[bot] Update release-v1.15.x from tektoncd/pipeline to 1eadef6a63051424cda6de9ed82664b49b7be145

head

@@ -1 +1 @@
-579fe684ce5500480bf7561d27b7a3ac9bbc7c88
+1eadef6a63051424cda6de9ed82664b49b7be145

upstream/.github/workflows/ci.yaml

@@ -45,7 +45,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae  # v6.2.0
       with:
-        version: v1.61.0
+        version: v1.57.2
         args: --timeout=10m
     - name: yamllint
       run: |

upstream/.github/workflows/codeql-analysis.yml

@@ -49,28 +49,24 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
       with:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-    - name: Setup go
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
-      with:
-        go-version: '1.22.x'
+      uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+      uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
       with:
         path: |
           ~/.cache/go-build
@@ -96,4 +92,4 @@ jobs:
         make -j 4 all
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+      uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1

upstream/.github/workflows/dependency-review.yml

@@ -17,13 +17,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
         with:
           fail-on-severity: low

upstream/.github/workflows/scorecard.yml

@@ -29,16 +29,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Checkout code"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -53,14 +53,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
         with:
           sarif_file: results.sarif

upstream/.github/workflows/woke.yml

@@ -11,15 +11,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: 'Checkout'
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@c3a1bb2c992d77180ae65be6ae6c166cf40f857c # v45.0.3
+        uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0
         with:
           write_output_files: true
           files: |

upstream/.golangci.yml

@@ -1,10 +1,5 @@
 # Documentation: https://golangci-lint.run/usage/configuration/
-
 linters-settings:
-  gosec:
-    excludes:
-      - G601
-    exclude-generated: true
   errcheck:
     exclude-functions:
       - (*github.com/tektoncd/pipeline/vendor/go.uber.org/zap.SugaredLogger).Sync
@@ -85,13 +80,12 @@ linters:
   - gocyclo
   - godot
   - godox
-  - err113
+  - goerr113
   - gofumpt
   - gomnd
   - gomoddirectives
   - ireturn
   - lll
-  - mnd
   - nestif
   - nlreturn
   - nonamedreturns

upstream/DEVELOPMENT.md

@@ -283,7 +283,7 @@ as follows.
 
 The recommended minimum development configuration is:
 
-- Kubernetes version 1.28 or later
+- Kubernetes version 1.27 or later
 - 4 (virtual) CPU nodes
   - 8 GB of (actual or virtualized) platform memory
 - Node autoscaling, up to 3 nodes
@@ -341,7 +341,7 @@ optional: As a convenience, the [Tekton plumbing project](https://github.com/tek
      --region=us-central1 \
      --machine-type=e2-standard-4 \
      --num-nodes=1 \
-     --cluster-version=1.28
+     --cluster-version=1.27
     ```
 
     > **Note**: The recommended [GCE machine type](https://cloud.google.com/compute/docs/machine-types) is `'e2-standard-4'`.

upstream/Makefile

@@ -9,8 +9,7 @@ TESTPKGS = $(shell env GO111MODULE=on $(GO) list -f \
 BIN      = $(CURDIR)/.bin
 WOKE 	?= go run -modfile go.mod github.com/get-woke/woke
 
-# Get golangci_version from tools/go.mod
-GOLANGCI_VERSION := $(shell cat tools/go.mod | grep golangci-lint | awk '{ print $$3 }')
+GOLANGCI_VERSION = v1.57.2
 WOKE_VERSION     = v0.19.0
 
 GO           = go
@@ -166,10 +165,9 @@ $(BIN)/errcheck: PACKAGE=github.com/kisielk/errcheck
 errcheck: | $(ERRCHECK) ; $(info $(M) running errcheck…) ## Run errcheck
 	$Q $(ERRCHECK) ./...
 
