tektoncd
Fix version mismatch of aws-sdk-go-v2
Changes
Fix version mismatch of github.com/aws/aws-sdk-go-v2 and github.com/aws/aws-sdk-go-v2/ecr due to a breaking change in aws-sdk-go-v2 of version v1.23.0. The mismatch is caused by the 2 dependencies github.com/sigstore/sigstore/pkg/signature/kms/aws and github.com/google/go-containerregistry using aws-sdk-go-v2 in v.18.x and v1.26.x.
When no command or script was given to a Task, this caused the entrypoint resolve logic to fail with a "401 Not Authorized", when trying to get the manifest from a private AWS ECR.
Fixes https://github.com/tektoncd/pipeline/issues/7698
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
- [x] Has Docs if any changes are user facing, including updates to minimum requirements e.g. Kubernetes version bumps
- [x] Has Tests included if any functionality added or changed
- [ ] pre-commit Passed
- [x] Follows the commit message standard
- [x] Meets the Tekton contributor standards (including functionality, content, code)
- [x] Has a kind label. You can add one by adding a comment on this PR that contains
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep - [x] Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings). See some examples of good release notes.
- [x] Release notes contains the string "action required" if the change requires additional action from users switching to the new release
Release Notes
Fixing "401 Not Authorized" using Image from private AWS ECR without specifying "command" or "script" in Task.
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @seternate. Thanks for your PR.
I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: chitrangpatel, vdemeester
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [chitrangpatel,vdemeester]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
@chitrangpatel: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:
/test pull-tekton-pipeline-alpha-integration-tests/test pull-tekton-pipeline-beta-integration-tests/test pull-tekton-pipeline-build-tests/test pull-tekton-pipeline-integration-tests/test pull-tekton-pipeline-unit-tests
The following commands are available to trigger optional jobs:
/test pull-tekton-pipeline-go-coverage
Use /test all to run all jobs.
In response to this:
/test pull-tekton-pipeline-go-coverage-df
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.