## -------------------------------------------------------------------------------
## Changelog Entry Documentation
## -------------------------------------------------------------------------------
# type The type of this change.
# Possible values:
# - 'bug' Bug has been fixed
# - 'documentation' Documentation change
# - 'enhancement' Feature has been implemented or some general improvements
# - 'internal' Internal change which does not affect consumers directly (e.g. refactorings)
# - 'security' A security relevant fix
# - 'hotfix' Emergency bug fix which needs to be rolled out immediately via hotfix process
# impact The impact this change has regarding consumption. The impact also affects the semantic version.
# Possible values:
# - 'incompatible' An incompatible change requires more information in the warning
# and updateNotes sections. Affects major or minor SemVer digit.
# - 'minor' A compatible change which introduces a new feature or enhancement.
# - 'patch' A compatible change without new features.
# title The title of the change
# description The description of the change (markdown syntax possible)
# warning [optional] A warning for consumers if appropriate
# upgradeNotes [optional] Everything a consumer needs to know and adapt in order to consume this change.
# deprecations [optional] If this change deprecates something we need to inform consumers to adapt early,
# before we remove it completely in the next months.
# pullRequestNumber The number of this pull request.
# A list is also possible in case more than one pull requests are involved in this change, e.g. [123, 456].
# jiraIssueNumber The number of the Jira issue.
# A list is also possible in case more than one Jira issues are affected by this change, e.g. [123, 456].
## --------------------------------------------------------------------------------------------------
## For new change entries copy the template below to 'changes:' of the 'version: NEXT' array element.
## --------------------------------------------------------------------------------------------------
# - type: [bug, enhancement, security, internal, hotfix, documentation]
# impact: [incompatible, minor, patch]
# title: <title>
# description: |-
# <description (markdown syntax)>
# warning: |-
# <optional warning message (markdown syntax)>
# upgradeNotes: |-
# <optional upgrade guidelines (markdown syntax)>
# deprecations: |-
# <optional deprecation notes (markdown syntax)>
# pullRequestNumber: <pull request number(s)>
# jiraIssueNumber: <Jira issue number(s)>
# Paste new changelog entries below 'changes:' of the 'version: NEXT' array element.
# ! Do NOT add change entries to already released versions! Only add to version 'NEXT'.
# ! Do NOT change any 'version' or 'date' values manually! The pipeline will take care.
# ! Do NOT change the order of version blocks! 'NEXT' needs to stay the first version block.
- version: NEXT
date: TBD
changes:
- version: "0.40.0"
date: 2023-11-29
changes:
- type: enhancement
impact: minor
title: "Helm chart: Ensure atomic override of complex values"
description: |-
The following complex values can no longer be overridden partially:
- `runController.resources`
- `runController.podSecurityContext`
- `runController.securityContext`
- `runController.nodeSelector` (default was empty)
- `runController.affinity` (default was empty)
- `runController.tolerations` (default was empty)
- `pipelineRuns.resources`
Partial overrides should be avoided because they imply the
risk of inconsistent or unintented results in case the default
values change with newer Helm chart releases.
upgradeNotes: |-
Ensure that overrides of the above-mentioned values are
complete, i.e. they override _all_ fields which where also set
in the respective chart default in v0.39.1.
If this is not the case, add the missing fields.
pullRequestNumber: 398
- type: enhancement
impact: minor
title: "Helm chart: Configure pods to run with Pod Security profile 'restricted'"
description: |-
Default security settings for the run controller and Helm hooks
have been changed to be accepted by Kubernetes Pod Security profile
`restricted`.
The following additional parameters for CRD update hooks are now
available:
- `hooks.crdUpdate.podSecurityContext`
- `hooks.crdUpdate.securityContext`
pullRequestNumber: 398
jiraIssueNumber: 725
- type: enhancement
impact: minor
title: "Helm chart: Add parameters for crd-update hook pods"
description: |-
The following additional parameters for CRD update hooks are now
available:
- `hooks.crdUpdate.resources`
- `hooks.crdUpdate.nodeSelector`
- `hooks.crdUpdate.affinity`
- `hooks.crdUpdate.tolerations`
pullRequestNumber: 398
- version: "0.39.1"
date: 2023-11-29
changes:
- type: enhancement
impact: patch
title: Update JFR image to tag 231120_3aac49d
description: |-
Noteworthy changes:
- The JFR launcher script now allows to specify _any_ commit-ish
as pipeline revision that exists in the remote repository.
In case the given revision is not a commit-ish, a proper error
message is provided and the scripts exits with `error_config`
instead of `error_infra`.
pullRequestNumber: 425
jiraIssueNumber: 1675
- type: internal
impact: patch
title: Upgrade Go SDK to v1.21.4
description: |-
Use Go SDK v1.21.4.
pullRequestNumber: 426
- type: internal
impact: patch
title: Update Go dependencies
description: |-
Updated all dependencies. Most important:
- Kybernetes to v1.27.6
- Tekton to v0.53.2
pullRequestNumber: 426
- type: bug
impact: patch
title: Recreate JFR TaskRun if pod creation failed
description: |-
The creation of the JFR pod may temporarily fail, e.g. due
to a timeout calling a mandatory admission webhook.
Steward now detects this and recreates the Tekton taskrun
to retry.
pullRequestNumber: 424
- type: bug
impact: patch
title: Stop waiting for finished non-restartable JFR TaskRun
description: |-
If a JFR TaskRun was never started, is finished and is not
restartable, Steward now fails the PipelineRun instead of
waiting until timeout.
pullRequestNumber: 424
- type: bug
impact: patch
title: Fix error detected by checkmarx tool
description: |-
Remove redundant error from logFinalState function
pullRequestNumber: 423
- version: "0.39.0"
date: 2023-11-03
changes:
- type: enhancement
impact: minor
title: Add custom logging details
description: |-
Allow to configure additional log attributes to be set from pipeline
run labels and annotations.
See the chart README for details.
pullRequestNumber: 412
- type: enhancement
impact: minor
title: Add logging of pipeline run final state
description: |-
Log result, namespace, run id etc. for completed pipeline runs.
pullRequestNumber: 415
jiraIssueNumber: 1576
- type: bug
impact: patch
title: Use result 'error_config' instead of 'error_content'
description: |-
... in case
- secrets referenced by pipeline runs don't exist
- multiple secrets map to the same name
- the configured Jenkinsfile repo server URL is invalid
pullRequestNumber: 418
- type: internal
impact: patch
title: Upgrade Go SDK to v1.21.3
description: |-
Use Go SDK v1.21.3.
pullRequestNumber: 420
- type: internal
impact: patch
title: Update Go dependencies
description: |-
Updated all dependencies. Most important:
- Kybernetes to v1.26.10
- Tekton to v0.50.2
- knative.dev/pkg to release 1.12
pullRequestNumber: 420
- type: internal
impact: patch
title: Tweak container build
description: |-
Small improvements to container build files.
pullRequestNumber: 421
- version: "0.38.1"
date: 2023-10-18
changes:
- type: enhancement
impact: patch
title: Update JFR image to tag 231018_94c7e9a
description: |-
Noteworthy changes:
- Updated Jenkins Core v2.414.2
- Updated all Jenkins Plug-ins
- Updated base image
pullRequestNumber: 416
jiraIssueNumber: 972
- version: "0.38.0"
date: 2023-10-06
changes:
- type: enhancement
impact: incompatible
title: Update Jenkinsfile Runner image to tag 231006_5085985
description: |-
The new image contains elasticsearch-logs-plugin [v0.13.1](https://github.com/SAP/elasticsearch-logs-plugin/releases/tag/0.13.1).
warning: |-
Helm chart parameters changed incompatibly. See the upgrade notes for instructions.
upgradeNotes: |-
Adapt Helm chart parameters:
- Remove `pipelineRuns.logging.forwarding.emitMaxRetriesIfBufferFull` (use `emitTimeoutMillis` instead; see below)
- If needed, set `pipelineRuns.logging.forwarder.emitTimeoutMillis` (`emitMaxRetriesIfBufferFull` was removed)
See the chart README for details on chart parameters.
pullRequestNumber: 409
jiraIssueNumber: 1258
- type: enhancement
impact: incompatible
title: Change Helm chart parameters
description: |-
See the upgrade notes for necessary adaptations.
warning: |-
Helm chart parameters changed incompatibly. See the upgrade notes for instructions.
upgradeNotes: |-
Adapt Helm chart parameters:
- Rename `pipelineRuns.sidecars` to `pipelineRuns.jenkinsfileRunner.sidecars`
- Rename `pipelineRuns.logging.forwarding.*` to `pipelineRuns.logging.forwarder.*`
- If needed, set `pipelineRuns.logging.forwarder.useSidecar` to `true` (default value changed to `false`)
- If needed, set `pipelineRuns.logging.forwarder.tag` (default value changed to `logs`)
See the chart README for details on chart parameters.
pullRequestNumber: 409
jiraIssueNumber: 1258
- version: "0.37.0"
date: 2023-09-01
recall:
message: |-
elasticsearch-logs-plugin in this version contained some bugs which are fixed in the next patch version. Please use version 0.37.1 instead.
changes:
- type: enhancement
impact: minor
title: Update stewardci-jenkinsfile-runner image to version '230825_1c09345'
description: |-
The new image contains new version "0.12.0" of elasticsearch-logs-plugin
which enables configuring more parameters.
See release note for [version 230825_1c09345](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/230825_1c09345)
pullRequestNumber: 406
- version: "0.36.0"
date: 2023-08-22
changes:
- type: enhancement
impact: minor
title: Update stewardci-jenkinsfile-runner image to version 230822_3c378b2
description: |-
The new image contains updates for Jenkins core (to 2.387.3) and all plugins.
See release note for [version 230822_3c378b2](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/230822_3c378b2)
pullRequestNumber: 404
- version: "0.35.0"
date: 2023-08-10
changes:
- type: enhancement
impact: minor
title: Update stewardci-jenkinsfile-runner image to version 230810_ab62215
description: |-
The new image contains updates for Jenkins core (to 2.375.4), all plugins and the base image.
See release note for [version 230810_ab62215](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/230810_ab62215)
pullRequestNumber: 402
jiraIssueNumber: 848
- version: "0.34.0"
date: 2023-08-07
changes:
- type: enhancement
impact: patch
title: Migrate to structural and contextual logging
description: |-
Convert existing logging to structural and contextual logging as per
[Kubernetes guidelines](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/migration-to-structured-logging.md).
pullRequestNumber: 387
jiraIssueNumber: 1157
- version: "0.33.0"
date: 2023-07-13
changes:
- type: internal
impact: patch
title: Upgrade Go dependencies
description: |-
- "google.golang.org/protobuf" (v1.29.1)
pullRequestNumber: 394
jiraIssueNumber: 1313
- type: enhancement
impact: minor
title: Upgrade Go modules and dependencies
description: |-
- "k8s.io/*" (v0.25.7)
- "knative.dev/pkg" release-1.9 (v0.0.0-20230221145627-8efb3485adcf)
- "github.com/benbjohnson/clock" (v1.3.5)
- "github.com/tektoncd/pipeline" (v0.46.0)
pullRequestNumber: 393
jiraIssueNumber: 1313
- version: "0.32.0"
date: 2023-06-27
changes:
- title: Update Jenkinsfile Runner image
type: enhancement
impact: minor
description: |-
Noteworthy changes:
- Build logs are no longer written to the container output if
log forwarding to Elasticsearch is enabled via PipelineRun spec.
For the details see stewardci-jenkinsfilerunner-image [PR #106](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/106) and [PR #108](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/108).
pullRequestNumber: 391
jiraIssueNumber: 1169
- version: "0.31.0"
date: 2023-06-19
changes:
- title: Make OpenSearch/Elasticsearch index URL in pipeline runs usable
type: enhancement
impact: minor
description: >-
The OpenSearch/Elasticsearch index URL introduced with version 0.6.2 was not
considered so far.
With this change it is used to define log destinations per
pipeline run.
pullRequestNumber: 389
jiraIssueNumber: 990
- version: "0.30.0"
date: 2023-06-12
changes:
- type: enhancement
impact: incompatible
title: Remove the tenants concept
description: |-
The tenants concept was neither really used nor is it a core competency
of Steward to manage namespaces. It has therefore been removed completely.
Users of Steward are now required to set up the namespaces to manage
`PipelineRun` objects on their own.
upgradeNotes: |-
Replace the usage of client namespaces and tenants by plain K8s namespaces.
The Helm upgrade does _not_ remove the tenant CRD. This must be done manually:
- For all client namespaces where all tenants can be deleted together with all their
data in the respective tenant namespaces:
- ___Before___ the upgrade of Steward, delete the respective client namespaces.
This implicitly deletes the contained tenant object, which in turn lets
Steward delete the corresponding tenant namespaces with all their contents,
especially PipelineRun objects.
- ___After___ the upgrade of Steward:
- Remove finalizers from all Tenant objects:
```
for item in $(kubectl get tenants.steward.sap.com -A -o name); do
kubectl patch "$item" --type='json' -p='[{"op": "remove", "path": "/metadata/finalizers"}]'
done
```
- Remove tenant CRD:
```
kubectl delete crd tenants.steward.sap.com
```
This implicitly deletes all Tenant objects. But as the Tenant controller of Steward
has been removed, the corresponding tenant namespaces are kept.
pullRequestNumber: 383
jiraIssueNumber: 1126
- version: "0.29.1"
date: 2023-05-16
changes:
- type: internal
impact: patch
title: Update JFR image (patch)
description: |-
The elasticsearch plugin of the JFR had an internal bug that is now fixed with
https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/105
pullRequestNumber: 385
jiraIssueNumber: CPCCICD-1125
- version: "0.29.0"
date: 2023-05-02
changes:
- type: enhancement
impact: minor
title: Introduce switch for usage of tenants and clients
description: |-
Steward is providing a client/tenant concept which can be used.
It is also possible to use Steward without client namespaces and tenants and use plain k8s namespaces instead.
This change provides a possibility to disable the usage of tenants and client namespaces in the helm chart.
This results in less resource consumption on the k8s cluster by saving one controller.
pullRequestNumber: 381
jiraIssueNumber: 1126
- version: "0.28.0"
date: 2023-04-27
changes:
- type: enhancement
impact: minor
title: Enable log forwarding
description: |-
We want to add support for log-forwarders (i.e. fluentd) instead of sending logs directly to OpenSearch/Elasticsearch.
For this purpose, two configuration extension are prepared:
* Set environment variables to configure the elasticsearch-log-plugin to forward data to fluentd
* Enable the use of tekton sidecars. This can be used to run the forwarder as a sidecar container in the JFR pod
upgradeNotes: |-
The change does not affect the current behavior as long as the new configuration options are not used.
In order to use log forwarding, a version of the JFR image later than "230426_ed390b3" is required.
pullRequestNumber: 379
jiraIssueNumber: CPCCICD-1045
- version: "0.27.2"
date: 2023-04-20
changes:
- type: internal
impact: patch
title: Refactorings
description: |-
This change only contains refactorings:
- Reduce complexity of functions
pullRequestNumber: 376
jiraIssueNumber: 975
- version: "0.27.1"
date: 2023-03-28
changes:
- type: internal
impact: patch
title: Refactorings
description: |-
This change only contains refactorings:
- Introduce constants where strings are used multiple times
- Remove unnecessary boolean literals
- Use opposite operator in favour of negation
- Reduce complexity of functions
- Change function names to better reflect their semantics
pullRequestNumber: 371
- type: internal
impact: patch
title: Upgrade Go SDK to v1.18.10
description: |-
Use Go SDK to v1.18.10.
pullRequestNumber: 371
- version: "0.27.0"
date: 2023-03-06
changes:
- type: enhancement
impact: minor
title: Use Tekton cluster resolver
description: |-
Tekton ClusterTasks are deprecated since Tekton v0.41.0.
Therefore, Tekton's cluster resolver is used instead.
pullRequestNumber: 363
- version: "0.26.0"
date: 2023-02-15
changes:
- type: enhancement
impact: minor
title: Use K8s auto-mount of service account token
description: |-
Instead of configuring a volume for the service account token,
Steward now just sets `automountServiceAccountToken` to true
so that Kubernetes takes care for the token injection.
During the prepare phase of pipeline runs Steward no longer waits
for service account token secrets to be created by Kubernetes.
pullRequestNumber: 361
jiraIssueNumber: 726
- type: enhancement
impact: minor
title: Allow running on K8s v1.24+
description: |-
As a consequence of using K8s auto-mount of service account
tokens, Steward should now work on K8s v1.24+.
pullRequestNumber: 361
jiraIssueNumber: 726
- type: enhancement
impact: patch
title: Improve message
description: |-
Improve readability of message in pipeline runs.
pullRequestNumber: 364
- version: "0.25.2"
date: 2023-02-09
changes:
- type: enhancement
impact: patch
title: Use JFR image with updated plugins
description: |-
Use Jenkins 2.346.3 with [updated plugins](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/98).
Including the use of the [compatible kubernetes related plugins](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/100).
In addition, the base images was updated to include updating some alpine packages updates.
pullRequestNumber: 360
- version: "0.25.1"
date: 2023-01-30
changes:
- type: bug
impact: patch
title: Rollback updated plugins
description: |-
Rollback `stewardci/stewardci-jenkinsfile-runner` image to `230126_b29a3f0` version
pullRequestNumber: 358
- version: "0.25.0"
date: 2023-01-26
recall:
message: |-
This version contains a non working JFR image. Use version 0.25.1 instead.
changes:
- type: enhancement
impact: minor
title: Use JFR image with updated plugins
description: |-
Use Jenkins 2.346.3 with [updated plugins](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/98).
pullRequestNumber: 356
- type: internal
impact: minor
title: Use JFR image with improved error handling
description: |-
Steward can now handle different error codes provided by the improved JFR image.
pullRequestNumber: 354
jiraIssueNumber: 715
- version: "0.24.1"
date: 2023-01-12
changes:
- type: bug
impact: minor
title: Fix not working imagePullPolicy parameter in backend-api
description: |-
Before the parameter `imagePullPolicy` in the PipelineRun was not handled correctly.
This is fixed with this change.
pullRequestNumber: 351
- type: internal
impact: patch
title: Fix start time of phase "running"
description: |-
The start time of phase "running" was set to the start time of the
Tekton TaskRun for JFR, which is when the pod has been _created_.
But phase "waiting" now covers the time until successful start-up
of the containers in the pod, which can be significantly after pod
creation, e.g. due to image pull time.
Therefore, the start time of phase "running" is now the start time
of the the JRF container.
pullRequestNumber: 350
jiraIssueNumber: 1974
- version: "0.24.0"
date: 2022-12-23
changes:
- type: internal
impact: minor
title: Retry on ImagePullBackOff
description: |-
Since Tekton v0.41.0 TaskRuns fail if the corresponding pod is subject to
image pull back-off ([#4921](https://github.com/tektoncd/pipeline/pull/4921).
In case of transient image pull failures this can fail Steward PipelineRun
processing (`error_infra`).
Steward now detects aborted TaskRuns due to ImagePullBackOff and retries with
a new TaskRun for a configurable period (`waitTimeout`).
This happens in the 'waiting' phase of Steward PipelineRun processing.
pullRequestNumber: 345
jiraIssueNumber: 1974
- version: "0.23.1-hotfix1"
date: 2023-01-13
changes:
- type: hotfix
impact: patch
title: Fix not working imagePullPolicy parameter in backend-api
description: |-
Before the parameter `imagePullPolicy` in the PipelineRun was not handled correctly.
This is fixed with this change.
pullRequestNumber: 351
- version: "0.23.1"
date: 2022-12-09
changes:
- type: security
impact: patch
title: Update JFR to 221118_24e6615
description: |-
Update to latest JFR [221118_24e6615](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/221118_24e6615)
upgradeNotes: |-
If you use an image cache you might want to update the image there as well.
pullRequestNumber: 346
- version: "0.23.0"
date: 2022-11-17
changes:
- type: security
impact: patch
title: Upgrade go version to 1.18.8
description: Upgrade go version to 1.18.8
pullRequestNumber: 341
- type: enhancement
impact: minor
title: Add aggregated cluster roles for crds
description: |-
Add aggregated cluster roles for the generic view, edit and admin roles
for the custom resources tenants and pipelineruns.
pullRequestNumber: 340
- version: "0.22.1"
date: 2022-10-19
changes:
- type: enhancement
impact: patch
title: Upgrade Go dependencies
description: |-
Upgrade to highest possible versions.
pullRequestNumber: 338
- version: "0.22.0"
date: 2022-10-17
changes:
- type: enhancement
impact: incompatible
title: Upgrade Go dependencies
description: |-
- Tekton: v0.40.2
- Kubernetes: v1.23.9
- knative.dev/pkg: release-1.7 (v0.0.0-20220818004048-4a03844c0b15)
- others
warning: |-
Requires Tekton v0.40.0+ and Kubernetes v1.22+ at runtime.
upgradeNotes: |-
Ensure that runtime dependency requirements are met (see warning above).
pullRequestNumber: 336
jiraIssueNumber: 1832
- type: enhancement
impact: patch
title: Upgrade Go SDK to v1.18.7
description: |-
Use Go SDK to v1.18.7.
pullRequestNumber: 336
- version: "0.21.2"
date: 2022-07-19
changes:
- type: enhancement
impact: patch
title: Increase memory limit of Steward tenant controller
description: |-
Increase the memory limit of Steward tenant controller to avoid OOMKilled.
pullRequestNumber: 332
- version: "0.21.1"
date: 2022-07-04
changes:
- type: security
impact: patch
title: Update JFR to 220701_94864a5
description: |-
Update to latest JFR [220701_94864a5](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/220701_94864a5)
upgradeNotes: |-
If you use an image cache you might want to update the image there as well.
pullRequestNumber: 330
- version: "0.21.0"
date: 2022-06-15
changes:
- type: security
impact: patch
title: Update JFR to 220615_7db71b2
description: |-
Update to latest JFR [220615_7db71b2](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/220615_7db71b2)
upgradeNotes: |-
If you use an image cache you might want to update the image there as well.
pullRequestNumber: 326
jiraIssueNumber: 1640
- type: enhancement
impact: incompatible
title: "Network policy: Remove rule for cluster-internal API Server access"
description: |-
We cannot provide a rule allowing access to service `kubernetes.default`
that works in general.
It always depends on the particular K8s setup.
Therefore, remove the rule.
upgradeNotes: |-
If you use the network policy for pipeline runs provided with the Helm
chart, check whether a rule for API Server access is required.
If so, define your own network policy (see the chart README).
pullRequestNumber: 328
jiraIssueNumber: 1604
- version: "0.20.0"
date: 2022-05-25
changes:
- type: enhancement
impact: minor
title: Extend permissions of default service account in run namespaces
description: |-
The permissions of the default service account in run namespaces are extended
by full CRUD permissions on:
- configmaps
- secrets
pullRequestNumber: 324
jiraIssueNumber: 1609
- version: "0.19.1"
date: 2022-05-04
changes:
- type: bug
impact: patch
title: Fix metric steward_pipelineruns_ongoing_state_duration_periodic_observations_seconds
description: |-
No observations were made for phases `preparing` and `waiting`.
For observations of phases `cleaning` and `finished` the duration
was including the duration of phase `running`.
pullRequestNumber: 322
- version: "0.19.0"
date: 2022-04-19
changes:
- type: enhancement
impact: minor
title: Provide a timeout setting for each pipeline run
description: |-
With this change it is now possible to define timeout for each pipeline run.
pullRequestNumber: 316
jiraIssueNumber: CLOUDCI-1286
- type: security
impact: patch
title: Update go version
description: |-
Update go version to 1.16.15
pullRequestNumber: 317
- type: security
impact: patch
title: Update go version
description: |-
- Update go version to 1.17.9
- Update build tags. See https://go.dev/design/draft-gobuild
pullRequestNumber: 318
- type: security
impact: patch
title: Update k8s version
description: |-
- Update k8s version to 1.23.5
- Update other dependencies to latest versions. See go.mod
pullRequestNumber: [319, 320]
- version: "0.18.4"
date: 2022-03-23
changes:
- type: security
impact: patch
title: Updated `tektoncd/pipeline` and `prometheus/client_golang` package versions
description: |-
- Updated "github.com/tektoncd/pipeline" version to `v0.34.0` due to [CVE-2021-44716](https://github.com/advisories/GHSA-vc3p-29h2-gpcp).
- Updated "github.com/prometheus/client_golang" version to `v1.12.1` due to [CVE-2022-21698](https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-21698)
pullRequestNumber: 314
jiraIssueNumber: CLOUDCI-1198
- version: "0.18.3"
date: 2022-02-16
changes:
- type: security
impact: patch
title: Updated JFR image to 220215_5d89c43
description: |-
Updated JFR image to [220215_5d89c43](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/220215_5d89c43).
pullRequestNumber: 312
jiraIssueNumber: CLOUDCI-1417
- version: "0.18.2"
date: 2022-01-24
changes:
- type: security
impact: patch
title: new JFR image with everything updated and fixed vulnerabilities
description: |-
Jenkins core, plugins and adoptopenjdk base image on latest versions.
See [changes](https://github.com/SAP/stewardci-jenkinsfilerunner-image/compare/211220_cf0ea4a...220124_2022975).
upgradeNotes: |-
If you use an image cache make sure to add the new image `stewardci/stewardci-jenkinsfile-runner:220124_2022975`.
pullRequestNumber: 310
jiraIssueNumber: [1337, 1338, 1339, 1340]
- version: "0.18.1"
date: 2022-01-17
changes:
- type: bug
impact: patch
title: Adapt configuration for K8s API request timeouts
description: |-
- Do not set default timeout values in the Helm chart.
If no value is set, use the default value built into
the controller (15 minutes).
- Renamed the Helm chart parameters. See the upgrade
notes for details.
upgradeNotes: |-
- Rename Helm chart parameters:
- `runController.args.serverRequestTimeout` to `runController.args.k8sAPIRequestTimeout`
- `tenantController.args.serverRequestTimeout` to `tenantController.args.k8sAPIRequestTimeout`
pullRequestNumber: 307
- type: bug
impact: patch
title: "Fix: Helm hooks do not use configured image pull secrets"
description: |-
The Helm chart uses hooks to install/update the CRDs.
These hooks are K8s jobs, which also need a container image.
The configured image pull secrets should be used for Helm hooks, too.
pullRequestNumber: 302
- type: enhancement
impact: patch
title: Add ignore label
description: |-
For tests it is required to create/update Steward CROs, but avoid that
Steward controllers act on them.
A new label `steward.sap.com/ignore` (without value) instructs Steward
controllers to ignore this API object.
The label should never be added to an existing API object.
pullRequestNumber: 300
- type: internal
impact: patch
title: Fix and overhaul CRD schema tests
description: |-
CRD schema tests where broken, incomplete and fragile.
pullRequestNumber: 301
- type: internal
impact: patch
title: Update Go SDK to v1.16.12
description: |-
Build with Go SDK [v1.16.12](https://golang.org/doc/go1.16).
pullRequestNumber: 308
- version: "0.18.0"
date: 2022-01-12
changes:
- type: enhancement
impact: minor
title: Make K8s API request timeout configurable
description: |-
The request timeout of K8s API calls can be configured now
via additional Helm chart parameters.
pullRequestNumber: 303
- version: "0.17.1"
date: 2021-12-20
changes:
- type: security
impact: patch
title: Updated Jenkinsfile Runner image to 211220_cf0ea4a
description: |-
Updated Jenkinsfile Runner image to [211220_cf0ea4a](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/211220_cf0ea4a)
with latest Jenkins Core and plugins.
pullRequestNumber: 303
- version: "0.17.0"
date: 2021-12-13
changes:
- type: enhancement
impact: incompatible
title: Remove use of deprecated K8s APIs
description: |-
Steward used some Kubernetes API versions that are deprecated in newer
Kubernetes releases.
The following replacements have been applied:
- `apiextensions.k8s.io/v1beta1` → `apiextensions.k8s.io/v1`
- `rbac.authorization.k8s.io/v1beta1` → `rbac.authorization.k8s.io/v1`
warning: |-
- Steward does no longer run on Kubernetes v1.15 or below.
- Rolling back to an earlier version of Steward might fail.
All Steward releases up to v0.16.0 have a bug in the CRD update
hook of the Helm chart.
Using `helm rollback` or `helm upgrade` with such target version
will fail.
The problem has been fixed in Steward v0.16.1 and higher.
Rolling back to an earlier version can be achieved by first rolling
back to v0.16.1 and then to the desired target version.
upgradeNotes: |-
See the warnings section.
pullRequestNumber: 296
- version: "0.16.1"
date: 2021-12-13
changes:
- type: bug
impact: patch
title: "Helm chart: Fix CRD updates"
description: |-
So far `kubectl apply` has been used to create or update
CRDs.
But in case of updating an existing CRD the result may be
a mixture of existing and new CRD that is possibly broken.
Now `kubectl create` and `kubectl replace` are used instead.
upgradeNotes: |-
The helper image `docker.io/bitnami/kubectl` has been upgraded
to `1.23@sha256:df3de0bb32b3d9f829da5a7608bd5bec85431d26ed89109b6158d8329b5305c9`.
pullRequestNumber: 297
- version: "0.16.0"
date: 2021-12-08
changes:
- type: enhancement
impact: minor
title: Improve controller heartbeat
description: |-
- Add heartbeat for tenant controller
- Introduce heartbeat counter metrics
- Make heartbeat configurable via command line options
- Handle heartbeat in function `syncHandler`, not
`processNextWorkItem`, to make the heartbeat call
more similar to normal work item processing.
pullRequestNumber: 294
- version: "0.15.0"
date: 2021-12-06
changes:
- type: bug
impact: patch
title: "Fix: Integration tests are failing because of changed revision"
description: |-
The revision of the pipelines used in the integration tests changed.
It is adjusted with this pull request.
pullRequestNumber: 290
- type: enhancement
impact: patch
title: Don't panic but exit gracefully
description: |-
Instead of panicking (which prints stack dumps), just exit with error message.
pullRequestNumber: 285
- type: internal
impact: patch
title: Refactor metric support
description: |-
The metric support code needs refactoring.
pullRequestNumber: 282
- type: enhancement
impact: minor
title: Embed workqueue metrics
description: |-
Embed metrics provided by package `k8s.io/client-go/util/workqueue` into
Steward Core metrics.
upgradeNotes:
Metric `steward_queued_total` has been removed.
Change existing monitoring tools to use `steward_piperuns_workqueue_depth`
instead.
pullRequestNumber: 282
- type: enhancement
impact: minor
title: Embed client-go rest client metrics
description: |-
Embed metrics provided by package `k8s.io/client-go/util/rest` into
Steward Core metrics.
pullRequestNumber: 282
- type: enhancement
impact: minor
title: Use consistent metric names
description: |-
Steward Core metrics had inconsistent names.
New metrics with consistent names have been added, while old ones have
been deprecated.
deprecations: |-
- Metric `steward_pipelinerun_ongoing_state_duration_periodic_observations_seconds` is deprecated.
Use `steward_pipelineruns_ongoing_state_duration_periodic_observations_seconds` instead.
- Metric `steward_pipelinerun_state_duration_seconds` is deprecated.
Use `steward_pipelineruns_state_duration_seconds` instead.
- Metric `steward_tenants_total` is deprecated.
Use `steward_tenants_count_total` instead.
pullRequestNumber: 282
- type: enhancement
impact: minor
title: Add metrics for retry loops
description: |-
For the analysis of performance issues it can be helpful to have metrics
for retry loops (number of retries, latency).
pullRequestNumber: 282
- type: enhancement
impact: patch
title: Deprecate metric `steward_pipelinerun_update_seconds`
description: |-
Besides the deprecation nothing has been changed.
deprecations: |-
- Metric `steward_pipelinerun_update_seconds` is deprecated.
Use REST client metrics and retries metrics instead.
pullRequestNumber: 282
- type: documentation
impact: patch
title: Add metrics reference documentation
description: |-
A new page `docs/monitoring/Metrics Reference.md` describes all metrics
exposed by Steward binaries.
pullRequestNumber: 282
- type: internal
impact: patch
title: Own Go module for Helm chart tests
description: |-
The tests for the Helm chart should not belong to the main Go module,
because they are completely independent of it.
pullRequestNumber: 284
- type: internal
impact: minor
title: Update Go build dependencies
description: |-
Most noteworthy:
- Kubernetes libraries to v1.21.7
- Tekton to v0.30.0
upgradeNotes: |-
Steward should still _run_ with lower versions of Kubernetes and Tekton.
However, this has not been tested.
Therefore, test your setup carefully.
pullRequestNumber: 284
- type: internal
impact: minor
title: Increase Go language version to 1.16
description: |-
Steward now needs Go 1.16 to build.
upgradeNotes: |-
When using Steward as a Go dependency (which should not be the case
as Steward is not designed as a library), make sure it still can be
built in your context.
pullRequestNumber: 284
- type: bug
impact: patch
title: Fix improper error handling
description: |-
In `pkg.k8s` the functions
`(*serviceAccountHelper) GetServiceAccountSecretName` and
`(*serviceAccountHelper) GetServiceAccountSecretNameRepeat` swallow
errors that can occur when performing K8s API calls.
pullRequestNumber: 287
- type: bug
impact: patch
title: Fix improper error handling
description: |-
The run controller did not put back a pipeline run into its work queue
for later retry if it was in state `running` but updating the resource
status failed.
pullRequestNumber: 288
- type: enhancement
impact: patch
title: Update Go SDK to v1.16.11
description: |-
Build with Go SDK [v1.16.11](https://golang.org/doc/go1.16).
pullRequestNumber: 292
- version: "0.14.4"
date: 2021-11-17
changes:
- type: security
impact: patch
title: Updated JFR to 211116_03f24d5
description: |-
Updated JFR to [211116_03f24d5](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/211116_03f24d5)
with latest dependencies and fixed vulnerabilities.
pullRequestNumber: 280
jiraIssueNumber: 1182
- type: internal
impact: patch
title: Prepare `build.sh` for Go v1.16+
description: |-
Adjust 'build.sh' script to be compatible with Go v1.16+.
pullRequestNumber: 278
jiraIssueNumber: 1131
- type: bug
impact: patch
title: fix heartbeat
description: |-
Heartbeat was not working correctly. It was only working if items were queued or processed.
This change is fixing the heartbeat.
pullRequestNumber: 275
jiraIssueNumber: 1131
- type: internal
impact: patch
title: Use Go v1.16.10
description: |-
Use Go [v1.16.10](https://golang.org/doc/go1.16) to build the project.
pullRequestNumber: 277
- version: "0.14.3"
date: 2021-10-29
changes:
- type: bug
impact: patch
title: "Fix: Tekton fails to start JFR pod if container registry rate limit is exceeded"
description: |-
Steward uses Tekton to run JFR pods for pipeline runs.
The respective ClusterTask contains a pod template that does _not_ specify
the entrypoint of the JFR container.
Therefore Tekton tries to obtain the entrypoint by downloading the
container image manifest from the registry.
This may fail if the registry's rate limit is exceeded.
As a workaround, specify the JFR container entrypoint in the ClusterTask.
pullRequestNumber: 272
jiraIssueNumber: 1109
- version: "0.14.2"
date: 2021-10-14
changes:
- type: internal
impact: patch
title: add additional logging for commitState
description: |-
Logging of pipelineRun.CommitState() function is extended on log level 6.
pullRequestNumber: 268
- version: "0.14.1"
date: 2021-10-14
changes:
- type: bug
impact: patch
title: fix binary names on helm level
description: |-
In v0.14.0 the binary names has been changed. The binary names has not
been adjusted on helm level. The binary names are adjusted now.
pullRequestNumber: 266
- version: "0.14.0"
date: 2021-10-13
changes:
- type: enhancement
impact: minor
title: Write stack dumps on sig quit
description: |-
Enable writing threaddumps. Similar to jstack for java. Makes troubleshooting easier.
On SIGQUIT (3) the dumps are written to the log with severity info.
pullRequestNumber: 256
- type: enhancement
impact: minor
title: Provide reasonable names for the binaries
description: |-
For troubleshooting cases we need to be able to send signals to
the processes which corresponds to the binaries (run controller,
tenant controller). In order to be able to send those signals we
need to be able to distinguish these processes.
pullRequestNumber: 260
- version: "0.13.3"
date: 2021-10-08
changes:
- type: bug
impact: patch
title: Fix nil pointer dereference when Tekton task run failed to create pod
description: |-
Currently a nil pointer dereference error occures if a Tekton task is finished but has no
finished time. This is fixed with this change.
pullRequestNumber: 259
jiraIssueNumber: 179
- type: internal
impact: patch
title: Fix stewardci-example-pipelines repo branch name
description: |-
The `master` branch of repo `stewardci-example-pipelines`
has been renamed to `main` which made the examples fail.
pullRequestNumber: 257
- version: "0.13.2"
date: 2021-10-05
changes:
- type: internal
impact: patch
title: Increase default log level
description: |-
Default log level was increaset to 3.
Small adjustments to log output.
pullRequestNumber: 254
jiraIssueNumber: CLOUDCIFEAT1-173
- type: bug
impact: patch
title: Fix measuring ongoing state durations
description: |-
Measuring ongoing state duration failed for pipeline runs in state `new`
with error message:
```
cannot observe StateItem if StartedAt is not set
```
pullRequestNumber: 255
- version: "0.13.1"
date: 2021-09-27
changes:
- type: internal
impact: patch
title: Updated JenkinsfileRunner image to 210924_6ec1ff6
description: |-
JenkinsfileRunner image was updated to [210924_6ec1ff6](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210924_6ec1ff6)
pullRequestNumber: 252
- version: "0.13.0"
date: 2021-08-17
changes:
- type: bug
impact: minor
title: Avoid non atomic status updates
description: |-
Without this change the state might be upated e.g. to a final state
without setting a corresponding result. The result is provided a short period
of time later with an other update. In the meantime we have an invalid state.
With this change we apply both changes to the memory representation of a
pipeline run and send the update only once. With this approach there is no
short period of time with an invalid state
warning: |-
needs to be validated carefully since this is a bigger refactoring
pullRequestNumber: 248
jiraIssueNumber: CLOUDCIFEAT1-130
- type: bug
impact: patch
title: Fix deletion bug #241
description: |-
When a pipeline run was deleted the state and the result were not updated in some edge cases. This is fixed now.
pullRequestNumber: 250
- version: "0.12.1"
date: 2021-07-28
changes:
- type: bug
impact: patch
title: Fix deletion bug #241
description: |-
When a pipeline run was deleted the state and the result has not been updated. This is fixed now.
upgradeNotes: |-
`ResultDeleted` was only used in the metrics before. Now it can also occur as a pipeline run result.
pullRequestNumber: 242
- version: "0.12.0"
date: 2021-07-28
changes:
- type: enhancement
impact: minor
title: Meter ongoing state durations periodically
description: |-
Introduced a new histogram metric `steward_pipelinerun_ongoing_state_duration_periodic_observations_seconds`.
The purpose of this metric is the detection of overly long processing times, caused by e.g. hanging controllers.
pullRequestNumber: 236
jiraIssueNumber: 719
- type: enhancement
impact: incompatible
title: Rename metric
description: |-
Metric `steward_pipelinerun_duration_seconds` has been renamed to
`steward_pipelinerun_state_duration_seconds` to better express the
fact that durations are reported for pipeline run _states_, not pipeline
runs as a whole.
upgradeNotes: |-
Adapt consumers of monitoring data to the new metric name.
pullRequestNumber: 236
- version: "0.11.1"
date: 2021-07-28
changes:
- type: internal
impact: patch
title: Update JenkinsfileRunner image to 210728_f8be088
description: |-
JenkinsfileRunner image was updated to [210728_f8be088](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210728_f8be088)
pullRequestNumber: 244
- version: "0.11.0"
date: 2021-06-29
changes:
- type: enhancement
impact: minor
title: Configurable pod security policies
description: |-
There are new chart parameters to specify which _existing_ pod security
policies should be used by pipeline run pods and Steward controllers:
- `pipelineRuns.podSecurityPolicyName`
- `tenantController.podSecurityPolicyName`
- `runController.podSecurityPolicyName`
If such parameters are _not_ specified, the chart generates default
pod security policies as before.
See the chart README for details.
pullRequestNumber: 237
jiraIssueNumber: 738
- version: "0.10.0"
date: 2021-06-16
changes:
- type: enhancement
impact: minor
title: Make PodSecurityPolicies for pipelineRun and both controllers configurable
description: |-
Make 'PodSecurityPolicy' configurable to be able to change the policy during installation with helm.
steward helmchart loads default 'PodSecurityPolicy' from a file if corresponding fields are not set inside 'Values.yaml' file.
pullRequestNumber: 234
jiraIssueNumber: 738
- version: "0.9.0"
date: 2021-05-18
changes:
- type: enhancement
impact: minor
title: Updated Jenkinsfile Runner image to 210518_50469d1
description: |-
The Jenkinsfile Runner image has been updated to [210518_50469d1](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210518_50469d1).
This image version contains an updated LTS Jenkins Core version 2.277.4, updated plugins and an updated Jenkinsfile Runner 1.0-beta-27 with
[steward specific adjustments](https://github.com/SAP/stewardci-jenkinsfilerunner-image/tree/jenkinsfile-runner--1.0-beta-27-steward-1).
deprecations: |-
The following plugins were removed: 'analysis-collector', 'badge', 'email-ext'. Make sure your pipelines do not use those plugins.
pullRequestNumber: 229
jiraIssueNumber: 722
- version: "0.8.3"
date: 2021-05-04
changes:
- type: internal
impact: patch
title: Fixed checkmarx scan
description: |-
The checkmarks scan reported some low findings which are fixed now.
pullRequestNumber: 223
- type: security
impact: patch
title: Update JFR image to 210413_777e270 with secure agent protocols
description: |-
Insecure Jenkins agent protocols have been disabled by configuring only secure ones.
Here you can see the [Jenkinsfile Runner Image changes](https://github.com/SAP/stewardci-jenkinsfilerunner-image/compare/210205_1988c5e...210413_777e270).
pullRequestNumber: 222
jiraIssueNumber: 62
- title: Introduce auxiliary pipeline run namespaces
type: enhancement
impact: patch
description: |-
In the future Steward will be enabled to provision service instances
per pipeline run, e.g. a pipeline log forwarder.
This change introduces auxiliary pipeline run namespaces where
those run-specific service instances are defined in Kubernetes.
The pattern of pipeline run namespace names changes.
By default auxiliary namespaces are not created because they are not
used yet. Enabling the feature flag `CreateAuxNamespaceIfUnused`
enforces creating auxiliary namespaces.
pullRequestNumber: 168
- type: documentation
impact: patch
title: "Update secret examples"
description: |-
Move secret examples to own folder and extend the documentation.
pullRequestNumber: 203
- version: "0.8.2"
date: 2021-03-05
changes:
- type: internal
impact: patch
title: Updated release pipeline
description: |-
The release pipeline has been updated with compliance aspects
pullRequestNumber: 220
- version: "0.8.1"
date: 2021-02-23
changes:
- type: bug
impact: patch
title: fix args qps and burst of tenant controller deployment
description: |-
fix use qps and burst of tenant controller from the corresponding config values and not from run controller configuration
warning:
deprecations:
pullRequestNumber: 218
jiraIssueNumber: 214
- version: "0.8.0"
date: 2021-02-19
changes:
- type: enhancement
impact: minor
title: "Make threadiness configurable for controllers"
description: |-
The threadiness for both run controller and tenant controller is now configurable.
This allows for adjusting to the needs of particular usage scenarios.
pullRequestNumber: 216
jiraIssueNumber: 502
- type: documentation
impact: patch
title: Add network policy examples
description: Add examples for pipeline runs with configured network profiles.
pullRequestNumber: 188
- type: internal
impact: patch
title: "[Developer] update-codegen.sh: make generators selectable"
description: |-
The code generation script `hack/update-codegen.sh` got two new options `--gen-clients`
and `--gen-mocks` to select what should be generated.
If none of the `--gen-*` options is specified, _all_ generators are enabled.
pullRequestNumber: 208
- type: enhancement
impact: minor
title: "Client-side rate limiting configurable for tenant controller"
description: |-
The default values of are equal to those of the rest api.
If many tenants exists, increasing the limit will make the processing of tenants faster e.g. creating a new tenant will take less time.
pullRequestNumber: 214
- type: bug
impact: patch
title: Delete finalizer after pipeline run is cleaned.
description: |-
Delete finalizer after pipeline run is cleaned.
warning:
deprecations:
pullRequestNumber: 210
jiraIssueNumber: 413
- version: "0.7.0"
date: 2021-02-08
changes:
- type: enhancement
impact: minor
title: Make retry parameters for cloning the pipeline repo configurable
description: |-
Jenkinsfile Runner container entrypoint retries cloning the pipeline
repository. The retry parameters (retry interval and timeout) are now
configurable via Helm chart parameters.
Jenkinsfile Runner image version which enables configuring retry
parameters is also updated in the same PR. Changes in the new
release of JFR image can be found [here](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210205_1988c5e).
pullRequestNumber: 209
jiraIssueNumber: 350
- type: enhancement
impact: minor
title: Update Jenkinsfile-runner image version
description: |-
Update Jenkinsfile-runner image to a newer version.
All the changes on this version can be found [here](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210202_42eb583).
pullRequestNumber: 207
jiraIssueNumber: [350, 441]
- type: enhancement
impact: minor
title: "Add maintenance mode to run controller"
description: |-
Steward can be put in _maintenance mode_.
It prevents _new_ pipeline runs to be processed, while pipeline runs that are in progress _already_ still run to completion.
pullRequestNumber: 204
jiraIssueNumber: 393
- type: bug
impact: patch
title: "Fix update of state history"
description: |-
The state history of a pipeline run is not updated correctly if a concurrent change happens.
This change will fix this bug.
pullRequestNumber: 206
- type: security
impact: patch
title: "network: don't allow local subnet multicast traffic"
description: |-
Local subnet multicast addresses (224.0.0.0/24; see [Wikipedia](https://en.wikipedia.org/wiki/Multicast_address))
should not be allowed by rule "allow internet access" of the pipeline run network policy.
warning: You should apply the network policy change from [#200](https://github.com/SAP/stewardci-core/pull/200) manually in case you override the default network policy from the Helm chart.
pullRequestNumber: 200
- version: "0.6.3"
date: 2020-12-14
changes:
- type: enhancement
impact: minor
title: Allow renamed secrets in run namespaces if annotation is provided
description: Secrets can be renamed if you provide an annotation when they are copied to the run namespace.
pullRequestNumber: 165
jiraIssueNumber: 315
- version: "0.6.2"
date: 2020-12-08
changes:
- type: bug
impact: patch
title: Fixed struct field tag syntax
description: Fixed struct field tag syntax for "pkg/apis/steward/v1alpha1".JenkinsfileRunnerSpec
warning:
upgradeNotes:
deprecations:
pullRequestNumber: 186
jiraIssueNumber:
- title: Upgrade Go dependencies
type: internal
impact: patch
description: |-
Upgrade `github.com/aws/aws-sdk-go` from v1.32.1 to [v1.34.1](https://github.com/aws/aws-sdk-go/releases/tag/v1.34.1)
pullRequestNumber: 183
- title: Make Elasticsearch index URL configurable per pipeline run
type: enhancement
impact: minor
description: >-
Enhance the `pipelineruns.steward.sap.com` CRD by fields to configure the
Elasticsearch index URL and credential to be used to store build logs.
However, these values are still ignored by Steward. Log destinations per
pipeline run will be enabled with a later change.
pullRequestNumber: 172
jiraIssueNumber: 984
- version: "0.6.1"
date: 2020-11-11
changes:
- type: internal
impact: patch
title: The release pipeline is now enabled for hotfix releases
description: See [developer documentation](https://github.com/SAP/stewardci-core/blob/master/docs/development/README.md#hotfix-releases) for more information.
warning:
upgradeNotes:
deprecations:
pullRequestNumber: 179
jiraIssueNumber: 316
- title: Upgrade Go dependencies
type: internal
impact: patch
description: |-
- upgrade Kubernetes libs from v1.17.6 to v1.17.13 (see [K8s changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md))
pullRequestNumber: 180
- title: improve pkg/runctl/cfg
type: internal
impact: patch
description: |-
- fix: pipeline run fails with `error_config` if its `spec.profiles.network` is set to the name of the _default_ network profile
- do not trim whitespace from configured network policies, as it may destroy YAML wellformedness
- fail loading the pipeline runs configuration if the network policies config map does not exist
- give more precise error messages in case of erroneous pipeline runs configuration
- lots of refactoring in `pkg/runctl/cfg`
pullRequestNumber: 181
- version: "0.6.0"
date: 2020-11-09
changes:
- title: Introduce feature flags
type: internal
impact: patch
description: |-
There's a new Go package `pkg/featureflag` to deal
with feature flags in Steward controllers.
Feature flags can be configured via Helm Chart.
pullRequestNumber: 178
- type: enhancement
impact: minor
title: Introduce network profiles
description: |-
Allow Steward clients to select a network profile per pipeline run.
Network profiles are named network-related configurations defined by Steward operators.
Currently they define a Kubernetes network policy. Additional network-related settings may be
added in the future.
Clients can choose a network profile via `spec.profiles.network` of a PipelineRun
resource object.
warning: ""
upgradeNotes: |-
- PiplineRun objects may now have a `status.result` value `error_config` (see Steward API docs).
- Activating the new feature flag `RetryOnInvalidPipelineRunsConfig` will let the pipeline run controller retry reconciling in case the controller configuration (in ConfigMaps) is invalid or cannot be loaded. Without the feature flag all PipelineRun objects will be set to finished with result code `error_infra`. The new behaviour will become the default in a future release of Steward.
deprecations: |-
Helm configuration value `pipelineRuns.networkPolicy` is deprecated:
use `pipelineRuns.networkPolicies` instead.
pullRequestNumber: 160
jiraIssueNumber: 1305
- type: enhancement
impact: incompatible
title: Make Jenkinsfile Runner properties configurable in PipelineRun custom resource objects.
description: |-
Jenkinsfile Runner properties are configurable in Steward PipelineRun manifests at `spec.jenkinsfileRunner` now.
warning: |-
Old configuration will not work anymore! See upgrade notes.
upgradeNotes: |-
Helm Chart Configuration changed:
- `pipelineRuns.jenkinsfileRunner.image.repository` is outdated: use `pipelineRuns.jenkinsfileRunner.image` instead
- `pipelineRuns.jenkinsfileRunner.image.tag` is outdated: use `pipelineRuns.jenkinsfileRunner.image` instead
- `pipelineRuns.jenkinsfileRunner.image.pullPolicy` is outdated: use `pipelineRuns.jenkinsfileRunner.imagePullPolicy` instead
deprecations:
pullRequestNumber: 162
jiraIssueNumber: 983
- type: enhancement
impact: minor
title: Replace insensitive terms with inclusive language
description: |-
Insensitive terms should be replaced by inclusive language in all SAP open source repositories.
warning:
upgradeNotes:
deprecations:
pullRequestNumber: 176
jiraIssueNumber: 20
- version: "0.5.2"
date: 2020-10-28
changes:
- type: internal
impact: patch
title: Fix clustertask
description: |-
Fix variables in clustertask to changed structure.
warning:
upgradeNotes:
deprecations:
pullRequestNumber: 173
- type: internal
impact: patch
title: Updated Jenkinsfile Runner based on adoptopenjdk11 instead of openjdk8
description: |-
Besides plugin updates, Jenkins Core update and a Jenkinsfile Runner update the
Jenkinsfile Runner image has been switched to adoptopenjdk11, mainly to reduce the attack vector.
warning:
upgradeNotes:
deprecations:
pullRequestNumber: 175
jiraIssueNumber: 1348
- version: "0.5.1"
date: 2020-10-05
changes:
- type: bug
impact: patch
title: Fix clustertask
description: |-
Fix clustertask to match v1beta1 specification.
pullRequestNumber: 163
- version: "0.5.0"
date: 2020-08-29
changes:
- type: enhancement
impact: incompatible
title: Upgrade dependency to Tekton v0.14.3
description: |-
Build and run against Tekton v0.14.3.
warning: Requires Tekton v0.14.3.
upgradeNotes: |-
The target Kubernetes system must have Tekton v0.14.3 installed. Higher versions may also work.
In addition, Steward Jenkinsfile Runner Image version [200921_6cc247f](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/200921_6cc247f) or later is required.
pullRequestNumber: 151
jiraIssueNumber: 1330