-GOLANGCILINT = $(BIN)/golangci-lint-$(GOLANGCI_VERSION)
-$(BIN)/golangci-lint-$(GOLANGCI_VERSION): ; $(info $(M) getting golangci-lint $(GOLANGCI_VERSION))
-	cd tools; go mod download github.com/golangci/golangci-lint && go mod tidy 
-	cd tools; go build -o $(BIN)/golangci-lint-$(GOLANGCI_VERSION) github.com/golangci/golangci-lint/cmd/golangci-lint
+GOLANGCILINT = $(BIN)/golangci-lint
+$(BIN)/golangci-lint: ; $(info $(M) getting golangci-lint $(GOLANGCI_VERSION))
+	cd tools; GOBIN=$(BIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_VERSION)
 
 .PHONY: golangci-lint
 golangci-lint: | $(GOLANGCILINT) ; $(info $(M) running golangci-lint…) @ ## Run golangci-lint

upstream/OWNERS_ALIASES

@@ -1,11 +1,13 @@
 aliases:
   pipeline-approvers:
   - afrittoli
+  - bobcatfish
   - dibyom
   - ImJasonH
   - vdemeester
   - pritidesai
   - jerop
+  - lbernick
   - abayer
   - wlynch
   - yongxuanzhang
@@ -14,6 +16,7 @@ aliases:
 
   pipeline-reviewers:
   - afrittoli
+  - bobcatfish
   - dibyom
   - vdemeester
   - pritidesai
@@ -23,16 +26,19 @@ aliases:
 
   apis-approvers:
   - afrittoli
+  - bobcatfish
   - dibyom
   - ImJasonH
   - vdemeester
   - pritidesai
   - jerop
+  - lbernick
   - abayer
   - wlynch
 
   productivity-approvers:
   - afrittoli
+  - bobcatfish
   - vdemeester
 
 # Alumni ❤️
@@ -42,5 +48,3 @@ aliases:
 # aaron-prindle
 # sbwsg
 # dlorenc
-# lbernick
-# bobcatfish

upstream/README.md

@@ -44,7 +44,6 @@ Tekton Pipelines are **Typed**:
 - Starting from the v0.45.x release of Tekton: **Kubernetes version 1.24 or later**
 - Starting from the v0.51.x release of Tekton: **Kubernetes version 1.25 or later**
 - Starting from the v0.59.x release of Tekton: **Kubernetes version 1.27 or later**
-- Starting from the v0.61.x release of Tekton: **Kubernetes version 1.28 or later**
 
 ### Read the docs
 

upstream/cmd/controller/main.go

@@ -56,7 +56,6 @@ func main() {
 	flag.StringVar(&opts.Images.ShellImage, "shell-image", "", "The container image containing a shell")
 	flag.StringVar(&opts.Images.ShellImageWin, "shell-image-win", "", "The container image containing a windows shell")
 	flag.StringVar(&opts.Images.WorkingDirInitImage, "workingdirinit-image", "", "The container image containing our working dir init binary.")
-	flag.DurationVar(&opts.ResyncPeriod, "resync-period", controller.DefaultResyncPeriod, "The period between two resync run (going through all objects)")
 
 	// This parses flags.
 	cfg := injection.ParseAndGetRESTConfigOrDie()
@@ -99,8 +98,6 @@ func main() {
 	}()
 
 	ctx = filteredinformerfactory.WithSelectors(ctx, v1beta1.ManagedByLabelKey)
-	ctx = controller.WithResyncPeriod(ctx, opts.ResyncPeriod)
-
 	sharedmain.MainWithConfig(ctx, ControllerLogKey, cfg,
 		taskrun.NewController(opts, clock.RealClock{}),
 		pipelinerun.NewController(opts, clock.RealClock{}),

upstream/cmd/entrypoint/main.go

@@ -17,6 +17,7 @@ limitations under the License.
 package main
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"flag"
@@ -32,7 +33,6 @@ import (
 	"github.com/tektoncd/pipeline/cmd/entrypoint/subcommands"
 	featureFlags "github.com/tektoncd/pipeline/pkg/apis/config"
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline"
-	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
 	"github.com/tektoncd/pipeline/pkg/credentials"
 	"github.com/tektoncd/pipeline/pkg/credentials/dockercreds"
 	"github.com/tektoncd/pipeline/pkg/credentials/gitcreds"
@@ -50,12 +50,10 @@ var (
 	terminationPath     = flag.String("termination_path", "/tekton/termination", "If specified, file to write upon termination")
 	results             = flag.String("results", "", "If specified, list of file names that might contain task results")
 	stepResults         = flag.String("step_results", "", "step results if specified")
-	whenExpressions     = flag.String("when_expressions", "", "when expressions if specified")
 	timeout             = flag.Duration("timeout", time.Duration(0), "If specified, sets timeout for step")
 	stdoutPath          = flag.String("stdout_path", "", "If specified, file to copy stdout to")
 	stderrPath          = flag.String("stderr_path", "", "If specified, file to copy stderr to")
 	breakpointOnFailure = flag.Bool("breakpoint_on_failure", false, "If specified, expect steps to not skip on failure")
-	debugBeforeStep     = flag.Bool("debug_before_step", false, "If specified, wait for a debugger to attach before executing the step")
 	onError             = flag.String("on_error", "", "Set to \"continue\" to ignore an error and continue when a container terminates with a non-zero exit code."+
 		" Set to \"stopAndFail\" to declare a failure with a step error and stop executing the rest of the steps.")
 	stepMetadataDir        = flag.String("step_metadata_dir", "", "If specified, create directory to store the step metadata e.g. /tekton/steps/<step-name>/")
@@ -66,8 +64,25 @@ var (
 
 const (
 	defaultWaitPollingInterval = time.Second
+	breakpointExitSuffix       = ".breakpointexit"
 )
 
+func checkForBreakpointOnFailure(e entrypoint.Entrypointer, breakpointExitPostFile string) {
+	if e.BreakpointOnFailure {
+		if waitErr := e.Waiter.Wait(context.Background(), breakpointExitPostFile, false, false); waitErr != nil {
+			log.Println("error occurred while waiting for " + breakpointExitPostFile + " : " + waitErr.Error())
+		}
+		// get exitcode from .breakpointexit
+		exitCode, readErr := e.BreakpointExitCode(breakpointExitPostFile)
+		// if readErr exists, the exitcode with default to 0 as we would like
+		// to encourage to continue running the next steps in the taskRun
+		if readErr != nil {
+			log.Println("error occurred while reading breakpoint exit code : " + readErr.Error())
+		}
+		os.Exit(exitCode)
+	}
+}
+
 func main() {
 	// Add credential flags originally introduced with our legacy credentials helper
 	// image (creds-init).
@@ -123,12 +138,6 @@ func main() {
 			log.Fatal(err)
 		}
 	}
-	var when v1.StepWhenExpressions
-	if len(*whenExpressions) > 0 {
-		if err := json.Unmarshal([]byte(*whenExpressions), &when); err != nil {
-			log.Fatal(err)
-		}
-	}
 
 	var spireWorkloadAPI spire.EntrypointerAPIClient
 	if enableSpire != nil && *enableSpire && socketPath != nil && *socketPath != "" {
@@ -153,9 +162,7 @@ func main() {
 		Results:                strings.Split(*results, ","),
 		StepResults:            strings.Split(*stepResults, ","),
 		Timeout:                timeout,
-		StepWhenExpressions:    when,
 		BreakpointOnFailure:    *breakpointOnFailure,
-		DebugBeforeStep:        *debugBeforeStep,
 		OnError:                *onError,
 		StepMetadataDir:        *stepMetadataDir,
 		SpireWorkloadAPI:       spireWorkloadAPI,
@@ -169,10 +176,8 @@ func main() {
 	}
 
 	if err := e.Go(); err != nil {
+		breakpointExitPostFile := e.PostFile + breakpointExitSuffix
 		switch t := err.(type) { //nolint:errorlint // checking for multiple types with errors.As is ugly.
-		case entrypoint.DebugBeforeStepError:
-			log.Println("Skipping execute step script because before step breakpoint fail-continue")
-			os.Exit(1)
 		case entrypoint.SkipError:
 			log.Print("Skipping step because a previous step failed")
 			os.Exit(1)
@@ -196,7 +201,7 @@ func main() {
 			// in both cases has an ExitStatus() method with the
 			// same signature.
 			if status, ok := t.Sys().(syscall.WaitStatus); ok {
-				e.CheckForBreakpointOnFailure()
+				checkForBreakpointOnFailure(e, breakpointExitPostFile)
 				// ignore a step error i.e. do not exit if a container terminates with a non-zero exit code when onError is set to "continue"
 				if e.OnError != entrypoint.ContinueOnError {
 					os.Exit(status.ExitStatus())
@@ -207,7 +212,7 @@ func main() {
 				log.Fatalf("Error executing command (ExitError): %v", err)
 			}
 		default:
-			e.CheckForBreakpointOnFailure()
+			checkForBreakpointOnFailure(e, breakpointExitPostFile)
 			log.Fatalf("Error executing command: %v", err)
 		}
 	}