diff --git a/go.mod b/go.mod index 20ceb17160..e364d705c4 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/spf13/cobra v1.10.2 github.com/spf13/viper v1.21.0 github.com/stretchr/testify v1.11.1 - github.com/tektoncd/pipeline v1.0.0 + github.com/tektoncd/pipeline v1.0.3 github.com/tektoncd/plumbing v0.0.0-20250430145243-3b7cd59879c1 github.com/tektoncd/triggers v0.32.0 go.opencensus.io v0.24.0 @@ -29,10 +29,10 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gotest.tools/v3 v3.5.2 k8s.io/api v0.34.1 - k8s.io/apiextensions-apiserver v0.32.5 + k8s.io/apiextensions-apiserver v0.32.13 k8s.io/apimachinery v0.34.1 k8s.io/client-go v1.5.2 - k8s.io/code-generator v0.32.5 + k8s.io/code-generator v0.32.13 knative.dev/pkg v0.0.0-20250424013628-d5e74d29daa3 sigs.k8s.io/yaml v1.6.0 ) diff --git a/go.sum b/go.sum index 3cc56f291a..d49594828e 100644 --- a/go.sum +++ b/go.sum @@ -1187,8 +1187,8 @@ github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDd github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48= github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhgwZDDc= github.com/tchap/go-patricia/v2 v2.3.3/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/tektoncd/pipeline v1.0.0 h1:qq/BtjwtvZV7qhd6BnL5sGoBM4vVqpCtz/+hMbs6p94= -github.com/tektoncd/pipeline v1.0.0/go.mod h1:4XV9M4YrbCmsI4yDePcc5V8SM0Uso+S+0km80/dTD1I= +github.com/tektoncd/pipeline v1.0.3 h1:4YztLYufDhQU+fuAdAsQEV/VZFiDr4qqStQ+AN1VQN0= +github.com/tektoncd/pipeline v1.0.3/go.mod h1:WIgFi5MhV9DrhWsVNhPtZ2lgfrSyiaSDM9T8qF/kAok= github.com/tektoncd/pipelines-as-code v0.35.0 h1:cmsXDkAgrWx/uD46OnufPh+LkqManQ53ZAiKuZbP4rs= github.com/tektoncd/pipelines-as-code v0.35.0/go.mod h1:sWw55rgEurnYNKkpItE0iBrczF3Nv/XTUzWEiYSmrVY= github.com/tektoncd/plumbing v0.0.0-20250430145243-3b7cd59879c1 h1:nv7BsOAZ1ifQX9Lw1hYFo1f7e62dTDyyVPJBuljgZKw= @@ -2043,8 +2043,8 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 k8s.io/api v0.32.4 h1:kw8Y/G8E7EpNy7gjB8gJZl3KJkNz8HM2YHrZPtAZsF4= k8s.io/api v0.32.4/go.mod h1:5MYFvLvweRhyKylM3Es/6uh/5hGp0dg82vP34KifX4g= k8s.io/apiextensions-apiserver v0.27.7/go.mod h1:x0p+b5a955lfPz9gaDeBy43obM12s+N9dNHK6+dUL+g= -k8s.io/apiextensions-apiserver v0.32.5 h1:o0aKvmzIIs8Uk54pidk32pxET+Pg2ULnh9WI1PuKTwE= -k8s.io/apiextensions-apiserver v0.32.5/go.mod h1:5fpedJa3HJJFBukAZ6ur91DEDye5gYuXISPbOiNLYpU= +k8s.io/apiextensions-apiserver v0.32.13 h1:3M8y1UNKgAp/I+T4TDEeqXiR1wj8nrqzTqgMHRKsO8A= +k8s.io/apiextensions-apiserver v0.32.13/go.mod h1:IMU3eme+2CoGzlmiHVcl6v08u3dRzebcBTnop09cwpY= k8s.io/apimachinery v0.32.4 h1:8EEksaxA7nd7xWJkkwLDN4SvWS5ot9g6Z/VZb3ju25I= k8s.io/apimachinery v0.32.4/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/apiserver v0.27.7/go.mod h1:OrLG9RwCOerutAlo8QJW5EHzUG9Dad7k6rgcDUNSO/w= diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/config/default.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/config/default.go index 3bb5e02ab5..435f33f32c 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/config/default.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/config/default.go @@ -54,6 +54,8 @@ const ( // Default maximum resolution timeout used by the resolution controller before timing out when exceeded DefaultMaximumResolutionTimeout = 1 * time.Minute + DefaultSidecarLogPollingInterval = 100 * time.Millisecond + defaultTimeoutMinutesKey = "default-timeout-minutes" defaultServiceAccountKey = "default-service-account" defaultManagedByLabelValueKey = "default-managed-by-label-value" @@ -67,6 +69,7 @@ const ( defaultContainerResourceRequirementsKey = "default-container-resource-requirements" defaultImagePullBackOffTimeout = "default-imagepullbackoff-timeout" defaultMaximumResolutionTimeout = "default-maximum-resolution-timeout" + defaultSidecarLogPollingIntervalKey = "default-sidecar-log-polling-interval" ) // DefaultConfig holds all the default configurations for the config. @@ -88,6 +91,10 @@ type Defaults struct { DefaultContainerResourceRequirements map[string]corev1.ResourceRequirements DefaultImagePullBackOffTimeout time.Duration DefaultMaximumResolutionTimeout time.Duration + // DefaultSidecarLogPollingInterval specifies how frequently (as a time.Duration) the Tekton sidecar log results container polls for step completion files. + // This value is loaded from the 'sidecar-log-polling-interval' key in the config-defaults ConfigMap. + // It is used to control the responsiveness and resource usage of the sidecar in both production and test environments. + DefaultSidecarLogPollingInterval time.Duration } // GetDefaultsConfigName returns the name of the configmap containing all @@ -120,6 +127,7 @@ func (cfg *Defaults) Equals(other *Defaults) bool { other.DefaultResolverType == cfg.DefaultResolverType && other.DefaultImagePullBackOffTimeout == cfg.DefaultImagePullBackOffTimeout && other.DefaultMaximumResolutionTimeout == cfg.DefaultMaximumResolutionTimeout && + other.DefaultSidecarLogPollingInterval == cfg.DefaultSidecarLogPollingInterval && reflect.DeepEqual(other.DefaultForbiddenEnv, cfg.DefaultForbiddenEnv) } @@ -134,6 +142,7 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) { DefaultResolverType: DefaultResolverTypeValue, DefaultImagePullBackOffTimeout: DefaultImagePullBackOffTimeout, DefaultMaximumResolutionTimeout: DefaultMaximumResolutionTimeout, + DefaultSidecarLogPollingInterval: DefaultSidecarLogPollingInterval, } if defaultTimeoutMin, ok := cfgMap[defaultTimeoutMinutesKey]; ok { @@ -220,6 +229,14 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) { tc.DefaultMaximumResolutionTimeout = timeout } + if defaultSidecarPollingInterval, ok := cfgMap[defaultSidecarLogPollingIntervalKey]; ok { + interval, err := time.ParseDuration(defaultSidecarPollingInterval) + if err != nil { + return nil, fmt.Errorf("failed parsing default config %q", defaultSidecarPollingInterval) + } + tc.DefaultSidecarLogPollingInterval = interval + } + return &tc, nil } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go index 5eccc98bbb..faea672d96 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/openapi_generated.go @@ -2400,7 +2400,7 @@ func schema_pkg_apis_pipeline_v1_RefSource(ref common.ReferenceCallback) common. }, "entryPoint": { SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", Type: []string{"string"}, Format: "", }, diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go index 16330aa215..cb75b35660 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/pipelinerun_validation.go @@ -131,26 +131,41 @@ func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) // ValidateUpdate validates the update of a PipelineRunSpec func (ps *PipelineRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { if !apis.IsInUpdate(ctx) { - return + return errs } oldObj, ok := apis.GetBaseline(ctx).(*PipelineRun) if !ok || oldObj == nil { - return + return errs } - old := &oldObj.Spec - - // If already in the done state, the spec cannot be modified. Otherwise, only the status field can be modified. - tips := "Once the PipelineRun is complete, no updates are allowed" - if !oldObj.IsDone() { - old = old.DeepCopy() - old.Status = ps.Status - tips = "Once the PipelineRun has started, only status updates are allowed" + if oldObj.IsDone() { + // try comparing without any copying first + // this handles the common case where only finalizers changed + if equality.Semantic.DeepEqual(&oldObj.Spec, ps) { + return nil // Specs identical, allow update + } + + // Specs differ, this could be due to different defaults after upgrade + // Apply current defaults to old spec to normalize + oldCopy := oldObj.Spec.DeepCopy() + oldCopy.SetDefaults(ctx) + + if equality.Semantic.DeepEqual(oldCopy, ps) { + return nil // Difference was only defaults, allow update + } + + // Real spec changes detected, reject update + errs = errs.Also(apis.ErrInvalidValue("Once the PipelineRun is complete, no updates are allowed", "")) + return errs } + + // Handle started but not done case + old := oldObj.Spec.DeepCopy() + old.Status = ps.Status if !equality.Semantic.DeepEqual(old, ps) { - errs = errs.Also(apis.ErrInvalidValue(tips, "")) + errs = errs.Also(apis.ErrInvalidValue("Once the PipelineRun has started, only status updates are allowed", "")) } - return + return errs } func (ps *PipelineRunSpec) validatePipelineRunParameters(ctx context.Context) (errs *apis.FieldError) { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/provenance.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/provenance.go index de9f2a5c5d..ea1234335d 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/provenance.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/provenance.go @@ -41,6 +41,6 @@ type RefSource struct { // EntryPoint identifies the entry point into the build. This is often a path to a // build definition file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" + // Example: "task/git-clone/0.10/git-clone.yaml" EntryPoint string `json:"entryPoint,omitempty"` } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json index 4a509a76df..20f79db2ad 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/swagger.json @@ -1194,7 +1194,7 @@ } }, "entryPoint": { - "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", "type": "string" }, "uri": { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go index c0e337a4b2..b02438e39d 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go @@ -445,8 +445,9 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi } for j, vm := range s.VolumeMounts { - if strings.HasPrefix(vm.MountPath, "/tekton/") && - !strings.HasPrefix(vm.MountPath, "/tekton/home") { + cleanMountPath := filepath.Clean(vm.MountPath) + if strings.HasPrefix(cleanMountPath, "/tekton/") && + !strings.HasPrefix(cleanMountPath, "/tekton/home") { errs = errs.Also(apis.ErrGeneric(fmt.Sprintf("volumeMount cannot be mounted under /tekton/ (volumeMount %q mounted at %q)", vm.Name, vm.MountPath), "mountPath").ViaFieldIndex("volumeMounts", j)) } if strings.HasPrefix(vm.Name, "tekton-internal-") { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go index e162672a66..ee6b6a7890 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/taskrun_validation.go @@ -125,29 +125,42 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { // ValidateUpdate validates the update of a TaskRunSpec func (ts *TaskRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { if !apis.IsInUpdate(ctx) { - return + return errs } oldObj, ok := apis.GetBaseline(ctx).(*TaskRun) if !ok || oldObj == nil { - return + return errs } - old := &oldObj.Spec + if oldObj.IsDone() { + // try comparing without any copying first + // this handles the common case where only finalizers changed + if equality.Semantic.DeepEqual(&oldObj.Spec, ts) { + return nil // Specs identical, allow update + } + + // Specs differ, this could be due to different defaults after upgrade + // Apply current defaults to old spec to normalize + oldCopy := oldObj.Spec.DeepCopy() + oldCopy.SetDefaults(ctx) - // If already in the done state, the spec cannot be modified. - // Otherwise, only the status, statusMessage field can be modified. - tips := "Once the TaskRun is complete, no updates are allowed" - if !oldObj.IsDone() { - old = old.DeepCopy() - old.Status = ts.Status - old.StatusMessage = ts.StatusMessage - tips = "Once the TaskRun has started, only status and statusMessage updates are allowed" + if equality.Semantic.DeepEqual(oldCopy, ts) { + return nil // Difference was only defaults, allow update + } + + // Real spec changes detected, reject update + errs = errs.Also(apis.ErrInvalidValue("Once the TaskRun is complete, no updates are allowed", "")) + return errs } + // Handle started but not done case + old := oldObj.Spec.DeepCopy() + old.Status = ts.Status + old.StatusMessage = ts.StatusMessage if !equality.Semantic.DeepEqual(old, ts) { - errs = errs.Also(apis.ErrInvalidValue(tips, "")) + errs = errs.Also(apis.ErrInvalidValue("Once the TaskRun has started, only status and statusMessage updates are allowed", "")) } - return + return errs } // validateInlineParameters validates that any parameters called in the diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go index 3a61091c0c..1c32d2aa3d 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -713,7 +713,7 @@ func schema_pkg_apis_pipeline_v1beta1_ConfigSource(ref common.ReferenceCallback) }, "entryPoint": { SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", Type: []string{"string"}, Format: "", }, @@ -3168,7 +3168,7 @@ func schema_pkg_apis_pipeline_v1beta1_RefSource(ref common.ReferenceCallback) co }, "entryPoint": { SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", Type: []string{"string"}, Format: "", }, diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go index b8345db6b2..65ef7a5edc 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipeline_validation.go @@ -195,15 +195,7 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { NamespacedTaskKind: true, } - if pt.OnError != "" { - errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.BetaAPIFields)) - if pt.OnError != PipelineTaskContinue && pt.OnError != PipelineTaskStopAndFail { - errs = errs.Also(apis.ErrInvalidValue(pt.OnError, "OnError", "PipelineTask OnError must be either \"continue\" or \"stopAndFail\"")) - } - if pt.OnError == PipelineTaskContinue && pt.Retries > 0 { - errs = errs.Also(apis.ErrGeneric("PipelineTask OnError cannot be set to \"continue\" when Retries is greater than 0")) - } - } + errs = errs.Also(pt.ValidateOnError(ctx)) // Pipeline task having taskRef/taskSpec with APIVersion is classified as custom task switch { @@ -221,6 +213,20 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { return //nolint:nakedret } +// ValidateOnError validates the OnError field of a PipelineTask +func (pt PipelineTask) ValidateOnError(ctx context.Context) (errs *apis.FieldError) { + if pt.OnError != "" && !isParamRefs(string(pt.OnError)) { + errs = errs.Also(config.ValidateEnabledAPIFields(ctx, "OnError", config.BetaAPIFields)) + if pt.OnError != PipelineTaskContinue && pt.OnError != PipelineTaskStopAndFail { + errs = errs.Also(apis.ErrInvalidValue(pt.OnError, "OnError", "PipelineTask OnError must be either \"continue\" or \"stopAndFail\"")) + } + if pt.OnError == PipelineTaskContinue && pt.Retries > 0 { + errs = errs.Also(apis.ErrGeneric("PipelineTask OnError cannot be set to \"continue\" when Retries is greater than 0")) + } + } + return errs +} + // validateEnabledInlineSpec validates that pipelineSpec or taskSpec is allowed by checking // disable-inline-spec field func (pt PipelineTask) validateEnabledInlineSpec(ctx context.Context) (errs *apis.FieldError) { @@ -805,6 +811,10 @@ func findAndValidateResultRefsForMatrix(tasks []PipelineTask, taskMapping map[st func validateMatrixedPipelineTaskConsumed(expressions []string, taskMapping map[string]PipelineTask) (resultRefs []*ResultRef, errs *apis.FieldError) { var filteredExpressions []string for _, expression := range expressions { + // if it is not matrix result ref expression, skip + if !resultref.LooksLikeResultRef(expression) { + continue + } // ie. "tasks..results.[*]" subExpressions := strings.Split(expression, ".") pipelineTask := subExpressions[1] // pipelineTaskName diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go index 834c7493df..b30a32ef07 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/pipelinerun_validation.go @@ -152,26 +152,41 @@ func (ps *PipelineRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) // ValidateUpdate validates the update of a PipelineRunSpec func (ps *PipelineRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { if !apis.IsInUpdate(ctx) { - return + return errs } oldObj, ok := apis.GetBaseline(ctx).(*PipelineRun) if !ok || oldObj == nil { - return + return errs } - old := &oldObj.Spec + if oldObj.IsDone() { + // try comparing without any copying first + // this handles the common case where only finalizers changed + if equality.Semantic.DeepEqual(&oldObj.Spec, ps) { + return nil // Specs identical, allow update + } - // If already in the done state, the spec cannot be modified. Otherwise, only the status field can be modified. - tips := "Once the PipelineRun is complete, no updates are allowed" - if !oldObj.IsDone() { - old = old.DeepCopy() - old.Status = ps.Status - tips = "Once the PipelineRun has started, only status updates are allowed" + // Specs differ, this could be due to different defaults after upgrade + // Apply current defaults to old spec to normalize + oldCopy := oldObj.Spec.DeepCopy() + oldCopy.SetDefaults(ctx) + + if equality.Semantic.DeepEqual(oldCopy, ps) { + return nil // Difference was only defaults, allow update + } + + // Real spec changes detected, reject update + errs = errs.Also(apis.ErrInvalidValue("Once the PipelineRun is complete, no updates are allowed", "")) + return errs } + + // Handle started but not done case + old := oldObj.Spec.DeepCopy() + old.Status = ps.Status if !equality.Semantic.DeepEqual(old, ps) { - errs = errs.Also(apis.ErrInvalidValue(tips, "")) + errs = errs.Also(apis.ErrInvalidValue("Once the PipelineRun has started, only status updates are allowed", "")) } - return + return errs } func (ps *PipelineRunSpec) validatePipelineRunParameters(ctx context.Context) (errs *apis.FieldError) { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/provenance.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/provenance.go index 3ae27eb55d..7fadd2c9e0 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/provenance.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/provenance.go @@ -44,7 +44,7 @@ type RefSource struct { // EntryPoint identifies the entry point into the build. This is often a path to a // build definition file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" + // Example: "task/git-clone/0.10/git-clone.yaml" EntryPoint string `json:"entryPoint,omitempty"` } @@ -62,6 +62,6 @@ type ConfigSource struct { // EntryPoint identifies the entry point into the build. This is often a path to a // build definition file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" + // Example: "task/git-clone/0.10/git-clone.yaml" EntryPoint string `json:"entryPoint,omitempty"` } diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json index 19203179a2..9b3e71053e 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/swagger.json @@ -307,7 +307,7 @@ } }, "entryPoint": { - "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", "type": "string" }, "uri": { @@ -1602,7 +1602,7 @@ } }, "entryPoint": { - "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", "type": "string" }, "uri": { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go index 2077b36c48..fe454e4ff7 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go @@ -434,8 +434,9 @@ func validateStep(ctx context.Context, s Step, names sets.String) (errs *apis.Fi } for j, vm := range s.VolumeMounts { - if strings.HasPrefix(vm.MountPath, "/tekton/") && - !strings.HasPrefix(vm.MountPath, "/tekton/home") { + cleanMountPath := filepath.Clean(vm.MountPath) + if strings.HasPrefix(cleanMountPath, "/tekton/") && + !strings.HasPrefix(cleanMountPath, "/tekton/home") { errs = errs.Also(apis.ErrGeneric(fmt.Sprintf("volumeMount cannot be mounted under /tekton/ (volumeMount %q mounted at %q)", vm.Name, vm.MountPath), "mountPath").ViaFieldIndex("volumeMounts", j)) } if strings.HasPrefix(vm.Name, "tekton-internal-") { diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go index ae14965c77..eeba5bf964 100644 --- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go +++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/taskrun_validation.go @@ -125,29 +125,42 @@ func (ts *TaskRunSpec) Validate(ctx context.Context) (errs *apis.FieldError) { // ValidateUpdate validates the update of a TaskRunSpec func (ts *TaskRunSpec) ValidateUpdate(ctx context.Context) (errs *apis.FieldError) { if !apis.IsInUpdate(ctx) { - return + return errs } oldObj, ok := apis.GetBaseline(ctx).(*TaskRun) if !ok || oldObj == nil { - return + return errs } - old := &oldObj.Spec + if oldObj.IsDone() { + // try comparing without any copying first + // this handles the common case where only finalizers changed + if equality.Semantic.DeepEqual(&oldObj.Spec, ts) { + return nil // Specs identical, allow update + } + + // Specs differ, this could be due to different defaults after upgrade + // Apply current defaults to old spec to normalize + oldCopy := oldObj.Spec.DeepCopy() + oldCopy.SetDefaults(ctx) - // If already in the done state, the spec cannot be modified. - // Otherwise, only the status, statusMessage field can be modified. - tips := "Once the TaskRun is complete, no updates are allowed" - if !oldObj.IsDone() { - old = old.DeepCopy() - old.Status = ts.Status - old.StatusMessage = ts.StatusMessage - tips = "Once the TaskRun has started, only status and statusMessage updates are allowed" + if equality.Semantic.DeepEqual(oldCopy, ts) { + return nil // Difference was only defaults, allow update + } + + // Real spec changes detected, reject update + errs = errs.Also(apis.ErrInvalidValue("Once the TaskRun is complete, no updates are allowed", "")) + return errs } + // Handle started but not done case + old := oldObj.Spec.DeepCopy() + old.Status = ts.Status + old.StatusMessage = ts.StatusMessage if !equality.Semantic.DeepEqual(old, ts) { - errs = errs.Also(apis.ErrInvalidValue(tips, "")) + errs = errs.Also(apis.ErrInvalidValue("Once the TaskRun has started, only status and statusMessage updates are allowed", "")) } - return + return errs } // validateInlineParameters validates that any parameters called in the diff --git a/vendor/modules.txt b/vendor/modules.txt index 914c6d29d3..1e82073bef 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1406,8 +1406,8 @@ github.com/syndtr/goleveldb/leveldb/util # github.com/tchap/go-patricia/v2 v2.3.3 ## explicit; go 1.16 github.com/tchap/go-patricia/v2/patricia -# github.com/tektoncd/pipeline v1.0.0 -## explicit; go 1.23.0 +# github.com/tektoncd/pipeline v1.0.3 +## explicit; go 1.24.0 github.com/tektoncd/pipeline/internal/artifactref github.com/tektoncd/pipeline/pkg/apis/config github.com/tektoncd/pipeline/pkg/apis/pipeline @@ -1967,7 +1967,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apiextensions-apiserver v0.32.5 +# k8s.io/apiextensions-apiserver v0.32.13 ## explicit; go 1.23.0 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 @@ -2376,7 +2376,7 @@ k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/code-generator v0.32.5 => k8s.io/code-generator v0.32.4 +# k8s.io/code-generator v0.32.13 => k8s.io/code-generator v0.32.4 ## explicit; go 1.23.0 k8s.io/code-generator/cmd/client-gen k8s.io/code-generator/cmd/client-gen/args