Releases: concourse/concourse
v6.7.8
✈️ Features
- Optimize build log collection (#7334 ) @evanchaoli 🔗
- Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.
🐞 Bug Fixes
-
Prevent open redirect to other hosts (#7460) @taylorsilva 🔗
-
Fix github-release-resource with graphql update (concourse/github-release-resource#107) @kirillbilchenko 🔗
🤷 Miscellaneous
-
Backport baggageclaim v1.8.0 to release/6.7.x (#7428) @taylorsilva 🔗
-
Use overlay driver for worker integration test [6.7.x] (#7435) @aoldershaw 🔗
📦 Bundled resource types
v7.4.0
✈️ Features
-
Fly clear-resource-cache command (#7003) @EstebanFS 🔗
- Added fly command
clear-resource-cache
, you could use this following the next format
fly -t ci clear-resource-cache -r pipeline/resource [--version some:version]
- Added fly command
-
Build page shows name of who triggered the build in header line of build page (#7112) @evanchaoli 🔗
- The build page now shows the username of who triggers the build if the build is triggered manually.
-
Add page to view all builds/resource versions downstream/upstream from a root resource version (#7125) @chenbh 🔗
- Disabled by default since computing causality for large datasets can be expensive, use
--enable-resource-causality
or$CONCOURSE_ENABLE_RESOURCE_CAUSALITY=true
to enable the web UI and API endpoint.- Most datasets (like the merge commit for this PR) have < 100 builds and/or resource versions and take < 100ms, but it's possible for some "slow paced" resource versions (i.e. very infrequent new versions) to generate extremely large datasets
- There is an automatic cutoff at 5000 builds or 25000 resource versions. On our deployment, the call for our slowest paced resource took about ~7 seconds to process, most of which is spent in the DB query
- The causality page can be navigated to from the resource page
- The causality page displays all the builds and resource versions that was generated from (downstream) or resulted in (upstream) the creation of a particular resource version
- The downstream graph will put the root resource version on the left whereas the upstream graph will put it on the right
- It takes into account all the intermediate resource versions when computing the final graph. In the picture above, while the resource page only shows that
git version: 123
is a direct input to integrate#4 & #5
, there is also an indirect link fromgit version: 123
->test #19
-> ... ->intermediate-3 version:123
->integrate #6 & #6.1
- Disabled by default since computing causality for large datasets can be expensive, use
-
Support soft policy enforcement (#7139) @evanchaoli 🔗
- This feature doesn't break the existing OPA policy check. If you have enabled OPA policy check, and you don't need "soft" policy enforcement, then you just don't need to do any configuration change.
- 3 new ATC cli options are added:
CONCOURSE_OPA_RESULT_ALLOWED_KEY
: specifies a key of allow flag in OPA returned resultCONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY
: specifies a key of should-block flag in OPA returned resultCONCOURSE_OPA_RESULT_MESSAGES_KEY
: specifies a key of messages in OPA returned result
For example, if OPA returns the following result:
{ "result": { "allow": true, "block": true, "reasons": ["foo", "bar"] } }
then
CONCOURSE_OPA_RESULT_ALLOWED_KEY
should be set toresult.allow
;CONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY
should beresult.block
, andCONCOURSE_OPA_RESULT_MESSAGES_KEY
should beresult.reasons
.NOTE:
allow
andblock
in OPA result should be boolean type, because it's easy to convert other types to boolean in an OPA policy. -
Add ability to comment on a build (#7147) @multimac 🔗
-
You can now leave comments on builds. For instance, this can be used to give context to your coworkers about why a particular build failed:
-
If a build has a comment, it is displayed with a small marker to help you quickly find builds of interest. Hovering over the build displays a portion of the comment:
-
-
Add teamName to
concourse_steps_wait_duration
metrics (#7154) @Esysc 🔗 -
Use browser cache API for dashboard caching (#7247) @aoldershaw 🔗
- The cached API responses on the dashboard no longer need to get truncated, which was previously introduced to work around
localStorage
limits
- The cached API responses on the dashboard no longer need to get truncated, which was previously introduced to work around
-
Allow interpolation in the across step values (#7252) @aoldershaw 🔗
- The
across
step now supports dynamic interpolation of values. For instance, this can be combined with theset_pipeline
step and instanced pipelines to set a dynamic list of pipelines:- load_var: branches file: branches/branches.json - across: - var: branch values: ((.:branches)) set_pipeline: my-app file: ci/pipelines/my-app.yml instance_vars: {branch: ((.:branch))}
- The
-
Cache the list of workers in memory (#7268) @aoldershaw 🔗
- Scheduling containers should be more performant by reducing the number of required database calls
-
Optimize build log collector (#7327) @evanchaoli 🔗
- Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.
-
Enable emitting dogstatsd metrics over uds (#7338) @jmhwang7 🔗
- The Datadog emitter can now be configured to communicate with the Datadog agent over Unix Domain Sockets
🐞 Bug Fixes
-
containerd: properly populate /etc/hosts and /etc/hostname (#7041) @muntac 🔗
- containerd:
/etc/hosts
and/etc/hostname
are correctly populated
- containerd:
-
Handle 403 for vault preflight check of V2 (#7057) @xtremerui 🔗
-
atc: across step logs errors (#7090) @taylorsilva 🔗
- Across step emits an
error
event when one of the sub-steps errors
- Across step emits an
-
containerd: Mount
/dev/fuse
to privileged containers (#7098) @aoldershaw 🔗 -
atc(fix): fixed a bug in resource check rate limiter. (#7102) @evanchaoli 🔗
- Fixed a bug in check rate limiter that caused slow checks.
-
Fix worker restart issue with containerd daemon and beacon (#7113) @muntac 🔗
- Fix worker stall issue when restarting with containerd. Exit the worker's beacon process gracefully if any other top level process like the containerd daemon fails. Wait for containerd daemon to come up before starting the containerd Garden server.
-
Fix memory leak in notificati...
v6.7.7
✈️ Features
- Optimize build log collector (#7334) @evanchaoli 🔗
- Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.
🐞 Bug Fixes
-
Add autocomplete=off to all form tags (#6921) @taylorsilva 🔗
- add `autocomplete="off" to the form and username tags on the login page
-
Fix memory leak in notification bus (#7157) @taylorsilva 🔗
🤷 Miscellaneous
- Bump otel to 0.20.0 (#7305) @xtremerui 🔗
- Bump opentelemetry to v0.20.0 to address CVE in one of its dependancies (apache/thrift)
📦 Bundled resource types
v7.3.2
🐞 Bug Fixes
- [7.3.x] Fix memory leak in notification bus (#7164) @aoldershaw 🔗
🤷 Miscellaneous
📦 Bundled resource types
v7.3.1
🐞 Bug Fixes
- Bump guardian to 1.19.28 🔗
- Fixes a bug where guardian would fail to start up when the kernel version contained an unexpected suffix
🤷 Miscellaneous
- [topgun/k8s] disable container limits fail test (#7088) @aoldershaw 🔗
📦 Bundled resource types
v7.3.0
🚨 Breaking
-
Bump opentelemetry to 0.19.0 (#6787) @aoldershaw 🔗
- The service name Honeycomb tracing exporter is now configured via the more general
--tracing-service-name
(CONCOURSE_TRACING_SERVICE_NAME
) rather than--tracing-honeycomb-service-name
(CONCOURSE_TRACING_HONEYCOMB_SERVICE_NAME
)
- The service name Honeycomb tracing exporter is now configured via the more general
✈️ Features
-
Cache streamed volumes and use local cache when looking for volumes (#6660) @evanchaoli 🔗
Optimize resource cache streaming and get step.- Mark streamed resource cache volumes as resource cache, to avoid duplicate streaming in next runs.
- If a resource from a
get
can be found on some workers, thenget
step will do nothing. This will reduce times of Concourse connecting to external systems, such as git, docker hub, and so on. - This feature is currently opt-in and can be enabled using
CONCOURSE_ENABLE_CACHE_STREAMED_VOLUMES
flag.
-
Re-ordering instanced pipelines (#6830) @EstebanFS 🔗
- Instanced Pipelines are allowed to be re-ordered with in their group through the UI (using the drag and drop functionality) or using the fly command:
fly -t dev oip -g groupName -p key1:var1 -p key2:var2
- Instanced Pipelines are allowed to be re-ordered with in their group through the UI (using the drag and drop functionality) or using the fly command:
-
Enhance syslog-drainer to make it more useful (#6834) @SimonXming 🔗
- Add
event_id
intosyslog-drainer
entries, to get the correct order of "drained" build logs. - Add more supported event_type for
syslog-drainer
to include more info for "drained" build logs.
- Add
-
Enhance webhook triggered checks (#6854) @evanchaoli 🔗
- When multiple pipelines hold a common resource and webhook calls against the common resource, checks are sent to all pipelines at same time. Without this enhancement, each webhook call will cause a check to run. With this enhancement, only a single check will run, which is the expected behavior as a global resource.
-
Allow override of container limits in task config (#6867) @BooleanCat 🔗
- Pipeline authors can now set
container_limits
for reusable tasks in pipelines. Any limits set in the pipeline will override the limits set within the reusable task file.
- Pipeline authors can now set
-
Use cursor-based pagination for build events (#6873) @aoldershaw 🔗
- Optimizes fetching build logs from the DB for builds with massive logs
-
Use display_user_id field to render username in web interface (#6970) @logyball 🔗
-
Set Content-Security-Policy and Cache-Control Headers (#6949) @taylorsilva 🔗
- A Content-Security-Policy header is now set with a default value that will block framing of the Concourse web UI. This was already possible with the default value of the X-Frames-Option header.
- The CSP header value is configurable with
CONCOURSE_CONTENT_SECURITY_POLICY
- The CSP header value is configurable with
- A Cache-Control header is set on every page with a default value of
no-store, private
. The value of the header is overwritten for some paths (i.e. web assets)
- A Content-Security-Policy header is now set with a default value that will block framing of the Concourse web UI. This was already possible with the default value of the X-Frames-Option header.
🐞 Bug Fixes
-
Ensure stdin never errors when using containerd with TTY enabled (#6791) @chenbh 🔗
- Fixed bug with containerd runtime where builds to error out if it runs for a long time without any output
-
Add trigger for deleting pipeline (#6880) @xtremerui 🔗
- Fix a bug that might leave orphan
pipeline_build_events_*
table in DB when deleting a team. Pipelines belong to the deleted team will be destroyed byDELETE CASCADE
but associated events table was not cleaned up properly.
- Fix a bug that might leave orphan
-
Fix volume GC query to not include volumes with children (#6902) @xtremerui 🔗
- Fix query that causes
volume cannot be destroyed as children are present
in web andupdate or delete on table "volumes" violates foreign key constraint "volumes_parent_id_fkey"
in DB.
- Fix query that causes
-
Set autocomplete to off for login form (#6920) @taylorsilva 🔗
- add
autocomplete="off"
to the top-levelform
andusername
tags.
- add
-
Scan unchecked resource-types (#6923) @EstebanFS 🔗
- Fixed an edge case where a put-only resource's parent-type would not be checked
-
Ignore "not found" error on process deletion for Containerd runtime (#6959) @aoldershaw 🔗
-
worker: Set PATH based on UID instead of container's privileged state (#6982) @taylorsilva 🔗
- Containerd: fixed a bug where PATH did not contain directories to system tools (i.e.
/sbin
) when a user/process was root. Only effects unprivileged containers.
- Containerd: fixed a bug where PATH did not contain directories to system tools (i.e.
-
Fix Postgres deadlock when frequently setting pipelines (#7011) @aoldershaw 🔗
-
containerd: allow use of non-existent uids (#7029) @muntac 🔗
containerd
supports running images with non-existent UIDs such as distroless images.
🤷 Miscellaneous
-
Add exception handling in bigint migration (#6848) @xtremerui 🔗
-
add help text for password connector flag (#6876) @aoldershaw 🔗
-
skip DNS proxy test with extra DNS server (#6878) @aoldershaw 🔗
-
Optimise fake generation (#6885) @BooleanCat 🔗
-
Refactor: Pick -> Approve (#6886) @taylorsilva 🔗
-
Optimise fake generation (#6901) @BooleanCat 🔗
-
Correct a typo in project documentation (#6925) @plan-do-break-fix 🔗
-
topgun/k8s: move dns proxy tests to integration (#6947) @chenbh 🔗
-
Don't check resource-types from paused pipelines (#6961) @taylorsilva 🔗
-
Add drills environment to major release template (#6967) @clarafu 🔗
-
Using osFlag to fix windows worker error (#6971) @EstebanFS 🔗
-
contributing: cover governance model, be brief (#6972) @vito 🔗
-
[skip-migrations-check] bump
secondary_order
migration (#6979) @aoldershaw 🔗 -
Fix bugs related to caching streamed volumes (#7001) @aoldershaw 🔗
-
Fix caching when streamed volume was also streamed (#7024) @aoldershaw 🔗
-
Upgraded xenial to bionic stemcell (#7037) @EstebanFS 🔗
-
7.3.x: make resource cache streaming opt-in (#7051) @taylorsilva 🔗
-
7.3.x: Fix capture of failing topgun tests logs (#7055) @taylorsilva 🔗
-
7.3.x: update regex for capturing instances (#7063) @taylorsilva 🔗
📦 Bundled resource types
- bosh-io-release: v1.1.0
- bosh-io-stemcell: v1.1.0
- cf: v1.1.1
- docker-image: [v1.6.0](https://github.com/conco...
v7.2.0
🚨 Breaking
- Wait for worker matching strategy when scheduling build steps (#6635) @multimac 🔗
- Previously, if no workers satisfied the container placement strategy for a step (with the exception of
task
steps when using thelimit-active-tasks
placement strategy), the step would simply error the build - Now, all steps will wait for a worker to become available
- The metric
concourse_tasks_waiting
was removed and replaced withconcourse_steps_waiting{type="task"}
- Previously, if no workers satisfied the container placement strategy for a step (with the exception of
✈️ Features
-
Add ability to navigate to resources page from build page (#6662) @chenbh 🔗
UI: clicking on the version text for a get/put step in the Build page will now navigate directly to the Resource page with the corresponding version expanded -
Allow using LDAP as a password connector (#6671) @aoldershaw 🔗
- By setting
--password-connector
($CONCOURSE_PASSWORD_CONNECTOR
) toldap
, you can authenticate to Concourse withfly login -u ... -p ...
using your LDAP credentials- Enabling this feature prohibits the use of local users
- If you use an attribute other than username for authenticating with LDAP (e.g. email address), you can now configure
--username-prompt
($CONCOURSE_USERNAME_PROMPT
) to change the help text when logging in via the UI
- By setting
-
Optimize check creation in DB (#6845) @aoldershaw 🔗
-
Add DB index to optimize paginating job builds (#6871) @aoldershaw 🔗
-
enhance
put.inputs
detect
to ignore prefixed . and .. (#6705) @evanchaoli 🔗input: detect
now can handle paths prefixed by.
and..
.
🐞 Bug Fixes
-
Fix empty worker tags (#6057) @aholyoake-bc 🔗
-
runtime: check if swap limits is enabled (#6652) @taylorsilva 🔗
- The containerd runtime will conditionally set memory swap limits if it detects that memory swap limits are enabled
-
runtime: timeout set to 0 means there is no timeout (#6655) @EstebanFS 🔗
- When
CONCOURSE_CONTAINERD_REQUEST_TIMEOUT
is set to 0 that means there is no timeout
- When
-
feat(atc): add check build metrics. (#6656) @evanchaoli 🔗
- Fixed metrics
BuildsStarted
,BuildsRunning
,BuildStarted
,BuildFinsished
to exclude check builds. - Added check build metrics:
CheckBuildsStarted
,CheckBuildsRunning
,CheckBuildStarted
,CheckBuildFinsished
- Fixed metrics
-
better handling for containerd error message (#6668) @muntac 🔗
- Fixed a bug with the
containerd
runtime where gracefully stopping a container might have failed with an unhandled error. Now it gracefully shuts down.
- Fixed a bug with the
-
Prevent UI from stalling when you keep the resource page open for a while (#6703) @aoldershaw 🔗
-
move migration table updating SQL into a migration transaction (#6727) @xtremerui 🔗
Fix a bug where a completed migration was not recorded inmigrations_history
table -
Build image resource caches foreign key constraint to job ids should be on delete cascade (#6757) @clarafu 🔗
- This change fixes a bug that was introduced in v7.1.0 where deleting a pipeline could possibly result in a
500 error
. This was caused by a foreign key constraint within thebuild_image_resource_caches
table referencing a job in thejobs
table.
- This change fixes a bug that was introduced in v7.1.0 where deleting a pipeline could possibly result in a
-
Fix race condition in
containerd
runtime resulting in lost output for quickly printing-then-exiting processes (#6776) @vito 🔗 -
update check metrics comments. (#6858) @evanchaoli 🔗
- Just update code comments, no release impact.
🤷 Miscellaneous
-
Bump dex to 0.4.0 and remove pkger (#6669) @aoldershaw 🔗
-
fix go mod (#6716) @aoldershaw 🔗
-
more lenient context deadline checking for containerd graceful process termination (#6717) @aoldershaw 🔗
Very rarely graceful shutdowns will return a context timeout error instead of gracefully shutting down. -
fix font antialiasing issue due to
less
dependency bump (#6739) @aoldershaw 🔗 -
Don't enforce step timeout during worker selection (#6760) @aoldershaw 🔗
-
Avoid task specific error in
load_var
file
artifact look-up (#6829) @kjgorman 🔗 -
remove accidentally committed sql in migration (#6841) @xtremerui 🔗
-
add
release/undocumented
labels to dependabot (#6842) @chenbh 🔗 -
.github: add template for rfc tracking issue (#6844) @vito 🔗
-
Remove unused ci folders (#6870) @taylorsilva 🔗
-
[release/7.2.x] add help text for password connector flag (#6877) @aoldershaw 🔗
📦 Bundled resource types
v6.7.6
🐞 Bug Fixes
-
backport #6197: Prevent retrying on worker error when build is aborted (#6598) @evanchaoli 🔗
-
Bump lib/pq to 1.10.0 which fixes a regression in lib/pq where under certain circumstances the driver would not drop dead connections and never recover. (#6746) @taylorsilva 🔗
-
Fix a panic in the New Relic metrics emitter (#6747) @taylorsilva 🔗
🤷 Miscellaneous
-
6.7 remove packr backport (#6585) @xtremerui 🔗
-
switch
base_image
build arg to lowercase (#6754) @aoldershaw 🔗
📦 Bundled resource types
v7.1.0
✈️ Features
-
Allow favoriting instance groups (#6465) @aoldershaw 🔗
-
Start non-privileged containers in their own cgroup namespace (#6492) @muntac 🔗
-
Change SideBar "menu" icon (#6516) @chenbh 🔗
- Updated the visuals for the button to open and close the sidebar
-
Adjust spacing and padding for elements in pipeline card view in Dashboard (#6539) @xtremerui 🔗
-
Show warning for pipelines configured with 'set_pipeline' step (#6621) @Infra-Red 🔗
fly set-pipeline
now prints warning message when the pipeline has already been configured through aset_pipeline
step.
-
Bump baggageclaim to v1.11.0 (#6643) @taylorsilva 🔗
- Privileged container initialization will be much faster for workers using OverlayFS as the baggageclaim driver and if their kernel supports OverlayFS's metacopy feature
🐞 Bug Fixes
-
Skip build log reaping process for paused jobs (#6573) @aoldershaw 🔗
-
Fix reaped link in UI (#6579) @aoldershaw 🔗
-
containerd: fix mount issues with certain images (#6592) @aoldershaw 🔗
- Fix an issue on the containerd runtime where processes fail to run with certain container images
-
Check parent resource types of resources that have set
check_every: never
(#6603) @taylorsilva 🔗- Resources that had
check_every: never
who's type was defined inresource_types
in their pipeline, would fail to check because the parent resource type would never be checked
- Resources that had
-
Bump elm-ansi to support 8-bit and 24-bit ANSI colors (#6605) @aoldershaw 🔗
- Fixes a bug where ANSI escape codes for 8-bit/24-bit colors were misinterpreted, resulting in build logs blinking and other peculiarities
-
Only interpolate static vars when it does not contain a source (#6619) @chenbh 🔗
- Fixed bug where static vars from
fly set-pipeline -v ... -y ...
were interpolated into local vars((.:var))
- Fixed bug where static vars from
-
containerd: infer MTU from host's network interface (#6624) @aoldershaw 🔗
- In prior versions of Concourse, the Containerd runtime always set the MTU of the container bridge network to the system default
- Now, the Containerd matches Guardian's behavior by:
- Detecting the external IP of the host (can be set explicitly using
CONCOURSE_CONTAINERD_EXTERNAL_IP
) - Extracting the MTU from the network interface corresponding with that IP (can be set explicitly using
CONCOURSE_CONTAINERD_MTU
)
- Detecting the external IP of the host (can be set explicitly using
🤷 Miscellaneous
-
Cache streamed volumes and try to get by looking for local cache (#6495) @evanchaoli 🔗
- was reverted #6659 due to multiple bugs found in testing
-
Switch migrations + web assets to Go 1.16 embedding (#6550) @vito 🔗
-
Cleanup from staticcheck (#6561) @taylorsilva 🔗
-
Update fake files generated by latest version of counterfeiter. (#6564) @evanchaoli 🔗
-
Default to containerd in docker-compose.yml (#6580) @aoldershaw 🔗
-
Bump elliptic from 6.5.3 to 6.5.4 (#6653) @dependabot 🔗
-
Revert "feat(atc): cache streamed volumes and try to get by looking for local cache" (#6659) @clarafu 🔗
📦 Bundled resource types
v7.0.0
🚨 Breaking
-
Run checks as builds (#6022) @vito 🔗
- Breaking change:
unique_version_history
can no longer be configured on resource types. No one seemed to be using it, and it made internal architecture unnecessarily complicated. The need for it should go away entirely as we make progress on the v10 roadmap. - Resource
check
operations, which collect and save versions for pipeline resources, are now run as builds.- This is largely an internal architecture refactor, but it also improves UX - check output can now be viewed on the resource page!
fly check-resource
andfly check-resource-type
now stream the checking output to the user, just likefly watch
andfly trigger-job
.- This change includes a migration to convert
id
column of thebuilds
table and all tables referencingbuild_id
to abigint
. This is unfortunately a slow migration, so please anticipate downtime proportional to the amount of builds in your database.- If the migration fails with
deadlock detected
, shut down the otherweb
nodes first. - Our large-ish scale test environment took about an hour.
- If the migration fails with
- Breaking change:
-
Remove
aggregate
step (#6349) @taylorsilva 🔗- Removing the
aggregate
step as planned. It is succeeded by thein_parallel
step.
- Removing the
✈️ Features
-
The formerly-experimental
containerd
runtime is now GA and is considered ready for production use 🔗- We will be changing the default container runtime from Guardian to
containerd
in coming releases, but we encourage using thecontainerd
runtime ASAP - To enable the
containerd
runtime, set--runtime
($CONCOURSE_RUNTIME
) tocontainerd
on theconcourse worker
command - You will also need to convert any
--garden-*
($CONCOURSE_GARDEN_*
) flags to theircontainerd
counterparts:--garden-request-timeout
($CONCOURSE_GARDEN_REQUEST_TIMEOUT
) ->--containerd-request-timeout
($CONCOURSE_CONTAINERD_REQUEST_TIMEOUT
)--garden-dns-proxy-enable
($CONCOURSE_GARDEN_DNS_PROXY_ENABLE
) ->--containerd-dns-proxy-enable
($CONCOURSE_CONTAINERD_DNS_PROXY_ENABLE
)--garden-network-pool
($CONCOURSE_GARDEN_NETWORK_POOL
) ->--containerd-network-pool
($CONCOURSE_CONTAINERD_NETWORK_POOL
)--garden-max-containers
($CONCOURSE_GARDEN_MAX_CONTAINERS
) ->--containerd-max-containers
($CONCOURSE_CONTAINERD_MAX_CONTAINERS
)$CONCOURSE_GARDEN_DENY_NETWORKS
->--containerd-restricted-network
($CONCOURSE_CONTAINERD_RESTRICTED_NETWORK
)$CONCOURSE_GARDEN_DNS_SERVER
->--containerd-dns-server
($CONCOURSE_CONTAINERD_DNS_SERVER
)
- If you rely on any Garden config that is not yet supported on our containerd runtime, please open an issue
- We will be changing the default container runtime from Guardian to
-
Perform image fetching using check/get sub-steps (#6153) @vito 🔗
- Image fetching for resources and resource types is now handled explicitly in the build plan using
check
andget
steps, and can be inspected in the UI
- Image fetching for resources and resource types is now handled explicitly in the build plan using
-
Enforce SetPipeline policy check in
set_pipeline
step (#5932) @cludden 🔗- When OPA integration is enabled, the
set_pipeline
step now respects the same policy check asfly set-pipeline
- When OPA integration is enabled, the
-
Speed up database queries by adding a
job_id
column to build image resource caches table and adding an index for ordering builds of a job (#5993) @clarafu 🔗 -
Allow globs in groups (#6060) @andy-paine 🔗
groups
in a pipeline can now match jobs based on globs e.g.:groups: - name: deploy jobs: - deploy-*
-
Add flag to concourse worker to overwrite init binary path for the
containerd
runtime (#6086) @chenbh 🔗- The init binary can be configured using the
--containerd-init-bin
flag ($CONCOURSE_CONTAINERD_INIT_BIN)
- The init binary can be configured using the
-
Make CNI plugins directory configurable for the
containerd
runtime (#6120) @muntac 🔗- CNI plugins directory can be configured using the
--containerd-cni-plugins-dir
flag ($CONCOURSE_CONTAINERD_CNI_PLUGINS_DIR
)
- CNI plugins directory can be configured using the
-
Fallback
fly intercept
tosh
whenbash
is missing (#6098) @shua 🔗- If no command is specified,
fly intercept
will first try to usebash
for an interactive shell, but if the container returns an error indicatingbash
is not available,fly
will fallback to the more common (but more limited)sh
- If this fallback logic is not desired, the user can explicitly specify
bash
as the path argument to thefly intercept
command
- If no command is specified,
-
Add Honeycomb.io as optional tracing backend (#6103) @spire-allyjweir 🔗
-
[experimental] Group instanced pipelines on UI (#6105) @aoldershaw 🔗
- Instanced pipelines (RFC) provide a mechanism for constructing multiple instances of a pipeline template that differ by some parameters
- e.g. to support multiple release lines, you may have a collection of instanced pipelines called
release
that differ by theversion
line (1.0.x
,1.1.x
,2.0.x
, etc.)
- e.g. to support multiple release lines, you may have a collection of instanced pipelines called
- All instanced pipelines with the same name (but different parameters) will be collected in the UI into a grouping of related pipelines, removing clutter from the dashboard when there are many instances of a pipeline template
- Instanced pipelines are currently experimental until we work out the UX, but if you'd like to play around with them, you can set the flag
--enable-pipeline-instances
($CONCOURSE_ENABLE_PIPELINE_INSTANCES
)
- Instanced pipelines (RFC) provide a mechanism for constructing multiple instances of a pipeline template that differ by some parameters
-
Update go module dependencies [go.opentelemetry.io/otel] (#6106) @christophermancini 🔗
-
Implement support for Vault KV v2 backends (#6115) @daviddob 🔗
-
add support for exporting traces via OTLP (#6122) @christophermancini 🔗
- Added support for OTLP as a target for traces to be exported to
-
Add index to speed up build deletion, fix up a few issues with checks as builds (#6125) @vito 🔗
-
Add
--team
flag tofly order-pipelines
command (#6132) @witjem 🔗 -
Add
--team
option tofly get-pipeline
command (#6144) @techgaun 🔗 -
Add
--team
option tofly expose-pipeline
command (#6169) @techgaun 🔗 -
Ensure pipelines contain at least one job (#6159) @taylorsilva 🔗
...