Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: tektoncd/chains

Tekton Chains release v0.25.1 "v0.25.1"

19 May 19:14
@tekton-robot tekton-robot
v0.25.1
ab93ad4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.25.1 "v0.25.1" Latest
Latest

-Docs @ v0.25.1
-Examples @ v0.25.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.25.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa8cbf847acc4ce0aed8e3b794dcb0f8e20e495c9a994ca636d04b6d2680d0227

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa8cbf847acc4ce0aed8e3b794dcb0f8e20e495c9a994ca636d04b6d2680d0227
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.25.1/release.yaml
REKOR_UUID=108e9186e8c5677aa8cbf847acc4ce0aed8e3b794dcb0f8e20e495c9a994ca636d04b6d2680d0227

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.25.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Thanks

Thanks to these contributors who contributed to v0.25.1!

Extra shout-out for awesome release notes:

Contributors

savitaashture
Assets 4
Loading

Tekton Chains release v0.25.0 "v0.25.0"

13 May 15:11
@tekton-robot tekton-robot
v0.25.0
1682a36

Choose a tag to compare

View all tags
Tekton Chains release v0.25.0 "v0.25.0"

-Docs @ v0.25.0
-Examples @ v0.25.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.25.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a76acbea0b7deeb21ada0fccb6951454f25f003ffd4e70762f5c602492e43749f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a76acbea0b7deeb21ada0fccb6951454f25f003ffd4e70762f5c602492e43749f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.25.0/release.yaml
REKOR_UUID=108e9186e8c5677a76acbea0b7deeb21ada0fccb6951454f25f003ffd4e70762f5c602492e43749f

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.25.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Misc

  • πŸ”¨ Consume release pipeline images and task bundles from GHCR (#1330)

  • πŸ”¨ Bump chainguard-dev/actions from 9ba949ac63357c725a9438f3e05a1e33d313498e to 9c0be1ee0103db886d1887d114ec97f8766b7ef8 (#1349)

  • πŸ”¨ Bump the all group across 1 directory with 26 updates (#1347)

  • πŸ”¨ Bump ko-build/setup-ko from 0.8 to 0.9 (#1339)

  • πŸ”¨ Bump imjasonh/setup-ko from 0.8 to 0.9 (#1338)

  • πŸ”¨ Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#1328)

Docs

  • πŸ“– Add ghcr.io migration banner to README.md. (#1335)

Thanks

Thanks to these contributors who contributed to v0.25.0!

Extra shout-out for awesome release notes:

Contributors

twoGiants, AlanGreene, and 7 other contributors
Loading

Tekton Chains release v0.24.0 "v0.24.0"

11 Feb 15:03
@tekton-robot tekton-robot
v0.24.0
65f8d90
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.24.0 "v0.24.0"

-Docs @ v0.24.0
-Examples @ v0.24.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.24.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a78ff0273140a120730eca2b803dfc0fc1a07dfd419735c6f3a0119881c505a95

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a78ff0273140a120730eca2b803dfc0fc1a07dfd419735c6f3a0119881c505a95
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.24.0/release.yaml
REKOR_UUID=108e9186e8c5677a78ff0273140a120730eca2b803dfc0fc1a07dfd419735c6f3a0119881c505a95

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.24.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Misc

  • πŸ”¨ Update go to 1.23 and plumbing vendoring (#1284)

  • πŸ”¨ Bump the all group across 1 directory with 9 updates (#1302)

  • πŸ”¨ Bump golangci/golangci-lint-action from 6.1.0 to 6.2.0 (#1290)

  • πŸ”¨ Bump ko-build/setup-ko from 0.7 to 0.8 (#1289)

  • πŸ”¨ Bump imjasonh/setup-ko from 0.7 to 0.8 (#1288)

  • πŸ”¨ Bump the all group across 1 directory with 16 updates (#1287)

  • πŸ”¨ Bump the all group across 1 directory with 9 updates (#1271)

  • πŸ”¨ Bump the all group across 1 directory with 7 updates (#1263)

  • πŸ”¨ Bump the all group across 1 directory with 13 updates (#1257)

  • πŸ”¨ Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#1240)

Docs

  • πŸ“– Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 predicate). (#906)

Thanks

Thanks to these contributors who contributed to v0.24.0!

Extra shout-out for awesome release notes:

Contributors

afrittoli, lcarva, and 5 other contributors
Loading

Tekton Chains release v0.23.1 "v0.23.1"

21 Jan 17:10
@tekton-robot tekton-robot
v0.23.1
97f3486
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.23.1 "v0.23.1"

-Docs @ v0.23.1
-Examples @ v0.23.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.23.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677abb59fa4c082fc973d07d8056d1ef35e04aa8a6f1b25c41ff1401dfc6b7614b74

Obtain the attestation:

REKOR_UUID=108e9186e8c5677abb59fa4c082fc973d07d8056d1ef35e04aa8a6f1b25c41ff1401dfc6b7614b74
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.23.1/release.yaml
REKOR_UUID=108e9186e8c5677abb59fa4c082fc973d07d8056d1ef35e04aa8a6f1b25c41ff1401dfc6b7614b74

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.23.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

  • πŸ› [release-v0.23.x] fix nil pointer (#1249)

Thanks

Thanks to these contributors who contributed to v0.23.1!

Extra shout-out for awesome release notes:

Contributors

lcarva, savitaashture, and tekton-robot
Loading

Tekton Chains release v0.22.3 "v0.22.3"

21 Jan 02:00
@tekton-robot tekton-robot
v0.22.3
a3e2aeb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.22.3 "v0.22.3"

-Docs @ v0.22.3
-Examples @ v0.22.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82

Obtain the attestation:

REKOR_UUID=108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.3/release.yaml
REKOR_UUID=108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.3@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

  • πŸ› Fix nil-pointer references (#1286 and #1246)

Misc

  • πŸ”¨ Upgrade golang.org/x/crypto to 0.31.0 (#1269)

Thanks

Thanks to these contributors who contributed to v0.22.3!

Extra shout-out for awesome release notes:

Contributors

lcarva, jkhelil, and 2 other contributors
Loading

Tekton Chains release v0.23.0 "v0.23.0"

06 Nov 18:20
@tekton-robot tekton-robot
v0.23.0
227b311
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.23.0 "v0.23.0"

-Docs @ v0.23.0
-Examples @ v0.23.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.23.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ab986b84dbd84e8bcaeb653ee623796517fd53400ea437f6eb4623849befd0dfb

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ab986b84dbd84e8bcaeb653ee623796517fd53400ea437f6eb4623849befd0dfb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.23.0/release.yaml
REKOR_UUID=108e9186e8c5677ab986b84dbd84e8bcaeb653ee623796517fd53400ea437f6eb4623849befd0dfb

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.23.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Support mongo server url path (#1213)

Fixes

  • πŸ› Fix nil pointer dereference when taksrun is canceled (#1237)
  • πŸ› Fix mapping between Status.Steps and Status.TaskSpec.Steps (#1188)

Misc

  • πŸ”¨ Controller image is now available at ghcr.io/tektoncd/chains/controller-92006fd957c0afd31de6a40b3e33b39f

Docs

  • πŸ“– Added visual guide representing chains config options (#1183)

Thanks

Thanks to these contributors who contributed to v0.23.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, afrittoli, and 6 other contributors
Loading

Tekton Chains release v0.22.2 "v0.22.2"

27 Sep 14:47
@tekton-robot tekton-robot
v0.22.2
1390c44
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.22.2 "v0.22.2"

-Docs @ v0.22.2
-Examples @ v0.22.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a49be2ef4baa7ddffeee2ddd856775f64215023ef1e11a91ef48873740f2d8c6c

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a49be2ef4baa7ddffeee2ddd856775f64215023ef1e11a91ef48873740f2d8c6c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.2/release.yaml
REKOR_UUID=108e9186e8c5677a49be2ef4baa7ddffeee2ddd856775f64215023ef1e11a91ef48873740f2d8c6c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.2@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› Fix missing platforms in controller image 1212

Thanks

Thanks to these contributors who contributed to v0.22.2!

Extra shout-out for awesome release notes:

Contributors

lcarva
Loading

Tekton Chains release v0.22.1 "v0.22.1"

16 Sep 17:33
@tekton-robot tekton-robot
v0.22.1
f397ed6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.22.1 "v0.22.1"

-Docs @ v0.22.1
-Examples @ v0.22.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677afcb66d14b0e3bffb5169977777bdbce07d4e4f5a11265d612dfca2e7b92d70d4

Obtain the attestation:

REKOR_UUID=108e9186e8c5677afcb66d14b0e3bffb5169977777bdbce07d4e4f5a11265d612dfca2e7b92d70d4
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.1/release.yaml
REKOR_UUID=108e9186e8c5677afcb66d14b0e3bffb5169977777bdbce07d4e4f5a11265d612dfca2e7b92d70d4

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› Fix nil-pointer error when mapping Status.Steps to Status.TaskSpec.Steps (#1203)

Thanks

Thanks to these contributors who contributed to v0.22.1!

Extra shout-out for awesome release notes:

Contributors

jkhelil
Loading

Tekton Chains release v0.22.0 "v0.22.0"

19 Aug 19:52
@tekton-robot tekton-robot
v0.22.0
7fd8992
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.22.0 "v0.22.0"

-Docs @ v0.22.0
-Examples @ v0.22.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ac79d95cacbef63aabcf5ee0d85a766a74682843083420ed17a445a797f31fd9c

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ac79d95cacbef63aabcf5ee0d85a766a74682843083420ed17a445a797f31fd9c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.0/release.yaml
REKOR_UUID=108e9186e8c5677ac79d95cacbef63aabcf5ee0d85a766a74682843083420ed17a445a797f31fd9c

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.0@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • πŸ› Calculate subjects per formatter (#1132)

  • πŸ› Fix no repeated subjects for v2alpha4 pipelineruns (#1130)

  • πŸ› Fix field names in generated json statement (#1129)

Docs

  • πŸ“– Bump patch release version (#1136)

  • πŸ“– Release v0.21.0 made. (#1126)

Thanks

Thanks to these contributors who contributed to v0.22.0!

Extra shout-out for awesome release notes:

Contributors

tarilabs, lcarva, and 7 other contributors
Loading

Tekton Chains release v0.21.1 "v0.21.1"

10 Jun 15:29
@tekton-robot tekton-robot
v0.21.1
4cb5c50
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tekton Chains release v0.21.1 "v0.21.1"

-Docs @ v0.21.1
-Examples @ v0.21.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.21.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77af3a8dfba0b4149ff8cd32f3d134dd934f7ef9a8a3b1f757da722884329a5e502

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77af3a8dfba0b4149ff8cd32f3d134dd934f7ef9a8a3b1f757da722884329a5e502
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.21.1/release.yaml
REKOR_UUID=24296fb24b8ad77af3a8dfba0b4149ff8cd32f3d134dd934f7ef9a8a3b1f757da722884329a5e502

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.21.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.21.1!

Extra shout-out for awesome release notes:

Contributors

renzodavid9
Loading