui :link:
Show warning for pipelines configured with 'set_pipeline' step (#6621) @Infra-Red :link:
fly set-pipeline
now prints warning message when the pipeline has already been configured through a set_pipeline
step.Bump baggageclaim to v1.11.0 (#6643) @taylorsilva :link:
Skip build log reaping process for paused jobs (#6573) @aoldershaw :link:
Fix reaped link in UI (#6579) @aoldershaw :link:
containerd: fix mount issues with certain images (#6592) @aoldershaw :link:
Check parent resource types of resources that have set check_every: never
(#6603) @taylorsilva :link:
check_every: never
who's type was defined in resource_types
in their pipeline, would fail to check because the parent resource type would never be checkedBump elm-ansi to support 8-bit and 24-bit ANSI colors (#6605) @aoldershaw :link:
Only interpolate static vars when it does not contain a source (#6619) @chenbh :link:
fly set-pipeline -v ... -y ...
were interpolated into local vars ((.:var))
containerd: infer MTU from host's network interface (#6624) @aoldershaw :link:
CONCOURSE_CONTAINERD_EXTERNAL_IP
)CONCOURSE_CONTAINERD_MTU
)Cache streamed volumes and try to get by looking for local cache (#6495) @evanchaoli :link:
Fix unit test after go 1.16 (#6545) @chenbh :link:
Switch migrations + web assets to Go 1.16 embedding (#6550) @vito :link:
Cleanup from staticcheck (#6561) @taylorsilva :link:
Update fake files generated by latest version of counterfeiter. (#6564) @evanchaoli :link:
Default to containerd in docker-compose.yml (#6580) @aoldershaw :link:
Bump elliptic from 6.5.3 to 6.5.4 (#6653) @dependabot :link:
Revert "feat(atc): cache streamed volumes and try to get by looking for local cache" (#6659) @clarafu :link:
Run checks as builds (#6022) @vito :link:
unique_version_history
can no longer be configured on resource types. No one seemed to be using it, and it made internal architecture unnecessarily complicated. The need for it should go away entirely as we make progress on the v10 roadmap.check
operations, which collect and save versions for pipeline resources, are now run as builds.
fly check-resource
and fly check-resource-type
now stream the checking output to the user, just like fly watch
and fly trigger-job
.id
column of the builds
table and all tables referencing build_id
to a bigint
. This is unfortunately a slow migration, so please anticipate downtime proportional to the amount of builds in your database.
deadlock detected
, shut down the other web
nodes first.Remove aggregate
step (#6349) @taylorsilva :link:
aggregate
step as planned. It is succeeded by the in_parallel
step.The formerly-experimental containerd
runtime is now GA and is considered ready for production use :link:
containerd
in coming releases, but we encourage using the containerd
runtime ASAPcontainerd
runtime, set --runtime
($CONCOURSE_RUNTIME
) to containerd
on the concourse worker
command--garden-*
($CONCOURSE_GARDEN_*
) flags to their containerd
counterparts:
--garden-request-timeout
($CONCOURSE_GARDEN_REQUEST_TIMEOUT
) -> --containerd-request-timeout
($CONCOURSE_CONTAINERD_REQUEST_TIMEOUT
)--garden-dns-proxy-enable
($CONCOURSE_GARDEN_DNS_PROXY_ENABLE
) -> --containerd-dns-proxy-enable
($CONCOURSE_CONTAINERD_DNS_PROXY_ENABLE
)--garden-network-pool
($CONCOURSE_GARDEN_NETWORK_POOL
) -> --containerd-network-pool
($CONCOURSE_CONTAINERD_NETWORK_POOL
)--garden-max-containers
($CONCOURSE_GARDEN_MAX_CONTAINERS
) -> --containerd-max-containers
($CONCOURSE_CONTAINERD_MAX_CONTAINERS
)$CONCOURSE_GARDEN_DENY_NETWORKS
-> --containerd-restricted-network
($CONCOURSE_CONTAINERD_RESTRICTED_NETWORK
)$CONCOURSE_GARDEN_DNS_SERVER
-> --containerd-dns-server
($CONCOURSE_CONTAINERD_DNS_SERVER
)Perform image fetching using check/get sub-steps (#6153) @vito :link:
check
and get
steps, and can be inspected in the UIShow resource check build output in web UI (#6137) @vito :link:
Enforce SetPipeline policy check in set_pipeline
step (#5932) @cludden :link:
set_pipeline
step now respects the same policy check as fly set-pipeline
Speed up database queries by adding a job_id
column to build image resource caches table and adding an index for ordering builds of a job (#5993) @clarafu :link:
Allow globs in groups (#6060) @andy-paine :link:
groups
in a pipeline can now match jobs based on globs e.g.:
groups:
- name: deploy
jobs:
- deploy-*
Add flag to concourse worker to overwrite init binary path for the containerd
runtime (#6086) @chenbh :link:
--containerd-init-bin
flag ($CONCOURSE_CONTAINERD_INIT_BIN)Make CNI plugins directory configurable for the containerd
runtime (#6120) @muntac :link:
--containerd-cni-plugins-dir
flag ($CONCOURSE_CONTAINERD_CNI_PLUGINS_DIR
)Fallback fly intercept
to sh
when bash
is missing (#6098) @shua :link:
fly intercept
will first try to use bash
for an interactive shell, but if the container returns an error indicating bash
is not available, fly
will fallback to the more common (but more limited) sh
bash
as the path argument to the fly intercept
commandAdd Honeycomb.io as optional tracing backend (#6103) @spire-allyjweir :link:
[experimental] Group instanced pipelines on UI (#6105) @aoldershaw :link:
release
that differ by the version
line (1.0.x
, 1.1.x
, 2.0.x
, etc.)--enable-pipeline-instances
($CONCOURSE_ENABLE_PIPELINE_INSTANCES
)Update go module dependencies [go.opentelemetry.io/otel] (#6106) @christophermancini :link:
Implement support for Vault KV v2 backends (#6115) @daviddob :link:
add support for exporting traces via OTLP (#6122) @christophermancini :link:
Add index to speed up build deletion, fix up a few issues with checks as builds (#6125) @vito :link:
Add --team
flag to fly order-pipelines
command (#6132) @witjem :link:
Add --team
option to fly get-pipeline
command (#6144) @techgaun :link:
Add --team
option to fly expose-pipeline
command (#6169) @techgaun :link:
Ensure pipelines contain at least one job (#6159) @taylorsilva :link:
set_pipeline
step prints 'no changes to apply' (#6164) @mdb :link:
set_pipeline
now prints "no changes to apply" and thereby behaves similarly to fly set-pipeline
when a pipeline config contains no changes.Update colours and contrast (#6168) @jomsie :link:
Experimental support for P2P Volume Streaming (#6186) @evanchaoli :link:
--enable-p2p-volume-streaming
or env var $CONCOURSE_ENABLE_P2P_VOLUME_STREAMING
on the web nodes. When this feature is enabled, --baggageclaim-bind-ip
on workers should be set to 0.0.0.0
so that baggage claim can be accessed from another workers.--baggageclaim-p2p-interface-name-pattern
and --baggageclaim-p2p-interface-family
to the worker
command.Add a new metric "volumes streamed" (#6187) @evanchaoli :link:
Log the worker name when creating a container fails (#6188) @evanchaoli :link:
Support chained container placement strategies. (#6208) @evanchaoli :link:
CONCOURSE_CONTAINER_PLACEMENT_STRATEGY=volume-locality,fewest-build-containers
Add new container placement strategies: limit-max-containers
and limit-max-volumes
(#6339) @evanchaoli :link:
--max-active-containers-per-worker
, --max-active-volumes-per-worker
[limit-max-containers, limit-max-volumes, volume-locality, fewest-build-containers]
go-concourse surfaces error messages on saving pipelines (#6222) @andy-paine :link:
fly set-pipeline
would simply print forbidden
when the underlying API call returned a 403 status, now the body of the response will be printed. In particular, errors originating from OPA policy check rejections will be printed.Don't enforce timeouts during image fetching (#6237) @vito :link:
Ignore paused jobs when displaying pipeline status in the UI (#6270) @chenbh :link:
Skip checking put-only resources (#6281) @evanchaoli :link:
--enable-skip-checking-not-in-use-resources
flag has been removed as it is no longer needed.fly set-pipeline
prints pipeline name and instance vars (#6300) @aoldershaw :link:
Remove legacy logic for dealing with resource versions that have a check order of zero (#6323) @clarafu :link:
fly: Add fish auto complete (#6329) @Sasasu :link:
start containerd with low oom_score (#6330) @muntac :link:
oom_score
of -999. We want it to be at the level of other system daemons. This is so that containerd never runs into an out of memory state before the containers it's managing are cleaned up. At the same time it should not be unkillable.Give worker registration its own database connection pool (#6332) @taylorsilva :link:
Allow underscore in identifiers (#6338) @aoldershaw :link:
Support for mTLS (#6355) @nickhyoti :link:
Allow configuring login and query timeouts for Vault (#6362) @evanchaoli :link:
CONCOURSE_VAULT_LOGIN_TIMEOUT
and CONCOURSE_VAULT_QUERY_TIMEOUT
respectively60s
Expose username of who manually triggered build to build metadata. (#6369) @evanchaoli :link:
fly builds
has a new column created by
that shows a user ID if a build is triggered manually.
A new build metadata BUILD_CREATED_BY
may be exposed to resource. It is not exposed by default; you need to turn it by add expose_build_created_by
when defining a resource:
resources:
- name: some-resource
type: some-type
expose_build_created_by: true
source:
...
As different authentication connectors populate different claims, a new concourse web
CLI option --concourse-display-user-id-per-connector
is added that allow cluster administrator to configure which claims field should be consider as unique user id
<connector>:<fieldname>
connector
is one of: ldap
, github
, cf
, bitbucket-cloud
, gitlab
, microsoft
, oauth
, oidc
or saml
fieldname
is one of:
user_id
mapping to claims' user id fieldname
mapping to claims' username fieldusername
mapping to claims' preferred username fieldemail
mapping to claims' email fieldAllow disabling resource checking for individual resources (#6386) @taylorsilva :link:
check_every: never
in a resource's definitiondb: lidar checks put-only resources with failed checks (#6412) @taylorsilva :link:
Add a flag to migrate to the latest db version (#6426) @taylorsilva :link:
--migrate-to-latest-version
flag to the migrate
command. This flag has concourse perform database migrations to the latest database version.concourse web
command will still automatically migrate the databaseEnhance search bar filtering and allow filtering by instance group (#6433) @aoldershaw :link:
team:"main" status:paused
)Add more tooltips for action buttons (#6453) @aoldershaw :link:
Bump BaggageClaim to v1.10.0 (#6500) @vito :link:
robocopy
executable for copying local files. This should dramatically improve performance for Windows tasks which utilize caches:
for caching a bunch of tiny files.metrics: make tasks_wait_duration
histogram record up to 1h (#6506) @marco-m-pix4d :link:
Removes unnecessary indexes from build events tables (#6522) @clarafu :link:
Allow @
in vars path (#6129) @xtremerui :link:
((var:"[email protected]".field))
fly pin-resource
requires a version if the resource is unpinned (#6095) @jamieklassen :link:
Fix pipeline cards being rendered off-screen when sidebar was open (#6102) @aoldershaw :link:
Fix quoting for var subkeys (#6108) @vixus0 :link:
Prevent set_pipeline runtime error (#6116) @mdb :link:
set_pipeline
of a YML pipeline configuration file with no jobs:
or resources:
no longer causes a runtime error: invalid memory address or nil pointer dereference
.Use default uid:gid if passwd file does not exist and username is "root" (#6142) @chenbh :link:
containerd
runtime will now default to uid:gid 0:0 if username is "root" but /etc/passwd
file does not existguardian
backendPreserve whitespace within build output (#6157) @clarafu :link:
Prevent retrying on worker error when build is aborted (#6197) @evanchaoli :link:
Limit configured by limit-active-tasks
is not respected and more tasks can land on a worker (#6216) @aliculPix4D :link:
Remove any existing guardian assets (#6257) @taylorsilva :link:
/var/gdn/assets
)atc: abort a rerun build if input version gone (#6265) @xtremerui :link:
set-pipeline
prompted unpause-pipeline
command should have --team
option. (#6336) @evanchaoli :link:
fly set-pipeline
where --team
option was missing in the prompted unpause-pipeline
command.Fix mount issues on containerd (#6348) @muntac :link:
/dev/shm
(shared memory) mount.Bump baggageclaim to 1.9.1 to fix deeply-nested volumes with overlay driver (#6393) @vito :link:
Ensure task
, set_pipeline
, load_var
steps have names (#6410) @taylorsilva :link:
task
, set_pipeline
, and load_var
stepsadd lock for concourse migrate to latest version cmd (#6510) @xtremerui :link:
Apply bigint migrations to build_events partitions and read from old/new columns instead (#6305) @vito :link:
build_events
table's build_id
column to bigint
, which we found to be too slow in large deployments, this PR adds a new bigint
column to the build_events
table that is populated at runtimeMigrate build_id references to bigint (#6203) @vito :link:
web
nodes may take a while to start upon upgrading.build_events
table - that is handled in #6305Update k8s-topgun for Helm v3 (#6034) @xtreme-vikram-yadav :link:
Refactor RunState to have ownership over build vars (#6082) @aoldershaw :link:
Switch back to upstream go-flags (#6096) @jamieklassen :link:
Fix fly integration tests on windows (#6099) @aoldershaw :link:
Add an example for the release note section in the pr template (#6109) @clarafu :link:
Add DeepSource config (#6110) @vito :link:
Emit start/finish metrics from check step (#6119) @vito :link:
Cleanup k8s topgun releases if failure occurs outside of It
block (#6131) @chenbh :link:
Convert a few failing TopGun tests to Testflight (#6136) @vito :link:
Use custom types for CPU/Memory limits (#6143) @aoldershaw :link:
Minor refactoring around Variables (#6152) @aoldershaw :link:
Introduce dbtest package for higher-level test setup (#6156) @vito :link:
k8s topgun: fix panic (#6167) @chenbh :link:
Rename engine/builder types, merge into engine/ package (#6174) @vito :link:
Use dot notation in instanced pipelines API (#6177) @zoetian :link:
Respect tags when fetching images, send public plans in fetching events (#6184) @vito :link:
Fix topgun/k8s tests (#6185) @xtreme-sameer-vohra :link:
Fix check container placement, and only use check sessions for pipeline resource checks (#6189) @vito :link:
Update last check end time on check failure/error (#6192) @vito :link:
Bump dex module to v0.2.0 (#6195) @xtremerui :link:
Determine across
step's max_in_flight
at runtime (#6200) @aoldershaw :link:
Fix pipeline UI non-trigger input edges showing up as trigger (#6202) @vito :link:
topgun: use busybox for http proxy... for now (#6204) @vito :link:
Fix race condition with check build creation + starting (#6205) @vito :link:
Clear build events from previous resource/resource type check (#6211) @aoldershaw :link:
fast forward release branch (#6212) @chenbh :link:
Use proper types for jobs and resources on pipeline page (#6214) @aoldershaw :link:
Acquire lock on builds
table in build_id
migrations (#6219) @aoldershaw :link:
Revert "migration: acquire lock on builds table in build_id migrations" (#6220) @aoldershaw :link:
Use proper types for jobs and resources on pipeline page (#6221) @aoldershaw :link:
Use base resource type defaults in get
/put
steps (#6224) @aoldershaw :link:
[topgun/k8s] Stop leaking namespaces in test env (#6227) @taylorsilva :link:
[release/6.7.x] use k8s/client-go v11.0 for topgun (#6232) @chenbh :link:
Check step only acquires lock for periodic pipeline resource checks (#6235) @vito :link:
Fix up test data race for build tracker (#6254) @vito :link:
Add docker-compose overrides for SAML, LDAP, OAuth, and OIDC (#6262) @chenbh :link:
fly: give more leeway for slow test (#6264) @aoldershaw :link:
[topgun] skip failing topgun/k8s test (#6287) @taylorsilva :link:
Optimize fly tests (#6299) @muntac :link:
fly intercept
falls back to sh
when bash
is missing (containerd runtime) (#6304) @aoldershaw :link:
add yarn install step to web ui instructions (#6313) @muntac :link:
Avoid recompiling fly
in tests (#6317) @vito :link:
Fix 'fly sync' Windows tests (#6320) @vito :link:
fly rename-pipeline
can rename an entire instance group (#6321) @aoldershaw :link:
Merge v6.7.2 into master [skip-migrations-check] (#6328) @vito :link:
limit-active-tasks
strategy waits for a worker to be available (#6359) @taylorsilva :link:
limit-active-tasks
, but it was broken during development. It does not impact a released version of concourseBump dex to patch an XML vulnerability (#6370) @taylorsilva :link:
Refactor worker selection to facilitate adding multiple worker runtimes (#6387) @aoldershaw :link:
Deterministic ordering of ?vars
params for instanced pipelines API (#6392) @aoldershaw :link:
build(deps): bump ini from 1.3.5 to 1.3.8 in /web/wats (#6394) @dependabot :link:
build(deps): bump ini from 1.3.5 to 1.3.8 (#6395) @dependabot :link:
Fix build finished metric for prometheus (#6401) @taylorsilva :link:
Show instance vars in set_pipeline
step header (#6409) @aoldershaw :link:
Fix archived pipeline check on the resource/job/build page for an instanced pipeline (#6414) @aoldershaw :link:
docker: add build arg for base image (#6415) @aoldershaw :link:
Fix groups with OIDC connector (#6436) @konstl000 :link:
--oidc-disable-groups
flag that disables fetching groups
claims from an upstream OIDC provider. By default, the groups
claim is fetched (as with previous version of Concourse)make it clear on oidc scopes configuration (#6443) @xtremerui :link:
Remove --force in k8s-topgun test (#6449) @xtremerui :link:
Optimize fly windows tests (#6450) @aoldershaw :link:
introduce new integration test suite (#6479) @vito :link:
Skip Vault tests in Topgun (#6481) @aoldershaw :link:
move pkged.go to cmd/concourse/ (#6482) @vito :link:
runtime: add test coverage for container.Stop() (#6483) @muntac :link:
hide "group:" dropdown suggestion in search (#6487) @aoldershaw :link:
Optimize postgres runner for db tests (#6489) @aoldershaw :link:
Ignore archived pipelines for instance group count in top bar (#6491) @aoldershaw :link:
rename OIDC skip email verified flag (#6497) @aoldershaw :link:
Back-port integration test suite (#6499) @aoldershaw :link:
worker/runtime: remove no-op device rule (#6507) @muntac :link:
Optimize check deletion (#6511) @aoldershaw :link:
Add index and mini refactor to the check lifecycle query (#6517) @clarafu :link: