Tekton Pruner release v0.3.5

-Docs @ v0.3.5
-Examples @ v0.3.5

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.5/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a27480ed48fb8060294cb2a4c77516cb8d7c5ed442ece7055f5727a670d5ab664

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a27480ed48fb8060294cb2a4c77516cb8d7c5ed442ece7055f5727a670d5ab664
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.5/release.yaml
REKOR_UUID=108e9186e8c5677a27480ed48fb8060294cb2a4c77516cb8d7c5ed442ece7055f5727a670d5ab664

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.3.5@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

None

Fixes

• 🐛 🍒 fix: selector-based pruning for label and annotation selectors (#145)
  Selector-based pruning now correctly group PipelineRuns by ConfigMap-defined labels/annotations instead of all resource labels

• 🐛 🍒 fix: add JSON struct tags to fix TektonConfig status serialization (#144)

Misc

None

Docs

None

Thanks

Thanks to these contributors who contributed to v0.3.5!

• ❤️ @tekton-robot
• ❤️ @infernus01

Extra shout-out for awesome release notes:

• 😍 @tekton-robot
• 😍 @infernus01

Tekton Pruner release v0.3.4

-Docs @ v0.3.4
-Tutorials @ v0.3.4

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.4/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ac6404214d17358930937df641e1349c16ad7357f7f44fe2a2a66aace0c7398ca

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ac6404214d17358930937df641e1349c16ad7357f7f44fe2a2a66aace0c7398ca
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.4/release.yaml
REKOR_UUID=108e9186e8c5677ac6404214d17358930937df641e1349c16ad7357f7f44fe2a2a66aace0c7398ca

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.3.4@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• ❇️ Remove the container resource requests and limits from the controller deployment (#121)

• 💖 Allow tekton-* namespaces to be processed by the pruner, except tekton-pipelines and tekton-operator.(#122)

• ✨ add omitempty to YAML/JSON struct tags (#131)

Misc

• 🔨 [cherry-pick: releae-v0.3.x]Update pipelines-lts matrix to latest LTS versions (#136)

• 🔨 [cherry-pick: release v0.3.x]chore: update workflows for dependabot and migrate to infra.tekton.dev (#132)

• 🔨 [cherry-pick: release-v0.3.x] ci: Remove version tip override from ko setup (#126)

• 🔨 [cherry-pick: release-v0.3.x] chore: migrate retest workflow to use plumbing reusable workflow (#125)

• 🔨 [cherry-pick: release-v0.3.x] feat: add cherry-pick slash command workflow (#124)

• 🔨 [cherry-pick: release-v0.3.x] fix: Update E2E tests for tekton-* namespace validation changes (#123)

• 🔨 [release-v0.3.x] chore(deps): bump tj-actions/changed-files (#85)

• 🔨 [release-v0.3.x] chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#84)

• 🔨 [release-v0.3.x] chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 (#83)

• 🔨 [release-v0.3.x] chore(deps): bump chainguard-dev/actions from 1.5.8 to 1.5.10 (#82)

• 🔨 [release-v0.3.x] chore(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 (#81)

• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#80)

• 🔨 [release-v0.3.x] chore(deps): bump the all group in /tekton with 4 updates (#67)

• 🔨 [release-v0.3.x] chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#66)

• 🔨 [release-v0.3.x] chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#65)

• 🔨 [release-v0.3.x] chore(deps): bump github/codeql-action from 4.31.2 to 4.31.4 (#64)

• 🔨 [release-v0.3.x] chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#63)

• 🔨 [release-v0.3.x] chore(deps): bump tj-actions/changed-files (#62)

• 🔨 [release-v0.3.x] chore(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#61)

Docs

NONE

Thanks

Thanks to these contributors who contributed to v0.3.4!

• ❤️ @anithapriyanatarajan
• ❤️ @infernus01
• ❤️ @tekton-robot

Extra shout-out for awesome release notes:

• 😍 @anithapriyanatarajan
• 😍 @infernus01
• 😍 @tekton-robot

Tekton Pruner release v0.3.3

-Docs @ v0.3.3
-Tutorials @ v0.3.3

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a3cdd8c9b0d9e1226e1452dde035b4e4bae7c4f2103d5fd990e931285fe15c4bb

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a3cdd8c9b0d9e1226e1452dde035b4e4bae7c4f2103d5fd990e931285fe15c4bb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.3/release.yaml
REKOR_UUID=108e9186e8c5677a3cdd8c9b0d9e1226e1452dde035b4e4bae7c4f2103d5fd990e931285fe15c4bb

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.3.3@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: introduce new function to expose validation logic on struct (#57). This is an enabler for tekton operator to reuse the pruner webhook validation logic. This has no direct impact to users.

Fixes

• 🐛 feat: version 0.3.2 is set to retract, since this was an unintended release (#60)

Misc

• 🔨 fix: add missing unit test cases (#59)
• 🔨 fix: resolve yamllint errors and warnings in workflows (#86)
• 🔨 chore(deps): bump tj-actions/changed-files from 6da3c88b60ebf09464ada9b06fba5b6f2d34bb94 to abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b (#79)
• 🔨 chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#78)
• 🔨 chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 (#77)
• 🔨 chore(deps): bump chainguard-dev/actions from 1.5.8 to 1.5.10 (#76)
• 🔨 chore(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 (#75)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#73)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#56)
• 🔨 chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#55)
• 🔨 chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#54)
• 🔨 chore(deps): bump github/codeql-action from 4.31.2 to 4.31.4 (#53)
• 🔨 chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#52)
• 🔨 chore(deps): bump tj-actions/changed-files from 70069877f29101175ed2b055d210fe8b1d54d7d7 to 6da3c88b60ebf09464ada9b06fba5b6f2d34bb94 (#51)
• 🔨 chore(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#50)

Docs

• 🔨 Fix errors and improve formatting in release cheat sheet (#87)

Thanks

Thanks to these contributors who contributed to v0.3.3!

• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]
• ❤️ @infernus01

Extra shout-out for awesome release notes:

• 😍 @anithapriyanatarajan
• 😍 @infernus01

Tekton Pruner release v0.3.1 "Tekton Pruner"

-Docs @ v0.3.1
-Tutorials @ v0.3.1

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa711cbd8297f45e5985a1fbe699cff9a08f32e1a7e276edce7e2985e3d2eb035

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa711cbd8297f45e5985a1fbe699cff9a08f32e1a7e276edce7e2985e3d2eb035
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.1/release.yaml
REKOR_UUID=108e9186e8c5677aa711cbd8297f45e5985a1fbe699cff9a08f32e1a7e276edce7e2985e3d2eb035

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.3.1@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 fix: process selector configs (#49)

• 🐛 fix: system limit violations in config (#48)

• 🐛 fix: webhook container to use correct configmap names (#47)

Misc

• 🔨 fix: update base image (#46)

• 🔨 Pin label checker action by git commit SHA (#44)

• 🔨 Bump tj-actions/changed-files from 0ff001de0805038ff3f118de4875002200057732 to 70069877f29101175ed2b055d210fe8b1d54d7d7 (#43)

• 🔨 Bump step-security/harden-runner from 2.13.1 to 2.13.2 (#42)

• 🔨 Bump softprops/action-gh-release from 2.4.1 to 2.4.2 (#41)

• 🔨 Bump chainguard-dev/actions from 1.5.7 to 1.5.8 (#40)

• 🔨 Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#39)

• 🔨 Bump the all group in /tekton with 4 updates (#38)

Docs

Thanks

Thanks to these contributors who contributed to v0.3.1!

• ❤️ @AlanGreene
• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]

Extra shout-out for awesome release notes:

• 😍 @AlanGreene
• 😍 @anithapriyanatarajan

Tekton Pruner release 0.3.1 "Tekton Pruner"

-Docs @ 0.3.1
-Examples @ 0.3.1

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pruner/previous/0.3.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa711cbd8297f45e5985a1fbe699cff9a08f32e1a7e276edce7e2985e3d2eb035

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa711cbd8297f45e5985a1fbe699cff9a08f32e1a7e276edce7e2985e3d2eb035
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pruner/previous/0.3.1/release.yaml
REKOR_UUID=108e9186e8c5677aa711cbd8297f45e5985a1fbe699cff9a08f32e1a7e276edce7e2985e3d2eb035

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":0.3.1@sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 fix: process selector configs (#49)

• 🐛 fix: system limit violations in config (#48)

• 🐛 fix: webhook container to use correct configmap names (#47)

Misc

• 🔨 fix: update base image (#46)

• 🔨 Pin label checker action by git commit SHA (#44)

• 🔨 Bump tj-actions/changed-files from 0ff001de0805038ff3f118de4875002200057732 to 70069877f29101175ed2b055d210fe8b1d54d7d7 (#43)

• 🔨 Bump step-security/harden-runner from 2.13.1 to 2.13.2 (#42)

• 🔨 Bump softprops/action-gh-release from 2.4.1 to 2.4.2 (#41)

• 🔨 Bump chainguard-dev/actions from 1.5.7 to 1.5.8 (#40)

• 🔨 Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#39)

• 🔨 Bump the all group in /tekton with 4 updates (#38)

Docs

Thanks

Thanks to these contributors who contributed to 0.3.1!

• ❤️ @AlanGreene
• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]

Extra shout-out for awesome release notes:

• 😍 @AlanGreene
• 😍 @anithapriyanatarajan

Tekton Pruner release v0.3.0

🎉 Keep your cluster lean through event-driven pruning of PipelineRuns and TaskRuns, configurable via flexible, policy-based controls at cluster or namespace level, or even granularly by grouping with annotations and/or labels. 🎉

-Docs @ v0.3.0
-Tutorials @ v0.3.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aeba0941ced547f9063b5e3f447e05d19ecdf64c2ea7a9dfe0195ba88c32b5478

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aeba0941ced547f9063b5e3f447e05d19ecdf64c2ea7a9dfe0195ba88c32b5478
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pruner/previous/v0.3.0/release.yaml
REKOR_UUID=108e9186e8c5677aeba0941ced547f9063b5e3f447e05d19ecdf64c2ea7a9dfe0195ba88c32b5478

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.3.0@sha256:" + .digest.sha256')

# Download the release file
curl -LO "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feature: support resource selectors in namespace configuration (#34)

This release introduces support for selector-based resource grouping using matchLabels and matchAnnotations in namespace-level ConfigMaps (tekton-pruner-namespace-spec).
This allows users to define pruning policies that apply automatically to specific PipelineRuns or TaskRuns based on labels and annotations.

• ✨ feature: include validation based on system and global limits for namespace co… (#30)

Added system-wide maximum limits for Tekton pruner configuration fields to prevent resource overuse. These limits are enforced in validation, ensuring global and namespace settings cannot exceed defined system maximums.

• ✨ Add webhook validation for configmaps (#24)

• Added admission webhook validation for pruner ConfigMaps to provide immediate error feedback when applying invalid configurations, preventing silent failures
• Webhook uses Tekton-style implementation with automatic certificate management and validates any ConfigMap with pruner configuration keys

Fixes

Misc

• 🔨 chore: add Shubham B to owners list (#31)

• 🔨 feat: added workflow files (#25)

• 🔨 .github/workflows: use go.mod to get the go version (#18)

• 🔨 Pin actions by commit SHA (#13)

• 🔨 Bump github.com/tektoncd/pipeline from 1.5.0 to 1.6.0 (#29)

• 🔨 Bump tj-actions/changed-files from dbf178ceecb9304128c8e0648591d71208c6e2c9 to 0ff001de0805038ff3f118de4875002200057732 (#28)

• 🔨 Bump github/codeql-action from 4.31.0 to 4.31.2 (#27)

• 🔨 Bump github/codeql-action from 3.30.7 to 4.30.8 (#17)

• 🔨 Bump actions/setup-go from 5.0.2 to 6.0.0 (#16)

• 🔨 Bump softprops/action-gh-release from 2.4.0 to 2.4.1 (#15)

• 🔨 Bump github.com/tektoncd/pipeline from 1.4.0 to 1.5.0 (#12)

Docs

Thanks

Thanks to these contributors who contributed to v0.3.0!

• ❤️ @AlanGreene
• ❤️ @anithapriyanatarajan
• ❤️ @dependabot[bot]
• ❤️ @infernus01
• ❤️ @vdemeester

Extra shout-out for awesome release notes:

• 😍 @AlanGreene
• 😍 @anithapriyanatarajan
• 😍 @infernus01
• 😍 @vdemeester

What's Changed

• Pin actions by commit SHA by @AlanGreene in #13
• Bump softprops/action-gh-release from 2.4.0 to 2.4.1 by @dependabot[bot] in #15
• Bump github/codeql-action from 3.30.7 to 4.30.8 by @dependabot[bot] in #17
• Bump github.com/tektoncd/pipeline from 1.4.0 to 1.5.0 by @dependabot[bot] in #12
• .github/workflows: use go.mod to get the go version by @vdemeester in #18
• Bump actions/setup-go from 5.0.2 to 6.0.0 by @dependabot[bot] in #16
• Fix variable check in failedHistory limit by @infernus01 in #20
• Add namespace level pruner config controller by @infernus01 in #14
• Fix test to match the actual error by @infernus01 in #23
• Fix RBAC permissions for configmaps by @infernus01 in #26
• feat: added workflow files by @anithapriyanatarajan in #25
• Bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #27
• Bump tj-actions/changed-files from dbf178ceecb9304128c8e0648591d71208c6e2c9 to 0ff001de0805038ff3f118de4875002200057732 by @dependabot[bot] in #28
• Bump github.com/tektoncd/pipeline from 1.5.0 to 1.6.0 by @dependabot[bot] in #29
• Add webhook validation for configmaps by @infernus01 in #24
• chore: add Shubham B to owners list by @anithapriyanatarajan in #31
• feature: include validation based on system and global limits for namespace co… by @anithapriyanatarajan in #30
• security: Add readOnlyRootFilesystem to webhook securityContext by @infernus01 in #33
• fix: include validation for forbidden namespaces by @anithapriyanatarajan in #32
• chore: add release pipeline and workflow by @anithapriyanatarajan in #36
• feature: support resource selectors in namespace configuration by @anithapriyanatarajan in #34
• fix: enhance release docs and pipeline definitions by @anithapriyanatarajan in #37

New Contributors

• @AlanGreene made their first contribution in #13
• @vdemeester made their first contribution in #18
• @infernus01 made their first contribution in #20

Full Changelog: v0.2.0...v0.3.0

v0.2.0

Merge pull request #9 from tektoncd/dependabot/go_modules/github.com/…