Skip to content

Remove symlinks - due to ko-build update#1738

Merged
tekton-robot merged 1 commit into
tektoncd:mainfrom
ngelman1:fix-ci
Jun 30, 2026
Merged

Remove symlinks - due to ko-build update#1738
tekton-robot merged 1 commit into
tektoncd:mainfrom
ngelman1:fix-ci

Conversation

@ngelman1

Copy link
Copy Markdown
Contributor

Changes

Summary

ko v0.19.1 introduced a security restriction that rejects symlinks in kodata
that resolve outside the kodata root directory. This broke all e2e tests in CI
since setup-ko installs the latest release.

The cmd/controller/kodata/ directory contained symlinks to ../../.git/HEAD
and ../../.git/refs which are no longer used — knative.dev/pkg/changeset
now uses debug.ReadBuildInfo() to get VCS info at runtime instead of reading
from kodata.

Changes

  • Remove cmd/controller/kodata/HEAD symlink (unused)
  • Remove cmd/controller/kodata/refs symlink (unused)
  • Replace cmd/controller/kodata/LICENSE symlink with a real file copy

logs from the failing tests:
2026-06-30T10:47:58.1714887Z Error: error processing import paths in "config/100-deployment.yaml": error resolving image references: tarring kodata: kodata symlink "/home/runner/work/chains/chains/cmd/controller/kodata/HEAD" resolves to "/home/runner/work/chains/chains/.git/HEAD" which is outside the kodata root "/home/runner/work/chains/chains/cmd/controller/kodata" 2026-06-30T10:47:58.1740223Z ERROR: Tekton Chains installation failed 2026-06-30T10:47:58.1742404Z *** E2E TEST FAILED ***

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 30, 2026
@waveywaves

Copy link
Copy Markdown
Member

also let's pin ko to 1.18.1 like it's done in tektoncd/pipeline#10358 also if necessary

@ngelman1

Copy link
Copy Markdown
Contributor Author

@waveywaves pinning versions is what I was trying to avoid.. isnt it a temporary solution well have to deal with anyway in the future?

@enarha

enarha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@waveywaves pinning versions is what I was trying to avoid.. isnt it a temporary solution well have to deal with anyway in the future?

To me it sounds we need that temp solution until the ko fix is released and we can use that new ko binary. I see we use ko resolve here and there, not sure if we are hitting that edge case tektoncd/pipeline#10357 .

@ngelman1

Copy link
Copy Markdown
Contributor Author

@waveywaves pinning versions is what I was trying to avoid.. isnt it a temporary solution well have to deal with anyway in the future?

To me it sounds we need that temp solution until the ko fix is released and we can use that new ko binary. I see we use ko resolve here and there, not sure if we are hitting that edge case tektoncd/pipeline#10357 .

yes it was failing anyway witout it. pinned now

@enarha

enarha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2026
@enarha

enarha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

/approve
on behalf of @waveywaves

@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enarha, waveywaves

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 30, 2026
@tekton-robot tekton-robot merged commit 5bbbcb7 into tektoncd:main Jun 30, 2026
18 of 19 checks passed
@ngelman1 ngelman1 deleted the fix-ci branch July 1, 2026 07:01
@jkhelil

jkhelil commented Jul 2, 2026

Copy link
Copy Markdown
Member

/cherry-pick release-v0.27.x

@jkhelil

jkhelil commented Jul 2, 2026

Copy link
Copy Markdown
Member

/cherry-pick release-v0.26.x

@jkhelil

jkhelil commented Jul 2, 2026

Copy link
Copy Markdown
Member

/cherry-pick release-v0.25.x

@tekton-robot

Copy link
Copy Markdown

Cherry-pick to release-v0.27.x successful!

A new pull request has been created to cherry-pick this change to release-v0.27.x.

PR: #1744

Please review and merge the cherry-pick PR.

@tekton-robot

Copy link
Copy Markdown

Cherry-pick to release-v0.25.x successful!

A new pull request has been created to cherry-pick this change to release-v0.25.x.

PR: #1745

Please review and merge the cherry-pick PR.

@tekton-robot

Copy link
Copy Markdown

Cherry-pick to release-v0.26.x successful!

A new pull request has been created to cherry-pick this change to release-v0.26.x.

PR: #1746

Please review and merge the cherry-pick PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants