chore: sync to upstream v0.56.9#185
Merged
l-qing merged 38 commits intoJan 19, 2026
Merged
Conversation
Use of the value of 0 for the taskrun/pipeline timeout, which per https://github.com/tektoncd/pipeline/blob/main/docs/pipelineruns.md#configuring-a-failure-timeout for example means timeout is disabled, results in the waitTime passed to the Requeue event to be negative. This had the observed behavior of Requeue'ing immediately, and intense cycles of many reconcilations per second were observed if the TaskRun's/PipelineRun's state did not in fact change. This artificially constrained the peformance of the pipeline controller. This change makes sure the wait time passed to the Requeue is not negative. rh-pre-commit.version: 2.1.0 rh-pre-commit.check-secrets: ENABLED
fixes tektoncd#7640 In tektoncd#5565, we started stopping injected sidecars with `nop` in the same way we stop explicitly defined sidecar containers. `MakeTaskRunStatus` was updated to only include explicitly defined sidecars in the `TaskRun` status, rather than just any container in the `TaskRun` pod that doesn't start with `step-`, so while the pod is running, the injected sidecar doesn't show up in the status. However, once the pod has completed and the sidecars are stopped, if the `TaskRun`'s spec contains a sidecar, `updateStoppedSidecarStatus` will be called, and that function's logic for what containers to include in `TaskRun.Status.Sidecars` is still including everything but `step-`-prefixed containers. That should be updated to behave in the same way as `MakeTaskRunStatus`. Signed-off-by: Andrew Bayer <andrew.bayer@gmail.com>
…to ordinary task status, it cannot take effect. In fact, when cel is calculated, the expression is not replaced, and the original literal is used, such as: `"'$(tasks.a-task. status)' == 'Succeeded'"`. This commit will be ensured that the status of the referenced ordinary task is replaced before calculating the final task `when.cel`.
We have implemented imagePullBackOff as fail fast. The issue with this approach is, the node where the pod is scheduled often experiences registry rate limit. The image pull failure because of the rate limit returns the same warning (reason: Failed and message: ImagePullBackOff). The pod can potentially recover after waiting for enough time until the cap is expired. Kubernetes can then successfully pull the image and bring the pod up. Introducing a default configuration to specify cluster level timeout to allow the imagePullBackOff to retry for a given duration. Once that duration has passed, return a permanent failure. tektoncd#5987 tektoncd#7184 Signed-off-by: Priti Desai <pdesai@us.ibm.com> wait for a given duration in case of imagePullBackOff Signed-off-by: Priti Desai <pdesai@us.ibm.com>
fix tektoncd#7720 Currently, the `pipelineRef` and `pipelineSpec` are only in preview mode and not yet supported. If a user has configured this field and enabled alpha features, it might bypass validation and enter into controller logic. It is now necessary to implement relevant checks within the controller logic to clearly prompt the user, instead of causing the program to panic.
`ClusterTask` only exists in `v1beta1` and will never have a `v1` thus doesn't need to be registered in the conversion webhook. Prior to this commit, some tooling (like https://github.com/openshift/cluster-kube-apiserver-operator/) might assume there is a conversion webhook and then fail to communicate with it (because we do not register `ClusterTask` in the conversion webhook part) ; generating a lot of spam log. As a rules of thumb, if we are not registering/refering an object in `newConversionController` (in `cmd/webhook/main.go`), the `conversion` field in the CRD shouldn't be defined either. Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
`StepAction` only exists in `v1alpha1` and thus doesn't need to be registered in the conversion webhook. Prior to this commit, the webhook errors out (several times) with the following: ``` custom resource \"stepactions.tekton.dev\" isn't configured for webhook conversion ``` Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
Prior to this, when we merged StepTemplate with the Spec, we would lose the Results and Params because the merged Step would overwrite the original Step. This PR adds the Results and Params when creating the new Step so that we don't lose this information. It fixes Issue tektoncd#7754 Signed-off-by: Chitrang Patel <chitrang@google.com>
See CVE-2023-49569 (https://access.redhat.com/security/cve/cve-2023-49569) Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
Stop using archived gopkg.in/square/go-jose.v2 pkg Switch to github.com/go-jose/go-jose/v3 instead Fixes CVE-2024-28180 (cherry picked from commit c19b6e6) Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
…ipeline-related metrics, the pipeline name tag will be set to 'anonymous'. Taskrun has the same situation. This commit added some scenarios for obtaining pipeline or task names. When the pipeline or task name cannot be determined accurately, the value is obtained through the corresponding label.
Prior to this, when identifying whether a Task used a workspace, we limited the check to command, args and scripts in steps, stepTemplates and sidecars. However, the workspace path could also be used as a param to a StepAction or env cariables in steps and sidecars and also workingDirs. This PR fixes that. Fixes tektoncd#8008.
This ensure that we are not going to fail during validation with dry-run. An example of such a failure would be the following scenario. - A task in a namespace has `ownerReferences` with `blockOwnerDeletion: true` - A user uses the `cluster` resolver to fetch that task - That user doesn't have a lot of rights in that namespace (only listing Tasks for example). /kind bug Signed-off-by: Vincent Demeester <vdemeest@redhat.com> (cherry picked from commit d3b18ea) (cherry picked from commit a89b964)
Before this change, it was possible for a PipelineRun to exist which would cause the controller to crashloop.
This will add a check to skip the validation of normal params while doing the validation for matrix task result ref as params
Given a matrix run of a TaskRun with cardinality of 1, the result from it will not be converted to an array but kept as a string, i.e. as if the TaskRun was not configured to run with matrix. This causes issues for consumers of the TaskRun's results as they will be configured to consume array results. As a result making the passed value equal to expression value instead. Resolves: tektoncd#8157
… in production code. It is used for unit-tests only. This might mess up the injection code and which code is executed when for metrics. Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
Today this is done after the Pod is handled. If Pod deletion fails for some reason, the steps are not updated. Tekton only makes one attempt to delete the Pod to try and avoid that it keeps running even if the TaskRun failed. If this deletion fails for whatever reason, Tekton should still update the TaskRun status to mark the steps as failed, as they are failed from Tekton POV. Fixes: tektoncd#8293 Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
Prior to this fix, when one would use isolated workspaces (per step workspace) in a `Task` *and* a `stepTemplate`, the isolated workspace would be ignored and thus mounted in all steps instead. This is now fixed by ensuring we do not loose the `Workspaces` definition from a `Step` when we merge it with a `StepTemplate`. Signed-off-by: Vincent Demeester <vdemeest@redhat.com> (cherry picked from commit 81b4fbf)
… as we switch to ghcr.io, we need those to be updated to work as they are referered during releases. Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
Presently if one of the task in pipeline is consuming result from the previous task but the previous failed to produce the result then pipeline fails without running the finally tasks. These changes handles tasks which got failed in the validation step. Signed-off-by: divyansh42 <diagrawa@redhat.com>
Signed-off-by: divyansh42 <diagrawa@redhat.com>
Signed-off-by divyansh42 <diagrawa@redhat.com>
Signed-off-by: divyansh42 <diagrawa@redhat.com>
Signed-off-by: divyansh42 <diagrawa@redhat.com>
This commit backports the e2e workflows from the mani branch as we move from prow jobs to these. Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
l-qing
force-pushed
the
chore/sync-to-origin-release-v0.56.9
branch
from
a6c28ab to
f0e098a
Compare
Author
社区的 e2e 因为拉我们的内部基础镜像导致了失败。 |
…-to-origin-release-v0.56.9
- Resolve go.mod merge conflicts after syncing from github/release-v0.56.x - Update containerd from v1.7.27 to v1.7.29 - Update golang.org/x/oauth2 from v0.16.0 to v0.30.0 - Update cloud.google.com/go/compute/metadata from v0.2.3 to v0.3.0 - Update github.com/ProtonMail/go-crypto to v1.1.5 - Update github.com/go-jose/go-jose/v3 to v3.0.4 - Update github.com/cloudflare/circl to v1.6.1 - Update github.com/skeema/knownhosts to v1.3.1 - Sync vendor directory with updated dependencies
fix tektoncd#8464 If the matrix Task has no TaskRun to execute, the `ResolvedTask` will be nil, we should skip the validation.
- Upgrade golang.org/x/oauth2 from v0.16.0 to v0.27.0 - Remove unused google.golang.org/appengine dependency
- Add nil check for ResolvedTask and TaskSpec before accessing them - Fix early return logic: use 'continue' instead of 'return nil' to validate all params - Move invalid param syntax test case to valid test cases - Improve test error message formatting This fixes a potential panic when validating enum subset for matrix tasks that have no TaskRun or TaskSpec, and ensures all parameters are properly validated instead of stopping at the first non-string or non-enum param.
l-qing
force-pushed
the
chore/sync-to-origin-release-v0.56.9
branch
from
f0e098a to
654508f
Compare
Cannot pull internal images on GitHub Actions, disabling the Tekton integration workflow for now.
Author
目标分支未扫描过,所以这个 task 失败了。 |
danielfbm
approved these changes
Jan 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes