fix(deps): update module github.com/tektoncd/pipeline to v1.14.0#1756
fix(deps): update module github.com/tektoncd/pipeline to v1.14.0#1756red-hat-konflux[bot] wants to merge 1 commit into
Conversation
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
|
🤖 Finished Review · ✅ Success · Started 1:39 PM UTC · Completed 1:45 PM UTC |
Codecov Report✅ All modified and coverable lines are covered by tests.
Additional details and impacted files@@ Coverage Diff @@
## main #1756 +/- ##
==========================================
- Coverage 87.43% 81.49% -5.95%
==========================================
Files 34 34
Lines 3566 3566
==========================================
- Hits 3118 2906 -212
- Misses 285 512 +227
+ Partials 163 148 -15
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
|
Looks good to me Previous runLooks good to me Labels: Automated Renovate dependency version bump updating Go module files. |
|
🤖 Finished Retro · ✅ Success · Started 5:36 PM UTC · Completed 5:41 PM UTC |
Retro: PR #1756 — Renovate dependency bump (tektoncd/pipeline v1.14.0)Workflow timeline:
Assessment: The review agent behaved correctly — it identified a trivial dependency bump and approved it. No human review occurred and none was needed. The Codecov report showed a -5.95% coverage drop, but this was due to missing CI test uploads (not actual regression), so the agent was right to not flag it. Token cost concern: Using Opus with 4 sub-agents for a trivial go.mod bump is expensive relative to the value delivered. Additionally, dispatching a retro for an autoclosed bot PR with no review findings adds unnecessary cost. No new proposals filed. All identified improvements are already tracked upstream: |
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
8154a90 to
814e53b
Compare
|
🤖 Finished Review · ✅ Success · Started 1:30 AM UTC · Completed 1:34 AM UTC |
This PR contains the following updates:
v1.13.1→v1.14.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
tektoncd/pipeline (github.com/tektoncd/pipeline)
v1.14.0: Tekton Pipeline release v1.14.0 "Chartreux Cait Sith"Compare Source
🎉 🐱 Pipelines in Pipelines by ref, leaner controllers & sturdier reconcilers 🤖 🎉
Installation one-liner
Attestation
The Rekor UUID for this release is
108e9186e8c5677aa9d0ba4d268af76a6ffef1ad43d8ad6966ceef7663859284b3163eddafaa94abObtain the attestation:
Verify that all container images in the attestation are in the release file:
Changes
Features
Errors creating a Pod or updating a TaskRun are now recorded on the TaskRun reconciler trace spans, so failures are visible in distributed traces.
Errors creating a child TaskRun or CustomRun are now recorded on the PipelineRun reconciler trace spans, so failures are visible in distributed traces.
Add tracing spans to the PipelineRun cancel and timeout code paths, so cancellation and timeout of a run and its children are visible in distributed traces.
Inject traceID and spanID into structured log output for TaskRun and PipelineRun reconcilers when tracing is enabled, enabling log-to-trace correlation in observability platforms.
[ENHANCEMENT] notifications: add OTel tracing spans to CustomRun reconciler (ReconcileKind, ReconcileRunObject, EmitCloudEvents)
Fixes
Bump Go to 1.26.4 for CVE remediation.
Fixed a controller crash ("concurrent map writes") that could occur while resolving multiple StepAction references when the Task uses an object parameter with both a default and a TaskRun-provided value.
Fix Rekor EntryID extraction in release pipeline to publish correct 80-char EntryIDs instead of truncated 64-char hashes.
Before this change, ResolutionRequests could only resolve Pipelines, Tasks, and StepActions. After this change, ResolutionRequests can resolve PipelineRuns, Pipelines, TaskRuns, Tasks, Runs, CustomRuns, and StepActions.
Fix entrypoint command lookup when controller and worker nodes run on different CPU architectures (e.g., ARM controller with AMD64 workloads). The controller's CPU variant was leaking into TEKTON_PLATFORM_COMMANDS keys via platforms.NewPlatform(), causing "could not find command for platform" errors on worker nodes of a different architecture.
Pipeline validation now rejects invalid variable references like
$(new_image)in task parameters with a clear error message, instead of silently accepting them or crashing the webhook. Users who accidentally use$()(Tekton variable syntax) instead of${}(shell variable syntax) in Pipeline param values will now receive a helpful validation error indicating the valid prefixes (params, tasks, finally, context, workspaces).Fix validation error when a Task uses both spec.results and spec.steps[].results in the same step script
Fix incorrect OCI image labels (title, url, description) inherited from base image in published pipeline images
Misc
Docs
Thanks
Thanks to these contributors who contributed to v1.14.0!
Extra shout-out for awesome release notes:
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.