plumbing icon indicating copy to clipboard operation
plumbing copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

Bump the all group across 1 directory with 4 updates

Open dependabot[bot] opened this issue 6 months ago • 3 comments

Bumps the all group with 3 updates in the /tekton/ci/custom-tasks/pr-commenter directory: github.com/jenkins-x/go-scm, github.com/tektoncd/pipeline and k8s.io/client-go.

Updates github.com/jenkins-x/go-scm from 1.14.37 to 1.14.41

Release notes

Sourced from github.com/jenkins-x/go-scm's releases.

1.14.41

Changes in version 1.14.41

Chores

  • release 1.14.41 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump github.com/bluekeyes/go-gitdiff from 0.7.3 to 0.7.4 (dependabot[bot])

1.14.40

Changes in version 1.14.40

Chores

  • release 1.14.40 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump k8s.io/apimachinery from 0.30.2 to 0.30.3 (dependabot[bot])

1.14.39

Changes in version 1.14.39

Chores

  • release 1.14.39 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump k8s.io/apimachinery from 0.29.0 to 0.30.2 (dependabot[bot])

1.14.38

Changes in version 1.14.38

Chores

  • release 1.14.38 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump golang.org/x/oauth2 from 0.19.0 to 0.21.0 (dependabot[bot])
  • deps: bump github.com/bluekeyes/go-gitdiff from 0.7.1 to 0.7.3 (dependabot[bot])
Commits
  • 179ef0a chore: release 1.14.41
  • 9aaff94 chore: add variables
  • 12239b8 Merge pull request #452 from jenkins-x/dependabot/go_modules/github.com/bluek...
  • 2414a0d Merge pull request #451 from jenkins-x/dependabot/go_modules/k8s.io/apimachin...
  • 3289ca2 chore(deps): bump github.com/bluekeyes/go-gitdiff from 0.7.3 to 0.7.4
  • 7069d47 chore(deps): bump k8s.io/apimachinery from 0.30.2 to 0.30.3
  • f32b90c Merge pull request #450 from jenkins-x/dependabot/go_modules/k8s.io/apimachin...
  • dcbc130 chore(deps): bump k8s.io/apimachinery from 0.29.0 to 0.30.2
  • 8cbc01f Merge pull request #449 from jenkins-x/dependabot/go_modules/golang.org/x/oau...
  • a50243e Merge pull request #444 from jenkins-x/dependabot/go_modules/github.com/bluek...
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.61.0 to 0.62.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.62.0 "Birman HAL LTS"

🎉 Ignore Task Failure Promoted and native sidecars adopted with k8s 1.29 🎉

-Docs @ v0.62.0 -Examples @ v0.62.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.62.0/release.yaml
REKOR_UUID=24296fb24b8ad77adbcee63512553d756997c4c7efad2e1163023bda8bd9ddecafde859fcb4ebb11

Obtains the list of images with sha from the attestation


REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.62.0@sha256:" + .digest.sha256')


Download the release file


curl "$RELEASE_FILE" > release.yaml


For each image in the attestation, match it to the release file


for image in $REKOR_ATTESTATION_IMAGES; do

printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";

done

Changes

Features

  • :sparkles: access taskRun reason in addition to status in finally task (#8127)

Access reason in addition to the status using $(tasks.taskName.reason)

... (truncated)

Commits
  • 95fbf31 fix(pipelinerun): block pipelinerun spec updates once the pipelinerun has sta...
  • d6a2cdb fix(taskrun): block taskrun spec updates once the taskrun has started
  • 9ee73be Bump k8s.io/client-go in /test/custom-task-ctrls/wait-task-beta
  • d8bc914 Bump actions/upload-artifact from 4.3.3 to 4.3.4
  • 30c8a33 Bump step-security/harden-runner from 2.8.1 to 2.9.0
  • 689e2cd Bump github.com/containerd/containerd from 1.7.18 to 1.7.20
  • c9eb0f3 Bump k8s.io/code-generator from 0.29.6 to 0.29.7
  • fcafa46 Bump github/codeql-action from 3.25.12 to 3.25.13
  • a43d632 Bump the all group in /tekton with 2 updates
  • db4ac21 Add isBuildArtifact field to Artifacts
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.30.2 to 0.30.3

Commits

Updates k8s.io/client-go from 0.30.2 to 0.30.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar Jul 29 '24 21:07 dependabot[bot]