From b901c5f0a06d5dd523451f25850f9dad2b4d23e0 Mon Sep 17 00:00:00 2001 From: null Date: Fri, 26 Jul 2024 00:06:24 +0000 Subject: [PATCH] chore(deps): update all dependencies Signed-off-by: null --- go.mod | 6 +- go.sum | 6 + vendor/github.com/onsi/gomega/CHANGELOG.md | 17 +++ vendor/github.com/onsi/gomega/gomega_dsl.go | 2 +- .../gomega/matchers/have_exact_elements.go | 7 +- .../bipartitegraph/bipartitegraphmatching.go | 7 ++ .../internal/artifactref/artifactref.go | 17 ++- .../pipeline/pkg/apis/config/feature_flags.go | 20 +++- .../pipeline/pkg/apis/pipeline/paths.go | 2 + .../pkg/apis/pipeline/v1/artifact_types.go | 107 +++++++++++++++++- .../pkg/apis/pipeline/v1/container_types.go | 39 +++++++ .../pipeline/pkg/apis/pipeline/v1/merge.go | 2 +- .../pkg/apis/pipeline/v1/openapi_generated.go | 72 ++++++++++-- .../apis/pipeline/v1/pipeline_validation.go | 54 +++++++-- .../pipeline/v1/pipelinerun_validation.go | 33 +++++- .../pkg/apis/pipeline/v1/swagger.json | 34 +++++- .../pkg/apis/pipeline/v1/task_validation.go | 42 +++++-- .../pkg/apis/pipeline/v1/taskrun_types.go | 6 + .../apis/pipeline/v1/taskrun_validation.go | 41 ++++++- .../pkg/apis/pipeline/v1/when_types.go | 2 + .../pkg/apis/pipeline/v1/when_validation.go | 2 +- .../apis/pipeline/v1/zz_generated.deepcopy.go | 18 +++ .../apis/pipeline/v1beta1/artifact_types.go | 8 +- .../pipeline/v1beta1/container_conversion.go | 10 ++ .../apis/pipeline/v1beta1/container_types.go | 37 ++++++ .../pkg/apis/pipeline/v1beta1/merge.go | 2 +- .../pipeline/v1beta1/openapi_generated.go | 43 ++++++- .../pipeline/v1beta1/pipeline_validation.go | 47 +++++++- .../v1beta1/pipelinerun_validation.go | 33 +++++- .../pkg/apis/pipeline/v1beta1/swagger.json | 21 +++- .../apis/pipeline/v1beta1/task_conversion.go | 2 +- .../apis/pipeline/v1beta1/task_validation.go | 43 +++++-- .../pipeline/v1beta1/taskrun_conversion.go | 11 ++ .../apis/pipeline/v1beta1/taskrun_types.go | 1 + .../pipeline/v1beta1/taskrun_validation.go | 41 ++++++- .../pkg/apis/pipeline/v1beta1/when_types.go | 2 + .../apis/pipeline/v1beta1/when_validation.go | 2 +- .../pipeline/v1beta1/zz_generated.deepcopy.go | 17 +++ .../tektoncd/pipeline/pkg/result/result.go | 7 +- .../test/e2e-tests-kind-prow-alpha.env | 1 + .../tektoncd/pipeline/test/e2e-tests.sh | 14 +++ .../tektoncd/pipeline/test/featureflags.go | 1 + vendor/modules.txt | 8 +- 43 files changed, 798 insertions(+), 89 deletions(-) diff --git a/go.mod b/go.mod index 70b6fdefa..f42471cbe 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ replace ( // Openshift replace ( - github.com/openshift/api => github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f + github.com/openshift/api => github.com/openshift/api v0.0.0-20240724184751-84047ef4a2ce github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 ) @@ -19,11 +19,11 @@ require ( github.com/alexflint/go-arg v1.5.1 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 + github.com/onsi/gomega v1.34.0 github.com/openshift/api v3.9.0+incompatible github.com/openshift/client-go v3.9.0+incompatible github.com/spf13/cobra v1.8.1 - github.com/tektoncd/pipeline v0.61.1 + github.com/tektoncd/pipeline v0.62.0 go.uber.org/zap v1.27.0 k8s.io/api v0.30.3 k8s.io/apimachinery v0.30.3 diff --git a/go.sum b/go.sum index 405aea264..dd0b899d7 100644 --- a/go.sum +++ b/go.sum @@ -1304,12 +1304,16 @@ github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKi github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= +github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f h1:B+uJ4LmjO+qwMTZP2YhlpMziMPD4MD1++WdCAV2y+GI= github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM= +github.com/openshift/api v0.0.0-20240724184751-84047ef4a2ce h1:AR9XMlwc7akIN13KDx4L0tI04zHf8jEZ1z1RMRbz1J0= +github.com/openshift/api v0.0.0-20240724184751-84047ef4a2ce/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM= github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 h1:JtLhaGpSEconE+1IKmIgCOof/Len5ceG6H1pk43yv5U= github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87/go.mod h1:3IPD4U0qyovZS4EFady2kqY32m8lGcbs/Wx+yprg9z8= github.com/openshift/custom-resource-status v1.1.2 h1:C3DL44LEbvlbItfd8mT5jWrqPfHnSOQoQf/sypqA6A4= @@ -1453,6 +1457,8 @@ github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8 github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc= github.com/tektoncd/pipeline v0.61.1 h1:FB4zh6YmLshFUJ0AigJVLN8RMuVfBxuQvhqZk5ngyI8= github.com/tektoncd/pipeline v0.61.1/go.mod h1:m2zG2B124Gh7/VB4G3+NGSyyzy0q5ceNyLUqIz0cIyQ= +github.com/tektoncd/pipeline v0.62.0 h1:9qAE2ewb3X/3187e1YdrAirrsaqkQwl1u+bzp306UfM= +github.com/tektoncd/pipeline v0.62.0/go.mod h1:cYPH4n3X8t39arNMhgyU7swyv3hVeWToz1yYDRzTLT8= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md index 62af14ad2..9572e5fa6 100644 --- a/vendor/github.com/onsi/gomega/CHANGELOG.md +++ b/vendor/github.com/onsi/gomega/CHANGELOG.md @@ -1,3 +1,20 @@ +## 1.34.0 + +### Features +- Add RoundTripper method to ghttp.Server [c549e0d] + +### Fixes +- fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c] +- issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67] + +### Maintenance +- bump ginkgo [8af2ece] +- Fix typo in docs [123a071] +- Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083] +- Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796] +- Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f] +- Bump github-pages from 230 to 231 in /docs (#748) [892c303] + ## 1.33.1 ### Fixes diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go index 9697d5134..650ae8672 100644 --- a/vendor/github.com/onsi/gomega/gomega_dsl.go +++ b/vendor/github.com/onsi/gomega/gomega_dsl.go @@ -22,7 +22,7 @@ import ( "github.com/onsi/gomega/types" ) -const GOMEGA_VERSION = "1.33.1" +const GOMEGA_VERSION = "1.34.0" const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler. If you're using Ginkgo then you probably forgot to put your assertion in an It(). diff --git a/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go b/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go index dca5b9446..5a236d7d6 100644 --- a/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go +++ b/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go @@ -30,15 +30,18 @@ func (matcher *HaveExactElementsMatcher) Match(actual interface{}) (success bool lenMatchers := len(matchers) lenValues := len(values) + success = true for i := 0; i < lenMatchers || i < lenValues; i++ { if i >= lenMatchers { matcher.extraIndex = i + success = false continue } if i >= lenValues { matcher.missingIndex = i + success = false return } @@ -49,15 +52,17 @@ func (matcher *HaveExactElementsMatcher) Match(actual interface{}) (success bool index: i, failure: err.Error(), }) + success = false } else if !match { matcher.mismatchFailures = append(matcher.mismatchFailures, mismatchFailure{ index: i, failure: elemMatcher.FailureMessage(values[i]), }) + success = false } } - return matcher.missingIndex+matcher.extraIndex+len(matcher.mismatchFailures) == 0, nil + return success, nil } func (matcher *HaveExactElementsMatcher) FailureMessage(actual interface{}) (message string) { diff --git a/vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraphmatching.go b/vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraphmatching.go index 1c54edd8f..44aa61d4b 100644 --- a/vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraphmatching.go +++ b/vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraphmatching.go @@ -1,6 +1,8 @@ package bipartitegraph import ( + "slices" + . "github.com/onsi/gomega/matchers/support/goraph/edge" . "github.com/onsi/gomega/matchers/support/goraph/node" "github.com/onsi/gomega/matchers/support/goraph/util" @@ -157,6 +159,11 @@ func (bg *BipartiteGraph) createSLAPGuideLayers(matching EdgeSet) (guideLayers [ if len(currentLayer) == 0 { return []NodeOrderedSet{} } + if done { // if last layer - into last layer must be only 'free' nodes + currentLayer = slices.DeleteFunc(currentLayer, func(in Node) bool { + return !matching.Free(in) + }) + } guideLayers = append(guideLayers, currentLayer) } diff --git a/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go b/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go index b5a46a730..cd8e1162c 100644 --- a/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go +++ b/vendor/github.com/tektoncd/pipeline/internal/artifactref/artifactref.go @@ -2,10 +2,17 @@ package artifactref import "regexp" -// case 1: steps..inputs -// case 2: steps..outputs -// case 3: steps..inputs. -// case 4: steps..outputs. -const stepArtifactUsagePattern = `\$\(steps\.([^.]+)\.(?:inputs|outputs)(?:\.([^.^\)]+))?\)` +// case 1: steps..inputs. +// case 2: steps..outputs. +const stepArtifactUsagePattern = `\$\(steps\.([^.]+)\.(?:inputs|outputs)\.([^.)]+)\)` + +// case 1: tasks..inputs. +// case 2: tasks..outputs. +const taskArtifactUsagePattern = `\$\(tasks\.([^.]+)\.(?:inputs|outputs)\.([^.)]+)\)` + +const StepArtifactPathPattern = `step.artifacts.path` + +const TaskArtifactPathPattern = `artifacts.path` var StepArtifactRegex = regexp.MustCompile(stepArtifactUsagePattern) +var TaskArtifactRegex = regexp.MustCompile(taskArtifactUsagePattern) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go index 6d0541b83..d0db62052 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/config/feature_flags.go @@ -108,6 +108,10 @@ const ( EnableParamEnum = "enable-param-enum" // EnableConciseResolverSyntax is the flag to enable concise resolver syntax EnableConciseResolverSyntax = "enable-concise-resolver-syntax" + // EnableKubernetesSidecar is the flag to enable kubernetes sidecar support + EnableKubernetesSidecar = "enable-kubernetes-sidecar" + // DefaultEnableKubernetesSidecar is the default value for EnableKubernetesSidecar + DefaultEnableKubernetesSidecar = false // DisableInlineSpec is the flag to disable embedded spec // in Taskrun or Pipelinerun @@ -185,12 +189,12 @@ type FeatureFlags struct { RunningInEnvWithInjectedSidecars bool RequireGitSSHSecretKnownHosts bool // EnableTektonOCIBundles bool // Deprecated: this is now ignored - ScopeWhenExpressionsToTask bool - EnableAPIFields string - SendCloudEventsForRuns bool - AwaitSidecarReadiness bool - EnforceNonfalsifiability string - EnableKeepPodOnCancel bool + // ScopeWhenExpressionsToTask bool // Deprecated: this is now ignored + EnableAPIFields string + SendCloudEventsForRuns bool + AwaitSidecarReadiness bool + EnforceNonfalsifiability string + EnableKeepPodOnCancel bool // VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" // VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. // ignore: skip trusted resources verification when no matching verification policies found @@ -208,6 +212,7 @@ type FeatureFlags struct { EnableArtifacts bool DisableInlineSpec string EnableConciseResolverSyntax bool + EnableKubernetesSidecar bool } // GetFeatureFlagsConfigName returns the name of the configmap containing all @@ -312,6 +317,9 @@ func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) { if err := setPerFeatureFlag(EnableConciseResolverSyntax, DefaultEnableConciseResolverSyntax, &tc.EnableConciseResolverSyntax); err != nil { return nil, err } + if err := setFeature(EnableKubernetesSidecar, DefaultEnableKubernetesSidecar, &tc.EnableKubernetesSidecar); err != nil { + return nil, err + } return &tc, nil } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go index fb2b3bcf8..efb28ea90 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/paths.go @@ -30,4 +30,6 @@ const ( StepsDir = "/tekton/steps" ScriptDir = "/tekton/scripts" + + ArtifactsDir = "/tekton/artifacts" ) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go index 07e43ebe1..21a0d8fc2 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/artifact_types.go @@ -1,13 +1,37 @@ +/* +Copyright 2024 The Tekton Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package v1 +import ( + "github.com/google/go-cmp/cmp" +) + // Algorithm Standard cryptographic hash algorithm type Algorithm string // Artifact represents an artifact within a system, potentially containing multiple values // associated with it. type Artifact struct { - Name string `json:"name,omitempty"` // The artifact's identifying category name - Values []ArtifactValue `json:"values,omitempty"` // A collection of values related to the artifact + // The artifact's identifying category name + Name string `json:"name,omitempty"` + // A collection of values related to the artifact + Values []ArtifactValue `json:"values,omitempty"` + // Indicate if the artifact is a build output or a by-product + BuildOutput bool `json:"buildOutput,omitempty"` } // ArtifactValue represents a specific value or data element within an Artifact. @@ -27,3 +51,82 @@ type Artifacts struct { Inputs []Artifact `json:"inputs,omitempty"` Outputs []Artifact `json:"outputs,omitempty"` } + +func (a *Artifacts) Merge(another Artifacts) { + inputMap := make(map[string][]ArtifactValue) + var newInputs []Artifact + + for _, v := range a.Inputs { + inputMap[v.Name] = v.Values + } + + for _, v := range another.Inputs { + _, ok := inputMap[v.Name] + if !ok { + inputMap[v.Name] = []ArtifactValue{} + } + for _, vv := range v.Values { + exists := false + for _, av := range inputMap[v.Name] { + if cmp.Equal(vv, av) { + exists = true + break + } + } + if !exists { + inputMap[v.Name] = append(inputMap[v.Name], vv) + } + } + } + + for k, v := range inputMap { + newInputs = append(newInputs, Artifact{ + Name: k, + Values: v, + }) + } + + outputMap := make(map[string]Artifact) + var newOutputs []Artifact + for _, v := range a.Outputs { + outputMap[v.Name] = v + } + + for _, v := range another.Outputs { + _, ok := outputMap[v.Name] + if !ok { + outputMap[v.Name] = Artifact{Name: v.Name, Values: []ArtifactValue{}, BuildOutput: v.BuildOutput} + } + // only update buildOutput to true. + // Do not convert to false if it was true before. + if v.BuildOutput { + art := outputMap[v.Name] + art.BuildOutput = v.BuildOutput + outputMap[v.Name] = art + } + for _, vv := range v.Values { + exists := false + for _, av := range outputMap[v.Name].Values { + if cmp.Equal(vv, av) { + exists = true + break + } + } + if !exists { + art := outputMap[v.Name] + art.Values = append(art.Values, vv) + outputMap[v.Name] = art + } + } + } + + for _, v := range outputMap { + newOutputs = append(newOutputs, Artifact{ + Name: v.Name, + Values: v.Values, + BuildOutput: v.BuildOutput, + }) + } + a.Inputs = newInputs + a.Outputs = newOutputs +} diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go index 9f0c48ae9..2dc4a8984 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_types.go @@ -152,6 +152,10 @@ type Step struct { // +optional // +listType=atomic Results []StepResult `json:"results,omitempty"` + + // When is a list of when expressions that need to be true for the task to run + // +optional + When StepWhenExpressions `json:"when,omitempty"` } // Ref can be used to refer to a specific instance of a StepAction. @@ -539,10 +543,43 @@ type Sidecar struct { // +optional // +listType=atomic Workspaces []WorkspaceUsage `json:"workspaces,omitempty"` + + // RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an + // initContainer and must have it's policy set to "Always". It is currently + // left optional to help support Kubernetes versions prior to 1.29 when this feature + // was introduced. + // +optional + RestartPolicy *corev1.ContainerRestartPolicy `json:"restartPolicy,omitempty"` } // ToK8sContainer converts the Sidecar to a Kubernetes Container struct func (s *Sidecar) ToK8sContainer() *corev1.Container { + if s.RestartPolicy == nil { + return &corev1.Container{ + Name: s.Name, + Image: s.Image, + Command: s.Command, + Args: s.Args, + WorkingDir: s.WorkingDir, + Ports: s.Ports, + EnvFrom: s.EnvFrom, + Env: s.Env, + Resources: s.ComputeResources, + VolumeMounts: s.VolumeMounts, + VolumeDevices: s.VolumeDevices, + LivenessProbe: s.LivenessProbe, + ReadinessProbe: s.ReadinessProbe, + StartupProbe: s.StartupProbe, + Lifecycle: s.Lifecycle, + TerminationMessagePath: s.TerminationMessagePath, + TerminationMessagePolicy: s.TerminationMessagePolicy, + ImagePullPolicy: s.ImagePullPolicy, + SecurityContext: s.SecurityContext, + Stdin: s.Stdin, + StdinOnce: s.StdinOnce, + TTY: s.TTY, + } + } return &corev1.Container{ Name: s.Name, Image: s.Image, @@ -557,6 +594,7 @@ func (s *Sidecar) ToK8sContainer() *corev1.Container { VolumeDevices: s.VolumeDevices, LivenessProbe: s.LivenessProbe, ReadinessProbe: s.ReadinessProbe, + RestartPolicy: s.RestartPolicy, StartupProbe: s.StartupProbe, Lifecycle: s.Lifecycle, TerminationMessagePath: s.TerminationMessagePath, @@ -593,6 +631,7 @@ func (s *Sidecar) SetContainerFields(c corev1.Container) { s.Stdin = c.Stdin s.StdinOnce = c.StdinOnce s.TTY = c.TTY + s.RestartPolicy = c.RestartPolicy } // GetVarSubstitutionExpressions walks all the places a substitution reference can be used diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go index 296eaf4b1..df413a545 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/merge.go @@ -65,7 +65,7 @@ func MergeStepsWithStepTemplate(template *StepTemplate, steps []Step) ([]Step, e amendConflictingContainerFields(&merged, s) // Pass through original step Script, for later conversion. - newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig, Results: s.Results, Params: s.Params, Ref: s.Ref} + newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig, Results: s.Results, Params: s.Params, Ref: s.Ref, When: s.When} newStep.SetContainerFields(merged) steps[i] = newStep } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go index 82896087a..42bf6748b 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go @@ -395,13 +395,14 @@ func schema_pkg_apis_pipeline_v1_Artifact(ref common.ReferenceCallback) common.O Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "The artifact's identifying category name", + Type: []string{"string"}, + Format: "", }, }, "values": { SchemaProps: spec.SchemaProps{ - Description: "The artifact's identifying category name", + Description: "A collection of values related to the artifact", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -413,6 +414,13 @@ func schema_pkg_apis_pipeline_v1_Artifact(ref common.ReferenceCallback) common.O }, }, }, + "buildOutput": { + SchemaProps: spec.SchemaProps{ + Description: "Indicate if the artifact is a build output or a by-product", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, @@ -2745,6 +2753,13 @@ func schema_pkg_apis_pipeline_v1_Sidecar(ref common.ReferenceCallback) common.Op }, }, }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"name"}, }, @@ -3122,12 +3137,26 @@ func schema_pkg_apis_pipeline_v1_Step(ref common.ReferenceCallback) common.OpenA }, }, }, + "when": { + SchemaProps: spec.SchemaProps{ + Description: "When is a list of when expressions that need to be true for the task to run", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WhenExpression"), + }, + }, + }, + }, + }, }, Required: []string{"name"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WorkspaceUsage", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WhenExpression", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.WorkspaceUsage", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -3260,6 +3289,11 @@ func schema_pkg_apis_pipeline_v1_StepState(ref common.ReferenceCallback) common. }, }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance"), + }, + }, "terminationReason": { SchemaProps: spec.SchemaProps{ Type: []string{"string"}, @@ -3296,7 +3330,7 @@ func schema_pkg_apis_pipeline_v1_StepState(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, } } @@ -4172,6 +4206,18 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatus(ref common.ReferenceCallback) com }, }, }, + "artifacts": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Artifacts are the list of artifacts written out by the task's containers", + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts"), + }, + }, "sidecars": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -4224,7 +4270,7 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, } } @@ -4312,6 +4358,18 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatusFields(ref common.ReferenceCallbac }, }, }, + "artifacts": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Artifacts are the list of artifacts written out by the task's containers", + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts"), + }, + }, "sidecars": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -4364,7 +4422,7 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatusFields(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Artifacts", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go index 43e56d102..c17293a02 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipeline_validation.go @@ -22,6 +22,7 @@ import ( "slices" "strings" + "github.com/tektoncd/pipeline/internal/artifactref" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" @@ -89,6 +90,7 @@ func (ps *PipelineSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateTasksAndFinallySection(ps)) errs = errs.Also(validateFinalTasks(ps.Tasks, ps.Finally)) errs = errs.Also(validateWhenExpressions(ctx, ps.Tasks, ps.Finally)) + errs = errs.Also(validateArtifactReference(ctx, ps.Tasks, ps.Finally)) errs = errs.Also(validateMatrix(ctx, ps.Tasks).ViaField("tasks")) errs = errs.Also(validateMatrix(ctx, ps.Finally).ViaField("finally")) return errs @@ -190,7 +192,7 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { } if pt.OnError != "" { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.AlphaAPIFields)) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.BetaAPIFields)) if pt.OnError != PipelineTaskContinue && pt.OnError != PipelineTaskStopAndFail { errs = errs.Also(apis.ErrInvalidValue(pt.OnError, "OnError", "PipelineTask OnError must be either \"continue\" or \"stopAndFail\"")) } @@ -511,9 +513,13 @@ func (pt *PipelineTask) GetVarSubstitutionExpressions() []string { return allExpressions } +// containsExecutionStatusRef checks if a specified param has a reference to execution status or reason +// $(tasks..status), $(tasks.status), or $(tasks..reason) func containsExecutionStatusRef(p string) bool { - if strings.HasPrefix(p, "tasks.") && strings.HasSuffix(p, ".status") { - return true + if strings.HasPrefix(p, "tasks.") { + if strings.HasSuffix(p, ".status") || strings.HasSuffix(p, ".reason") { + return true + } } return false } @@ -587,7 +593,7 @@ func containsExecutionStatusReferences(expressions []string) bool { if !LooksLikeContainsResultRefs(expressions) { for _, e := range expressions { // check if it contains context variable accessing execution status - $(tasks.taskname.status) - // or an aggregate status - $(tasks.status) + // or an aggregate status - $(tasks.status) or reason - $(tasks.taskname.reason) if containsExecutionStatusRef(e) { return true } @@ -604,10 +610,17 @@ func validateExecutionStatusVariablesExpressions(expressions []string, ptNames s if expression == PipelineTasksAggregateStatus { continue } - // check if it contains context variable accessing execution status - $(tasks.taskname.status) + // check if it contains context variable accessing execution status - $(tasks.taskname.status) | $(tasks.taskname.reason) if containsExecutionStatusRef(expression) { - // strip tasks. and .status from tasks.taskname.status to further verify task name - pt := strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + var pt string + if strings.HasSuffix(expression, ".status") { + // strip tasks. and .status from tasks.taskname.status to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + } + if strings.HasSuffix(expression, ".reason") { + // strip tasks. and .reason from tasks.taskname.reason to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".reason") + } // report an error if the task name does not exist in the list of dag tasks if !ptNames.Has(pt) { errs = errs.Also(apis.ErrInvalidValue(fmt.Sprintf("pipeline task %s is not defined in the pipeline", pt), fieldPath)) @@ -615,6 +628,7 @@ func validateExecutionStatusVariablesExpressions(expressions []string, ptNames s } } } + return errs } @@ -810,6 +824,10 @@ func findAndValidateResultRefsForMatrix(tasks []PipelineTask, taskMapping map[st func validateMatrixedPipelineTaskConsumed(expressions []string, taskMapping map[string]PipelineTask) (resultRefs []*ResultRef, errs *apis.FieldError) { var filteredExpressions []string for _, expression := range expressions { + // if it is not matrix result ref expression, skip + if !resultref.LooksLikeResultRef(expression) { + continue + } // ie. "tasks..results.[*]" subExpressions := strings.Split(expression, ".") pipelineTask := subExpressions[1] // pipelineTaskName @@ -882,6 +900,28 @@ func validateStringResults(results []TaskResult, resultName string) (errs *apis. return errs } +// validateArtifactReference ensure that the feature flag enableArtifacts is set to true when using artifacts +func validateArtifactReference(ctx context.Context, tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { + if config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + return errs + } + for i, t := range tasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("tasks", i)) + } + } + } + for i, t := range finalTasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("finally", i)) + } + } + } + return errs +} + // GetIndexingReferencesToArrayParams returns all strings referencing indices of PipelineRun array parameters // from parameters, workspaces, and when expressions defined in the Pipeline's Tasks and Finally Tasks. // For example, if a Task in the Pipeline has a parameter with a value "$(params.array-param-name[1])", diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go index d45b00ab8..16330aa21 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go @@ -27,6 +27,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/apis" "knative.dev/pkg/webhook/resourcesemantics" @@ -55,6 +56,9 @@ func (pr *PipelineRun) Validate(ctx context.Context) *apis.FieldError { // Validate pipelinerun spec func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ps.ValidateUpdate(ctx)) + // Must have exactly one of pipelineRef and pipelineSpec. if ps.PipelineRef == nil && ps.PipelineSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("pipelineRef", "pipelineSpec")) @@ -124,6 +128,31 @@ func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) return errs } +// ValidateUpdate validates the update of a PipelineRunSpec +func (ps *PipelineRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*PipelineRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. Otherwise, only the status field can be modified. + tips := "Once the PipelineRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ps.Status + tips = "Once the PipelineRun has started, only status updates are allowed" + } + if !equality.Semantic.DeepEqual(old, ps) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + func (ps *PipelineRunSpec) validatePipelineRunParameters(ctx context.Context) (errs *apis.FieldError) { if len(ps.Params) == 0 { return errs @@ -286,11 +315,11 @@ func (ps *PipelineRunSpec) validatePipelineTimeout(timeout time.Duration, errorM func validateTaskRunSpec(ctx context.Context, trs PipelineTaskRunSpec) (errs *apis.FieldError) { if trs.StepSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.AlphaAPIFields).ViaField("stepSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.BetaAPIFields).ViaField("stepSpecs")) errs = errs.Also(validateStepSpecs(trs.StepSpecs).ViaField("stepSpecs")) } if trs.SidecarSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.AlphaAPIFields).ViaField("sidecarSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.BetaAPIFields).ViaField("sidecarSpecs")) errs = errs.Also(validateSidecarSpecs(trs.SidecarSpecs).ViaField("sidecarSpecs")) } if trs.ComputeResources != nil { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json index be288cc97..584220d0b 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json @@ -155,11 +155,16 @@ "description": "TaskRunStepArtifact represents an artifact produced or used by a step within a task run. It directly uses the Artifact type for its structure.", "type": "object", "properties": { + "buildOutput": { + "description": "Indicate if the artifact is a build output or a by-product", + "type": "boolean" + }, "name": { + "description": "The artifact's identifying category name", "type": "string" }, "values": { - "description": "The artifact's identifying category name", + "description": "A collection of values related to the artifact", "type": "array", "items": { "default": {}, @@ -1325,6 +1330,10 @@ "description": "Periodic probe of Sidecar service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "$ref": "#/definitions/v1.Probe" }, + "restartPolicy": { + "description": "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + "type": "string" + }, "script": { "description": "Script is the contents of an executable file to execute.\n\nIf Script is not empty, the Step cannot have an Command or Args.", "type": "string" @@ -1581,6 +1590,14 @@ "x-kubernetes-patch-merge-key": "mountPath", "x-kubernetes-patch-strategy": "merge" }, + "when": { + "description": "When is a list of when expressions that need to be true for the task to run", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/v1.WhenExpression" + } + }, "workingDir": { "description": "Step's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" @@ -1663,6 +1680,9 @@ "$ref": "#/definitions/v1.Artifact" } }, + "provenance": { + "$ref": "#/definitions/v1.Provenance" + }, "results": { "type": "array", "items": { @@ -2103,6 +2123,12 @@ "default": "" } }, + "artifacts": { + "description": "Artifacts are the list of artifacts written out by the task's containers", + "default": {}, + "$ref": "#/definitions/v1.Artifacts", + "x-kubernetes-list-type": "atomic" + }, "completionTime": { "description": "CompletionTime is the time the build completed.", "$ref": "#/definitions/v1.Time" @@ -2192,6 +2218,12 @@ "podName" ], "properties": { + "artifacts": { + "description": "Artifacts are the list of artifacts written out by the task's containers", + "default": {}, + "$ref": "#/definitions/v1.Artifacts", + "x-kubernetes-list-type": "atomic" + }, "completionTime": { "description": "CompletionTime is the time the build completed.", "$ref": "#/definitions/v1.Time" diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go index 957085744..4232d295d 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go @@ -260,6 +260,9 @@ func validateSteps(ctx context.Context, steps []Step) (errs *apis.FieldError) { errs = errs.Also(ValidateStepResultsVariables(ctx, s.Results, s.Script).ViaIndex(idx)) errs = errs.Also(ValidateStepResults(ctx, s.Results).ViaIndex(idx).ViaField("results")) } + if len(s.When) > 0 { + errs = errs.Also(s.When.validate(ctx).ViaIndex(idx)) + } } return errs } @@ -312,7 +315,10 @@ func errorIfStepResultReferenceinField(value, fieldName string) (errs *apis.Fiel } func stepArtifactReferenceExists(src string) bool { - return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$(step.artifacts.path)") + return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.StepArtifactPathPattern+")") +} +func taskArtifactReferenceExists(src string) bool { + return len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.TaskArtifactPathPattern+")") } func errorIfStepArtifactReferencedInField(value, fieldName string) (errs *apis.FieldError) { if stepArtifactReferenceExists(value) { @@ -378,17 +384,8 @@ func validateStepResultReference(s Step) (errs *apis.FieldError) { } func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.FieldError) { - if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { - var t []string - t = append(t, s.Script) - t = append(t, s.Command...) - t = append(t, s.Args...) - for _, e := range s.Env { - t = append(t, e.Value) - } - if slices.ContainsFunc(t, stepArtifactReferenceExists) { - return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "")) - } + if err := validateArtifactsReferencesInStep(ctx, s); err != nil { + return err } if s.Ref != nil { @@ -456,6 +453,11 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use Results in Steps.", config.EnableStepActions), "") } } + if len(s.When) > 0 { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableStepActions && isCreateOrUpdateAndDiverged(ctx, s) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use When in Steps.", config.EnableStepActions), "") + } + } if s.Image == "" { errs = errs.Also(apis.ErrMissingField("Image")) } @@ -538,6 +540,22 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return errs } +func validateArtifactsReferencesInStep(ctx context.Context, s Step) *apis.FieldError { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + var t []string + t = append(t, s.Script) + t = append(t, s.Command...) + t = append(t, s.Args...) + for _, e := range s.Env { + t = append(t, e.Value) + } + if slices.ContainsFunc(t, stepArtifactReferenceExists) || slices.ContainsFunc(t, taskArtifactReferenceExists) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "") + } + } + return nil +} + // ValidateParameterTypes validates all the types within a slice of ParamSpecs func ValidateParameterTypes(ctx context.Context, params []ParamSpec) (errs *apis.FieldError) { for _, p := range params { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go index 615eaaa78..ea6e51764 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_types.go @@ -279,6 +279,11 @@ type TaskRunStatusFields struct { // +listType=atomic Results []TaskRunResult `json:"results,omitempty"` + // Artifacts are the list of artifacts written out by the task's containers + // +optional + // +listType=atomic + Artifacts Artifacts `json:"artifacts,omitempty"` + // The list has one entry per sidecar in the manifest. Each entry is // represents the imageid of the corresponding sidecar. // +listType=atomic @@ -359,6 +364,7 @@ type StepState struct { Container string `json:"container,omitempty"` ImageID string `json:"imageID,omitempty"` Results []TaskRunStepResult `json:"results,omitempty"` + Provenance *Provenance `json:"provenance,omitempty"` TerminationReason string `json:"terminationReason,omitempty"` Inputs []TaskRunStepArtifact `json:"inputs,omitempty"` Outputs []TaskRunStepArtifact `json:"outputs,omitempty"` diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go index 771d684d4..cfdd423e9 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go @@ -26,6 +26,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/strings/slices" "knative.dev/pkg/apis" @@ -50,6 +51,9 @@ func (tr *TaskRun) Validate(ctx context.Context) *apis.FieldError { // Validate taskrun spec func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ts.ValidateUpdate(ctx)) + // Must have exactly one of taskRef and taskSpec. if ts.TaskRef == nil && ts.TaskSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("taskRef", "taskSpec")) @@ -80,11 +84,11 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateDebug(ts.Debug).ViaField("debug")) } if ts.StepSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.AlphaAPIFields).ViaField("stepSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepSpecs", config.BetaAPIFields).ViaField("stepSpecs")) errs = errs.Also(validateStepSpecs(ts.StepSpecs).ViaField("stepSpecs")) } if ts.SidecarSpecs != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.AlphaAPIFields).ViaField("sidecarSpecs")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarSpecs", config.BetaAPIFields).ViaField("sidecarSpecs")) errs = errs.Also(validateSidecarSpecs(ts.SidecarSpecs).ViaField("sidecarSpecs")) } if ts.ComputeResources != nil { @@ -118,6 +122,34 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { return errs } +// ValidateUpdate validates the update of a TaskRunSpec +func (ts *TaskRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*TaskRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. + // Otherwise, only the status, statusMessage field can be modified. + tips := "Once the TaskRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ts.Status + old.StatusMessage = ts.StatusMessage + tips = "Once the TaskRun has started, only status and statusMessage updates are allowed" + } + + if !equality.Semantic.DeepEqual(old, ts) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + // validateInlineParameters validates that any parameters called in the // Task spec are declared in the TaskRun. // This is crucial for propagated parameters because the parameters could @@ -224,6 +256,11 @@ func validateDebug(db *TaskRunDebug) (errs *apis.FieldError) { if db == nil || db.Breakpoints == nil { return errs } + + if db.Breakpoints.OnFailure == "" { + errs = errs.Also(apis.ErrInvalidValue("onFailure breakpoint is empty, it is only allowed to be set as enabled", "breakpoints.onFailure")) + } + if db.Breakpoints.OnFailure != "" && db.Breakpoints.OnFailure != EnabledOnFailureBreakpoint { errs = errs.Also(apis.ErrInvalidValue(db.Breakpoints.OnFailure+" is not a valid onFailure breakpoint value, onFailure breakpoint is only allowed to be set as enabled", "breakpoints.onFailure")) } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go index 66e7164a7..0a128d8f9 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_types.go @@ -98,6 +98,8 @@ func (we *WhenExpression) GetVarSubstitutionExpressions() ([]string, bool) { // All of them need to evaluate to True for a guarded Task to be executed. type WhenExpressions []WhenExpression +type StepWhenExpressions = WhenExpressions + // AllowsExecution evaluates an Input's relationship to an array of Values, based on the Operator, // to determine whether all the When Expressions are True. If they are all True, the guarded Task is // executed, otherwise it is skipped. diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go index 2a058299a..a62621a69 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/when_validation.go @@ -48,7 +48,7 @@ func (wes WhenExpressions) validateWhenExpressionsFields(ctx context.Context) (e func (we *WhenExpression) validateWhenExpressionFields(ctx context.Context) *apis.FieldError { if we.CEL != "" { if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableCELInWhenExpression { - return apis.ErrGeneric("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL) + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL), "") } if we.Input != "" || we.Operator != "" || len(we.Values) != 0 { return apis.ErrGeneric(fmt.Sprintf("cel and input+operator+values cannot be set in one WhenExpression: %v", we)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go index 16e483fce..12dbe03bf 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/zz_generated.deepcopy.go @@ -1248,6 +1248,11 @@ func (in *Sidecar) DeepCopyInto(out *Sidecar) { *out = make([]WorkspaceUsage, len(*in)) copy(*out, *in) } + if in.RestartPolicy != nil { + in, out := &in.RestartPolicy, &out.RestartPolicy + *out = new(corev1.ContainerRestartPolicy) + **out = **in + } return } @@ -1385,6 +1390,13 @@ func (in *Step) DeepCopyInto(out *Step) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.When != nil { + in, out := &in.When, &out.When + *out = make(WhenExpressions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -1448,6 +1460,11 @@ func (in *StepState) DeepCopyInto(out *StepState) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } if in.Inputs != nil { in, out := &in.Inputs, &out.Inputs *out = make([]Artifact, len(*in)) @@ -1917,6 +1934,7 @@ func (in *TaskRunStatusFields) DeepCopyInto(out *TaskRunStatusFields) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.Artifacts.DeepCopyInto(&out.Artifacts) if in.Sidecars != nil { in, out := &in.Sidecars, &out.Sidecars *out = make([]SidecarState, len(*in)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go index ec50bde8a..23778a90b 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/artifact_types.go @@ -6,8 +6,12 @@ type Algorithm string // Artifact represents an artifact within a system, potentially containing multiple values // associated with it. type Artifact struct { - Name string `json:"name,omitempty"` // The artifact's identifying category name - Values []ArtifactValue `json:"values,omitempty"` // A collection of values related to the artifact + // The artifact's identifying category name + Name string `json:"name,omitempty"` + // A collection of values related to the artifact + Values []ArtifactValue `json:"values,omitempty"` + // Indicate if the artifact is a build output or a by-product + BuildOutput bool `json:"buildOutput,omitempty"` } // ArtifactValue represents a specific value or data element within an Artifact. diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go index 2e828bc5a..5b61377bc 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_conversion.go @@ -72,6 +72,11 @@ func (s Step) convertTo(ctx context.Context, sink *v1.Step) { sink.Params = append(sink.Params, new) } sink.Results = s.Results + for _, w := range s.When { + new := v1.WhenExpression{} + w.convertTo(ctx, &new) + sink.When = append(sink.When, new) + } } func (s *Step) convertFrom(ctx context.Context, source v1.Step) { @@ -111,6 +116,11 @@ func (s *Step) convertFrom(ctx context.Context, source v1.Step) { s.Params = append(s.Params, new) } s.Results = source.Results + for _, w := range source.When { + new := WhenExpression{} + new.convertFrom(ctx, w) + s.When = append(s.When, new) + } } func (s StepTemplate) convertTo(ctx context.Context, sink *v1.StepTemplate) { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go index 4494184d7..95f852bf4 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_types.go @@ -247,6 +247,8 @@ type Step struct { // +optional // +listType=atomic Results []v1.StepResult `json:"results,omitempty"` + + When StepWhenExpressions `json:"when,omitempty"` } // Ref can be used to refer to a specific instance of a StepAction. @@ -745,10 +747,43 @@ type Sidecar struct { // +optional // +listType=atomic Workspaces []WorkspaceUsage `json:"workspaces,omitempty"` + + // RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an + // initContainer and must have it's policy set to "Always". It is currently + // left optional to help support Kubernetes versions prior to 1.29 when this feature + // was introduced. + // +optional + RestartPolicy *corev1.ContainerRestartPolicy `json:"restartPolicy,omitempty"` } // ToK8sContainer converts the Sidecar to a Kubernetes Container struct func (s *Sidecar) ToK8sContainer() *corev1.Container { + if s.RestartPolicy == nil { + return &corev1.Container{ + Name: s.Name, + Image: s.Image, + Command: s.Command, + Args: s.Args, + WorkingDir: s.WorkingDir, + Ports: s.Ports, + EnvFrom: s.EnvFrom, + Env: s.Env, + Resources: s.Resources, + VolumeMounts: s.VolumeMounts, + VolumeDevices: s.VolumeDevices, + LivenessProbe: s.LivenessProbe, + ReadinessProbe: s.ReadinessProbe, + StartupProbe: s.StartupProbe, + Lifecycle: s.Lifecycle, + TerminationMessagePath: s.TerminationMessagePath, + TerminationMessagePolicy: s.TerminationMessagePolicy, + ImagePullPolicy: s.ImagePullPolicy, + SecurityContext: s.SecurityContext, + Stdin: s.Stdin, + StdinOnce: s.StdinOnce, + TTY: s.TTY, + } + } return &corev1.Container{ Name: s.Name, Image: s.Image, @@ -763,6 +798,7 @@ func (s *Sidecar) ToK8sContainer() *corev1.Container { VolumeDevices: s.VolumeDevices, LivenessProbe: s.LivenessProbe, ReadinessProbe: s.ReadinessProbe, + RestartPolicy: s.RestartPolicy, StartupProbe: s.StartupProbe, Lifecycle: s.Lifecycle, TerminationMessagePath: s.TerminationMessagePath, @@ -799,4 +835,5 @@ func (s *Sidecar) SetContainerFields(c corev1.Container) { s.Stdin = c.Stdin s.StdinOnce = c.StdinOnce s.TTY = c.TTY + s.RestartPolicy = c.RestartPolicy } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go index 6d1432d46..62111ee7c 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/merge.go @@ -66,7 +66,7 @@ func MergeStepsWithStepTemplate(template *StepTemplate, steps []Step) ([]Step, e amendConflictingContainerFields(&merged, s) // Pass through original step Script, for later conversion. - newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig} + newStep := Step{Script: s.Script, OnError: s.OnError, Timeout: s.Timeout, StdoutConfig: s.StdoutConfig, StderrConfig: s.StderrConfig, When: s.When} newStep.SetContainerFields(merged) steps[i] = newStep } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go index d2c52a379..0e2f436ca 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -422,13 +422,14 @@ func schema_pkg_apis_pipeline_v1beta1_Artifact(ref common.ReferenceCallback) com Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "The artifact's identifying category name", + Type: []string{"string"}, + Format: "", }, }, "values": { SchemaProps: spec.SchemaProps{ - Description: "The artifact's identifying category name", + Description: "A collection of values related to the artifact", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -440,6 +441,13 @@ func schema_pkg_apis_pipeline_v1beta1_Artifact(ref common.ReferenceCallback) com }, }, }, + "buildOutput": { + SchemaProps: spec.SchemaProps{ + Description: "Indicate if the artifact is a build output or a by-product", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, @@ -3616,6 +3624,13 @@ func schema_pkg_apis_pipeline_v1beta1_Sidecar(ref common.ReferenceCallback) comm }, }, }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"name"}, }, @@ -4077,12 +4092,25 @@ func schema_pkg_apis_pipeline_v1beta1_Step(ref common.ReferenceCallback) common. }, }, }, + "when": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WhenExpression"), + }, + }, + }, + }, + }, }, Required: []string{"name"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspaceUsage", "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Param", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Ref", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepOutputConfig", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WhenExpression", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspaceUsage", "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -4422,6 +4450,11 @@ func schema_pkg_apis_pipeline_v1beta1_StepState(ref common.ReferenceCallback) co }, }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance"), + }, + }, "inputs": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, @@ -4452,7 +4485,7 @@ func schema_pkg_apis_pipeline_v1beta1_StepState(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Artifact", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, } } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go index 4423a9172..8f8d6a1f0 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go @@ -21,6 +21,7 @@ import ( "fmt" "strings" + "github.com/tektoncd/pipeline/internal/artifactref" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" @@ -91,6 +92,7 @@ func (ps *PipelineSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateTasksAndFinallySection(ps)) errs = errs.Also(validateFinalTasks(ps.Tasks, ps.Finally)) errs = errs.Also(validateWhenExpressions(ctx, ps.Tasks, ps.Finally)) + errs = errs.Also(validateArtifactReference(ctx, ps.Tasks, ps.Finally)) errs = errs.Also(validateMatrix(ctx, ps.Tasks).ViaField("tasks")) errs = errs.Also(validateMatrix(ctx, ps.Finally).ViaField("finally")) return errs @@ -195,7 +197,7 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { } if pt.OnError != "" { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.AlphaAPIFields)) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.BetaAPIFields)) if pt.OnError != PipelineTaskContinue && pt.OnError != PipelineTaskStopAndFail { errs = errs.Also(apis.ErrInvalidValue(pt.OnError, "OnError", "PipelineTask OnError must be either \"continue\" or \"stopAndFail\"")) } @@ -493,9 +495,13 @@ func (pt *PipelineTask) extractAllParams() Params { return allParams } +// containsExecutionStatusRef checks if a specified param has a reference to execution status or reason +// $(tasks..status), $(tasks.status), or $(tasks..reason) func containsExecutionStatusRef(p string) bool { - if strings.HasPrefix(p, "tasks.") && strings.HasSuffix(p, ".status") { - return true + if strings.HasPrefix(p, "tasks.") { + if strings.HasSuffix(p, ".status") || strings.HasSuffix(p, ".reason") { + return true + } } return false } @@ -586,10 +592,17 @@ func validateExecutionStatusVariablesExpressions(expressions []string, ptNames s if expression == PipelineTasksAggregateStatus { continue } - // check if it contains context variable accessing execution status - $(tasks.taskname.status) + // check if it contains context variable accessing execution status - $(tasks.taskname.status) | $(tasks.taskname.reason) if containsExecutionStatusRef(expression) { - // strip tasks. and .status from tasks.taskname.status to further verify task name - pt := strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + var pt string + if strings.HasSuffix(expression, ".status") { + // strip tasks. and .status from tasks.taskname.status to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".status") + } + if strings.HasSuffix(expression, ".reason") { + // strip tasks. and .reason from tasks.taskname.reason to further verify task name + pt = strings.TrimSuffix(strings.TrimPrefix(expression, "tasks."), ".reason") + } // report an error if the task name does not exist in the list of dag tasks if !ptNames.Has(pt) { errs = errs.Also(apis.ErrInvalidValue(fmt.Sprintf("pipeline task %s is not defined in the pipeline", pt), fieldPath)) @@ -866,6 +879,28 @@ func validateStringResults(results []TaskResult, resultName string) (errs *apis. return errs } +// validateArtifactReference ensure that the feature flag enableArtifacts is set to true when using artifacts +func validateArtifactReference(ctx context.Context, tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { + if config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + return errs + } + for i, t := range tasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("tasks", i)) + } + } + } + for i, t := range finalTasks { + for _, v := range t.Params.extractValues() { + if len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(v, -1)) > 0 { + return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "").ViaField("params").ViaFieldIndex("finally", i)) + } + } + } + return errs +} + // GetIndexingReferencesToArrayParams returns all strings referencing indices of PipelineRun array parameters // from parameters, workspaces, and when expressions defined in the Pipeline's Tasks and Finally Tasks. // For example, if a Task in the Pipeline has a parameter with a value "$(params.array-param-name[1])", diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go index 7113b6536..834c7493d 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go @@ -26,6 +26,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" "github.com/tektoncd/pipeline/pkg/internal/resultref" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/strings/slices" @@ -60,6 +61,9 @@ func (pr *PipelineRun) Validate(ctx context.Context) *apis.FieldError { // Validate pipelinerun spec func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ps.ValidateUpdate(ctx)) + // Must have exactly one of pipelineRef and pipelineSpec. if ps.PipelineRef == nil && ps.PipelineSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("pipelineRef", "pipelineSpec")) @@ -145,6 +149,31 @@ func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) return errs } +// ValidateUpdate validates the update of a PipelineRunSpec +func (ps *PipelineRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*PipelineRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. Otherwise, only the status field can be modified. + tips := "Once the PipelineRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ps.Status + tips = "Once the PipelineRun has started, only status updates are allowed" + } + if !equality.Semantic.DeepEqual(old, ps) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + func (ps *PipelineRunSpec) validatePipelineRunParameters(ctx context.Context) (errs *apis.FieldError) { if len(ps.Params) == 0 { return errs @@ -335,11 +364,11 @@ func (ps *PipelineRunSpec) validatePipelineTimeout(timeout time.Duration, errorM func validateTaskRunSpec(ctx context.Context, trs PipelineTaskRunSpec) (errs *apis.FieldError) { if trs.StepOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.AlphaAPIFields).ViaField("stepOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.BetaAPIFields).ViaField("stepOverrides")) errs = errs.Also(validateStepOverrides(trs.StepOverrides).ViaField("stepOverrides")) } if trs.SidecarOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.AlphaAPIFields).ViaField("sidecarOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.BetaAPIFields).ViaField("sidecarOverrides")) errs = errs.Also(validateSidecarOverrides(trs.SidecarOverrides).ViaField("sidecarOverrides")) } if trs.ComputeResources != nil { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json index 690ef2115..a0b5a9f9d 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json @@ -155,11 +155,16 @@ "description": "TaskRunStepArtifact represents an artifact produced or used by a step within a task run. It directly uses the Artifact type for its structure.", "type": "object", "properties": { + "buildOutput": { + "description": "Indicate if the artifact is a build output or a by-product", + "type": "boolean" + }, "name": { + "description": "The artifact's identifying category name", "type": "string" }, "values": { - "description": "The artifact's identifying category name", + "description": "A collection of values related to the artifact", "type": "array", "items": { "default": {}, @@ -1932,6 +1937,10 @@ "default": {}, "$ref": "#/definitions/v1.ResourceRequirements" }, + "restartPolicy": { + "description": "RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an initContainer and must have it's policy set to \"Always\". It is currently left optional to help support Kubernetes versions prior to 1.29 when this feature was introduced.", + "type": "string" + }, "script": { "description": "Script is the contents of an executable file to execute.\n\nIf Script is not empty, the Step cannot have an Command or Args.", "type": "string" @@ -2239,6 +2248,13 @@ "x-kubernetes-patch-merge-key": "mountPath", "x-kubernetes-patch-strategy": "merge" }, + "when": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/v1beta1.WhenExpression" + } + }, "workingDir": { "description": "Step's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" @@ -2426,6 +2442,9 @@ "$ref": "#/definitions/v1beta1.Artifact" } }, + "provenance": { + "$ref": "#/definitions/v1beta1.Provenance" + }, "results": { "type": "array", "items": { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go index 452fb545f..9a0d4fe50 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_conversion.go @@ -212,7 +212,7 @@ func serializeTaskDeprecations(meta *metav1.ObjectMeta, spec *TaskSpec, taskName existingDeprecations := taskDeprecations{} if str, ok := meta.Annotations[TaskDeprecationsAnnotationKey]; ok { if err := json.Unmarshal([]byte(str), &existingDeprecations); err != nil { - return fmt.Errorf("error deserializing key %s from metadata: %w", TaskDeprecationsAnnotationKey, err) + return fmt.Errorf("error serializing key %s from metadata: %w", TaskDeprecationsAnnotationKey, err) } } if taskDeprecation != nil { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go index 9ef0db690..4d03a9501 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go @@ -249,6 +249,9 @@ func validateSteps(ctx context.Context, steps []Step) (errs *apis.FieldError) { errs = errs.Also(v1.ValidateStepResultsVariables(ctx, s.Results, s.Script).ViaIndex(idx)) errs = errs.Also(v1.ValidateStepResults(ctx, s.Results).ViaIndex(idx).ViaField("results")) } + if len(s.When) > 0 { + errs = errs.Also(s.When.validate(ctx).ViaIndex(idx)) + } } return errs } @@ -301,7 +304,11 @@ func errorIfStepResultReferenceinField(value, fieldName string) (errs *apis.Fiel } func stepArtifactReferenceExists(src string) bool { - return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$(step.artifacts.path)") + return len(artifactref.StepArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.StepArtifactPathPattern+")") +} + +func taskArtifactReferenceExists(src string) bool { + return len(artifactref.TaskArtifactRegex.FindAllStringSubmatch(src, -1)) > 0 || strings.Contains(src, "$("+artifactref.TaskArtifactPathPattern+")") } func errorIfStepArtifactReferencedInField(value, fieldName string) (errs *apis.FieldError) { @@ -368,17 +375,8 @@ func validateStepResultReference(s Step) (errs *apis.FieldError) { } func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.FieldError) { - if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { - var t []string - t = append(t, s.Script) - t = append(t, s.Command...) - t = append(t, s.Args...) - for _, e := range s.Env { - t = append(t, e.Value) - } - if slices.ContainsFunc(t, stepArtifactReferenceExists) { - return errs.Also(apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "")) - } + if err := validateArtifactsReferencesInStep(ctx, s); err != nil { + return err } if s.Ref != nil { @@ -446,6 +444,11 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use Results in Steps.", config.EnableStepActions), "") } } + if len(s.When) > 0 { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableStepActions && isCreateOrUpdateAndDiverged(ctx, s) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true in order to use When in Steps.", config.EnableStepActions), "") + } + } if s.Image == "" { errs = errs.Also(apis.ErrMissingField("Image")) } @@ -529,6 +532,22 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi return errs } +func validateArtifactsReferencesInStep(ctx context.Context, s Step) *apis.FieldError { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableArtifacts { + var t []string + t = append(t, s.Script) + t = append(t, s.Command...) + t = append(t, s.Args...) + for _, e := range s.Env { + t = append(t, e.Value) + } + if slices.ContainsFunc(t, stepArtifactReferenceExists) || slices.ContainsFunc(t, taskArtifactReferenceExists) { + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use artifacts feature.", config.EnableArtifacts), "") + } + } + return nil +} + // ValidateParameterTypes validates all the types within a slice of ParamSpecs func ValidateParameterTypes(ctx context.Context, params []ParamSpec) (errs *apis.FieldError) { for _, p := range params { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go index e9b1bed4f..7b749ac5a 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_conversion.go @@ -345,6 +345,12 @@ func (ss StepState) convertTo(ctx context.Context, sink *v1.StepState) { sink.ImageID = ss.ImageID sink.Results = nil + if ss.Provenance != nil { + new := v1.Provenance{} + ss.Provenance.convertTo(ctx, &new) + sink.Provenance = &new + } + if ss.ContainerState.Terminated != nil { sink.TerminationReason = ss.ContainerState.Terminated.Reason } @@ -379,6 +385,11 @@ func (ss *StepState) convertFrom(ctx context.Context, source v1.StepState) { new.convertFrom(ctx, r) ss.Results = append(ss.Results, new) } + if source.Provenance != nil { + new := Provenance{} + new.convertFrom(ctx, *source.Provenance) + ss.Provenance = &new + } for _, o := range source.Outputs { new := TaskRunStepArtifact{} new.convertFrom(ctx, o) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go index 551a5856e..26707ff33 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_types.go @@ -372,6 +372,7 @@ type StepState struct { ContainerName string `json:"container,omitempty"` ImageID string `json:"imageID,omitempty"` Results []TaskRunStepResult `json:"results,omitempty"` + Provenance *Provenance `json:"provenance,omitempty"` Inputs []TaskRunStepArtifact `json:"inputs,omitempty"` Outputs []TaskRunStepArtifact `json:"outputs,omitempty"` } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go index b44b3d42e..a3f37caee 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go @@ -26,6 +26,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/validate" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/strings/slices" "knative.dev/pkg/apis" @@ -50,6 +51,9 @@ func (tr *TaskRun) Validate(ctx context.Context) *apis.FieldError { // Validate taskrun spec func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { + // Validate the spec changes + errs = errs.Also(ts.ValidateUpdate(ctx)) + // Must have exactly one of taskRef and taskSpec. if ts.TaskRef == nil && ts.TaskSpec == nil { errs = errs.Also(apis.ErrMissingOneOf("taskRef", "taskSpec")) @@ -80,11 +84,11 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validateDebug(ts.Debug).ViaField("debug")) } if ts.StepOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.AlphaAPIFields).ViaField("stepOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "stepOverrides", config.BetaAPIFields).ViaField("stepOverrides")) errs = errs.Also(validateStepOverrides(ts.StepOverrides).ViaField("stepOverrides")) } if ts.SidecarOverrides != nil { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.AlphaAPIFields).ViaField("sidecarOverrides")) + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "sidecarOverrides", config.BetaAPIFields).ViaField("sidecarOverrides")) errs = errs.Also(validateSidecarOverrides(ts.SidecarOverrides).ViaField("sidecarOverrides")) } if ts.ComputeResources != nil { @@ -118,6 +122,34 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { return errs } +// ValidateUpdate validates the update of a TaskRunSpec +func (ts *TaskRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { + if !apis.IsInUpdate(ctx) { + return + } + oldObj, ok := apis.GetBaseline(ctx).(*TaskRun) + if !ok || oldObj == nil { + return + } + old := &oldObj.Spec + + // If already in the done state, the spec cannot be modified. + // Otherwise, only the status, statusMessage field can be modified. + tips := "Once the TaskRun is complete, no updates are allowed" + if !oldObj.IsDone() { + old = old.DeepCopy() + old.Status = ts.Status + old.StatusMessage = ts.StatusMessage + tips = "Once the TaskRun has started, only status and statusMessage updates are allowed" + } + + if !equality.Semantic.DeepEqual(old, ts) { + errs = errs.Also(apis.ErrInvalidValue(tips, "")) + } + + return +} + // validateInlineParameters validates that any parameters called in the // Task spec are declared in the TaskRun. // This is crucial for propagated parameters because the parameters could @@ -224,6 +256,11 @@ func validateDebug(db *TaskRunDebug) (errs *apis.FieldError) { if db == nil || db.Breakpoints == nil { return errs } + + if db.Breakpoints.OnFailure == "" { + errs = errs.Also(apis.ErrInvalidValue("onFailure breakpoint is empty, it is only allowed to be set as enabled", "breakpoints.onFailure")) + } + if db.Breakpoints.OnFailure != "" && db.Breakpoints.OnFailure != EnabledOnFailureBreakpoint { errs = errs.Also(apis.ErrInvalidValue(db.Breakpoints.OnFailure+" is not a valid onFailure breakpoint value, onFailure breakpoint is only allowed to be set as enabled", "breakpoints.onFailure")) } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go index f792ec199..ad24f8e62 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_types.go @@ -98,6 +98,8 @@ func (we *WhenExpression) GetVarSubstitutionExpressions() ([]string, bool) { // All of them need to evaluate to True for a guarded Task to be executed. type WhenExpressions []WhenExpression +type StepWhenExpressions = WhenExpressions + // AllowsExecution evaluates an Input's relationship to an array of Values, based on the Operator, // to determine whether all the When Expressions are True. If they are all True, the guarded Task is // executed, otherwise it is skipped. diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go index 33855040b..aa6b4b4cb 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/when_validation.go @@ -48,7 +48,7 @@ func (wes WhenExpressions) validateWhenExpressionsFields(ctx context.Context) (e func (we *WhenExpression) validateWhenExpressionFields(ctx context.Context) *apis.FieldError { if we.CEL != "" { if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableCELInWhenExpression { - return apis.ErrGeneric("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL) + return apis.ErrGeneric(fmt.Sprintf("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCELInWhenExpression, we.CEL), "") } if we.Input != "" || we.Operator != "" || len(we.Values) != 0 { return apis.ErrGeneric(fmt.Sprintf("cel and input+operator+values cannot be set in one WhenExpression: %v", we)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go index 04d3a09ad..7852edd8c 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go @@ -1696,6 +1696,11 @@ func (in *Sidecar) DeepCopyInto(out *Sidecar) { *out = make([]WorkspaceUsage, len(*in)) copy(*out, *in) } + if in.RestartPolicy != nil { + in, out := &in.RestartPolicy, &out.RestartPolicy + *out = new(corev1.ContainerRestartPolicy) + **out = **in + } return } @@ -1858,6 +1863,13 @@ func (in *Step) DeepCopyInto(out *Step) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.When != nil { + in, out := &in.When, &out.When + *out = make(WhenExpressions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -2017,6 +2029,11 @@ func (in *StepState) DeepCopyInto(out *StepState) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } if in.Inputs != nil { in, out := &in.Inputs, &out.Inputs *out = make([]Artifact, len(*in)) diff --git a/vendor/github.com/tektoncd/pipeline/pkg/result/result.go b/vendor/github.com/tektoncd/pipeline/pkg/result/result.go index ab52c6c82..6506074fd 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/result/result.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/result/result.go @@ -36,8 +36,11 @@ const ( // StepResultType default step result value StepResultType ResultType = 4 - // StepArtifactsResultType default artifacts result value + // StepArtifactsResultType default step artifacts result value StepArtifactsResultType ResultType = 5 + + // TaskRunArtifactsResultType default taskRun artifacts result value + TaskRunArtifactsResultType ResultType = 6 ) // RunResult is used to write key/value pairs to TaskRun pod termination messages. @@ -93,6 +96,8 @@ func (r *ResultType) UnmarshalJSON(data []byte) error { *r = InternalTektonResultType case "StepArtifactsResult": *r = StepArtifactsResultType + case "TaskRunArtifactsResult": + *r = TaskRunArtifactsResultType default: *r = UnknownResultType } diff --git a/vendor/github.com/tektoncd/pipeline/test/e2e-tests-kind-prow-alpha.env b/vendor/github.com/tektoncd/pipeline/test/e2e-tests-kind-prow-alpha.env index dfcc2e764..5ab894c2a 100644 --- a/vendor/github.com/tektoncd/pipeline/test/e2e-tests-kind-prow-alpha.env +++ b/vendor/github.com/tektoncd/pipeline/test/e2e-tests-kind-prow-alpha.env @@ -9,3 +9,4 @@ ENABLE_CEL_IN_WHENEXPRESSION=true ENABLE_PARAM_ENUM=true ENABLE_ARTIFACTS=true ENABLE_CONCISE_RESOLVER_SYNTAX=true +ENABLE_KUBERNETES_SIDECAR=true diff --git a/vendor/github.com/tektoncd/pipeline/test/e2e-tests.sh b/vendor/github.com/tektoncd/pipeline/test/e2e-tests.sh index 8a8b63a48..9d78515fd 100644 --- a/vendor/github.com/tektoncd/pipeline/test/e2e-tests.sh +++ b/vendor/github.com/tektoncd/pipeline/test/e2e-tests.sh @@ -33,6 +33,7 @@ ENABLE_CEL_IN_WHENEXPRESSION=${ENABLE_CEL_IN_WHENEXPRESSION:="false"} ENABLE_PARAM_ENUM=${ENABLE_PARAM_ENUM:="false"} ENABLE_ARTIFACTS=${ENABLE_ARTIFACTS:="false"} ENABLE_CONCISE_RESOLVER_SYNTAX=${ENABLE_CONCISE_RESOLVER_SYNTAX:="false"} +ENABLE_KUBERNETES_SIDECAR=${ENABLE_KUBERNETES_SIDECAR:="false"} failed=0 # Script entry point. @@ -143,6 +144,18 @@ function set_enable_concise_resolver_syntax() { kubectl patch configmap feature-flags -n tekton-pipelines -p "$jsonpatch" } +function set_enable_kubernetes_sidecar() { + local method="$1" + if [ "$method" != "false" ] && [ "$method" != "true" ]; then + printf "Invalid value for enable-kubernetes-sidecar %s\n" ${method} + exit 255 + fi + printf "Setting enable-kubernetes-sidecar to %s\n", ${method} + jsonpatch=$(printf "{\"data\": {\"enable-kubernetes-sidecar\": \"%s\"}}" $1) + echo "feature-flags ConfigMap patch: ${jsonpatch}" + kubectl patch configmap feature-flags -n tekton-pipelines -p "$jsonpatch" +} + function run_e2e() { # Run the integration tests header "Running Go e2e tests" @@ -171,6 +184,7 @@ set_cel_in_whenexpression "$ENABLE_CEL_IN_WHENEXPRESSION" set_enable_param_enum "$ENABLE_PARAM_ENUM" set_enable_artifacts "$ENABLE_ARTIFACTS" set_enable_concise_resolver_syntax "$ENABLE_CONCISE_RESOLVER_SYNTAX" +set_enable_kubernetes_sidecar "$ENABLE_KUBERNETES_SIDECAR" run_e2e (( failed )) && fail_test diff --git a/vendor/github.com/tektoncd/pipeline/test/featureflags.go b/vendor/github.com/tektoncd/pipeline/test/featureflags.go index 823d19b99..a6b6db071 100644 --- a/vendor/github.com/tektoncd/pipeline/test/featureflags.go +++ b/vendor/github.com/tektoncd/pipeline/test/featureflags.go @@ -119,6 +119,7 @@ func getFeatureFlagsBaseOnAPIFlag(t *testing.T) *config.FeatureFlags { "enable-param-enum": "true", "enable-artifacts": "true", "enable-concise-resolver-syntax": "true", + "enable-kubernetes-sidecar": "true", }) if err != nil { t.Fatalf("error creating alpha feature flags configmap: %v", err) diff --git a/vendor/modules.txt b/vendor/modules.txt index 6dd230a68..801db44fc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -312,7 +312,7 @@ github.com/onsi/ginkgo/v2/internal/parallel_support github.com/onsi/ginkgo/v2/internal/testingtproxy github.com/onsi/ginkgo/v2/reporters github.com/onsi/ginkgo/v2/types -# github.com/onsi/gomega v1.33.1 +# github.com/onsi/gomega v1.34.0 ## explicit; go 1.20 github.com/onsi/gomega github.com/onsi/gomega/format @@ -331,7 +331,7 @@ github.com/opencontainers/go-digest ## explicit; go 1.18 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f +# github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api v0.0.0-20240724184751-84047ef4a2ce ## explicit; go 1.22.0 github.com/openshift/api/config/v1 github.com/openshift/api/pkg/serialization @@ -412,7 +412,7 @@ github.com/spf13/pflag github.com/stoewer/go-strcase # github.com/stretchr/objx v0.5.2 ## explicit; go 1.20 -# github.com/tektoncd/pipeline v0.61.1 +# github.com/tektoncd/pipeline v0.62.0 ## explicit; go 1.22 github.com/tektoncd/pipeline/internal/artifactref github.com/tektoncd/pipeline/pkg/apis/config @@ -1483,5 +1483,5 @@ sigs.k8s.io/yaml/goyaml.v3 # k8s.io/client-go => k8s.io/client-go v0.30.3 # k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f # k8s.io/kubectl => k8s.io/kubectl v0.30.3 -# github.com/openshift/api => github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f +# github.com/openshift/api => github.com/openshift/api v0.0.0-20240724184751-84047ef4a2ce # github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87