From fa872802a59c52b416e6b3fce8bc0dbfed3adea9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:15:28 +0000 Subject: [PATCH] Bump github.com/tektoncd/pipeline from 0.61.1 to 0.62.0 Bumps [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) from 0.61.1 to 0.62.0. - [Release notes](https://github.com/tektoncd/pipeline/releases) - [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md) - [Commits](https://github.com/tektoncd/pipeline/compare/v0.61.1...v0.62.0) --- updated-dependencies: - dependency-name: github.com/tektoncd/pipeline dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 10 +- go.sum | 12 +- vendor/github.com/go-logr/logr/README.md | 1 + .../github.com/klauspost/compress/README.md | 6 + .../github.com/klauspost/compress/SECURITY.md | 2 +- .../klauspost/compress/zstd/enc_base.go | 1 + .../klauspost/compress/zstd/enc_dfast.go | 2 +- .../klauspost/compress/zstd/enc_fast.go | 11 +- .../internal/artifactref/artifactref.go | 17 ++- .../pipeline/pkg/apis/config/feature_flags.go | 20 +++- .../pipeline/pkg/apis/pipeline/paths.go | 2 + .../pkg/apis/pipeline/v1/artifact_types.go | 107 +++++++++++++++++- .../pkg/apis/pipeline/v1/container_types.go | 39 +++++++ .../pipeline/pkg/apis/pipeline/v1/merge.go | 2 +- .../pkg/apis/pipeline/v1/openapi_generated.go | 72 ++++++++++-- .../apis/pipeline/v1/pipeline_validation.go | 54 +++++++-- .../pipeline/v1/pipelinerun_validation.go | 33 +++++- .../pkg/apis/pipeline/v1/swagger.json | 34 +++++- .../pkg/apis/pipeline/v1/task_validation.go | 42 +++++-- .../pkg/apis/pipeline/v1/taskrun_types.go | 6 + .../apis/pipeline/v1/taskrun_validation.go | 41 ++++++- .../pkg/apis/pipeline/v1/when_types.go | 2 + .../pkg/apis/pipeline/v1/when_validation.go | 2 +- .../apis/pipeline/v1/zz_generated.deepcopy.go | 18 +++ .../apis/pipeline/v1beta1/artifact_types.go | 8 +- .../pipeline/v1beta1/container_conversion.go | 10 ++ .../apis/pipeline/v1beta1/container_types.go | 37 ++++++ .../pkg/apis/pipeline/v1beta1/merge.go | 2 +- .../pipeline/v1beta1/openapi_generated.go | 43 ++++++- .../pipeline/v1beta1/pipeline_validation.go | 47 +++++++- .../v1beta1/pipelinerun_validation.go | 33 +++++- .../pkg/apis/pipeline/v1beta1/swagger.json | 21 +++- .../apis/pipeline/v1beta1/task_conversion.go | 2 +- .../apis/pipeline/v1beta1/task_validation.go | 43 +++++-- .../pipeline/v1beta1/taskrun_conversion.go | 11 ++ .../apis/pipeline/v1beta1/taskrun_types.go | 1 + .../pipeline/v1beta1/taskrun_validation.go | 41 ++++++- .../pkg/apis/pipeline/v1beta1/when_types.go | 2 + .../apis/pipeline/v1beta1/when_validation.go | 2 +- .../pipeline/v1beta1/zz_generated.deepcopy.go | 17 +++ .../tektoncd/pipeline/pkg/result/result.go | 7 +- vendor/modules.txt | 10 +- 42 files changed, 767 insertions(+), 106 deletions(-) diff --git a/go.mod b/go.mod index 97de5b1d..346540e7 100644 --- a/go.mod +++ b/go.mod @@ -12,15 +12,15 @@ require ( github.com/pkg/errors v0.9.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 - github.com/tektoncd/pipeline v0.61.1 + github.com/tektoncd/pipeline v0.62.0 github.com/tektoncd/plumbing v0.0.0-20221005220331-b2ddcdddc5e7 go.uber.org/zap v1.27.0 gomodules.xyz/jsonpatch/v2 v2.4.0 gotest.tools/v3 v3.5.1 k8s.io/api v0.29.6 - k8s.io/apimachinery v0.29.6 + k8s.io/apimachinery v0.29.7 k8s.io/client-go v0.29.6 - k8s.io/code-generator v0.29.6 + k8s.io/code-generator v0.29.7 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 k8s.io/utils v0.0.0-20240102154912-e7106e64919e knative.dev/pkg v0.0.0-20240416145024-0f34a8815650 @@ -47,7 +47,7 @@ require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect @@ -66,7 +66,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect - github.com/klauspost/compress v1.16.6 // indirect + github.com/klauspost/compress v1.16.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect diff --git a/go.sum b/go.sum index 0209176b..17fdc402 100644 --- a/go.sum +++ b/go.sum @@ -330,8 +330,8 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -551,8 +551,8 @@ github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk= -github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= +github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -858,8 +858,8 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tektoncd/pipeline v0.61.1 h1:FB4zh6YmLshFUJ0AigJVLN8RMuVfBxuQvhqZk5ngyI8= -github.com/tektoncd/pipeline v0.61.1/go.mod h1:m2zG2B124Gh7/VB4G3+NGSyyzy0q5ceNyLUqIz0cIyQ= +github.com/tektoncd/pipeline v0.62.0 h1:9qAE2ewb3X/3187e1YdrAirrsaqkQwl1u+bzp306UfM= +github.com/tektoncd/pipeline v0.62.0/go.mod h1:cYPH4n3X8t39arNMhgyU7swyv3hVeWToz1yYDRzTLT8= github.com/tektoncd/plumbing v0.0.0-20221005220331-b2ddcdddc5e7 h1:N9npo779eqTDXEjqcwVkwdS9rhHe+dkcfzhKp97zJfs= github.com/tektoncd/plumbing v0.0.0-20221005220331-b2ddcdddc5e7/go.mod h1:uJBaI0AL/kjPThiMYZcWRujEz7D401v643d6s/21GAg= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md index 8969526a..7c7f0c69 100644 --- a/vendor/github.com/go-logr/logr/README.md +++ b/vendor/github.com/go-logr/logr/README.md @@ -1,6 +1,7 @@ # A minimal logging API for Go [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr) +[![Go Report Card](https://goreportcard.com/badge/github.com/go-logr/logr)](https://goreportcard.com/report/github.com/go-logr/logr) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr) logr offers an(other) opinion on how Go programs and libraries can do logging diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md index f710a34e..4002a16a 100644 --- a/vendor/github.com/klauspost/compress/README.md +++ b/vendor/github.com/klauspost/compress/README.md @@ -16,6 +16,12 @@ This package provides various compression algorithms. # changelog +* June 13, 2023 - [v1.16.6](https://github.com/klauspost/compress/releases/tag/v1.16.6) + * zstd: correctly ignore WithEncoderPadding(1) by @ianlancetaylor in https://github.com/klauspost/compress/pull/806 + * zstd: Add amd64 match length assembly https://github.com/klauspost/compress/pull/824 + * gzhttp: Handle informational headers by @rtribotte in https://github.com/klauspost/compress/pull/815 + * s2: Improve Better compression slightly https://github.com/klauspost/compress/pull/663 + * Apr 16, 2023 - [v1.16.5](https://github.com/klauspost/compress/releases/tag/v1.16.5) * zstd: readByte needs to use io.ReadFull by @jnoxon in https://github.com/klauspost/compress/pull/802 * gzip: Fix WriterTo after initial read https://github.com/klauspost/compress/pull/804 diff --git a/vendor/github.com/klauspost/compress/SECURITY.md b/vendor/github.com/klauspost/compress/SECURITY.md index 23a43387..ca6685e2 100644 --- a/vendor/github.com/klauspost/compress/SECURITY.md +++ b/vendor/github.com/klauspost/compress/SECURITY.md @@ -20,6 +20,6 @@ Vulnerabilities resulting from compiler/assembler errors should be reported upst If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. -Please disclose it at [security advisory](https://github.com/klaupost/compress/security/advisories/new). If possible please provide a minimal reproducer. If the issue only applies to a single platform, it would be helpful to provide access to that. +Please disclose it at [security advisory](https://github.com/klauspost/compress/security/advisories/new). If possible please provide a minimal reproducer. If the issue only applies to a single platform, it would be helpful to provide access to that. This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base. diff --git a/vendor/github.com/klauspost/compress/zstd/enc_base.go b/vendor/github.com/klauspost/compress/zstd/enc_base.go index e008b992..5ca46038 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_base.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_base.go @@ -144,6 +144,7 @@ func (e *fastBase) resetBase(d *dict, singleBlock bool) { } else { e.crc.Reset() } + e.blk.dictLitEnc = nil if d != nil { low := e.lowMem if singleBlock { diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go index 7d425109..a154c18f 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go @@ -1084,7 +1084,7 @@ func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) { } } e.lastDictID = d.id - e.allDirty = true + allDirty = true } // Reset table to initial state e.cur = e.maxMatchOff diff --git a/vendor/github.com/klauspost/compress/zstd/enc_fast.go b/vendor/github.com/klauspost/compress/zstd/enc_fast.go index cbc626ee..f45a3da7 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_fast.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go @@ -829,13 +829,12 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) { } if true { end := e.maxMatchOff + int32(len(d.content)) - 8 - for i := e.maxMatchOff; i < end; i += 3 { + for i := e.maxMatchOff; i < end; i += 2 { const hashLog = tableBits cv := load6432(d.content, i-e.maxMatchOff) - nextHash := hashLen(cv, hashLog, tableFastHashLen) // 0 -> 5 - nextHash1 := hashLen(cv>>8, hashLog, tableFastHashLen) // 1 -> 6 - nextHash2 := hashLen(cv>>16, hashLog, tableFastHashLen) // 2 -> 7 + nextHash := hashLen(cv, hashLog, tableFastHashLen) // 0 -> 6 + nextHash1 := hashLen(cv>>8, hashLog, tableFastHashLen) // 1 -> 7 e.dictTable[nextHash] = tableEntry{ val: uint32(cv), offset: i, @@ -844,10 +843,6 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) { val: uint32(cv >> 8), offset: i + 1, } - e.dictTable[nextHash2] = tableEntry{ - val: uint32(cv >> 16), - offset: i + 2, - } } } e.lastDictID = d.id diff --git a/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go b/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go index b5a46a73..cd8e1162 100644 --- a/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go +++ b/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go @@ -2,10 +2,17 @@ package artifactref import "regexp" -// case 1: steps..inputs -// case 2: steps..outputs -// case 3: steps..inputs. -// case 4: steps..outputs. -const stepArtifactUsagePattern = `\$\(steps\.([^.]+)\.(?:inputs|outputs)(?:\.([^.^\)]+))?\)` +// case 1: steps..inputs. +// case 2: steps..outputs. +const stepArtifactUsagePattern = `\$\(steps\.([^.]+)\.(?:inputs|outputs)\.([^.)]+)\)` + +// case 1: tasks..inputs. +// case 2: tasks..outputs. +const taskArtifactUsagePattern = `\$\(tasks\.([^.]+)\.(?:inputs|outputs)\.([^.)]+)\)` + +const StepArtifactPathPattern = `step.artifacts.path` + +const TaskArtifactPathPattern = `artifacts.path` var StepArtifactRegex = regexp.MustCompile(stepArtifactUsagePattern) +var TaskArtifactRegex = regexp.MustCompile(taskArtifactUsagePattern) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go index 6d0541b8..d0db6205 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go @@ -108,6 +108,10 @@ const ( EnableParamEnum = "enable-param-enum" // EnableConciseResolverSyntax is the flag to enable concise resolver syntax EnableConciseResolverSyntax = "enable-concise-resolver-syntax" + // EnableKubernetesSidecar is the flag to enable kubernetes sidecar support + EnableKubernetesSidecar = "enable-kubernetes-sidecar" + // DefaultEnableKubernetesSidecar is the default value for EnableKubernetesSidecar + DefaultEnableKubernetesSidecar = false // DisableInlineSpec is the flag to disable embedded spec // in Taskrun or Pipelinerun @@ -185,12 +189,12 @@ type FeatureFlags struct { RunningInEnvWithInjectedSidecars bool RequireGitSSHSecretKnownHosts bool // EnableTektonOCIBundles bool // Deprecated: this is now ignored - ScopeWhenExpressionsToTask bool - EnableAPIFields string - SendCloudEventsForRuns bool - AwaitSidecarReadiness bool - EnforceNonfalsifiability string - EnableKeepPodOnCancel bool + // ScopeWhenExpressionsToTask bool // Deprecated: this is now ignored + EnableAPIFields string + SendCloudEventsForRuns bool + AwaitSidecarReadiness bool + EnforceNonfalsifiability string + EnableKeepPodOnCancel bool // VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" // VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. // ignore: skip trusted resources verification when no matching verification policies found @@ -208,6 +212,7 @@ type FeatureFlags struct { EnableArtifacts bool DisableInlineSpec string EnableConciseResolverSyntax bool + EnableKubernetesSidecar bool } // GetFeatureFlagsConfigName returns the name of the configmap containing all @@ -312,6 +317,9 @@ func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) { if err := setPerFeatureFlag(EnableConciseResolverSyntax, DefaultEnableConciseResolverSyntax, &tc.EnableConciseResolverSyntax); err != nil { return nil, err } + if err := setFeature(EnableKubernetesSidecar, DefaultEnableKubernetesSidecar, &tc.EnableKubernetesSidecar); err != nil { + return nil, err + } return &tc, nil } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go index fb2b3bcf..efb28ea9 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go @@ -30,4 +30,6 @@ const ( StepsDir = "/tekton/steps" ScriptDir = "/tekton/scripts" + + ArtifactsDir = "/tekton/artifacts" ) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go index 07e43ebe..21a0d8fc 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go @@ -1,13 +1,37 @@ +/* +Copyright 2024 The Tekton Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package v1 +import ( + "github.com/google/go-cmp/cmp" +) + // Algorithm Standard cryptographic hash algorithm type Algorithm string // Artifact represents an artifact within a system, potentially containing multiple values // associated with it. type Artifact struct { - Name string `json:"name,omitempty"` // The artifact's identifying category name - Values []ArtifactValue `json:"values,omitempty"` // A collection of values related to the artifact + // The artifact's identifying category name + Name string `json:"name,omitempty"` + // A collection of values related to the artifact + Values []ArtifactValue `json:"values,omitempty"` + // Indicate if the artifact is a build output or a by-product + BuildOutput bool `json:"buildOutput,omitempty"` } // ArtifactValue represents a specific value or data element within an Artifact. @@ -27,3 +51,82 @@ type Artifacts struct { Inputs []Artifact `json:"inputs,omitempty"` Outputs []Artifact `json:"outputs,omitempty"` } + +func (a *Artifacts) Merge(another Artifacts) { + inputMap := make(map[string][]ArtifactValue) + var newInputs []Artifact + + for _, v := range a.Inputs { + inputMap[v.Name] = v.Values + } + + for _, v := range another.Inputs { + _, ok := inputMap[v.Name] + if !ok { + inputMap[v.Name] = []ArtifactValue{} + } + for _, vv := range v.Values { + exists := false + for _, av := range inputMap[v.Name] { + if cmp.Equal(vv, av) { + exists = true + break + } + } + if !exists { + inputMap[v.Name] = append(inputMap[v.Name], vv) + } + } + } + + for k, v := range inputMap { + newInputs = append(newInputs, Artifact{ + Name: k, + Values: v, + }) + } + + outputMap := make(map[string]Artifact) + var newOutputs []Artifact + for _, v := range a.Outputs { + outputMap[v.Name] = v + } + + for _, v := range another.Outputs { + _, ok := outputMap[v.Name] + if !ok { + outputMap[v.Name] = Artifact{Name: v.Name, Values: []ArtifactValue{}, BuildOutput: v.BuildOutput} + } + // only update buildOutput to true. + // Do not convert to false if it was true before. + if v.BuildOutput { + art := outputMap[v.Name] + art.BuildOutput = v.BuildOutput + outputMap[v.Name] = art + } + for _, vv := range v.Values { + exists := false + for _, av := range outputMap[v.Name].Values { + if cmp.Equal(vv, av) { + exists = true + break + } + } + if !exists { + art := outputMap[v.Name] + art.Values = append(art.Values, vv) + outputMap[v.Name] = art + } + } + } + + for _, v := range outputMap { + newOutputs = append(newOutputs, Artifact{ + Name: v.Name, + Values: v.Values, + BuildOutput: v.BuildOutput, + }) + } + a.Inputs = newInputs + a.Outputs = newOutputs +} diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go index 9f0c48ae..2dc4a898 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go @@ -152,6 +152,10 @@ type Step struct { // +optional // +listType=atomic Results []StepResult `json:"results,omitempty"` + + // When is a list of when expressions that need to be true for the task to run + // +optional + When StepWhenExpressions `json:"when,omitempty"` } // Ref can be used to refer to a specific instance of a StepAction. @@ -539,10 +543,43 @@ type Sidecar struct { // +optional // +listType=atomic Workspaces []WorkspaceUsage `json:"workspaces,omitempty"` + + // RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an + // initContainer and must have it's policy set to "Always". It is currently + // left optional to help support Kubernetes versions prior to 1.29 when this feature + // was introduced. + // +optional + RestartPolicy *corev1.ContainerRestartPolicy `json:"restartPolicy,omitempty"` } // ToK8sContainer converts the Sidecar to a Kubernetes Container struct func (s *Sidecar) ToK8sContainer() *corev1.Container { + if s.RestartPolicy == nil { + return &corev1.Container{ + Name: s.Name, + Image: s.Image, + Command: s.Command, + Args: s.Args, + WorkingDir: s.WorkingDir, + Ports: s.Ports, + EnvFrom: s.EnvFrom, + Env: s.Env, + Resources: s.ComputeResources, + VolumeMounts: s.VolumeMounts, + VolumeDevices: s.VolumeDevices, + LivenessProbe: s.LivenessProbe, + ReadinessProbe: s.ReadinessProbe, + StartupProbe: s.StartupProbe, + Lifecycle: s.Lifecycle, + TerminationMessagePath: s.TerminationMessagePath, + TerminationMessagePolicy: s.TerminationMessagePolicy, + ImagePullPolicy: s.ImagePullPolicy, + SecurityContext: s.SecurityContext, + Stdin: s.Stdin, + StdinOnce: s.StdinOnce, + TTY: s.TTY, + } + } return &corev1.Container{ Name: s.Name, Image: s.Image, @@ -557,6 +594,7 @@ func (s *Sidecar) ToK8sContainer() *corev1.Container { VolumeDevices: s.VolumeDevices, LivenessProbe: s.LivenessProbe, ReadinessProbe: s.ReadinessProbe, + RestartPolicy: s.RestartPolicy, StartupProbe: s.StartupProbe, Lifecycle: s.Lifecycle, TerminationMessagePath: s.TerminationMessagePath, @@ -593,6 +631,7 @@ func (s *Sidecar) SetContainerFields(c corev1.Container) { s.Stdin = c.Stdin s.StdinOnce = c.StdinOnce s.TTY = c.TTY + s.RestartPolicy = c.RestartPolicy } // GetVarSubstitutionExpressions walks all the places a substitution reference can be used diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go index 296eaf4b..df413a54 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go @@ -65,7 +65,7 @@ func MergeStepsWithStepTemplate(template *StepTemplate, steps []Step) ([]Step, e amendConflictingContainerFields(&merged, s) // Pass through original step Script, for later conversion. - newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig, Results: s.Results, Params: s.Params, Ref: s.Ref} + newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig, Results: s.Results, Params: s.Params, Ref: s.Ref, When: s.When} newStep.SetContainerFields(merged) steps[i] = newStep } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go index 82896087..42bf6748 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go @@ -395,13 +395,14 @@ func schema_pkg_apis_pipeline_v1_Artifact(ref common.ReferenceCallback) common.O Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "The artifact's identifying category name", + Type: []string{"string"}, + Format: "", }, }, "values": { SchemaProps: spec.SchemaProps{ - Description: "The artifact's identifying category name", + Description: "A collection of values related to the artifact", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -413,6 +414,13 @@ func schema_pkg_apis_pipeline_v1_Artifact(ref common.ReferenceCallback) common.O }, }, }, + "buildOutput": { + SchemaProps: spec.SchemaProps{ + Description: "Indicate if the artifact is a build output or a by-product", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, @@ -2745,6 +2753,13 @@ func schema_pkg_apis_pipeline_v1_Sidecar(ref common.ReferenceCallback) common.Op }, }, }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"name"}, }, @@ -3122,12 +3137,26 @@ func schema_pkg_apis_pipeline_v1_Step(ref common.ReferenceCallback) common.OpenA }, }, }, + "when": { + SchemaProps: spec.SchemaProps{ + Description: "When is a list of when expressions that need to be true for the task to run", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WhenExpression"), + }, + }, + }, + }, + }, }, Required: []string{"name"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WorkspaceUsage", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WhenExpression", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WorkspaceUsage", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -3260,6 +3289,11 @@ func schema_pkg_apis_pipeline_v1_StepState(ref common.ReferenceCallback) common. }, }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance"), + }, + }, "terminationReason": { SchemaProps: spec.SchemaProps{ Type: []string{"string"}, @@ -3296,7 +3330,7 @@ func schema_pkg_apis_pipeline_v1_StepState(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, } } @@ -4172,6 +4206,18 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatus(ref common.ReferenceCallback) com }, }, }, + "artifacts": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Artifacts are the list of artifacts written out by the task's containers", + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts"), + }, + }, "sidecars": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -4224,7 +4270,7 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, } } @@ -4312,6 +4358,18 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatusFields(ref common.ReferenceCallbac }, }, }, + "artifacts": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Artifacts are the list of artifacts written out by the task's containers", + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts"), + }, + }, "sidecars": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -4364,7 +4422,7 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatusFields(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go index 43e56d10..c17293a0 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go @@ -22,6 +22,7 @@ import ( "slices" "strings" + "github.com/tektoncd/pipeline/internal/artifactref" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" @@ -89,6 +90,7 @@ func (ps *PipelineSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateTasksAndFinallySection(ps)) errs = errs.Also(validateFinalTasks(ps.Tasks, ps.Finally)) errs = errs.Also(validateWhenExpressions(ctx, ps.Tasks, ps.Finally)) + errs = errs.Also(validateArtifactReference(ctx, ps.Tasks, ps.Finally)) errs = errs.Also(validateMatrix(ctx, ps.Tasks).ViaField("tasks")) errs = errs.Also(validateMatrix(ctx, ps.Finally).ViaField("finally")) return errs @@ -190,7 +192,7 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { } if pt.OnError != "" { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.AlphaAPIFields)) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.BetaAPIFields)) if pt.OnError != PipelineTaskContinue && pt.OnError != PipelineTaskStopAndFail { errs = errs.Also(apis.ErrInvalidValue(pt.OnError, "OnError", "PipelineTask OnError must be either \"continue\" or \"stopAndFail\"")) } @@ -511,9 +513,13 @@ func (pt *PipelineTask) GetVarSubstitutionExpressions() []string { return allExpressions } +// containsExecutionStatusRef checks if a specified param has a reference to execution status or reason +// $(tasks..status), $(tasks.status), or $(tasks..reason) func containsExecutionStatusRef(p string) bool { - if strings.HasPrefix(p, "tasks.") && strings.HasSuffix(p, ".status") { - return true + if strings.HasPrefix(p, "tasks.") { + if strings.HasSuffix(p, ".status") || strings.HasSuffix(p, ".reason") { + return true + } } return false } @@ -587,7 +593,7 @@ func containsExecutionStatusReferences(expressions []string) bool { if !LooksLikeContainsResultRefs(expressions) { for _, e := range expressions { // check if it contains context variable accessing execution status - $(tasks.taskname.status) - // or an aggregate status - $(tasks.status) + // or an aggregate status - $(tasks.status) or reason - $(tasks.taskname.reason) if containsExecutionStatusRef(e) { return true } @@ -604,10 +610,17 @@ func validateExecutionStatusVariablesExpressions(expressions []string, ptNames s if expression == PipelineTasksAggregateStatus { continue } - // check if it contains context variable accessing execution status - $(tasks.taskname.status) + // check if it contains context variable accessing execution status - $(tasks.taskname.status) | $(tasks.taskname.reason) if containsExecutionStatusRef(expression) { - // strip tasks. and .status from tasks.taskname.status to further verify task name - pt := strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + var pt string + if strings.HasSuffix(expression, ".status") { + // strip tasks. and .status from tasks.taskname.status to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + } + if strings.HasSuffix(expression, ".reason") { + // strip tasks. and .reason from tasks.taskname.reason to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".reason") + } // report an error if the task name does not exist in the list of dag tasks if !ptNames.Has(pt) { errs = errs.Also(apis.ErrInvalidValue(fmt.Sprintf("pipeline task %s is not defined in the pipeline", pt), fieldPath)) @@ -615,6 +628,7 @@ func validateExecutionStatusVariablesExpressions(expressions []string, ptNames s } } } + return errs } @@ -810,6 +824,10 @@ func findAndValidateResultRefsForMatrix(tasks []PipelineTask, taskMapping map[st func validateMatrixedPipelineTaskConsumed(expressions []string, taskMapping map[string]PipelineTask) (resultRefs []*ResultRef, errs *apis.FieldError) { var filteredExpressions []string for _, expression := range expressions { + // if it is not matrix result ref expression, skip + if !resultref.LooksLikeResultRef(expression) { + continue + } // ie. "tasks..results.[*]" subExpressions := strings.Split(expression, ".") pipelineTask := subExpressions[1] // pipelineTaskName @@ -882,6 +900,28 @@ func validateStringResults(results []TaskResult, resultName string) (errs *apis. return errs } +// validateArtifactReference ensure that the feature flag enableArtifacts is set to true when using artifacts +func validateArtifactReference(ctx context.Context, tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { + if config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + return errs + } + for i, t := range tasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("tasks", i)) + } + } + } + for i, t := range finalTasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("finally", i)) + } + } + } + return errs +} + // GetIndexingReferencesToArrayParams returns all strings referencing indices of PipelineRun array parameters // from parameters, workspaces, and when expressions defined in the Pipeline's Tasks and Finally Tasks. // For example, if a Task in the Pipeline has a parameter with a value "$(params.array-param-name[1])", diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go index d45b00ab..16330aa2 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go @@ -27,6 +27,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/apis" "knative.dev/pkg/webhook/resourcesemantics" @@ -55,6 +56,9 @@ func (pr *PipelineRun) Validate(ctx context.Context) *apis.FieldError { // Validate pipelinerun spec func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ps.ValidateUpdate(ctx)) + // Must have exactly one of pipelineRef and pipelineSpec. if ps.PipelineRef == nil && ps.PipelineSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("pipelineRef", "pipelineSpec")) @@ -124,6 +128,31 @@ func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) return errs } +// ValidateUpdate validates the update of a PipelineRunSpec +func (ps *PipelineRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*PipelineRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. Otherwise, only the status field can be modified. + tips := "Once the PipelineRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ps.Status + tips = "Once the PipelineRun has started, only status updates are allowed" + } + if !equality.Semantic.DeepEqual(old, ps) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + func (ps *PipelineRunSpec) validatePipelineRunParameters(ctx context.Context) (errs *apis.FieldError) { if len(ps.Params) == 0 { return errs @@ -286,11 +315,11 @@ func (ps *PipelineRunSpec) validatePipelineTimeout(timeout time.Duration, errorM func validateTaskRunSpec(ctx context.Context, trs PipelineTaskRunSpec) (errs *apis.FieldError) { if trs.StepSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.AlphaAPIFields).ViaField("stepSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.BetaAPIFields).ViaField("stepSpecs")) errs = errs.Also(validateStepSpecs(trs.StepSpecs).ViaField("stepSpecs")) } if trs.SidecarSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.AlphaAPIFields).ViaField("sidecarSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.BetaAPIFields).ViaField("sidecarSpecs")) errs = errs.Also(validateSidecarSpecs(trs.SidecarSpecs).ViaField("sidecarSpecs")) } if trs.ComputeResources != nil { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json index be288cc9..584220d0 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json @@ -155,11 +155,16 @@ "description": "TaskRunStepArtifact represents an artifact produced or used by a step within a task run. It directly uses the Artifact type for its structure.", "type": "object", "properties": { + "buildOutput": { + "description": "Indicate if the artifact is a build output or a by-product", + "type": "boolean" + }, "name": { + "description": "The artifact's identifying category name", "type": "string" }, "values": { - "description": "The artifact's identifying category name", + "description": "A collection of values related to the artifact", "type": "array", "items": { "default": {}, @@ -1325,6 +1330,10 @@ "description": "Periodic probe of Sidecar service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "$ref": "#/definitions/v1.Probe" }, + "restartPolicy": { + "description": "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + "type": "string" + }, "script": { "description": "Script is the contents of an executable file to execute.\n\nIf Script is not empty, the Step cannot have an Command or Args.", "type": "string" @@ -1581,6 +1590,14 @@ "x-kubernetes-patch-merge-key": "mountPath", "x-kubernetes-patch-strategy": "merge" }, + "when": { + "description": "When is a list of when expressions that need to be true for the task to run", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/v1.WhenExpression" + } + }, "workingDir": { "description": "Step's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" @@ -1663,6 +1680,9 @@ "$ref": "#/definitions/v1.Artifact" } }, + "provenance": { + "$ref": "#/definitions/v1.Provenance" + }, "results": { "type": "array", "items": { @@ -2103,6 +2123,12 @@ "default": "" } }, + "artifacts": { + "description": "Artifacts are the list of artifacts written out by the task's containers", + "default": {}, + "$ref": "#/definitions/v1.Artifacts", + "x-kubernetes-list-type": "atomic" + }, "completionTime": { "description": "CompletionTime is the time the build completed.", "$ref": "#/definitions/v1.Time" @@ -2192,6 +2218,12 @@ "podName" ], "properties": { + "artifacts": { + "description": "Artifacts are the list of artifacts written out by the task's containers", + "default": {}, + "$ref": "#/definitions/v1.Artifacts", + "x-kubernetes-list-type": "atomic" + }, "completionTime": { "description": "CompletionTime is the time the build completed.", "$ref": "#/definitions/v1.Time" diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go index 95708574..4232d295 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go @@ -260,6 +260,9 @@ func validateSteps(ctx context.Context, steps []Step) (errs *apis.FieldError) { errs = errs.Also(ValidateStepResultsVariables(ctx, s.Results, s.Script).ViaIndex(idx)) errs = errs.Also(ValidateStepResults(ctx, s.Results).ViaIndex(idx).ViaField("results")) } + if len(s.When) > 0 { + errs = errs.Also(s.When.validate(ctx).ViaIndex(idx)) + } } return errs } @@ -312,7 +315,10 @@ func errorIfStepResultReferenceinField(value, fieldName string) (errs *apis.Fiel } func stepArtifactReferenceExists(src string) bool { - return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$(step.artifacts.path)") + return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.StepArtifactPathPattern+")") +} +func taskArtifactReferenceExists(src string) bool { + return len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.TaskArtifactPathPattern+")") } func errorIfStepArtifactReferencedInField(value, fieldName string) (errs *apis.FieldError) { if stepArtifactReferenceExists(value) { @@ -378,17 +384,8 @@ func validateStepResultReference(s Step) (errs *apis.FieldError) { } func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.FieldError) { - if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { - var t []string - t = append(t, s.Script) - t = append(t, s.Command...) - t = append(t, s.Args...) - for _, e := range s.Env { - t = append(t, e.Value) - } - if slices.ContainsFunc(t, stepArtifactReferenceExists) { - return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "")) - } + if err := validateArtifactsReferencesInStep(ctx, s); err != nil { + return err } if s.Ref != nil { @@ -456,6 +453,11 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use Results in Steps.", config.EnableStepActions), "") } } + if len(s.When) > 0 { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableStepActions && isCreateOrUpdateAndDiverged(ctx, s) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use When in Steps.", config.EnableStepActions), "") + } + } if s.Image == "" { errs = errs.Also(apis.ErrMissingField("Image")) } @@ -538,6 +540,22 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return errs } +func validateArtifactsReferencesInStep(ctx context.Context, s Step) *apis.FieldError { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + var t []string + t = append(t, s.Script) + t = append(t, s.Command...) + t = append(t, s.Args...) + for _, e := range s.Env { + t = append(t, e.Value) + } + if slices.ContainsFunc(t, stepArtifactReferenceExists) || slices.ContainsFunc(t, taskArtifactReferenceExists) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "") + } + } + return nil +} + // ValidateParameterTypes validates all the types within a slice of ParamSpecs func ValidateParameterTypes(ctx context.Context, params []ParamSpec) (errs *apis.FieldError) { for _, p := range params { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go index 615eaaa7..ea6e5176 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go @@ -279,6 +279,11 @@ type TaskRunStatusFields struct { // +listType=atomic Results []TaskRunResult `json:"results,omitempty"` + // Artifacts are the list of artifacts written out by the task's containers + // +optional + // +listType=atomic + Artifacts Artifacts `json:"artifacts,omitempty"` + // The list has one entry per sidecar in the manifest. Each entry is // represents the imageid of the corresponding sidecar. // +listType=atomic @@ -359,6 +364,7 @@ type StepState struct { Container string `json:"container,omitempty"` ImageID string `json:"imageID,omitempty"` Results []TaskRunStepResult `json:"results,omitempty"` + Provenance *Provenance `json:"provenance,omitempty"` TerminationReason string `json:"terminationReason,omitempty"` Inputs []TaskRunStepArtifact `json:"inputs,omitempty"` Outputs []TaskRunStepArtifact `json:"outputs,omitempty"` diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go index 771d684d..cfdd423e 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go @@ -26,6 +26,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/strings/slices" "knative.dev/pkg/apis" @@ -50,6 +51,9 @@ func (tr *TaskRun) Validate(ctx context.Context) *apis.FieldError { // Validate taskrun spec func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ts.ValidateUpdate(ctx)) + // Must have exactly one of taskRef and taskSpec. if ts.TaskRef == nil && ts.TaskSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("taskRef", "taskSpec")) @@ -80,11 +84,11 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateDebug(ts.Debug).ViaField("debug")) } if ts.StepSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.AlphaAPIFields).ViaField("stepSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.BetaAPIFields).ViaField("stepSpecs")) errs = errs.Also(validateStepSpecs(ts.StepSpecs).ViaField("stepSpecs")) } if ts.SidecarSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.AlphaAPIFields).ViaField("sidecarSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.BetaAPIFields).ViaField("sidecarSpecs")) errs = errs.Also(validateSidecarSpecs(ts.SidecarSpecs).ViaField("sidecarSpecs")) } if ts.ComputeResources != nil { @@ -118,6 +122,34 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { return errs } +// ValidateUpdate validates the update of a TaskRunSpec +func (ts *TaskRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*TaskRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. + // Otherwise, only the status, statusMessage field can be modified. + tips := "Once the TaskRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ts.Status + old.StatusMessage = ts.StatusMessage + tips = "Once the TaskRun has started, only status and statusMessage updates are allowed" + } + + if !equality.Semantic.DeepEqual(old, ts) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + // validateInlineParameters validates that any parameters called in the // Task spec are declared in the TaskRun. // This is crucial for propagated parameters because the parameters could @@ -224,6 +256,11 @@ func validateDebug(db *TaskRunDebug) (errs *apis.FieldError) { if db == nil || db.Breakpoints == nil { return errs } + + if db.Breakpoints.OnFailure == "" { + errs = errs.Also(apis.ErrInvalidValue("onFailure breakpoint is empty, it is only allowed to be set as enabled", "breakpoints.onFailure")) + } + if db.Breakpoints.OnFailure != "" && db.Breakpoints.OnFailure != EnabledOnFailureBreakpoint { errs = errs.Also(apis.ErrInvalidValue(db.Breakpoints.OnFailure+" is not a valid onFailure breakpoint value, onFailure breakpoint is only allowed to be set as enabled", "breakpoints.onFailure")) } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go index 66e7164a..0a128d8f 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go @@ -98,6 +98,8 @@ func (we *WhenExpression) GetVarSubstitutionExpressions() ([]string, bool) { // All of them need to evaluate to True for a guarded Task to be executed. type WhenExpressions []WhenExpression +type StepWhenExpressions = WhenExpressions + // AllowsExecution evaluates an Input's relationship to an array of Values, based on the Operator, // to determine whether all the When Expressions are True. If they are all True, the guarded Task is // executed, otherwise it is skipped. diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go index 2a058299..a62621a6 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go @@ -48,7 +48,7 @@ func (wes WhenExpressions) validateWhenExpressionsFields(ctx context.Context) (e func (we *WhenExpression) validateWhenExpressionFields(ctx context.Context) *apis.FieldError { if we.CEL != "" { if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableCELInWhenExpression { - return apis.ErrGeneric("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL) + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL), "") } if we.Input != "" || we.Operator != "" || len(we.Values) != 0 { return apis.ErrGeneric(fmt.Sprintf("cel and input+operator+values cannot be set in one WhenExpression: %v", we)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go index 16e483fc..12dbe03b 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go @@ -1248,6 +1248,11 @@ func (in *Sidecar) DeepCopyInto(out *Sidecar) { *out = make([]WorkspaceUsage, len(*in)) copy(*out, *in) } + if in.RestartPolicy != nil { + in, out := &in.RestartPolicy, &out.RestartPolicy + *out = new(corev1.ContainerRestartPolicy) + **out = **in + } return } @@ -1385,6 +1390,13 @@ func (in *Step) DeepCopyInto(out *Step) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.When != nil { + in, out := &in.When, &out.When + *out = make(WhenExpressions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -1448,6 +1460,11 @@ func (in *StepState) DeepCopyInto(out *StepState) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } if in.Inputs != nil { in, out := &in.Inputs, &out.Inputs *out = make([]Artifact, len(*in)) @@ -1917,6 +1934,7 @@ func (in *TaskRunStatusFields) DeepCopyInto(out *TaskRunStatusFields) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.Artifacts.DeepCopyInto(&out.Artifacts) if in.Sidecars != nil { in, out := &in.Sidecars, &out.Sidecars *out = make([]SidecarState, len(*in)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go index ec50bde8..23778a90 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go @@ -6,8 +6,12 @@ type Algorithm string // Artifact represents an artifact within a system, potentially containing multiple values // associated with it. type Artifact struct { - Name string `json:"name,omitempty"` // The artifact's identifying category name - Values []ArtifactValue `json:"values,omitempty"` // A collection of values related to the artifact + // The artifact's identifying category name + Name string `json:"name,omitempty"` + // A collection of values related to the artifact + Values []ArtifactValue `json:"values,omitempty"` + // Indicate if the artifact is a build output or a by-product + BuildOutput bool `json:"buildOutput,omitempty"` } // ArtifactValue represents a specific value or data element within an Artifact. diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go index 2e828bc5..5b61377b 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go @@ -72,6 +72,11 @@ func (s Step) convertTo(ctx context.Context, sink *v1.Step) { sink.Params = append(sink.Params, new) } sink.Results = s.Results + for _, w := range s.When { + new := v1.WhenExpression{} + w.convertTo(ctx, &new) + sink.When = append(sink.When, new) + } } func (s *Step) convertFrom(ctx context.Context, source v1.Step) { @@ -111,6 +116,11 @@ func (s *Step) convertFrom(ctx context.Context, source v1.Step) { s.Params = append(s.Params, new) } s.Results = source.Results + for _, w := range source.When { + new := WhenExpression{} + new.convertFrom(ctx, w) + s.When = append(s.When, new) + } } func (s StepTemplate) convertTo(ctx context.Context, sink *v1.StepTemplate) { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go index 4494184d..95f852bf 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go @@ -247,6 +247,8 @@ type Step struct { // +optional // +listType=atomic Results []v1.StepResult `json:"results,omitempty"` + + When StepWhenExpressions `json:"when,omitempty"` } // Ref can be used to refer to a specific instance of a StepAction. @@ -745,10 +747,43 @@ type Sidecar struct { // +optional // +listType=atomic Workspaces []WorkspaceUsage `json:"workspaces,omitempty"` + + // RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an + // initContainer and must have it's policy set to "Always". It is currently + // left optional to help support Kubernetes versions prior to 1.29 when this feature + // was introduced. + // +optional + RestartPolicy *corev1.ContainerRestartPolicy `json:"restartPolicy,omitempty"` } // ToK8sContainer converts the Sidecar to a Kubernetes Container struct func (s *Sidecar) ToK8sContainer() *corev1.Container { + if s.RestartPolicy == nil { + return &corev1.Container{ + Name: s.Name, + Image: s.Image, + Command: s.Command, + Args: s.Args, + WorkingDir: s.WorkingDir, + Ports: s.Ports, + EnvFrom: s.EnvFrom, + Env: s.Env, + Resources: s.Resources, + VolumeMounts: s.VolumeMounts, + VolumeDevices: s.VolumeDevices, + LivenessProbe: s.LivenessProbe, + ReadinessProbe: s.ReadinessProbe, + StartupProbe: s.StartupProbe, + Lifecycle: s.Lifecycle, + TerminationMessagePath: s.TerminationMessagePath, + TerminationMessagePolicy: s.TerminationMessagePolicy, + ImagePullPolicy: s.ImagePullPolicy, + SecurityContext: s.SecurityContext, + Stdin: s.Stdin, + StdinOnce: s.StdinOnce, + TTY: s.TTY, + } + } return &corev1.Container{ Name: s.Name, Image: s.Image, @@ -763,6 +798,7 @@ func (s *Sidecar) ToK8sContainer() *corev1.Container { VolumeDevices: s.VolumeDevices, LivenessProbe: s.LivenessProbe, ReadinessProbe: s.ReadinessProbe, + RestartPolicy: s.RestartPolicy, StartupProbe: s.StartupProbe, Lifecycle: s.Lifecycle, TerminationMessagePath: s.TerminationMessagePath, @@ -799,4 +835,5 @@ func (s *Sidecar) SetContainerFields(c corev1.Container) { s.Stdin = c.Stdin s.StdinOnce = c.StdinOnce s.TTY = c.TTY + s.RestartPolicy = c.RestartPolicy } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go index 6d1432d4..62111ee7 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go @@ -66,7 +66,7 @@ func MergeStepsWithStepTemplate(template *StepTemplate, steps []Step) ([]Step, e amendConflictingContainerFields(&merged, s) // Pass through original step Script, for later conversion. - newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig} + newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig, When: s.When} newStep.SetContainerFields(merged) steps[i] = newStep } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go index d2c52a37..0e2f436c 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -422,13 +422,14 @@ func schema_pkg_apis_pipeline_v1beta1_Artifact(ref common.ReferenceCallback) com Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "The artifact's identifying category name", + Type: []string{"string"}, + Format: "", }, }, "values": { SchemaProps: spec.SchemaProps{ - Description: "The artifact's identifying category name", + Description: "A collection of values related to the artifact", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -440,6 +441,13 @@ func schema_pkg_apis_pipeline_v1beta1_Artifact(ref common.ReferenceCallback) com }, }, }, + "buildOutput": { + SchemaProps: spec.SchemaProps{ + Description: "Indicate if the artifact is a build output or a by-product", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, @@ -3616,6 +3624,13 @@ func schema_pkg_apis_pipeline_v1beta1_Sidecar(ref common.ReferenceCallback) comm }, }, }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"name"}, }, @@ -4077,12 +4092,25 @@ func schema_pkg_apis_pipeline_v1beta1_Step(ref common.ReferenceCallback) common. }, }, }, + "when": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WhenExpression"), + }, + }, + }, + }, + }, }, Required: []string{"name"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspaceUsage", "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WhenExpression", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspaceUsage", "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -4422,6 +4450,11 @@ func schema_pkg_apis_pipeline_v1beta1_StepState(ref common.ReferenceCallback) co }, }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance"), + }, + }, "inputs": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, @@ -4452,7 +4485,7 @@ func schema_pkg_apis_pipeline_v1beta1_StepState(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, } } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go index 4423a917..8f8d6a1f 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go @@ -21,6 +21,7 @@ import ( "fmt" "strings" + "github.com/tektoncd/pipeline/internal/artifactref" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" @@ -91,6 +92,7 @@ func (ps *PipelineSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateTasksAndFinallySection(ps)) errs = errs.Also(validateFinalTasks(ps.Tasks, ps.Finally)) errs = errs.Also(validateWhenExpressions(ctx, ps.Tasks, ps.Finally)) + errs = errs.Also(validateArtifactReference(ctx, ps.Tasks, ps.Finally)) errs = errs.Also(validateMatrix(ctx, ps.Tasks).ViaField("tasks")) errs = errs.Also(validateMatrix(ctx, ps.Finally).ViaField("finally")) return errs @@ -195,7 +197,7 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { } if pt.OnError != "" { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.AlphaAPIFields)) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.BetaAPIFields)) if pt.OnError != PipelineTaskContinue && pt.OnError != PipelineTaskStopAndFail { errs = errs.Also(apis.ErrInvalidValue(pt.OnError, "OnError", "PipelineTask OnError must be either \"continue\" or \"stopAndFail\"")) } @@ -493,9 +495,13 @@ func (pt *PipelineTask) extractAllParams() Params { return allParams } +// containsExecutionStatusRef checks if a specified param has a reference to execution status or reason +// $(tasks..status), $(tasks.status), or $(tasks..reason) func containsExecutionStatusRef(p string) bool { - if strings.HasPrefix(p, "tasks.") && strings.HasSuffix(p, ".status") { - return true + if strings.HasPrefix(p, "tasks.") { + if strings.HasSuffix(p, ".status") || strings.HasSuffix(p, ".reason") { + return true + } } return false } @@ -586,10 +592,17 @@ func validateExecutionStatusVariablesExpressions(expressions []string, ptNames s if expression == PipelineTasksAggregateStatus { continue } - // check if it contains context variable accessing execution status - $(tasks.taskname.status) + // check if it contains context variable accessing execution status - $(tasks.taskname.status) | $(tasks.taskname.reason) if containsExecutionStatusRef(expression) { - // strip tasks. and .status from tasks.taskname.status to further verify task name - pt := strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + var pt string + if strings.HasSuffix(expression, ".status") { + // strip tasks. and .status from tasks.taskname.status to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + } + if strings.HasSuffix(expression, ".reason") { + // strip tasks. and .reason from tasks.taskname.reason to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".reason") + } // report an error if the task name does not exist in the list of dag tasks if !ptNames.Has(pt) { errs = errs.Also(apis.ErrInvalidValue(fmt.Sprintf("pipeline task %s is not defined in the pipeline", pt), fieldPath)) @@ -866,6 +879,28 @@ func validateStringResults(results []TaskResult, resultName string) (errs *apis. return errs } +// validateArtifactReference ensure that the feature flag enableArtifacts is set to true when using artifacts +func validateArtifactReference(ctx context.Context, tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { + if config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + return errs + } + for i, t := range tasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("tasks", i)) + } + } + } + for i, t := range finalTasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("finally", i)) + } + } + } + return errs +} + // GetIndexingReferencesToArrayParams returns all strings referencing indices of PipelineRun array parameters // from parameters, workspaces, and when expressions defined in the Pipeline's Tasks and Finally Tasks. // For example, if a Task in the Pipeline has a parameter with a value "$(params.array-param-name[1])", diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go index 7113b653..834c7493 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go @@ -26,6 +26,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/strings/slices" @@ -60,6 +61,9 @@ func (pr *PipelineRun) Validate(ctx context.Context) *apis.FieldError { // Validate pipelinerun spec func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ps.ValidateUpdate(ctx)) + // Must have exactly one of pipelineRef and pipelineSpec. if ps.PipelineRef == nil && ps.PipelineSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("pipelineRef", "pipelineSpec")) @@ -145,6 +149,31 @@ func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) return errs } +// ValidateUpdate validates the update of a PipelineRunSpec +func (ps *PipelineRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*PipelineRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. Otherwise, only the status field can be modified. + tips := "Once the PipelineRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ps.Status + tips = "Once the PipelineRun has started, only status updates are allowed" + } + if !equality.Semantic.DeepEqual(old, ps) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + func (ps *PipelineRunSpec) validatePipelineRunParameters(ctx context.Context) (errs *apis.FieldError) { if len(ps.Params) == 0 { return errs @@ -335,11 +364,11 @@ func (ps *PipelineRunSpec) validatePipelineTimeout(timeout time.Duration, errorM func validateTaskRunSpec(ctx context.Context, trs PipelineTaskRunSpec) (errs *apis.FieldError) { if trs.StepOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.AlphaAPIFields).ViaField("stepOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.BetaAPIFields).ViaField("stepOverrides")) errs = errs.Also(validateStepOverrides(trs.StepOverrides).ViaField("stepOverrides")) } if trs.SidecarOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.AlphaAPIFields).ViaField("sidecarOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.BetaAPIFields).ViaField("sidecarOverrides")) errs = errs.Also(validateSidecarOverrides(trs.SidecarOverrides).ViaField("sidecarOverrides")) } if trs.ComputeResources != nil { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json index 690ef211..a0b5a9f9 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json @@ -155,11 +155,16 @@ "description": "TaskRunStepArtifact represents an artifact produced or used by a step within a task run. It directly uses the Artifact type for its structure.", "type": "object", "properties": { + "buildOutput": { + "description": "Indicate if the artifact is a build output or a by-product", + "type": "boolean" + }, "name": { + "description": "The artifact's identifying category name", "type": "string" }, "values": { - "description": "The artifact's identifying category name", + "description": "A collection of values related to the artifact", "type": "array", "items": { "default": {}, @@ -1932,6 +1937,10 @@ "default": {}, "$ref": "#/definitions/v1.ResourceRequirements" }, + "restartPolicy": { + "description": "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + "type": "string" + }, "script": { "description": "Script is the contents of an executable file to execute.\n\nIf Script is not empty, the Step cannot have an Command or Args.", "type": "string" @@ -2239,6 +2248,13 @@ "x-kubernetes-patch-merge-key": "mountPath", "x-kubernetes-patch-strategy": "merge" }, + "when": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/v1beta1.WhenExpression" + } + }, "workingDir": { "description": "Step's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" @@ -2426,6 +2442,9 @@ "$ref": "#/definitions/v1beta1.Artifact" } }, + "provenance": { + "$ref": "#/definitions/v1beta1.Provenance" + }, "results": { "type": "array", "items": { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go index 452fb545..9a0d4fe5 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go @@ -212,7 +212,7 @@ func serializeTaskDeprecations(meta *metav1.ObjectMeta, spec *TaskSpec, taskName existingDeprecations := taskDeprecations{} if str, ok := meta.Annotations[TaskDeprecationsAnnotationKey]; ok { if err := json.Unmarshal([]byte(str), &existingDeprecations); err != nil { - return fmt.Errorf("error deserializing key %s from metadata: %w", TaskDeprecationsAnnotationKey, err) + return fmt.Errorf("error serializing key %s from metadata: %w", TaskDeprecationsAnnotationKey, err) } } if taskDeprecation != nil { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go index 9ef0db69..4d03a950 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go @@ -249,6 +249,9 @@ func validateSteps(ctx context.Context, steps []Step) (errs *apis.FieldError) { errs = errs.Also(v1.ValidateStepResultsVariables(ctx, s.Results, s.Script).ViaIndex(idx)) errs = errs.Also(v1.ValidateStepResults(ctx, s.Results).ViaIndex(idx).ViaField("results")) } + if len(s.When) > 0 { + errs = errs.Also(s.When.validate(ctx).ViaIndex(idx)) + } } return errs } @@ -301,7 +304,11 @@ func errorIfStepResultReferenceinField(value, fieldName string) (errs *apis.Fiel } func stepArtifactReferenceExists(src string) bool { - return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$(step.artifacts.path)") + return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.StepArtifactPathPattern+")") +} + +func taskArtifactReferenceExists(src string) bool { + return len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.TaskArtifactPathPattern+")") } func errorIfStepArtifactReferencedInField(value, fieldName string) (errs *apis.FieldError) { @@ -368,17 +375,8 @@ func validateStepResultReference(s Step) (errs *apis.FieldError) { } func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.FieldError) { - if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { - var t []string - t = append(t, s.Script) - t = append(t, s.Command...) - t = append(t, s.Args...) - for _, e := range s.Env { - t = append(t, e.Value) - } - if slices.ContainsFunc(t, stepArtifactReferenceExists) { - return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "")) - } + if err := validateArtifactsReferencesInStep(ctx, s); err != nil { + return err } if s.Ref != nil { @@ -446,6 +444,11 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use Results in Steps.", config.EnableStepActions), "") } } + if len(s.When) > 0 { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableStepActions && isCreateOrUpdateAndDiverged(ctx, s) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use When in Steps.", config.EnableStepActions), "") + } + } if s.Image == "" { errs = errs.Also(apis.ErrMissingField("Image")) } @@ -529,6 +532,22 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return errs } +func validateArtifactsReferencesInStep(ctx context.Context, s Step) *apis.FieldError { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + var t []string + t = append(t, s.Script) + t = append(t, s.Command...) + t = append(t, s.Args...) + for _, e := range s.Env { + t = append(t, e.Value) + } + if slices.ContainsFunc(t, stepArtifactReferenceExists) || slices.ContainsFunc(t, taskArtifactReferenceExists) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "") + } + } + return nil +} + // ValidateParameterTypes validates all the types within a slice of ParamSpecs func ValidateParameterTypes(ctx context.Context, params []ParamSpec) (errs *apis.FieldError) { for _, p := range params { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go index e9b1bed4..7b749ac5 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go @@ -345,6 +345,12 @@ func (ss StepState) convertTo(ctx context.Context, sink *v1.StepState) { sink.ImageID = ss.ImageID sink.Results = nil + if ss.Provenance != nil { + new := v1.Provenance{} + ss.Provenance.convertTo(ctx, &new) + sink.Provenance = &new + } + if ss.ContainerState.Terminated != nil { sink.TerminationReason = ss.ContainerState.Terminated.Reason } @@ -379,6 +385,11 @@ func (ss *StepState) convertFrom(ctx context.Context, source v1.StepState) { new.convertFrom(ctx, r) ss.Results = append(ss.Results, new) } + if source.Provenance != nil { + new := Provenance{} + new.convertFrom(ctx, *source.Provenance) + ss.Provenance = &new + } for _, o := range source.Outputs { new := TaskRunStepArtifact{} new.convertFrom(ctx, o) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go index 551a5856..26707ff3 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go @@ -372,6 +372,7 @@ type StepState struct { ContainerName string `json:"container,omitempty"` ImageID string `json:"imageID,omitempty"` Results []TaskRunStepResult `json:"results,omitempty"` + Provenance *Provenance `json:"provenance,omitempty"` Inputs []TaskRunStepArtifact `json:"inputs,omitempty"` Outputs []TaskRunStepArtifact `json:"outputs,omitempty"` } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go index b44b3d42..a3f37cae 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go @@ -26,6 +26,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/strings/slices" "knative.dev/pkg/apis" @@ -50,6 +51,9 @@ func (tr *TaskRun) Validate(ctx context.Context) *apis.FieldError { // Validate taskrun spec func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ts.ValidateUpdate(ctx)) + // Must have exactly one of taskRef and taskSpec. if ts.TaskRef == nil && ts.TaskSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("taskRef", "taskSpec")) @@ -80,11 +84,11 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateDebug(ts.Debug).ViaField("debug")) } if ts.StepOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.AlphaAPIFields).ViaField("stepOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.BetaAPIFields).ViaField("stepOverrides")) errs = errs.Also(validateStepOverrides(ts.StepOverrides).ViaField("stepOverrides")) } if ts.SidecarOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.AlphaAPIFields).ViaField("sidecarOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.BetaAPIFields).ViaField("sidecarOverrides")) errs = errs.Also(validateSidecarOverrides(ts.SidecarOverrides).ViaField("sidecarOverrides")) } if ts.ComputeResources != nil { @@ -118,6 +122,34 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { return errs } +// ValidateUpdate validates the update of a TaskRunSpec +func (ts *TaskRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*TaskRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. + // Otherwise, only the status, statusMessage field can be modified. + tips := "Once the TaskRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ts.Status + old.StatusMessage = ts.StatusMessage + tips = "Once the TaskRun has started, only status and statusMessage updates are allowed" + } + + if !equality.Semantic.DeepEqual(old, ts) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + // validateInlineParameters validates that any parameters called in the // Task spec are declared in the TaskRun. // This is crucial for propagated parameters because the parameters could @@ -224,6 +256,11 @@ func validateDebug(db *TaskRunDebug) (errs *apis.FieldError) { if db == nil || db.Breakpoints == nil { return errs } + + if db.Breakpoints.OnFailure == "" { + errs = errs.Also(apis.ErrInvalidValue("onFailure breakpoint is empty, it is only allowed to be set as enabled", "breakpoints.onFailure")) + } + if db.Breakpoints.OnFailure != "" && db.Breakpoints.OnFailure != EnabledOnFailureBreakpoint { errs = errs.Also(apis.ErrInvalidValue(db.Breakpoints.OnFailure+" is not a valid onFailure breakpoint value, onFailure breakpoint is only allowed to be set as enabled", "breakpoints.onFailure")) } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go index f792ec19..ad24f8e6 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go @@ -98,6 +98,8 @@ func (we *WhenExpression) GetVarSubstitutionExpressions() ([]string, bool) { // All of them need to evaluate to True for a guarded Task to be executed. type WhenExpressions []WhenExpression +type StepWhenExpressions = WhenExpressions + // AllowsExecution evaluates an Input's relationship to an array of Values, based on the Operator, // to determine whether all the When Expressions are True. If they are all True, the guarded Task is // executed, otherwise it is skipped. diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go index 33855040..aa6b4b4c 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go @@ -48,7 +48,7 @@ func (wes WhenExpressions) validateWhenExpressionsFields(ctx context.Context) (e func (we *WhenExpression) validateWhenExpressionFields(ctx context.Context) *apis.FieldError { if we.CEL != "" { if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableCELInWhenExpression { - return apis.ErrGeneric("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL) + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL), "") } if we.Input != "" || we.Operator != "" || len(we.Values) != 0 { return apis.ErrGeneric(fmt.Sprintf("cel and input+operator+values cannot be set in one WhenExpression: %v", we)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go index 04d3a09a..7852edd8 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go @@ -1696,6 +1696,11 @@ func (in *Sidecar) DeepCopyInto(out *Sidecar) { *out = make([]WorkspaceUsage, len(*in)) copy(*out, *in) } + if in.RestartPolicy != nil { + in, out := &in.RestartPolicy, &out.RestartPolicy + *out = new(corev1.ContainerRestartPolicy) + **out = **in + } return } @@ -1858,6 +1863,13 @@ func (in *Step) DeepCopyInto(out *Step) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.When != nil { + in, out := &in.When, &out.When + *out = make(WhenExpressions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -2017,6 +2029,11 @@ func (in *StepState) DeepCopyInto(out *StepState) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } if in.Inputs != nil { in, out := &in.Inputs, &out.Inputs *out = make([]Artifact, len(*in)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/result/result.go b/vendor/github.com/tektoncd/pipeline/pkg/result/result.go index ab52c6c8..6506074f 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/result/result.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/result/result.go @@ -36,8 +36,11 @@ const ( // StepResultType default step result value StepResultType ResultType = 4 - // StepArtifactsResultType default artifacts result value + // StepArtifactsResultType default step artifacts result value StepArtifactsResultType ResultType = 5 + + // TaskRunArtifactsResultType default taskRun artifacts result value + TaskRunArtifactsResultType ResultType = 6 ) // RunResult is used to write key/value pairs to TaskRun pod termination messages. @@ -93,6 +96,8 @@ func (r *ResultType) UnmarshalJSON(data []byte) error { *r = InternalTektonResultType case "StepArtifactsResult": *r = StepArtifactsResultType + case "TaskRunArtifactsResult": + *r = TaskRunArtifactsResultType default: *r = UnknownResultType } diff --git a/vendor/modules.txt b/vendor/modules.txt index a64b0d2b..31070868 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,7 +87,7 @@ github.com/go-kit/log/level # github.com/go-logfmt/logfmt v0.5.1 ## explicit; go 1.17 github.com/go-logfmt/logfmt -# github.com/go-logr/logr v1.4.1 +# github.com/go-logr/logr v1.4.2 ## explicit; go 1.18 github.com/go-logr/logr # github.com/go-openapi/jsonpointer v0.19.6 @@ -213,7 +213,7 @@ github.com/json-iterator/go # github.com/kelseyhightower/envconfig v1.4.0 ## explicit github.com/kelseyhightower/envconfig -# github.com/klauspost/compress v1.16.6 +# github.com/klauspost/compress v1.16.7 ## explicit; go 1.18 github.com/klauspost/compress github.com/klauspost/compress/fse @@ -308,7 +308,7 @@ github.com/stoewer/go-strcase # github.com/stretchr/testify v1.9.0 ## explicit; go 1.17 github.com/stretchr/testify/assert -# github.com/tektoncd/pipeline v0.61.1 +# github.com/tektoncd/pipeline v0.62.0 ## explicit; go 1.22 github.com/tektoncd/pipeline/internal/artifactref github.com/tektoncd/pipeline/pkg/apis/config @@ -652,7 +652,7 @@ k8s.io/api/storage/v1beta1 ## explicit; go 1.21 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 -# k8s.io/apimachinery v0.29.6 => k8s.io/apimachinery v0.28.5 +# k8s.io/apimachinery v0.29.7 => k8s.io/apimachinery v0.28.5 ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1009,7 +1009,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/code-generator v0.29.6 => k8s.io/code-generator v0.28.5 +# k8s.io/code-generator v0.29.7 => k8s.io/code-generator v0.28.5 ## explicit; go 1.20 k8s.io/code-generator/cmd/client-gen k8s.io/code-generator/cmd/client-gen/args