Event triggering with Tekton!
-Docs @ v0.24.1 -Examples @ v0.24.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.1/interceptors.yaml
The Rekor UUID for this release is 24296fb24b8ad77a2d710a90da7f62da10b6c562208f9042953f121566a007a0bdcf2280135cae56
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a2d710a90da7f62da10b6c562208f9042953f121566a007a0bdcf2280135cae56
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.1/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.1/interceptors.yaml
REKOR_UUID=24296fb24b8ad77a2d710a90da7f62da10b6c562208f9042953f121566a007a0bdcf2280135cae56
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.24.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Thanks to these contributors who contributed to v0.24.1!
-Docs @ v0.24.0 -Examples @ v0.24.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.0/interceptors.yaml
The Rekor UUID for this release is 24296fb24b8ad77ad326130394b66644f55dcff5934aea2584561dbbc454134c61361188b50fd005
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ad326130394b66644f55dcff5934aea2584561dbbc454134c61361188b50fd005
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.0/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.24.0/interceptors.yaml
REKOR_UUID=24296fb24b8ad77ad326130394b66644f55dcff5934aea2584561dbbc454134c61361188b50fd005
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.24.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Added a Slack Interceptor
that allows you to extract fields from a slack slash command payload which are sent in the http form-data section.
Triggers now support Affinity and TopologySpreadConstraints as part of Kubernetes and Custom resource
Kubernetes API requests performed by EventListeners are now cached.
This will remove PipelineResource and it's all occurrence and also bump pipeline to 0.46.0 and add Swagger.json for Triggers with Pipelines v0.46
Remove comparing serviceaccount in tests
:hammer: Move wlynch to emeritus_approvers (#1585)
:hammer: Update pull_request_template.md (#1580)
:hammer: Upgrade Tekton Pipelines to v0.47.0 (#1590)
:hammer: Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#1581)
:hammer: Fix Error by given linters during tests (#1578)
:hammer: Adding Minimum Kubernetes version (#1560)
:hammer: Upgrading Go to 1.19 (#1554)
:hammer: Create codeql-analysis.yml (#1546)
:hammer: Add the instruction for release attestation (#1545)
:hammer: Add v0.23.0 to releases.md (#1544)
Thanks to these contributors who contributed to v0.24.0!
Extra shout-out for awesome release notes:
-Docs @ v0.23.1 -Examples @ v0.23.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.23.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.23.1/interceptors.yaml
ix a bug in CEL interceptor's marshalJSON
binding to allow marshaling of maps.
Thanks to these contributors who contributed to v0.23.1!
Extra shout-out for awesome release notes:
-Docs @ v0.23.0 -Examples @ v0.23.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.23.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.23.0/interceptors.yaml
The Rekor UUID for this release is 24296fb24b8ad77a11b8a3dc45583f50a2166834931fa90e92b29af49e99c54e95972c81c27a5e56
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a11b8a3dc45583f50a2166834931fa90e92b29af49e99c54e95972c81c27a5e56
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.23.0/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.23.0/interceptors.yaml
REKOR_UUID=24296fb24b8ad77a11b8a3dc45583f50a2166834931fa90e92b29af49e99c54e95972c81c27a5e56
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.23.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Github interceptor blocks a pull request trigger from being executed unless invoked by an owner or with a configurable comment by an owner, for example /ok_to_test
. This feature can be enabled/disabled by feature flagging it true/false
Triggers now allows creating v1 PipelineRuns, TaskRuns, Tasks, and Pipelines as well as v1beta1 CustomRuns
The GitHub Interceptor
now has the ability to add a comma delimited list of all files that have changed (added, modified or deleted) for the push
and pull_request
events. The list of changed files are added to the changed_files
property of the event payload in the top-level extensions
field
Changed TLS MinVersion to tls.VersionTLS12
in order to make Triggers run on OCP(Where FIPS enabled) as OCP uses MInTLS as 1.2 for all components
Eventlistener containers now contain the right security context to allow running with restricted pod security admission
Resource validation is skipped on deletion
:hammer: Add v0.22.2 to releases.md (#1532)
:hammer: chore: use http constants to replace numbers (#1531)
:hammer: Add v0.22.x to releases.md (#1511)
:hammer: test: use T.Setenv
to set env vars in tests (#1491)
:hammer: Update ko image to latest with Go 1.19 (#1541)
:hammer: Fix go1.19 related codegen issues (#1534)
:hammer: Remove git files from KODATA (#1533)
:hammer: Update Pipelines to v0.44 and cel-go to v0.13.0 (#1525)
Thanks to these contributors who contributed to v0.23.0!
Extra shout-out for awesome release notes:
-Docs @ v0.22.2 -Examples @ v0.22.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.2/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.2/interceptors.yaml
The Rekor UUID for this release is 24296fb24b8ad77a0f930f513e632de87b322aa71f55d0223274ba1270553b8aec75be52a95e2540
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a0f930f513e632de87b322aa71f55d0223274ba1270553b8aec75be52a95e2540
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.2/release.yaml
REKOR_UUID=24296fb24b8ad77a0f930f513e632de87b322aa71f55d0223274ba1270553b8aec75be52a95e2540
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changed TLS MinVersion to tls.VersionTLS12
in order to make Triggers run on Openshift cluster(Where FIPS enabled) as Openshift uses MInTLS as 1.2 for all components
Cloud events pipeline resource was removed from pipelines recently. Triggers E2E tests run against the main branch of pipelines and that the getting-started tutorial still uses this resource, so Triggers e2e tests have been failing.
Fixes https://github.com/advisories/GHSA-69cg-p879-7622
Thanks to these contributors who contributed to v0.22.2!
Extra shout-out for awesome release notes:
-Docs @ v0.22.1 -Examples @ v0.22.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.1/interceptors.yaml
The Rekor UUID for this release is 24296fb24b8ad77a9a5778385ae597be33104fbf5b171adcf449e023a3add7cddad9a3ce4b2ec9c6
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a9a5778385ae597be33104fbf5b171adcf449e023a3add7cddad9a3ce4b2ec9c6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.1/release.yaml
REKOR_UUID=24296fb24b8ad77a9a5778385ae597be33104fbf5b171adcf449e023a3add7cddad9a3ce4b2ec9c6
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
[release-v0.22.x] Fix the lint error given by CI (#1510)
[release-v0.22.x] Restore v1alpha1.Runs as valid resources (#1509)
Restore support for Runs
in TriggerTemplates
[release-v0.22.x] Set default Interceptor.Kind
for EventListener
TriggerGroups
(#1508)
Sets a default interceptor kind for interceptors in event listener trigger groups.
Thanks to these contributors who contributed to v0.22.1!
Extra shout-out for awesome release notes:
-Docs @ v0.22.0 -Examples @ v0.22.0
Triggers now requires Kuberentes v.123 or higher
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.0/interceptors.yaml
The Rekor UUID for this release is 24296fb24b8ad77a825172e0ac852ced908622c18666b3dbba54ae7e1934a9424b651bdd6041f9af
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77a825172e0ac852ced908622c18666b3dbba54ae7e1934a9424b651bdd6041f9af
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.22.0/release.yaml
REKOR_UUID=24296fb24b8ad77a825172e0ac852ced908622c18666b3dbba54ae7e1934a9424b651bdd6041f9af
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
The port on which the webhook server listens may be configured via the WEBHOOK_PORT environment variable.
CloudEvents sent to a Trigger will now receive a valid CloudEvent response.
Interceptor
CRD has been added which can be used to define a namespace scoped Interceptor. Use Namespaced Interceptor in kind section of Interceptors Ref in Triggers or EventListener spec.
Add eventID as input to TriggerBinding
cloudEventURI field can be used in stable APIs now.
action required: If using Kubernetes 1.22, set PodSecurity flag to true to enforce a restricted pod security level in Tekton namespaces. See https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features for more information.
E2E tests now use cos_containerd image instead of the unsupported cos image
:hammer: Update CEL version to 0.12.5 and modified functions (#1483)
:hammer: Modify e2e test scripts to support running on kind (#1476)
:hammer: Refactor interceptor main package (#1467)
:hammer: Add OpenSSF Best Practices Badge (#1458)
:hammer: Remove redundant code for chan in TLS ticker (#1460)
:hammer: Fix the Typo in Trigger Types API docs (#1456)
:hammer: Remove unused issue template (#1455)
:hammer: Bump tektoncd/pipeline to v0.41.0 (#1482)
Thanks to these contributors who contributed to v0.22.0!
Extra shout-out for awesome release notes:
-Docs @ v0.21.0 -Examples @ v0.21.0
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.21.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.21.0/interceptors.yaml
The Rekor UUID for this release is 362f8ecba72f432613304d144d86d7ab8b4bf16899268cac0fdb0ec939822bdba5d36e69d467ec46
Obtain the attestation:
REKOR_UUID=362f8ecba72f432613304d144d86d7ab8b4bf16899268cac0fdb0ec939822bdba5d36e69d467ec46
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.21.0/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.21.0/interceptors.yaml
REKOR_UUID=362f8ecba72f432613304d144d86d7ab8b4bf16899268cac0fdb0ec939822bdba5d36e69d467ec46
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.21.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Triggers Interceptor now does validation and rotation of certificates if expires
Deprecation Warning: Having both Triggers as well as Namespace-Selector in EventListener Spec is deprecated.
Remove Validation on Deleting Objects
action required Log lines formatted as JSON have the severity in "severity" (was "level"), timestamp in "timestamp" (was "ts"), and message in "message" (was "msg").
Prefer SHA256 for validation of Github payloads
Added sample examples for AzureRepo
:hammer: Remove duplicate word (#1422)
:hammer: Disable stack traces in error logs (#1423)
EventListener error logs will no longer contain a stacktrace as part of the structured log by default.
Add example support for Bitbucket Cloud
:book: Fix the link for Triggers Website config (#1366)
:book: Add v0.20.1 docs link (#1384)
:book: Update cel_expressions.md (#1395)
:book: Setting Debug level for EventListener (#1401)
:book: Update RBAC link to point to k8s docs (#1411)
:book: Update Install instructions for binding-eval tool (#1413)
:book: Fix tkn command in troubleshooting (#1425)
:book: Document that examples expect default namespace (#1426)
:book: Update installation document (#1436)
:book: Add that CloudEvents require Alpha flag (#1442)
Thanks to these contributors who contributed to v0.21.0!
Extra shout-out for awesome release notes:
-Docs @ v0.20.2 -Examples @ v0.20.2
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.2/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.2/interceptors.yaml
The Rekor UUID for this release is 362f8ecba72f4326cc085f5232c91de9c2a90c2045e93d844c967b0cea3a0ca99621d91fed618038
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326cc085f5232c91de9c2a90c2045e93d844c967b0cea3a0ca99621d91fed618038
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.2/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.2/interceptors.yaml
REKOR_UUID=362f8ecba72f4326cc085f5232c91de9c2a90c2045e93d844c967b0cea3a0ca99621d91fed618038
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.20.2@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
:bug: Add watching mechanism to watch on caBundle for core interceptor (#1398) Added watching mechanism to watch on caBundle for core interceptor
:bug: Fix http based custom interceptor connection issue (#1394)
Thanks to these contributors who contributed to v0.20.2!
Extra shout-out for awesome release notes:
-Docs @ v0.20.1 -Examples @ v0.20.1
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.1/interceptors.yaml
To upgrade from v0.19.1, run:
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.1/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.1/interceptors.yaml
The Rekor UUID for this release is 362f8ecba72f4326ee3bb3524462a97866d5433e686cde8f81b7eab724a47596f69c8d5d4f4fde47
Obtain the attestation:
REKOR_UUID=362f8ecba72f4326ee3bb3524462a97866d5433e686cde8f81b7eab724a47596f69c8d5d4f4fde47
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.1/release.yaml
INTERCEPTORS_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.20.1/interceptors.yaml
REKOR_UUID=362f8ecba72f4326ee3bb3524462a97866d5433e686cde8f81b7eab724a47596f69c8d5d4f4fde47
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.20.1@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
curl "$INTERCEPTORS_FILE" >> release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Thanks to these contributors who contributed to v0.20.1!
Extra shout-out for awesome release notes: