Skip to content

chore(deps): bump github.com/tektoncd/pipeline from 1.0.0 to 1.0.4#3600

Open
dependabot[bot] wants to merge 1 commit into
release-v0.76.xfrom
dependabot/go_modules/release-v0.76.x/github.com/tektoncd/pipeline-1.0.4
Open

chore(deps): bump github.com/tektoncd/pipeline from 1.0.0 to 1.0.4#3600
dependabot[bot] wants to merge 1 commit into
release-v0.76.xfrom
dependabot/go_modules/release-v0.76.x/github.com/tektoncd/pipeline-1.0.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/tektoncd/pipeline from 1.0.0 to 1.0.4.

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.0.4 "Oriental Omnidroid"

-Docs @ v1.0.4 -Examples @ v1.0.4

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.0.4/release.yaml

Attestation

The Rekor UUID for this release is 7f9f39ddb0b3aebc8c331640aaf396e2e401748dbe9537aec401468365bbcd92

Obtain the attestation:

REKOR_UUID=7f9f39ddb0b3aebc8c331640aaf396e2e401748dbe9537aec401468365bbcd92
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.0.4/release.yaml
REKOR_UUID=7f9f39ddb0b3aebc8c331640aaf396e2e401748dbe9537aec401468365bbcd92
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.4@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • 8ffb573 fix: add automated draft release support to release pipeline
  • 063f14a fix: prevent controller CPU variant from leaking into platform commands
  • dc544b1 build(deps): bump github.com/jenkins-x/go-scm from 1.14.56 to 1.14.59
  • 857a6eb build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1
  • fef382d build(deps): bump tj-actions/changed-files
  • 6391d4e build(deps): bump the all group in /tekton with 4 updates
  • 2f18d35 build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2
  • dc4b0b0 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.1 to 0.32.13
  • 91c5032 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.16
  • 41c680b build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.3
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 29, 2026
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-v0.76.x/github.com/tektoncd/pipeline-1.0.4 branch from 9bd18bf to c27fc5c Compare June 30, 2026 08:03
@tekton-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from vdemeester after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vdemeester

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-v0.76.x/github.com/tektoncd/pipeline-1.0.4 branch from c27fc5c to e4a624f Compare July 1, 2026 08:16
@vdemeester

Copy link
Copy Markdown
Member

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2026
Bumps [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) from 1.0.0 to 1.0.4.
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.0.0...v1.0.4)

---
updated-dependencies:
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-v0.76.x/github.com/tektoncd/pipeline-1.0.4 branch from e4a624f to d7a825e Compare July 1, 2026 15:09
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2026
@tekton-robot

Copy link
Copy Markdown
Contributor

New changes are detected. LGTM label has been removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants