Concourse is a container-based continuous thing-doer written in Go and Elm.

Overview

Concourse: the continuous thing-doer.

Discord Build Contributors Help Wanted

Concourse is an automation system written in Go. It is most commonly used for CI/CD, and is built to scale to any kind of automation pipeline, from simple to complex.

booklit pipeline

Concourse is very opinionated about a few things: idempotency, immutability, declarative config, stateless workers, and reproducible builds.

The road to Concourse v10

Concourse v10 is the code name for a set of features which, when used in combination, will have a massive impact on Concourse's capabilities as a generic continuous thing-doer. These features, and how they interact, are described in detail in the Core roadmap: towards v10 and Re-inventing resource types blog posts. (These posts are slightly out of date, but they get the idea across.)

Notably, v10 will make Concourse not suck for multi-branch and/or pull-request driven workflows - examples of spatial change, where the set of things to automate grows and shrinks over time.

Because v10 is really an alias for a ton of separate features, there's a lot to keep track of - here's an overview:

Feature RFC Status
set_pipeline step #31 v5.8.0 (experimental), TODO: #5814
Var sources for creds #39 v5.8.0 (experimental), TODO: #5813
Archiving pipelines #33 v6.5.0
Instanced pipelines #34 v7.0.0 (experimental, not released yet)
Static across step 🚧 #29 v6.5.0 (experimental)
Dynamic across step 🚧 #29 🙏 RFC needs feedback!
Projects 🚧 #32 🙏 RFC needs feedback!
load_var step #27 v6.0.0 (experimental)
get_var step #27 🚧 #5815 in progress!
Prototypes #37 Pending first use of protocol (any of the below)
run step 🚧 #37 Pending its own RFC, but feel free to experiment
Resource prototypes #38 🙏 #5870 looking for volunteers!
Var source prototypes 🚧 #6275 planned, may lead to RFC
Notifier prototypes 🚧 #28 RFC not ready

The Concourse team at VMware will be working on these features, however in the interest of growing a healthy community of contributors we would really appreciate any volunteers. This roadmap is very easy to parallelize, as it is comprised of many orthogonal features, so the faster we can power through it, the faster we can all benefit. We want these for our own pipelines too! 😆

If you'd like to get involved, hop in Discord or leave a comment on any of the issues linked above so we can coordinate. We're more than happy to help figure things out or pick up any work that you don't feel comfortable doing (e.g. UI, unfamiliar parts, etc.).

Thanks to everyone who has contributed so far, whether in code or in the community, and thanks to everyone for their patience while we figure out how to support such common functionality the "Concoursey way!" 🙏

Installation

Concourse is distributed as a single concourse binary, available on the Releases page.

If you want to just kick the tires, jump ahead to the Quick Start.

In addition to the concourse binary, there are a few other supported formats. Consult their GitHub repos for more information:

Quick Start

$ wget https://concourse-ci.org/docker-compose.yml
$ docker-compose up
Creating docs_concourse-db_1 ... done
Creating docs_concourse_1    ... done

Concourse will be running at 127.0.0.1:8080. You can log in with the username/password as test/test.

Next, install fly by downloading it from the web UI and target your local Concourse as the test user:

$ fly -t ci login -c http://127.0.0.1:8080 -u test -p test
logging in to team 'main'

target saved

Configuring a Pipeline

There is no GUI for configuring Concourse. Instead, pipelines are configured as declarative YAML files:

resources:
- name: booklit
  type: git
  source: {uri: "https://github.com/vito/booklit"}

jobs:
- name: unit
  plan:
  - get: booklit
    trigger: true
  - task: test
    file: booklit/ci/test.yml

Most operations are done via the accompanying fly CLI. If you've got Concourse installed, try saving the above example as booklit.yml, target your Concourse instance, and then run:

fly -t ci set-pipeline -p booklit -c booklit.yml

These pipeline files are self-contained, maximizing portability from one Concourse instance to the next.

Learn More

Contributing

Our user base is basically everyone that develops software (and wants it to work).

It's a lot of work, and we need your help! If you're interested, check out our contributing docs.

Comments
  • Resources failing in Kubernetes with Google Container-Optimized OS after upgrade to 3.1.0

    Resources failing in Kubernetes with Google Container-Optimized OS after upgrade to 3.1.0

    Bug Report

    • Concourse version: 3.1.0
    • Deployment type (Docker):
    • Infrastructure/IaaS: Kubernetes

    After upgrade to 3.1.0 all git and time resources are failing checks with:

    runc create: exit status 1: container_linux.go:264: starting container process caused "process_linux.go:339: container init caused \"rootfs_linux.go:57: mounting \\\"/worker-state/3.1.0/assets/bin/init\\\" to rootfs \\\"/worker-state/volumes/live/26e7c69d-69fc-4f0f-507d-4b30c461a78f/volume\\\" at \\\"/worker-state/volumes/live/26e7c69d-69fc-4f0f-507d-4b30c461a78f/volume/tmp/garden-init\\\" caused \\\"open /worker-state/volumes/live/26e7c69d-69fc-4f0f-507d-4b30c461a78f/volume/tmp/garden-init: permission denied\\\"\""
    

    Other resources seems to check fine

    needs-investigation stack/docker stack/kubernetes ops/day1 
    opened by ese 70
  • Using external credential managers for build credentials

    Using external credential managers for build credentials

    Motivation

    There are so many credentials flowing through a Concourse server at the moment that it's keeping me up at night. Some of this risk can be mitigated by fetching the secrets as late as possible and using pipeline templates to insert them into the pipeline. This at least means that you'll never have the pipeline secrets stored on local workstations.

    This isn't good enough.

    Credentials are still stored in the Concourse database, aren't internally rotated, and do not have any audit trail as to which jobs and builds used them. Let's fix these things.

    Goals

    • Build credentials are never stored on a disk (apart from in Vault where they are stored encrypted).
    • Build credentials are never stored locally when setting the pipeline using fly.
    • An audit trail of which build used a secret and when it used it should be visible.

    Proposal

    I don't want to have to build a secret management system. This means that we're looking to use one of the existing ones. There are a few to choose from in this regard but I'd like to go forward by using Vault. Vault seems to strike the right balance of confidence in implementation, good technical decisions, and generically usable. I'm not ruling out the ability to use a different secret store in the future. In fact, a good implementation of this proposal would allow pluggable secret stores with minimal effort.

    So, what would this look like?

    resources:
    - name: s3-file
      type: s3
      source:
        access_key_id: {{!vault.s3-file.access_key_id}}
        secret_access_key: {{!vault.s3-file.secret_access_key}}
    

    Here we have a snippet of pipeline configuration. Everything looks normal except the secrets on the last 2 lines. This would be a new syntactic convention that the regular templating would ignore and pass directly up to the server. When the server needed to do something that required a realized value of one of these references it would fetch it as late as possible from the server and then handle revoking it once it isn't required anymore. This means that (assuming Vault is set up correctly) each check run and each build would get a single use credential that would become invalid immediately. This is rad. :100:

    The syntax shown above is not finalized but needs to have a few components:

    • vault refers to the name of the secret store from which the credential should be fetched. This would allow multiple stores per Concourse server as long as they were all named uniquely. A secret store should probably belong to a team rather than being global.
    • s3-file refers to the name of the secret inside Vault.
    • access_key_id and secret_access_key refer to the attributes on the secret.

    Open Questions

    • What if the server goes down in the middle of using one of these secrets. Who revokes it?
    • How does Concourse authenticate with the secret store? Does this just move the problem?

    Risks

    • Yet another thing to deploy next to Concourse in order to use the feature. This moves away from secure by default. This could be partially mitigated by making it easy for people to get started with Vault. (BOSH release, adding something to the monolithic binaries)
    security 
    opened by xoebus 64
  • Ability to re-trigger failed build with the same input versions

    Ability to re-trigger failed build with the same input versions

    When using the new version: every configuration for a get task, it is possible to arrive at a state where you have multiple builds of the same job running at the same time. If an earlier build fails, there is no way to re-trigger it with the same set of inputs. We haven't been able to determine a useful workaround; setting serial: true doesn't really help in this scenario, because the next build will start as soon as the first one fails.

    It would be helpful if there were a way to re-trigger the job with the same inputs as a particular build (failed or otherwise).

    Let us know if you need more details on this scenario or our desired fix. Thanks!

    @davewalter and @rmasand

    web-ui core/build-plan enhancement release/documented 
    opened by davewalter 56
  • New resource interface (+ add versioning)

    New resource interface (+ add versioning)

    Proposed changes

    1. Rename in and out scripts to get and put. These are confusingly named something different because a long time ago jobs just had _in_puts and _out_puts.
    2. Run ./check, ./get, and ./put, and ./info (see next point) rather than /opt/resource/X. Having them in /opt is a bit Linux-specific and assumes containers have their own chroot, which is not the case on Darwin or Windows.
    3. Add a info script which prints the resource's API version, e.g. {"version":"2.0"}. This will start at 2.0. If /info does not exist we'll execute today's resource interface behavior.
    4. Change get to not emit the version or metadata. This was from when in didn't know what it was fetching until it was done. It should now be an error if it can't fetch the requested version. We'll also move all metadata collection to check (see point 8).
    5. Add a delete action, which looks like put (can be given files and params to determine what to delete) but returns the set of versions that it deleted. This is to support bulk deletes, e.g. to garbage collect intermediate artifacts after a final build is shipped.
    6. Remove the source and destination arguments passed to get and put - just make it the working directory.
    7. Give check an official scratch space, which is the current working directory. No real semantics change here, just consistency with get and put, and potential for future behavior like reusing the scratch space but not reusing check containers for extended periods. Note: we've introduced /scratch recently so this change may just mean making that the work-dir.
    8. Move all metadata emitting to check, so that it's always present. The original thought was that metadata collection may be expensive, but so far we haven't seen that to be the case.
    9. Change put to emit an array of versions, rather than just one, and without metadata. Technically the git resource may push many commits, so this is necessary to track them all as outputs of a build. This could also support batch creation. Notably, the versions emitted by put are ordered chronologically, so that the dependent get knows to fetch the latest version. We would save them internally, along with an association with the build, and rely on check to determine the final ordering and metadata, being careful to not leave gaps in the version history (i.e. other commits pushed slightly before the put registered the build's).
    10. Change put to write to a specified file, rather than stdout, so that we don't have to be attached to process its response. This is one of the few ways a build can error after the ATC reattaches (unexpected end of JSON). With it written to a file, we can just try to read the file when we re-attach after seeing that the process exited. This also frees up stdout/stderr for normal logging, which has been an occasional pitfall during resource development/debugging.
    11. Remove the distinction between source and params; resources will receive a single config. The distinction will remain in the pipeline. This makes it easier to implement a resource without planning ahead for interesting dynamic vs. static usage patterns, and will get more powerful with #684.
    core/flow core/build-plan enhancement wontfix 
    opened by vito 54
  • Aggregate issue: builds stuck in

    Aggregate issue: builds stuck in "pending" state

    There have been a few reports lately of jobs being unable to schedule. It's been difficult for us to progress on this as we never see it ourselves and there's generally not enough information provided to find a smoking gun. Which is no one's fault really - we haven't given great instructions as to what information would be valuable and how to collect it! So, that's what this issue is for.

    If you're seeing this problem, please include a screenshot of the build preparation section of the build view.

    Also answer the following:

    • Are all of your workers present? (fly workers)
    • Is there a check container present for each of the inputs to your job? (fly hijack -c pipeline-name/resource-name)
      • Do any of the check containers have a running /opt/resource/check process? If so, that may be hanging. What resource type is it?
    • What is the uptime of your workers and ATC?
    • Are your workers registered directly (BOSH default) or forwarded through the TSA (binary default/external workers registering with BOSH deployment)?
    • Which IaaS?
      • If you're on GCP, have you configured the MTU of your workers to be 1460 to match the VM? If not, it defaults to 1500, which would cause things to hang.
      • Can you reach the workers from your ATC? (curl http://<worker ip:port>/containers) You can collect the IP + port from fly workers -d.

    In addition to that, the most valuable information will be stack dumps of both the ATC and the TSA.

    You can collect a stack dump from the ATC by running:

    curl http://127.0.0.1:8079/debug/pprof/goroutine?debug=2
    

    ...and from the TSA by sending SIGQUIT and collecting the output from stderr. Note that if you're running the binaries, the above curl command will include the TSA's stack, so don't worry about getting it separately. Also note that SIGQUIT will kill the TSA process, so you'll need to bring it back after. (While you're at it, let us know if that fixed it. :P)

    Thanks all for your patience, sorry we're taking so long to get to the bottom of this.

    bug resiliency 
    opened by vito 52
  • Workers stall due to dropped connection, client doesn't recover, web node leaks goroutines

    Workers stall due to dropped connection, client doesn't recover, web node leaks goroutines

    Bug Report

    In our large-scale algorithm test environment, workers gradually stalled over the course of 2 days:

    Screen Shot 2020-01-29 at 10 36 01 AM

    In investigating one of the workers, the machine seemed fine, but its logs showed that it simply stopped heartbeating. It must have been stuck somewhere.

    lsof -p <worker pid> revealed that there wasn't even an active connection to the TSA anymore (port 222).

    Through this time, web node memory usage and goroutines crept up:

    Screen Shot 2020-01-29 at 10 36 39 AM

    Upon restarting all of the workers (i.e. bosh restart worker), the web goroutines dropped dramatically, and the memory usage slightly recovered (note: these graphs are over the past hour):

    Screen Shot 2020-01-29 at 10 38 54 AM

    Steps to Reproduce

    Not sure yet. May need to just chaos test this.

    Expected Results

    I would expect the worker client to notice that the connection is broken and to recover/reconnect.

    Actual Results

    The worker client hung forever and stopped heartbeating/registering.

    Additional Context

    Goroutine dumps: https://gist.github.com/vito/a53e8b484a3d254a0872ebe7f5d15773

    The dumps are large; I would recommend cloning the gist instead:

    $ git clone https://gist.github.com/vito/a53e8b484a3d254a0872ebe7f5d15773
    

    Version Info

    • Concourse version: master
    • Deployment type (BOSH/Docker/binary): BOSH
    • Infrastructure/IaaS: GCP
    • Browser (if applicable): n/a
    • Did this used to work? probably not
    bug resiliency epic domain/runtime 
    opened by vito 49
  • Random DNS resolution issues on workers (5.4.0)

    Random DNS resolution issues on workers (5.4.0)

    After upgrading to 5.4.0, it looks like our workers are seeing seemingly random DNS resolution failures.

    14 minutes into the build (after downloading things successfully from a host), dns resolution randomly fails.

    Here's an example:

    Resolving package dependencies ...
    --2019-07-23 18:38:54--  https://eu.hpkg.haiku-os.org/haikuports/master/build-packages//packages/groff-1.22.3-1-x86_64.hpkg
    Resolving eu.hpkg.haiku-os.org (eu.hpkg.haiku-os.org)... 62.210.188.85
    Connecting to eu.hpkg.haiku-os.org (eu.hpkg.haiku-os.org)|62.210.188.85|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 7633254 (7.3M) [application/octet-stream]
    Saving to: 'download/groff-1.22.3-1-x86_64.hpkg'
    
    download/groff-1.22.3-1-x86_64.hpkg                                                                                          100%[==============================================================================================================================================================================================================================================================================================================================================>]   7.28M  6.30MB/s    in 1.2s    
    
    2019-07-23 18:38:56 (6.30 MB/s) - 'download/groff-1.22.3-1-x86_64.hpkg' saved [7633254/7633254]
    
    --2019-07-23 18:38:56--  https://eu.hpkg.haiku-os.org/haikuports/master/build-packages//packages/libiconv-1.15-4-x86_64.hpkg
    Resolving eu.hpkg.haiku-os.org (eu.hpkg.haiku-os.org)... failed: Temporary failure in name resolution.
    wget: unable to resolve host address 'eu.hpkg.haiku-os.org'
    
    export imagePath="haiku.image"
    export isImage="1"
    export isVMwareImage=""
    ../haiku-git/build/scripts/build_haiku_image /tmp/build/e05da604/generated.x86_64/./haiku.image-init-vars /tmp/build/e05da604/generated.x86_64/./haiku.image-make-dirs /tmp/build/e05da604/generated.x86_64/./haiku.image-copy-files /tmp/build/e05da604/generated.x86_64/./haiku.image-extract-files
    
    ...failed BuildHaikuImage1 haiku.image ...
    ...removing haiku.image
    
    BUILD FAILURE:
    ...failed updating 1 target(s)...
    ...skipped 1 target(s)...
    ...updated 14957 target(s)...
    

    a wget works as expected, then 5 seconds later a wget from the same host fails to resolve.

    bug wontfix 
    opened by kallisti5 44
  • can not login after upgrading to 4

    can not login after upgrading to 4

    i have the following set for my web config

    CONCOURSE_BASIC_AUTH_USERNAME=admin
    CONCOURSE_BASIC_AUTH_PASSWORD=xxxxxx
    CONCOURSE_EXTERNAL_URL=https://ci.xxxx.com
    
    CONCOURSE_MAIN_TEAM_LOCAL_USER=admin
    CONCOURSE_ADD_LOCAL_USER=admin:xxxxxx
    CONCOURSE_MAIN_TEAM_ALLOW_ALL_USERS=true
    

    now when i try and login, it just sits there spinning. if i look in the inspector i can see it pending on

    https://ci.xxxx.com/sky/callback?code=btkstm4h47f23yugenht5v5s2&state=eyJyZWRpcmVjdF91cmkiOiIvIiwiZW50cm9weSI6IjQzNWY1N2NiZDNiMWZmYTMzNGZmNGUxYmRhOThmYjMxNzUxNTg4YThhYzFkNDQ2N2QxMGJkMmYyMzkyOTg1MzIifQ%3D%3D

    it will finally time out after a while.

    in the logs i see

    Aug  4 00:21:36 ip-10-200-1-205 concourse[4491]: {"timestamp":"1533342096.544905424","source":"atc","message":"atc.dex.event","log_level":1,"data":{"fields":{},"message":"login successful: connector \"local\", name=\"\", email=\"admin\", groups=[]","session":"5"}}
    

    if i put in the wrong login info it instantly comes back and says bad login/password. when it does work it seems to just timeout.

    after it times out i see this in the log:

    Aug 4 00:27:10 ip-10-200-1-205 concourse[4491]: {"timestamp":"1533342430.388325930","source":"atc","message":"atc.sky.callback.failed-to-fetch-dex-token","log_level":2,"data":{"error":"Post https://ci.wizr.com/sky/issuer/token: dial tcp 34.210.127.211:443: i/o timeout","session":"4.277"}}

    bug accepted regression 
    opened by phynias 43
  • Trigger job with custom parameters

    Trigger job with custom parameters

    Feature Request

    What challenge are you facing?

    I want to build a pipeline that has a deploy step that can deploy to many different environments, eg:

    build image -> test image -> deploy

    where the 'deploy' job can deploy to one of several environments. We have a bunch of servers running that different teams use (around 20). Currently, it seems like with concourse, to be able to quickly deploy to any one of those 20 environments, we need to create 20 separate deploy jobs, which is not the ideal (especially when I think about having pipelines for multiple microservices as we build them out).

    A Modest Proposal

    The ideal for us would be if when someone kicks off the 'deploy' job, there would be a UI prompt for them to enter what environment they want (eg 'environment-12') and that gets passed to the appropriate task

    core/build-plan 
    opened by cameron-r 43
  • Allow Concourse to receive git post-commit hooks

    Allow Concourse to receive git post-commit hooks

    We have GHE admins who are having their deployment of GHE face-melted by some over eager polling and a somewhat large dev organization.

    Would it be possible to have concourse accept github post-commit hooks to trigger git-resources? Maybe for other repo resources as well.

    opened by superbeeny 43
  • Implement a new scheduler algorithm for determining job input candidates

    Implement a new scheduler algorithm for determining job input candidates

    Tentative issue to track known issues with the current algorithm and track any progress/thoughts on a new algorithm to replace it.

    Problems with the current algorithm:

    • It loads up all versions and build inputs and outputs for the entire pipeline, meaning memory use and network transfer from the DB will increase as this data set grows. This is also slow as it involves a bunch of joins across a ton of data. See #2624, #3487, #3426.
      • We are also careful to cache this so it's only loaded when the data changes, but that can only help so much - periodic jobs or resources will invalidate the cache anyway.
    • The algorithm itself is fairly brutal; it's hella optimized but prone to worst-case scenarios where it churns and uses a ton of CPU. And it's difficult to instrument without slowing it down.

    An experimental new algorithm lives on the algorithm-experiment branch.

    efficiency bump/major core/scheduling enhancement release/documented sred 
    opened by vito 41
  • DB Deadlock For 7.9.0 Migration

    DB Deadlock For 7.9.0 Migration

    Summary

    When performing the web node upgrade to 7.9.0, in a rolling fashion, a deadlock occurs for the migration with the bigint change.

    Steps to reproduce

    1. Create a multiple web deployment running on 7.8.3, using a PostgreSQL 12 database (POSTGRES_12_11.R20220710.01_00).
    2. Performing a rolling upgrade to 7.9.0, running a single web node at a time.
    3. Use the "migrate", "--migrate-to-latest-version" command when performing the first upgrade.

    Expected results

    The migrate tool is able to acquire the appropriate locks to perform the upgrade, even while older web nodes are still running.

    My expected results are interpreted from: https://concourse-ci.org/upgrading-concourse.html#upgrading-the-web-node

    Actual results

    Container logs: error: migration '1653924132_int_to_bigint.up.sql' failed and was rolled back: pq: deadlock detected

    DB Logs:

    2022-12-20 22:05:10.887 UTC [793672]: [38-1] db=concourse,user=concourse_rw STATEMENT:  ALTER SEQUENCE resource_config_versions_id_seq AS bigint;
    
    ALTER TABLE build_comments
        ALTER COLUMN build_id TYPE bigint;
    
    ALTER TABLE successful_build_outputs
        ALTER COLUMN rerun_of TYPE bigint;
    
    ALTER TABLE jobs
        ALTER COLUMN first_logged_build_id TYPE bigint;
    
    ALTER TABLE containers
        ALTER COLUMN meta_build_id TYPE bigint;
    

    db=concourse,user=concourse_rw ERROR: deadlock detected

    INFO 2022-12-20T22:05:11.891887Z 2022-12-20 22:05:11.890 UTC [793672]: [40-1] db=concourse,user=concourse_rw DETAIL: Process 793672 waits for AccessExclusiveLock on relation 18103 of database 16426; blocked by process 791090. Process 791090 waits for AccessShareLock on relation 18054 of database 16426; blocked by process 793672. Process 793672: ALTER SEQUENCE resource_config_versions_id_seq AS bigint; ALTER TABLE build_comments ALTER COLUMN build_id TYPE bigint; ALTER TABLE successful_build_outputs ALTER COLUMN rerun_of TYPE bigint; ALTER TABLE jobs ALTER COLUMN first_logged_build_id TYPE bigint; ALTER TABLE containers ALTER COLUMN meta_build_id TYPE bigint; Process 791090: SELECT p.id, p.name, p.groups, p.var_sources, p.display, p.nonce, p.version, p.team_id, t.name, p.paused, p.public, p.archived, p.last_updated, p.parent_job_id, p.parent_build_id, p.instance_vars, p.paused_by, p.paused_at FROM pipelines p LEFT JOIN teams t ON p.team_id = t.id LEFT JOIN jobs j ON (j.id = p.parent_job_id) LEFT JOIN pipelines parent ON (j.pipeline_id = parent.id) WHERE (p.parent_job_id IS NOT NULL AND p.archived = $1 AND (j.active = $2 OR j.id IS NULL OR parent.archived = $3 OR (p.parent_build_id < j.latest_completed_build_id AND EXISTS ( SELECT 1 FROM builds lb WHERE lb.id = j.latest_completed_build_id AND lb.status = $4 ))))
    

    Additional context

    The blocking process is:

    2022-12-20 22:02:03.201 UTC [791090]: [4-1] db=concourse,user=concourse_rw STATEMENT:  DELETE FROM resource_caches WHERE id NOT IN (SELECT resource_cache_id FROM resource_cache_uses UNION SELECT resource_cache_id FROM resource_configs WHERE resource_cache_id IS NOT NULL UNION SELECT resource_cache_id FROM build_image_resource_caches UNION SELECT r_cache.id FROM next_build_inputs nbi JOIN resources r ON r.id = nbi.resource_id JOIN resource_config_versions rcv ON rcv.version_md5 = nbi.version_md5 AND rcv.resource_config_scope_id = r.resource_config_scope_id JOIN resource_caches r_cache ON r_cache.resource_config_id = r.resource_config_id AND r_cache.version_md5 = rcv.version_md5 JOIN jobs j ON nbi.job_id = j.id JOIN pipelines p ON j.pipeline_id = p.id WHERE p.paused = false) RETURNING id
    

    Triaging info

    • Concourse version: 7.9.0
    • Browser (if applicable): N/A
    • Did this used to work? First time for this specific migration
    bug 
    opened by tgoodsell-tempus 2
  • Release 7.9.1

    Release 7.9.1

    Steps for a new patch release:

    • [ ] Ensure each resource type is pinned to whatever version was last shipped within the MAJOR.MINOR series. This is to avoid accidentally shipping breaking changes in resource types with patch releases.

      • If a patch release is being shipped in order to bump a resource type (e.g. for a CVE or bug fix), pin it to the appropriate version instead.
    • [ ] Go through all the needs-documentation PRs in the release page for your milestone https://project.concourse-ci.org/releases/concourse?milestone=v<M.m.p> and make sure that everything has proper documentation within concourse/docs (if needed). You can organize which PRs by clicking on the button to add whichever label best fits that PR.

      • If it is already documented within concourse/docs, add a release/documented label
      • If there is no documentation and the changes have user impact that should be documented, add the documentation to concourse/docs(or delegate) then add a release/documented label after finished. E.g. the addition of a new step type ( set_pipeline step).
      • If there is no documentation and the changes have user impact that do not need to be documented, add a release/undocumented label. E.g. an experimental feature.
      • If there is no documentation and the changes do not have user impact, add a release/no-impact label. E.g. refactors.
    • [ ] Once the final commit has made it through the pipeline, the create-draft-release job can be triggered. This job will create a draft release within the concourse GitHub release page where you can make any final adjustments or arrangements to the generated release notes. PLEASE NOTE that any manual changes made on the draft release WILL BE OVERWRITTEN if you retrigger the create-draft-release job. Please be sure to only make manual edits AFTER you are sure this is the final run of the job.

      • If you would like to edit the content, you can directly edit the PRs that it was generated from. The title is used for each PR and also the body within the Release Note header in the PR. After you have made your edits within the PR, you can rerun the create-draft-release job in order to regenerate a new release note.

      • If you would like to change the arrangement of the PRs within the release note, you can make the edits directly on the release note of the draft release.

    • [ ] Once everything is ready, the shipit job can be triggered. The publish-binaries job will convert your draft release into a final release including the body of your draft release (which will persist any changes you made to the draft release body). Subsequently, the promote concourse job will run automatically. The publish-docs job runs automatically, as long as the version is actually the latest version available.

    • [ ] The helm-chart pipeline is used to bump & then publish the chart.

      • Merge the release/ branch into master.
      • Next, run the concourse-app-bump job (bumps the app version and image to point to the latest release)
      • Finally, run the publish-chart-{major|minor|patch} job, depending on what has changed in the chart
      • If you make a major bump, be sure to update the CHANGELOG.md in the concourse-chart repo
    opened by xtremerui 0
  • Concourse v7.9.0 requires a version of glibc not available to ubuntu bionic 18.04 (or 20.04?) for worker updates

    Concourse v7.9.0 requires a version of glibc not available to ubuntu bionic 18.04 (or 20.04?) for worker updates

    We ran in to problems trying to install v7.9.0 bosh release on a concourse deployment when using bionic 18.04 ubuntu stemcells. The error was encountered when a worker vm was being updated, relating to the version of glibc, requiring glibc_2.34 or above - but 18.04 has glibc_2.27 (and 20.04 has glibc_2.31). It looks like this requires Jammy 22.04.

    Error from worker.stderr.log:

    + /var/gdn/assets/linux/sbin/iptables -w -F w--input
    /var/gdn/assets/linux/sbin/iptables: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.29' not found (required by /var/gdn/assets/linux/sbin/iptables)
    /var/gdn/assets/linux/sbin/iptables: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /var/gdn/assets/linux/sbin/iptables)
    /var/gdn/assets/linux/sbin/iptables: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /var/gdn/assets/linux/sbin/iptables)
    /var/gdn/assets/linux/sbin/iptables: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /var/gdn/assets/linux/sbin/iptables)
    
    error: Exit trace for group:
    garden exited with error: Exit trace for group:
    gdn exited with error: exit status 1
    

    Instead we successfully installed v7.8.3 with no problems, speculating that the dependancy was introduced with the listed feature 'Bump dependencies for worker runtime to support Ubuntu Jammy Jellyfish'. Is this intended?

    opened by tuddenham 2
  • on_failure not taken into account on in_parallel step with steps:

    on_failure not taken into account on in_parallel step with steps:

    Summary

    When I use an in_parallel step with the parallel steps defined under 'steps:', the on_failure modifier is not taken into account.

    Steps to reproduce

    Config like this:

          - in_parallel:
              fast_fail: true
              steps:
                - task: execute-tu-and-sonar
                  file: repo-common-code/sldng/execute-sonar.yml
                - task: analyze-enf-tester
                  file: repo-common-code/sldng/execute-enf-tester.yml
                  ensure:
                    try:
                      task: sync-test-report-to-s3
                      file: repo-common-code/s3/s3_copy.yml
                - put: image-docker
              on_failure:
                try:
                  task: delete-temporary-image
                  file: repo-common-code/tools/artifactory-delete-image.yml
    

    Expected results

    $ alias fsp='fly -t $CONCOURSE_TARGET sp -c ci/pipeline.yml -p $(basename "$(printf "%q\n" $(pwd))") $CONCOURSE_VARS'
    $ f sp -p test -c ci/pipeline.yml
    $ f gp -p test | yq .jobs.[1].plan.[2]
    in_parallel:
      steps:
        - file: repo-common-code/sldng/execute-sonar.yml
          task: execute-tu-and-sonar
        - ensure:
            try:
              file: repo-common-code/s3/s3_copy.yml
              task: sync-test-report-to-s3
          file: repo-common-code/sldng/execute-enf-tester.yml
          task: analyze-enf-tester
        - put: image-docker
    on_failure:
      try:
        file: repo-common-code/tools/artifactory-delete-image.yml
        task: delete-temporary-image
    

    Actual results

    $ f gp -p test | yq .jobs.[1].plan.[2]
    in_parallel:
      steps:
        - file: repo-common-code/sldng/execute-sonar.yml
          task: execute-tu-and-sonar
        - ensure:
            try:
              file: repo-common-code/s3/s3_copy.yml
              task: sync-test-report-to-s3
          file: repo-common-code/sldng/execute-enf-tester.yml
          task: analyze-enf-tester
        - put: image-docker
    

    Additional context

    Triaging info

    • Concourse version: 7.8.3
    • Browser (if applicable):
    • Did this used to work? never tried
    bug 
    opened by bnoorduin 0
  • Pipeline freezes when managing resource trough set_pipeline

    Pipeline freezes when managing resource trough set_pipeline

    Summary

    When managing the resource trough set_pipeline in concourse pipeline itself, the version history for that resource is wiped since the whole resource changes. After set_pipeline the input, of this resource, for the following job, doesn't trigger the job itself. The resource gets the latest version of the resource (by design I guess). In order for the pipeline to resume, you can trigger the next job manually or pause/unpause pipeline and the next job starts.

    Steps to reproduce

    resources:
    - name: repo
      type: git
      source: 
        branch: main
        password: <password-for-git>
        skip_ssl_verification: true
        submodule_credentials:
        - host: <some-host>
          password: <some-password>
          username: <some-user>
        uri: <uri>
    
    jobs:
      - name: configure-self
        plan:
        - get: repo
          trigger: true
        - set_pipeline: self
          file: <some/path/to/pipeline>
    
      - name: hello
        plan:
          - get: repo
            trigger: true
            passed: [configure-self]
          - task: echo-hello-world
            config:
              platform: linux
              image_resource:
                type: registry-image
                source: { repository: busybox }
              run:
                path: echo
                args: ["Hello world!"]
    

    If you for example change the branch of the resource. The pipeline starts as expected it reconfigures itself and then it freezes before getting the repo in the second task. After set_pipeline, the resource cleans the version history and fetches the latest resource. This seems by design looking at last sentence of version here As I said above even a simple pause/unpause after it triggers the get step, otherwise it remains stuck.

    Expected results

    Concourse pipeline continues with get step, even with a short delay for fetching the latest version.

    Actual results

    Concourse pipeline freezes before get step, although the get step is looking at the previous commit and the resource to the latest

    Additional context

    N/A

    Triaging info

    • Concourse version: 7.8.2
    • Browser (if applicable): N/A
    • Did this used to work? I am not sure, I guess not.
    bug 
    opened by Kump3r 0
  • Concourse worker does not work properly on AWS ECS (if using Amazon Linux 2 or ECS optimized AMI)

    Concourse worker does not work properly on AWS ECS (if using Amazon Linux 2 or ECS optimized AMI)

    Summary

    This is not the issue of Concourse worker itself, but seems to be a combination of how AWS ECS does things and what kernel (and maybe other things) the Amazon Linux 2 AMI has. It can be summarized as follows:

    • Concourse 7.8.3 (worker mode) works just fine if deployed as an ECS task on an Amazon-Linux-2-based ECS EC2 backend (or the ECS-optimized AMI which is also based on Amazon Linux 2).
    • Concourse 7.9.0 (worker mode) does not work properly with the config described above
    • Concourse 7.9.0 (worker mode) does work properly deployed as an ECS task on Ubuntu-based ECS EC2 backend

    Considering that there is an easy workaround (just using Ubuntu), I am not sure if it is worth investigating and fixing but just wanted to let you guys know :-)

    Steps to reproduce

    This bug cannot be reproduced locally (as long as you do not use an Amazon Linux 2 VM). The steps would be:

    • On AWS, deploy an EC2 instance using the Amazon Linux 2 AMI (tested with the latest one) or the ECS-optimized AMI
    • Create an ECS task that runs the concourse worker. As an alternative, you can use the simple golang docker client from this repo which would create a container in a way ECS does. With this, you won't need to bother to create an ECS Cluster etc. The client needs to run on the corresponding EC2 instance.
    • Note that if you use docker directly (e.g. docker run), the worker will work as well.
    • Create a pipeline with a resource derived by this worker. The repo contains a simple example for this.

    Expected results

    The git repo defined in the resource can be cloned.

    Actual results

    The worker based on 7.8.3 can clone the repo and execute tasks as expected. The worker based on 7.9.0 cannot do the same because containers running on it cannot access any non-local host.

    Additional context

    The worker container itself has a properly working networking and DNS. The containers started in the worker container have a broken networking, however, and cannot reach any non-local host at all (inluding the worker container itself).

    Triaging info

    • Concourse version: 7.9.0
    • Browser (if applicable):
    • Did this used to work? Yes, works with 7.8.3
    bug 
    opened by konstl000 3
Releases(v7.9.0)
  • v7.9.0(Dec 2, 2022)

    🚨 Breaking

    • Fix DB out of range error due to build numbers exceed the integer limit (#8390) @xtremerui :link:

      • To allow the migration to run Postgresql version has to be v11+. It happens to be a good timing to drop support of Postgresql v9.6.
    • Fixed a bug of leaking resource cofig scope ids. (#8620) @evanchaoli :link:

      • When global-resources is enabled, resource_config_scopes tables leaked IDs. A side effect of the bug is that unnecessary insert will be performed (see #8618 for details). So, this PR will fix the ID leaking problem and improve performance also.
      • When global-resources is enabled, old resources weren't affected. This fix ensures old resources to switch to global scopes.

      BREAKING: With this change, when switching global-resources from OFF to ON, all resource histories will be lost. It is equivalent to changing source of a resource and causing version history to be lost. Depending on a resource's check behavior, versions may be regenerated.

      If your deployment has turned ON global-resources before the upgrade, or you choose to stay with global-resources OFF, this "breaking" change won't impact your deployment.

      If you upgrade to this version then turn ON global-resources, as described, version histories will lost. You can turn OFF global-resources again and old version histories should come back.

      Note that, if your cluster has turned ON global-resources, and you plan to turn it OFF, no matter what version it is, after turning OFF global-resources, each resource will have an unique version history, thus shared version history will be lost. The behaviour comes with global-resources and it has nothing to do with this change.

    ✈️ Features

    • Bump dependencies for worker runtime to support Ubuntu Jammy Jellyfish

      • Noted, guardian runtime is still under development to fully support Ubuntu Jammy. In fact, it does not work on any linux distribution with cgroups v2 enabled. We decided to bump the dependencies still for users who want to use latest linux distribution and willing to tweak their OS to enable cgroups v1.
    • load_var step supported var interpolation for file and format (#8387) @evanchaoli :link:

    • Enhancement of component scheduling so that workloads are distributed across ATCs more evenly (#8463) @evanchaoli :link:

    • Turn off connection tracker by default and provide an option to turn on. (#8480) @evanchaoli :link:

      • Disable /debug/connections at ATC start time. It can be enabled at runtime by /debug/connections/on or be disabled by /debug/connections/off again.
    • Enhance Vault API client to auto retry upon rate limit. (#8481) @evanchaoli :link:

      • Enhanced Vault credential manager to auto retry when hitting Vault rate limit error. Vault started to support rate limit since 1.5. When setting rate limit on Vault, it's better to enable rate limit HTTP response header by vault write sys/quotas/config enable_rate_limit_response_headers=true, so that the response header Retry-After may guide the Vault API client to retry after a reasonable duration.
    • Remove "check build started" and "check build finished" metrics (#8485) @evanchaoli :link:

      • To monitor checks, use "check started" and "check finished" instead.
    • Support a way to skip implied get after put. (#8492) @evanchaoli :link:

      • Added no_get option to put step to skip implied get. For example:
        - put: email
          no_get: true
          params:
            ...
        
    • Add --check-container-placement-strategy. (#8494) @evanchaoli :link:

    • Explicit error messeges in p2p streaming (#8559) @dhantha :link:

    • New pipelines without build should be paused automatically with a configurable interval. (#8577) @SimonXming :link:

      • Using params pause-pipelines-after, so pipelines could be paused automatically with configurable interval.
    • Stream: Adding new NextEventRaw method (#8588) @gaelL :link:

    • Change id of table resource_config_scopes to bigint (#8606) @evanchaoli :link:
      Convert id column of the resource_config_scopes table and all tables referencing resource_config_scope_id to a bigint.

    • Performance optimize on accessor. (#8613) @evanchaoli :link:
      Optimized performance of the login authentication process, which will benefit large deployments that has a lot teams and a lot of UI/fly accesses.

    🐞 Bug Fixes

    • Since v7.4.0, the Concourse linux tarball in attached binaries has been using the ubuntu version with size 1GB+. Refer to this CI fix for details. Now the linux tarball is set to the version with alpine based resource types again.

    • Add tooltip to username if overflow (#8341) @xtremerui :link:

      • When username is overflowing, show a hovering tooltip with full name in web UI so it won't block buttons below it e.g. trigger build buttons in build page.
    • Fix step header key value UI in build page (#8406) @xtremerui :link:

      • Fix line height of step header in build page when there is sub header like instance vars or across
    • Fixed a bug of error invalidated-worker-resource-cache-exists (#8416) @evanchaoli :link:

    • Add missing lock metrics ResourceGet and VolumeStreaming. (#8468) @evanchaoli :link:

    • Check build should not auto retry. (#8493) @evanchaoli :link:

      • If a check happens to drop into endless retry, there is no way to abort a check build.
    • Fix a bad SQL for check gc. (#8500) @evanchaoli :link:

      • Optimized performance of check-build-events collector.
    • Use pq.Array to avoid hitting parameter limits (#8528) @ae-govau :link:

    • Change host to event_host tag for Datadog integration (#8544) @pablokbs :link:

    • Fix bug in testflight suite env var assignment (#8594) @elliot-gould :link:

      • Now it should allow users to use environment variables to override local user credentials properly.
    • Fix across step states bug (#8634) @xtremerui :link:

      • Fix a bug where sub step of across step showing incorrect state.

    🤷 Miscellaneous

    • atc/db/lock: preallocate memory (#8584) @florianl :link:

    • Update k8s-topgun configure for external postgresql by pg v11 chart (#8400) @xtremerui :link:

    • Don’t use ‘here’ as link text (#8467) @quis :link:

    • Rotate vault certs for dev (#8495) @xtremerui :link:

    • Fix json syntax error to enable Renovate bot (#8506) @xtremerui :link:

    • fix(deps): update all dependencies (#8507) @renovate :link:

    • chore(deps): pin dependencies (#8510) @renovate :link:

    • Add resource check before smoke tests (#8546) @xtremerui :link:

    • Update path for example pipeline (#8598) @jjshanks :link:

    • Remove rerun_of int->bigint migrations (#8626) @xtremerui :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.9.0-darwin-amd64.tgz(123.77 MB)
    concourse-7.9.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.9.0-linux-amd64.tgz(864.45 MB)
    concourse-7.9.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.9.0-windows-amd64.zip(119.95 MB)
    concourse-7.9.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.9.0-darwin-amd64.tgz(27.78 MB)
    fly-7.9.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.9.0-linux-amd64.tgz(27.88 MB)
    fly-7.9.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.9.0-windows-amd64.zip(28.09 MB)
    fly-7.9.0-windows-amd64.zip.sha1(70 bytes)
  • v6.8.0(Nov 4, 2022)

    🚨 Breaking

    • If guardian runtime is enabled in your Concourse deployment, do not upgrade to this version as the latest library of guardian has backward compatibility issue that might not work in Ubuntu 18.04 or 20.04.

    ✈️ Features

    • Bump dependencies for worker runtime to support Ubuntu Jammy Jellyfish by @xtremerui in https://github.com/concourse/concourse/pull/8609
      • Noted, guardian runtime is still under development to fully support Ubuntu Jammy. In fact, it does not work on any linux distribution with cgroups v2 enabled. We decided to bump the dependencies still for users who want to use latest linux distribution and willing to tweak their OS to enable cgroups v1.

    🤷 Miscellaneous

    • Fix container memory limit tests in integration by @xtremerui in https://github.com/concourse/concourse/pull/8611
    • Add buildvcs=false to go build in integration tests by @xtremerui in https://github.com/concourse/concourse/pull/8612

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.8.0-darwin-amd64.tgz(117.76 MB)
    concourse-6.8.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.8.0-linux-amd64.tgz(1346.10 MB)
    concourse-6.8.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.8.0-windows-amd64.zip(113.84 MB)
    concourse-6.8.0-windows-amd64.zip.sha1(76 bytes)
    fly-6.8.0-darwin-amd64.tgz(26.40 MB)
    fly-6.8.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.8.0-linux-amd64.tgz(26.52 MB)
    fly-6.8.0-linux-amd64.tgz.sha1(68 bytes)
    fly-6.8.0-windows-amd64.zip(26.72 MB)
    fly-6.8.0-windows-amd64.zip.sha1(70 bytes)
  • v6.7.9(Oct 12, 2022)

    :link: security

    • Fix team name overwritten bug

      • All Concourse versions prior to v6.7.9 is vulnerable to parameter pollution that allows authorization bypass in functionality that is meant to restrict cross team actions. An user in any team could make certain http requests to trigger unauthorized activity for other teams like pausing pipelines, re-triggering builds or exposing pipelines. (#8581)
    • Bump Dex to v2.35.1 for CVE-2022-39222. (#8582)

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.9-darwin-amd64.tgz(106.82 MB)
    concourse-6.7.9-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.9-linux-amd64.tgz(1240.33 MB)
    concourse-6.7.9-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.9-windows-amd64.zip(102.89 MB)
    concourse-6.7.9-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.9-darwin-amd64.tgz(23.81 MB)
    fly-6.7.9-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.9-linux-amd64.tgz(23.91 MB)
    fly-6.7.9-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.9-windows-amd64.zip(23.86 MB)
    fly-6.7.9-windows-amd64.zip.sha1(70 bytes)
  • v7.8.3(Oct 12, 2022)

    :link: security

    • Fix team name overwritten bug

      • All Concourse versions prior to v7.8.3 is vulnerable to parameter pollution that allows authorization bypass in functionality that is meant to restrict cross team actions. An user in any team could make certain http requests to trigger unauthorized activity for other teams like pausing pipelines, re-triggering builds or exposing pipelines. (#8580 )
    • Bump Dex to v2.35.1 for CVE-2022-39222. (#8579 )

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.8.3-darwin-amd64.tgz(123.85 MB)
    concourse-7.8.3-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.8.3-linux-amd64.tgz(1398.34 MB)
    concourse-7.8.3-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.8.3-windows-amd64.zip(119.90 MB)
    concourse-7.8.3-windows-amd64.zip.sha1(76 bytes)
    fly-7.8.3-darwin-amd64.tgz(27.76 MB)
    fly-7.8.3-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.8.3-linux-amd64.tgz(27.86 MB)
    fly-7.8.3-linux-amd64.tgz.sha1(68 bytes)
    fly-7.8.3-windows-amd64.zip(28.07 MB)
    fly-7.8.3-windows-amd64.zip.sha1(70 bytes)
  • v7.8.2(Jul 16, 2022)

    ✈️ Features

    • Disable connection tracker by default and provide an option to enable. (#8433) @evanchaoli :link:

      • Disable /debug/connections at ATC start time. It can be enabled at runtime by /debug/connections/on or be disabled by /debug/connections/off again.
    • Add a drift to component interval. (#8453) @evanchaoli :link:

      • Enhancement of component scheduling so that workloads are distributed across ATCs more evenly.
    • Enhance Vault API client to auto retry upon rate limit. (#8461) @evanchaoli :link:

      • Enhanced Vault credential manager to auto retry when hitting Vault rate limit error. Vault started to support rate limit since 1.5. When setting rate limit on Vault, it's better to enable rate limit HTTP response header by vault write sys/quotas/config enable_rate_limit_response_headers=true, so that the response header Retry-After may guide the Vault API client to retry after a reasonable duration.

    🐞 Bug Fixes

    • Add missed lock metrics : "ResourceGet" and "VolumeStreaming" (#8460) @evanchaoli :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.8.2-darwin-amd64.tgz(121.48 MB)
    concourse-7.8.2-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.8.2-linux-amd64.tgz(1442.92 MB)
    concourse-7.8.2-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.8.2-windows-amd64.zip(117.58 MB)
    concourse-7.8.2-windows-amd64.zip.sha1(76 bytes)
    fly-7.8.2-darwin-amd64.tgz(27.25 MB)
    fly-7.8.2-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.8.2-linux-amd64.tgz(27.37 MB)
    fly-7.8.2-linux-amd64.tgz.sha1(68 bytes)
    fly-7.8.2-windows-amd64.zip(27.48 MB)
    fly-7.8.2-windows-amd64.zip.sha1(70 bytes)
  • v7.8.0(Jun 6, 2022)

    🚨 Breaking

    • Do not cache secrets indefinitely when using Vault KV v2 (#7955) @sprsquish :link:
      For who uses Vault KV v2 as their creds manager, this change eliminates the ability to set an infinite cache duration, which may be a bug others are relying on.

    ✈️ Features

    • Add --team to fly watch (#8171) @dhantha :link:

      • Added team flag to fly watch command, you could use this in the following format fly -t example watch --job my-pipeline/tests --build 52 --team other-team
    • Add no-input-strategy and let get/check use it. (#8183) @evanchaoli :link:

      • Add optional flag --no-input-container-placement-strategy for configuring a container placement strategy used for only get and nested check steps. Configuring this strategy will prevent get/check step to be placed to a busy worker.
    • Optimize worker selection when global-resources is enabled (#8184) @evanchaoli :link:

    • Add fly clear-versions command (#8196) @clarafu :link:

      • Can be used to clear version history of a resource or resource type
      • Can only be used by an admin user
      • If you have global-resources enabled, it can possibly delete version histories of other resources/resource-types in other pipelines so there is a warning message that will show any resources or resource types that are affected.
    • Enhance locks (#8198) @evanchaoli :link:

      • Optimize work load distribution across ATCs.
    • Add prometheus emitter for jobs scheduled duration (#8276) @maxknee :link:

    • Expose ATC_EXTERNAL_URL to task env. (#8277) @evanchaoli :link:

    • Avoid duplicating parallel volume streams (#8322) @andy-paine from Depop :link:

      • Steps that stream volumes will now use a global (per worker) lock to ensure identical volumes are not streamed more times than they need to be
      • A new waiting-for-streamed-volume/waiting for volume <name> to be streamed by another step event is included in build step logs where this behavior occurs
    • Force checks on nested resource types when manually triggered build (#8342) @clarafu :link:

      • When a build is manually triggered, it will cause any nested resource types or images to skip its checking interval, essentially forcing a check. This will not result in the same resource type getting checked multiple times if it appears multiple times in a build.

    🐞 Bug Fixes

    • Reset resource config IDs on save (#8002) @rjinskidepop :link:

      • Fixes #7468 where wrong resource config was used
    • Show var source error on resource and build page (#8015) @xtremerui :link:

      • Now error caused by variable interpolation can be shown correctly on resource and build page.
    • Fix a bug when a worker is pruned, volumes streamed from it got destroyed immediately (#8100) @evanchaoli :link:

      • Now if opt in EnableCacheStreamedVolumes, worker cache volumes are kept around whilst they are still in use
    • Automatic pipeline archiver archiving child pipelines when parent job has a failed/errored build (#8179) @clarafu :link:

      • Also fixes a bug where the pipeline archiver re-archives pipelines that are already archived
    • Don't run resource type check if within check interval (#8253) @clarafu :link:

      • Fixes a bug where resource types were getting checked every build. Now they will respect the resource checking interval and not run a check if the interval has not elapsed.
    • Fix acrossStep handling for more than 3 vars (#8271) @nexeck :link:

    • Inherite env proxy configure when tls enabled (#8306) @xtremerui :link:

      • Fix a bug that proxy setting through env var got lost when TLS is enabled by --tls-bind-port
    • Introduce OIDC get user info flag (#8353) @danpilch :link:

      • Add CONCOURSE_OIDC_DISABLE_GET_USER_INFO flag. OIDC connector will now fetch additional claims from OpenID UserInfo endpoint. This should fix the problem of configuring Concourse team auth by OIDC user groups due to groups claims missing in some identity providers' auth response.
    • Fix default username prompt for local logins (#8362) @ibokuri :link:

      • Ensure the default username prompt for local logins is properly set.

    🤷 Miscellaneous

    • Automatic pipeline archiver accidentally archives child pipelines during a build run (#8137) @clarafu :link:

    • Bump cloudfoundry dependencies in go mod (#8219) @xtremerui :link:

    • UI build page tweaks (#8254) @xtremerui :link:

      • Increase contrast on Build page title when build is aborted. Add more spacing and boarder for history build numbers.
    • Update credhub var lookup logic (#8265) @xtremerui :link:

    • Add Quick Start Documentation for M1 Machines (#8282) @jlamb1 :link:

    • Bump vault api and add srv lookup flag (#8324) @xtremerui :link:

      • Bump Vault API package to latest version and add --disable-srv-lookup flag to Vault configure. If your current Vault URL contains a port number, this change makes no impact. If your Vault URL dose not contain port number, by default SRV lookup is opt-in for backward compatibility. In this case, one can use the flag to disable the feature to avoid unnecessary requests from Vault client.
    • Do not force resource type check on get step (#8363) @xtremerui :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.8.0-darwin-amd64.tgz(121.34 MB)
    concourse-7.8.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.8.0-linux-amd64.tgz(1339.58 MB)
    concourse-7.8.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.8.0-windows-amd64.zip(117.45 MB)
    concourse-7.8.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.8.0-darwin-amd64.tgz(27.21 MB)
    fly-7.8.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.8.0-linux-amd64.tgz(27.34 MB)
    fly-7.8.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.8.0-windows-amd64.zip(27.45 MB)
    fly-7.8.0-windows-amd64.zip.sha1(70 bytes)
  • v7.7.1(Mar 28, 2022)

    🐞 Bug Fixes

    • Fix automatic pipeline archive bug (#8200) @clarafu :link:

      • Removes the line that introduced a bug in 7.7.0 where child pipelines can get archived accidentally.
      • Fixes a bug where pipelines that are already archived get re-archived

    🤷 Miscellaneous

    • Backport allow go 1.18 darwin error message in unit tests (#8203) @clarafu :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.7.1-darwin-amd64.tgz(117.05 MB)
    concourse-7.7.1-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.7.1-linux-amd64.tgz(1315.90 MB)
    concourse-7.7.1-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.7.1-windows-amd64.zip(113.21 MB)
    concourse-7.7.1-windows-amd64.zip.sha1(76 bytes)
    fly-7.7.1-darwin-amd64.tgz(26.16 MB)
    fly-7.7.1-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.7.1-linux-amd64.tgz(26.26 MB)
    fly-7.7.1-linux-amd64.tgz.sha1(68 bytes)
    fly-7.7.1-windows-amd64.zip(26.39 MB)
    fly-7.7.1-windows-amd64.zip.sha1(70 bytes)
  • v7.7.0(Mar 9, 2022)

    ✈️ Features

    • Automatically pause pipelines (#7876) @taylorsilva :link:

      • Adds a new component that will automatically pause pipelines that have not run in more than the configured number of days. The number of days can be configured with CONCOURSE_PAUSE_PIPELINES_AFTER. A value of zero (the default) disables this component. On first run it will retroactively pause pipelines that already fall out of the given day range.
        • Exceptions: Pipelines that have no builds falling within the day range but have been updated in <24hrs will not be automatically paused. This is to cover the case where someone sets a new pipeline and hasn't run any jobs for it yet.
    • Allow task/set_pipeline name to include across step var (#7717) @xtremerui :link:

      • Identifiers for task and set_pipeline steps wrapped by the across step can now have their identifier/step name as a var ((.:some-var)) and won't receive a warning about the name being deprecated
    • Adding missing prometheus emitters for events (#7730) @maxknee :link:

      • Adding GC and missing metrics to prometheus emitter.
    • Adding dry-run mode to fly set-pipeline command (#7734) @Caprowni :link:

      • This adds a dry-run feature to the set-pipeline command within the Fly CLI, the main purpose of this is to allow users to check what would be changed without any interactive-prompt/danger of applying by mistake.
    • Prefer FLY_HOME over HOME (if set) as the directory for storing .flyrc (#7747) @rcw5 :link:

    • Add team to resource commands and archive pipeline command (#7772) @Caprowni :link:

      • Added --team flag to fly command check-resource, you can use it like this fly -t dev check-resource -r some-pipeline/branch:master/myresource --team test
      • Added --team flag to fly command check-resource-type, you can use it like this fly -t dev check-resource-type -r some-pipeline/branch:master/myresource --team test
      • Added --team flag to fly command resources, you can use it like this fly -t dev resources -p some-pipeline --team test
      • Added --team flag to fly command resource-versions, you can use it like this fly -t dev resource-versions -r some-pipeline/branch:master/myresource --team test
      • Added --team flag to fly command archive-pipeline, you can use it like this fly -t dev archive-pipeline --pipeline some-pipeline --team test
    • Batch opentelemetry requests (#7840) @schmurfy :link:

    • AWS SecretsManager can be used from var_sources (#7897) @PG2000 :link:

    • Shared (top level) secrets in AWS secrets manager (#7928) @areller :link:

    • Garbage collect task caches from paused pipelines (#7989) @xtremerui :link:

      • When a pipeline or a job is paused, the task caches that used in the pipeline's job will be garbage collected. This should help free up worker disk space.
    • Add build event for volume streaming (#8031) @andy-paine :link:

      • Build logs will now contain new events when a volume is being streamed to a worker Screenshot 2022-02-02 at 11 39 01
    • Optimize ATC performance by avoid unneccessary go-routines of no-op check notifiers (#8045) @evanchaoli :link:

    • Allow use of fields when using AWS Secrets Manager (#8055) @kurtmc :link:

    • Ignore cached input from volume-locality's consideration (#8061) @evanchaoli :link:

      • When EnableCacheStreamedVolume is enabled and container placement strategy is volume-locality, as get step may not fetch a resource if the resource is found in cache, following step containers may all be placed to the worker where cached resource is found. That worker might be overloaded when there are other workers available. This PR fixes the problem.
    • Enhance volume-locality strategy (#8063) @evanchaoli :link:

      • Optimize database queries for volume-locality container placement strategy
    • Optimize limit active tasks strategy logic (#7874) @xtremerui :link:

      • Optimize limit-active-tasks strategy to reduce DB load and avoid deadlocking when under heavy load.
    • Allow text whitespace to be preserved in step metadata (#8128) @steve-sienk :link:

      • Wrap text of resource metadata on web view.

    🐞 Bug Fixes

    • Fix bug of resource type checks (#8048) @evanchaoli :link:

      • Remove lock on checking resource types and prototypes, this will result in a small behaviour change. For example, if you have multiple resources that use the same resource type and those resources run a check for that resource type at the same time, the resource type will be checked multiple times. This was the behaviour before 7.3.0 so we are reverting back to this behaviour.
      • Fixes a bug introduced in 7.6.0 where resource type resource_config_id were never updated.
    • Increase color contrast on build page (#7756) @xtremerui :link:

      • Increase contrast of text on build page after color changes from the previous release that made it harder to read the text
    • Add error message to the create artifact API call (#7899) @Caprowni :link:

    • Porting down migration improvements for build event sequences (#7913) @clarafu :link:

      • If you are on v7.6.0 and want to downgrade, you might end up with some builds that never finish and run into some web log errors like pq: relation "build_event_id_seq_<sequence-id>" does not exist. This is because of a bug in the down migration which is fixed with this PR.
        • If you do run into this problem, you can easily fix it by running create sequence build_event_id_seq_<sequence-id> minvalue 0 start with 0; on your postgres database (You will need to replace with the id that does not exist in the error).
    • Only delete btrfs mounts if *.img exists (#7920) @taylorsilva :link:

      • Concourse worker would fail to start if it's on a btrfs filesystem and tries to use the overlay driver
    • AWS Secrets Manager will treat secret with marked for deletion as deleted (#7933) @areller :link:

    • Handling huge volumes transfer in P2P streaming (#7942) @evanchaoli :link:

      • Fix a bug that P2P streaming would fail if streaming a volume takes longer than 3 minutes. This fix should be applied to both ATCs and workers.
    • Avoid stale prometheus worker metrics when using multiple web nodes (#7965) @databus23 :link:

    • GC builds based on chronological order (#7978) @xtremerui :link:

      • Fix a bug that events of a rerun build be reaped immediately if its prarent build is already reaped. Now candidate builds for GC will be ordered chronologically.
    • Run task caches collector when ATC starts (#7987) @xtremerui :link:

      • Previously when a pipeline is archived, the task caches used in its job will not be garbage collected, which will cause volume leaks in worker disk. Now a component for GC task caches will runs when ATC starts.
    • Bump concourse dex by upstream v2.31.0 (#8050) @xtremerui :link:

      • Fix Bitbucket auth connector failure due to upstream API deprecation.
    • Render nested across steps (#8069) @areller :link:

      • Fix a rendering issue with nested across steps.
    • Fix syntax error in down migration file (#8082) @xtremerui :link:

      • Fix a SQL syntax error that might cause down migration failure.
    • Render build page correctly for legacy aggregate step (#8092) @xtremerui :link:

      • Show legacy builds with aggregate steps. Pipeline configure with aggregate step is still deprecated. This is just fixing the UI rendering error.
    • Fix log line in stream out (#8098) @andy-paine :link:

    🤷 Miscellaneous

    • Fix fly hijack due to containerd runc update (#7886) @xtremerui :link:

    • Refactor pipeline lifecycle in atc/db (#7895) @taylorsilva :link:

    • Do not send check build events to syslog drainer (#7922) @xtremerui :link:

      • Since v7.0, resouce and resource type checks are ran as builds. When syslog drainer is enabled, those check build events are also sent to external server, which requires storage space (depends on amount of resources and check interval). Now this type of events will be ignored by syslog drainer.
    • Bump Golang to 1.17 in go.mod and add goproxy in dockerfile (#7926) @evanchaoli :link:

    • Remove unused gc-container-collector-dropped metric (#7932) @databus23 :link:

    • Bump golang crypto lib (#8032) @xtremerui :link:

    • A tiny db sql refactor of changing multiple from to left join (#8046) @evanchaoli :link:

    • Bump worker version to 2.4 (#8081) @xtremerui :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.7.0-darwin-amd64.tgz(114.06 MB)
    concourse-7.7.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.7.0-linux-amd64.tgz(1314.91 MB)
    concourse-7.7.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.7.0-windows-amd64.zip(110.03 MB)
    concourse-7.7.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.7.0-darwin-amd64.tgz(25.36 MB)
    fly-7.7.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.7.0-linux-amd64.tgz(25.50 MB)
    fly-7.7.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.7.0-windows-amd64.zip(25.68 MB)
    fly-7.7.0-windows-amd64.zip.sha1(70 bytes)
  • v7.4.4(Jan 6, 2022)

    🐞 Bug Fixes

    • Fix down migration for build event sequences (#7860) @clarafu :link:
      • This PR fixes a typo in a down migration that affects Concourse version 7.4.1, 7.4.2 and 7.4.3. Therefore, you will be unable to downgrade from any of those listed versions. If you are currently on 7.4.1, 7.4.2 or 7.4.3, you will need to downgrade back to 7.4.0 before you can upgrade to this version of 7.4.4. The instructions on how to downgrade to 7.4.0 is documented in the release notes of the 7.4.x version you are on.

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.4.4-darwin-amd64.tgz(109.34 MB)
    concourse-7.4.4-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.4.4-linux-amd64.tgz(1378.30 MB)
    concourse-7.4.4-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.4.4-windows-amd64.zip(105.15 MB)
    concourse-7.4.4-windows-amd64.zip.sha1(76 bytes)
    fly-7.4.4-darwin-amd64.tgz(24.40 MB)
    fly-7.4.4-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.4.4-linux-amd64.tgz(24.51 MB)
    fly-7.4.4-linux-amd64.tgz.sha1(68 bytes)
    fly-7.4.4-windows-amd64.zip(24.47 MB)
    fly-7.4.4-windows-amd64.zip.sha1(70 bytes)
  • v7.4.3(Dec 2, 2021)

    🚨 IMPORTANT!

    If you are on 7.4.1 or 7.4.2, you will need to downgrade back to 7.4.0 using backups you have or the script 7.4.x-down-migration.sh included in the assets of this release. Only after downgrading can you safely upgrade directly to 7.4.3 or any later version of Concourse

    • If you are using the 7.4.x-down-migration.sh script to downgrade your Concourse deployment, you do NOT need to run the concourse migrate command because the script essentially is doing that for you. The reason we need this script is because there is a bug in the concourse migrate downgrade scripts. The script requires you to have the psql, access to your postgres database and also the following environment variables that you should already have from starting concourse $CONCOURSE_POSTGRES_PASSWORD, $CONCOURSE_POSTGRES_USER, $CONCOURSE_POSTGRES_HOST, $CONCOURSE_POSTGRES_DATABASE, $CONCOURSE_POSTGRES_PORT.

    🐞 Bug Fixes

    • Change migrations timestamp to avoid upgrade issues ( CI: skip-migrations-check ) (#7754) @muntac :link:

      • Change timestamp of backported DB migration to avoid skipping any migrations when upgrading to 7.5 and later versions.
        • If you are on 7.4.1 or 7.4.2 then downgrade back to 7.4.0 using backups you have or the concourse migrate command, using the 7.4.1/7.4.2 version of the binary to downgrade back to 7.4.0. The 7.4.0 database version is 1625844436. Then you can safely upgrade directly to 7.4.3 or any later version of Concourse
    • Fixes for bugs in 7.4.2 (#7758) @clarafu :link:

      • Fix bugs introduced in 7.4.1 related to the errors save image get event: pq: duplicate key value violates unique constraint "pipeline_build_events_x_build_id_event_id" and create resource config: pq: deadlock detected

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    7.4.x-down-migration.sh(1.44 KB)
    concourse-7.4.3-darwin-amd64.tgz(109.35 MB)
    concourse-7.4.3-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.4.3-linux-amd64.tgz(1378.34 MB)
    concourse-7.4.3-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.4.3-windows-amd64.zip(105.15 MB)
    concourse-7.4.3-windows-amd64.zip.sha1(76 bytes)
    fly-7.4.3-darwin-amd64.tgz(24.40 MB)
    fly-7.4.3-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.4.3-linux-amd64.tgz(24.53 MB)
    fly-7.4.3-linux-amd64.tgz.sha1(68 bytes)
    fly-7.4.3-windows-amd64.zip(24.46 MB)
    fly-7.4.3-windows-amd64.zip.sha1(70 bytes)
  • v7.4.2(Oct 31, 2021)

    🚨 IMPORTANT! 🚨

    This release contains a bug https://github.com/concourse/concourse/issues/7683. Please avoid upgrading to this version and either upgrade to the next minor (7.6.0) or patch version (7.4.3) If you are on 7.4.1 or 7.4.2, you will need to downgrade back to 7.4.0 using backups you have or the script 7.4.x-down-migration.sh included in the assets of this release. Only after downgrading can you safely upgrade directly to 7.4.3 or any later version of Concourse

    • If you are using the 7.4.x-down-migration.sh script to downgrade your Concourse deployment, you do NOT need to run the concourse migrate command because the script essentially is doing that for you. The reason we need this script is because there is a bug in the concourse migrate downgrade scripts. The script requires you to have the psql, access to your postgres database and also the following environment variables that you should already have from starting concourse $CONCOURSE_POSTGRES_PASSWORD, $CONCOURSE_POSTGRES_USER, $CONCOURSE_POSTGRES_HOST, $CONCOURSE_POSTGRES_DATABASE, $CONCOURSE_POSTGRES_PORT.

    🐞 Bug Fixes

    • Fixed a bug where there would be a duplicate key violation for the event ID column in the build_events table (#7736) @clarafu :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    7.4.x-down-migration.sh(1.44 KB)
    concourse-7.4.2-darwin-amd64.tgz(109.33 MB)
    concourse-7.4.2-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.4.2-linux-amd64.tgz(1378.42 MB)
    concourse-7.4.2-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.4.2-windows-amd64.zip(105.15 MB)
    concourse-7.4.2-windows-amd64.zip.sha1(76 bytes)
    fly-7.4.2-darwin-amd64.tgz(24.40 MB)
    fly-7.4.2-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.4.2-linux-amd64.tgz(24.52 MB)
    fly-7.4.2-linux-amd64.tgz.sha1(68 bytes)
    fly-7.4.2-windows-amd64.zip(24.46 MB)
    fly-7.4.2-windows-amd64.zip.sha1(70 bytes)
  • v7.6.0(Oct 28, 2021)

    ✈️ Features

    • Make Build page spacing consistent and color theme updated for accessibility (#7497) @ xtremerui :link:
      image

    • Avoid peridoic check build to use db (#7208) @evanchaoli :link:
      Changing Lidar triggered check builds to not use the database, which should mitigate the performance drop introduced by the big refactory of resource checks since 7.0.0.

    • Add default get/put/task timeout (#7426) @evanchaoli :link:

      • Allows Concourse administrator to configure global timeout for get, put and task steps.
      • Fixed a bug where global check timeout didn't work.
    • Indicate if a pipline is archived in pipeline view (#7463) @xtremerui :link:
      When viewing an archived pipeline (or any sub routes of it) in UI, the pipeline name now shows "archived" and the breadcrumbs background will change to grey so one won't confuse.

    • Worker: baggageclaim emits spans (#7487) @taylorsilva :link:

      • Workers now emit traces from the baggageclaim server so one can see volumes being created and streamed as part of a build

    🐞 Bug Fixes

    • atc/gc: make build reaper more robust (#7530) @taylorsilva :link:

      • Make build log reaper more robust by not exiting early if it encounters an issue while iterating over pipelines/jobs. Before this change build logs for some pipelines could have accumulated endlessly even with a build retention policy.
    • on_error should not run the hook when err is retriable (#7588) @taylorsilva :link:

      • Fixed a bug when --enable-rerun-when-worker-disappears was enabled and a job/step had an on_error hook. If the step was retried the on_error hook would run when it should not.
    • Revert node selection for rendering boxes (#7616) @taylorsilva :link:

      • Fixed a bug where jobs or resources whose name contained a dot . would not render correctly in the UI

    🤷 Miscellaneous

    • Clear resource config scope ID if source field changes (#7494) @taylorsilva :link:

    • Fix small typo on removeAll call comment (#7551) @EstebanFS :link:

    • Bump timeout for volume gc in integration tests (#7591) @clarafu :link:

    • Fix compilation error for bosh topgun test in CI (#7615) @xtremerui :link:

    • goimport all go files (#7661) @taylorsilva :link:

    • Removing un-needed loop (#7696) @maxknee :link:

    • Update test due to in-DB check change (#7707) @xtremerui :link:

    • Change sync.mutex to a pointer (#7719) @taylorsilva :link:

    • Static check resolutions (#7720) @taylorsilva :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.6.0-darwin-amd64.tgz(110.57 MB)
    concourse-7.6.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.6.0-linux-amd64.tgz(1300.55 MB)
    concourse-7.6.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.6.0-windows-amd64.zip(106.65 MB)
    concourse-7.6.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.6.0-darwin-amd64.tgz(24.68 MB)
    fly-7.6.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.6.0-linux-amd64.tgz(24.80 MB)
    fly-7.6.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.6.0-windows-amd64.zip(24.98 MB)
    fly-7.6.0-windows-amd64.zip.sha1(70 bytes)
  • v7.4.1(Oct 8, 2021)

    🚨 IMPORTANT! 🚨

    This release contains a bug https://github.com/concourse/concourse/issues/7683. Please avoid upgrading to this version and either upgrade to the next minor (7.6.0) or patch version (7.4.3) If you are on 7.4.1 or 7.4.2, you will need to downgrade back to 7.4.0 using backups you have or the script 7.4.x-down-migration.sh included in the assets of this release. Only after downgrading can you safely upgrade directly to 7.4.3 or any later version of Concourse

    • If you are using the 7.4.x-down-migration.sh script to downgrade your Concourse deployment, you do NOT need to run the concourse migrate command because the script essentially is doing that for you. The reason we need this script is because there is a bug in the concourse migrate downgrade scripts. The script requires you to have the psql, access to your postgres database and also the following environment variables that you should already have from starting concourse $CONCOURSE_POSTGRES_PASSWORD, $CONCOURSE_POSTGRES_USER, $CONCOURSE_POSTGRES_HOST, $CONCOURSE_POSTGRES_DATABASE, $CONCOURSE_POSTGRES_PORT.

    ✈️ Features

    • 7.4.x: add some DB optimizations (#7641) @taylorsilva :link:
      • DB optimizations
        • Increment an event ID in-memory instead of using a Postgres Sequence
        • Only update resource config if it hasn't been updated in a minute
        • Close zstd reader in load var step

    🤷 Miscellaneous

    • Backport baggageclaim to release/7.4.x (#7432) @taylorsilva :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    7.4.x-down-migration.sh(1.44 KB)
    concourse-7.4.1-darwin-amd64.tgz(109.34 MB)
    concourse-7.4.1-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.4.1-linux-amd64.tgz(1296.81 MB)
    concourse-7.4.1-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.4.1-windows-amd64.zip(105.15 MB)
    concourse-7.4.1-windows-amd64.zip.sha1(76 bytes)
    fly-7.4.1-darwin-amd64.tgz(24.40 MB)
    fly-7.4.1-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.4.1-linux-amd64.tgz(24.52 MB)
    fly-7.4.1-linux-amd64.tgz.sha1(68 bytes)
    fly-7.4.1-windows-amd64.zip(24.46 MB)
    fly-7.4.1-windows-amd64.zip.sha1(70 bytes)
  • v7.5.0(Sep 17, 2021)

    IMPORTANT: This release includes a few large refactors, therefore we recommend anyone using Concourse for mission-critical workflows to wait for the next few releases just in case any edge cases are found.

    This release contains the version of github-release-resource that fixes the illegal base64 data at input errors from GitHub API's recent breaking change https://github.com/concourse/github-release-resource/issues/108.

    🚨 Breaking

    • Prefer overlay over btrfs in baggageclaim when using driver: detect (#7427) @aoldershaw :link:

      • Previously, when the baggageclaim driver was not specified, Concourse attempts to detect the supported drivers
      • The prior driver precedence is: btrfs -> overlay -> naive
      • The new driver precedence is: overlay -> btrfs -> naive
    • Allow team members to archive pipelines (#7449) @wanderanimrod :link:

      • Users with the member role on a team can now archive pipelines by default. The "archive pipeline" action was previously assigned to the owner role. If you've configured your own RBAC this change will not effect you.

    ✈️ Features

    • Removing VersionedResourceTypes from get, check and put plans (#7176) @clarafu :link:

      • This PR is mainly a refactor but there is a behavioural change that comes along with it. If a resource uses a custom resource type, its Put, Check, Get and Task steps will now always create a check for its parent custom resource type. This check will still respect the resource checking interval and the check_every of the resource type. Because of this new feature, we no longer need to explicitly check the custom resource types in lidar.
    • Add audit information for job & pipeline pauses (#7273) @rjinskidepop :link:

      • Add pipeline and job pause meta information - who and when.
    • Propagate groups between subpages of a pipeline (#7307) @clarafu :link:

      • If a user was initially viewing a group in the pipeline page, this will be persisted in the pipeline breadcrumb when navigating between pipeline subpages.
    • Optimize pipeline svg rendering (#7438) @aoldershaw :link:

      • The initial render of the pipeline page should be much faster, particularly on Chrome 92+
    • Optimize build log collection (#7327) @evanchaoli :link:

      • Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.
    • Don't query for the entire resource in the check delegate (#7474) @aoldershaw :link:

    • Simplify atc/worker package and extract runtime abstractions (#6597) @aoldershaw :link:

      • We will now error when a suitable worker does not exist rather than waiting forever.

    🐞 Bug Fixes

    • Fix opening a link to a resource causality page (#7369) @aoldershaw :link:

    • Don't allow empty identifiers when renaming pipelines/teams (#7370) @taylorsilva :link:

      • Fixed a bug where a pipeline or team could be renamed to an empty string. The team/pipeline could not be deleted through fly. An error is now returned by the API if the identifier is blank
    • Sanitize prometheus metric labels (#7423) @lrstanley :link:

      • Ensure Prometheus metric labels are valid. This resolves an issue with our bosh release, where web nodes would fail to start, due to a metric label that wasn't valid according to Prometheus.
    • Fix overlapping between inputs and jobs in UI (#7454) @xtremerui :link:

      • Fixes an edge case that might overlap an input and job node in the pipeline view.
    • Validate if a Pipeline contains a cycle (#7455) @EstebanFS :link:

      • The API will reject any pipelines that contains a cycle
    • Prevent open redirect to other hosts (#7459) @taylorsilva :link:

      • Prevent an open redirect vulnerability on the /sky/login path
    • Delete btrfs volume if it exists when using the overlay driver (#7461) @taylorsilva :link:

      • Made worker initialization more stable if you're switching from btrfs to overlay. The worker will remove the btrfs mount if it exists before creating overlay mounts
    • Fix missing label in metric concourse_steps_waiting (#7479) @Esysc :link:

      • Fix missing label in metric concourse_steps_waiting
    • Close zstd reader in load var step (#7548) @clarafu :link:

    🤷 Miscellaneous

    • Speed up TSA tests (#7336) @aoldershaw :link:

    • Don't mount Concourse source directory in integration tests (#7347) @aoldershaw :link:

    • Add baggageclaim to concourse/concourse (#7351) @taylorsilva :link:

    • Bump opentelemetry package to 1.0.0-RC2 (#7360) @taylorsilva :link:

    • Remove experimental warning for set_pipeline and load_var steps (#7396) @aoldershaw :link:

    • Skip integration downgrade test (#7398) @aoldershaw :link:

    • Skip integration upgrade test (#7401) @aoldershaw :link:

    • namespace prometheus test to avoid conflict (#7436) @xtremerui :link:

    • Fix integration upgrade/downgrade tests (#7450) @aoldershaw :link:

    • Fix DB performance regression with updating resource cache metadata (#7472) @aoldershaw :link:

    • Don't create workdir volume for check steps (#7473) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.5.0-darwin-amd64.tgz(109.97 MB)
    concourse-7.5.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.5.0-linux-amd64.tgz(1290.37 MB)
    concourse-7.5.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.5.0-windows-amd64.zip(106.06 MB)
    concourse-7.5.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.5.0-darwin-amd64.tgz(24.52 MB)
    fly-7.5.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.5.0-linux-amd64.tgz(24.64 MB)
    fly-7.5.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.5.0-windows-amd64.zip(24.81 MB)
    fly-7.5.0-windows-amd64.zip.sha1(70 bytes)
  • v6.7.8(Sep 14, 2021)

    ✈️ Features

    • Optimize build log collection (#7334 ) @evanchaoli :link:
      • Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.

    🐞 Bug Fixes

    • Prevent open redirect to other hosts (#7460) @taylorsilva :link:

    • Fix github-release-resource with graphql update (https://github.com/concourse/github-release-resource/pull/107) @kirillbilchenko :link:

    🤷 Miscellaneous

    • Backport baggageclaim v1.8.0 to release/6.7.x (#7428) @taylorsilva :link:

    • Use overlay driver for worker integration test [6.7.x] (#7435) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.8-darwin-amd64.tgz(91.33 MB)
    concourse-6.7.8-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.8-linux-amd64.tgz(1228.37 MB)
    concourse-6.7.8-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.8-windows-amd64.zip(87.72 MB)
    concourse-6.7.8-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.8-darwin-amd64.tgz(19.99 MB)
    fly-6.7.8-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.8-linux-amd64.tgz(20.13 MB)
    fly-6.7.8-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.8-windows-amd64.zip(20.25 MB)
    fly-6.7.8-windows-amd64.zip.sha1(70 bytes)
  • v7.4.0(Jul 29, 2021)

    ✈️ Features

    • Fly clear-resource-cache command (#7003) @EstebanFS :link:

      • Added fly command clear-resource-cache, you could use this following the next format fly -t ci clear-resource-cache -r pipeline/resource [--version some:version]
    • Build page shows name of who triggered the build in header line of build page (#7112) @evanchaoli :link:

      • The build page now shows the username of who triggers the build if the build is triggered manually.
    • Add page to view all builds/resource versions downstream/upstream from a root resource version (#7125) @chenbh :link:

      • Disabled by default since computing causality for large datasets can be expensive, use --enable-resource-causality or $CONCOURSE_ENABLE_RESOURCE_CAUSALITY=true to enable the web UI and API endpoint.
        • Most datasets (like the merge commit for this PR) have < 100 builds and/or resource versions and take < 100ms, but it's possible for some "slow paced" resource versions (i.e. very infrequent new versions) to generate extremely large datasets
        • There is an automatic cutoff at 5000 builds or 25000 resource versions. On our deployment, the call for our slowest paced resource took about ~7 seconds to process, most of which is spent in the DB query
      • The causality page can be navigated to from the resource page Screen Shot 2021-06-03 at 11 37 08 AM
      • The causality page displays all the builds and resource versions that was generated from (downstream) or resulted in (upstream) the creation of a particular resource version Screen Shot 2021-06-03 at 11 25 03 AM
      • The downstream graph will put the root resource version on the left whereas the upstream graph will put it on the right
      • It takes into account all the intermediate resource versions when computing the final graph. In the picture above, while the resource page only shows that git version: 123 is a direct input to integrate #4 & #5, there is also an indirect link from git version: 123 -> test #19 -> ... -> intermediate-3 version:123 -> integrate #6 & #6.1
    • Support soft policy enforcement (#7139) @evanchaoli :link:

      • This feature doesn't break the existing OPA policy check. If you have enabled OPA policy check, and you don't need "soft" policy enforcement, then you just don't need to do any configuration change.
      • 3 new ATC cli options are added:
        • CONCOURSE_OPA_RESULT_ALLOWED_KEY: specifies a key of allow flag in OPA returned result
        • CONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY: specifies a key of should-block flag in OPA returned result
        • CONCOURSE_OPA_RESULT_MESSAGES_KEY: specifies a key of messages in OPA returned result

      For example, if OPA returns the following result:

      {
          "result": {
              "allow": true,
              "block": true,
              "reasons": ["foo", "bar"]
          }
      }
      

      then CONCOURSE_OPA_RESULT_ALLOWED_KEY should be set to result.allow; CONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY should be result.block, and CONCOURSE_OPA_RESULT_MESSAGES_KEY should be result.reasons.

      NOTE: allow and block in OPA result should be boolean type, because it's easy to convert other types to boolean in an OPA policy.

    • Add ability to comment on a build (#7147) @multimac :link:

      • You can now leave comments on builds. For instance, this can be used to give context to your coworkers about why a particular build failed: Screen Shot 2021-06-30 at 5 40 45 PM

      • If a build has a comment, it is displayed with a small marker to help you quickly find builds of interest. Hovering over the build displays a portion of the comment: Screen Shot 2021-06-30 at 5 41 52 PM

    • Add teamName to concourse_steps_wait_duration metrics (#7154) @Esysc :link:

    • Use browser cache API for dashboard caching (#7247) @aoldershaw :link:

      • The cached API responses on the dashboard no longer need to get truncated, which was previously introduced to work around localStorage limits
    • Allow interpolation in the across step values (#7252) @aoldershaw :link:

      • The across step now supports dynamic interpolation of values. For instance, this can be combined with the set_pipeline step and instanced pipelines to set a dynamic list of pipelines:
        - load_var: branches
          file: branches/branches.json
        - across:
          - var: branch
            values: ((.:branches))
          set_pipeline: my-app
          file: ci/pipelines/my-app.yml
          instance_vars: {branch: ((.:branch))}
        
    • Cache the list of workers in memory (#7268) @aoldershaw :link:

      • Scheduling containers should be more performant by reducing the number of required database calls
    • Optimize build log collector (#7327) @evanchaoli :link:

      • Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.
    • Enable emitting dogstatsd metrics over uds (#7338) @jmhwang7 :link:

      • The Datadog emitter can now be configured to communicate with the Datadog agent over Unix Domain Sockets

    🐞 Bug Fixes

    • containerd: properly populate /etc/hosts and /etc/hostname (#7041) @muntac :link:

      • containerd: /etc/hosts and /etc/hostname are correctly populated
    • Handle 403 for vault preflight check of V2 (#7057) @xtremerui :link:

    • atc: across step logs errors (#7090) @taylorsilva :link:

      • Across step emits an error event when one of the sub-steps errors
    • containerd: Mount /dev/fuse to privileged containers (#7098) @aoldershaw :link:

    • atc(fix): fixed a bug in resource check rate limiter. (#7102) @evanchaoli :link:

      • Fixed a bug in check rate limiter that caused slow checks.
    • fix BaseResourceType for streamed volumes (#7108) @vito :link:

    • Fix worker restart issue with containerd daemon and beacon (#7113) @muntac :link:

      • Fix worker stall issue when restarting with containerd. Exit the worker's beacon process gracefully if any other top level process like the containerd daemon fails. Wait for containerd daemon to come up before starting the containerd Garden server.
    • Fix memory leak in notification bus (#7120) @aoldershaw :link:

    • containerd: default to root if /etc/passwd is missing (#7124) @aoldershaw :link:

      • Fixes a regression introduced in 7.3.0 that prevented containers that don't have an /etc/passwd file from running
    • Fix algorithm considering reruns as new builds (#7144) @taylorsilva :link:

      • Fixes pipelines getting stuck with the same inputs when a job upstream of a job with version: every succeeds and is rerun
    • containerd: keep tasks running after concourse worker restarts gracefully (#7148) @aoldershaw :link:

      • The containerd runtime is now more resilient to the concourse worker process gracefully restarting (e.g. via monit restart)
        • Tasks that were started prior to restart will continue to run when the worker process comes back up
        • This matches the behaviour of the Guardian runtime
    • Fixed build log reaper not respecting when both Days and Builds are set (#7179) @EstebanFS :link:

      • The build log reaper has two options for determining when to reap logs. Before, if both of the options are set, it would reap if either of the two options were true, rather than requiring both of them to be satisfied
    • Apply a minimum rate limit for resource checking (#7218) @aoldershaw :link:

      • If CONCOURSE_MAX_CHECKS_PER_SECOND is unset, Concourse will try to distribute checks evenly over the course of the check interval to reduce the concurrent load on external systems.
      • If there are few resources in a Concourse deployment (~1-20), checks may have to wait a substantial amount of time to run in order to space the checks out evenly. However, there's no real benefit to doing this, since having just a few resources doesn't cause significant load in the first place.
      • Now, Concourse ensures that at least one check is allowed to run per second
    • atc/db: prevent creation of duplicate check builds (#7221) @taylorsilva :link:

      • Prevent duplicate checks from being created for a single resource
    • Fix browser back button after selecting a group (#7249) @aoldershaw :link:

      • Previously, if a pipeline group was selected in the UI, the back button would not work (you'd have to press it twice to go back)
    • set_pipeline unpauses previously archived pipelines (#7255) @aoldershaw :link:

      • When an archived pipeline is un-archived via the set_pipeline step, it will be unpaused
    • GC task caches belonging to archived pipelines (#7272) @aoldershaw :link:

    • containerd: Clean up networking files in /tmp (#7276) @taylorsilva :link:

      • Fixed a bug where the containerd runtime would create networking related files under /tmp and never delete them. They are now made under the --work-dir set for the worker and are cleaned up when the container is deleted. You can delete any lingering network files under your workers /tmp directory after upgrading.
    • Fix prometheus emitter not setting default attributes (#7294) @chenbh :link:
      Additional metrics attributes configured by --metrics-attribute now propagates to the prometheus emitter correctly.

    • run check builds GC in batch (#7323) @xtremerui :link:

    🤷 Miscellaneous

    • Cleanup gomod and skip building fly by default in Dockerfile (#7058) @chenbh :link:

    • topgun: update regex for capturing instances (#7064) @taylorsilva :link:

    • containerd: update config to v2 format (#7078) @muntac :link:

    • [topgun/k8s] disable container limits failure test (#7087) @aoldershaw :link:

    • [topgun/k8s] disable container limits fail test (#7088) @aoldershaw :link:

    • use ip command instead of ifconfig in MTU test (#7089) @aoldershaw :link:

    • Merge 7.3.x branch into master (#7097) @aoldershaw :link:

    • fix go.sum (#7126) @aoldershaw :link:

    • [release/7.3.x] fix go.sum (#7127) @chenbh :link:

    • Move garden config tests to integration suite (#7135) @aoldershaw :link:

    • integration: add retries to vault initialization (#7142) @aoldershaw :link:

    • integration: fix package name (#7143) @aoldershaw :link:

    • Update README to point to GitHub discussions (#7159) @mthaddon :link:

    • fly: add --team flag to checklist (#7162) @tech-geek29 :link:

    • Reduce number of JOINs in builds query (#7184) @aoldershaw :link:

    • Treat resource types as checkable in rate limiter (#7211) @taylorsilva :link:

    • Remove prototype_id from builds table (#7220) @aoldershaw :link:

    • k8s/topgun: use regex to match error message (#7226) @taylorsilva :link:

    • Note that all workers need to be on the same network for p2p (#7227) @taylorsilva :link:

    • Revert "worker: make containerd the default runtime" (#7235) @taylorsilva :link:

    • Left-align job name in build header (#7236) @aoldershaw :link:

    • web: behavior: Fix snake_case method "button_tooltip" (#7238) @multimac :link:

    • Don't include check containers in worker cache (#7275) @aoldershaw :link:

    • containerd: split long property values into multiple chunks (#7288) @aoldershaw :link:

    • [containerd integration] Make host IP parsing more robust (#7293) @aoldershaw :link:

    • Run dependabot at midnight UTC (#7295) @chenbh :link:

    • Properly map version_from within across substep (#7310) @aoldershaw :link:

    • Update template (#7341) @taylorsilva :link:

    • Fix dogstatsd UDS file configuration (#7343) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.4.0-darwin-amd64.tgz(110.56 MB)
    concourse-7.4.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.4.0-linux-amd64.tgz(789.79 MB)
    concourse-7.4.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.4.0-windows-amd64.zip(106.44 MB)
    concourse-7.4.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.4.0-darwin-amd64.tgz(24.72 MB)
    fly-7.4.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.4.0-linux-amd64.tgz(24.82 MB)
    fly-7.4.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.4.0-windows-amd64.zip(24.79 MB)
    fly-7.4.0-windows-amd64.zip.sha1(70 bytes)
  • v6.7.7(Jul 27, 2021)

    ✈️ Features

    • Optimize build log collector (#7334) @evanchaoli :link:
      • Optimized a SQL statement used to remove build logs. This optimization will specially benefit large deployments that have a lot of pipelines.

    🐞 Bug Fixes

    • Add autocomplete=off to all form tags (#6921) @taylorsilva :link:

      • add `autocomplete="off" to the form and username tags on the login page
    • Fix memory leak in notification bus (#7157) @taylorsilva :link:

    🤷 Miscellaneous

    • Bump otel to 0.20.0 (#7305) @xtremerui :link:
      • Bump opentelemetry to v0.20.0 to address CVE in one of its dependancies (apache/thrift)

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.7-darwin-amd64.tgz(92.25 MB)
    concourse-6.7.7-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.7-linux-amd64.tgz(710.42 MB)
    concourse-6.7.7-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.7-windows-amd64.zip(88.68 MB)
    concourse-6.7.7-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.7-darwin-amd64.tgz(20.21 MB)
    fly-6.7.7-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.7-linux-amd64.tgz(20.33 MB)
    fly-6.7.7-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.7-windows-amd64.zip(20.49 MB)
    fly-6.7.7-windows-amd64.zip.sha1(70 bytes)
  • v7.3.1(May 28, 2021)

  • v7.3.0(May 25, 2021)

    🚨 Breaking

    • Bump opentelemetry to 0.19.0 (#6787) @aoldershaw :link:

      • The service name Honeycomb tracing exporter is now configured via the more general --tracing-service-name (CONCOURSE_TRACING_SERVICE_NAME) rather than --tracing-honeycomb-service-name (CONCOURSE_TRACING_HONEYCOMB_SERVICE_NAME)

    ✈️ Features

    • Cache streamed volumes and use local cache when looking for volumes (#6660) @evanchaoli :link:
      Optimize resource cache streaming and get step.

      • Mark streamed resource cache volumes as resource cache, to avoid duplicate streaming in next runs.
      • If a resource from a get can be found on some workers, then get step will do nothing. This will reduce times of Concourse connecting to external systems, such as git, docker hub, and so on.
      • This feature is currently opt-in and can be enabled using CONCOURSE_ENABLE_CACHE_STREAMED_VOLUMES flag.
    • Re-ordering instanced pipelines (#6830) @EstebanFS :link:

      • Instanced Pipelines are allowed to be re-ordered with in their group through the UI (using the drag and drop functionality) or using the fly command: fly -t dev oip -g groupName -p key1:var1 -p key2:var2
    • Enhance syslog-drainer to make it more useful (#6834) @SimonXming :link:

      • Add event_id into syslog-drainer entries, to get the correct order of "drained" build logs.
      • Add more supported event_type for syslog-drainer to include more info for "drained" build logs.
    • Enhance webhook triggered checks (#6854) @evanchaoli :link:

      • When multiple pipelines hold a common resource and webhook calls against the common resource, checks are sent to all pipelines at same time. Without this enhancement, each webhook call will cause a check to run. With this enhancement, only a single check will run, which is the expected behavior as a global resource.
    • Allow override of container limits in task config (#6867) @BooleanCat :link:

      • Pipeline authors can now set container_limits for reusable tasks in pipelines. Any limits set in the pipeline will override the limits set within the reusable task file.
    • Use cursor-based pagination for build events (#6873) @aoldershaw :link:

      • Optimizes fetching build logs from the DB for builds with massive logs
    • Use display_user_id field to render username in web interface (#6970) @logyball :link:

    • Set Content-Security-Policy and Cache-Control Headers (#6949) @taylorsilva :link:

      • A Content-Security-Policy header is now set with a default value that will block framing of the Concourse web UI. This was already possible with the default value of the X-Frames-Option header.
        • The CSP header value is configurable with CONCOURSE_CONTENT_SECURITY_POLICY
      • A Cache-Control header is set on every page with a default value of no-store, private. The value of the header is overwritten for some paths (i.e. web assets)

    🐞 Bug Fixes

    • Ensure stdin never errors when using containerd with TTY enabled (#6791) @chenbh :link:

      • Fixed bug with containerd runtime where builds to error out if it runs for a long time without any output
    • Add trigger for deleting pipeline (#6880) @xtremerui :link:

      • Fix a bug that might leave orphan pipeline_build_events_* table in DB when deleting a team. Pipelines belong to the deleted team will be destroyed by DELETE CASCADE but associated events table was not cleaned up properly.
    • Fix volume GC query to not include volumes with children (#6902) @xtremerui :link:

      • Fix query that causes volume cannot be destroyed as children are present in web and update or delete on table "volumes" violates foreign key constraint "volumes_parent_id_fkey" in DB.
    • Set autocomplete to off for login form (#6920) @taylorsilva :link:

      • add autocomplete="off" to the top-level form and username tags.
    • Scan unchecked resource-types (#6923) @EstebanFS :link:

      • Fixed an edge case where a put-only resource's parent-type would not be checked
    • Ignore "not found" error on process deletion for Containerd runtime (#6959) @aoldershaw :link:

    • worker: Set PATH based on UID instead of container's privileged state (#6982) @taylorsilva :link:

      • Containerd: fixed a bug where PATH did not contain directories to system tools (i.e. /sbin) when a user/process was root. Only effects unprivileged containers.
    • Fix Postgres deadlock when frequently setting pipelines (#7011) @aoldershaw :link:

    • containerd: allow use of non-existent uids (#7029) @muntac :link:

      • containerd supports running images with non-existent UIDs such as distroless images.

    🤷 Miscellaneous

    • Add exception handling in bigint migration (#6848) @xtremerui :link:

    • add help text for password connector flag (#6876) @aoldershaw :link:

    • skip DNS proxy test with extra DNS server (#6878) @aoldershaw :link:

    • Optimise fake generation (#6885) @BooleanCat :link:

    • Refactor: Pick -> Approve (#6886) @taylorsilva :link:

    • Optimise fake generation (#6901) @BooleanCat :link:

    • re-enable k8s dns proxy test (#6906) @chenbh :link:

    • atc: fix asset leak in api tests (#6918) @vito :link:

    • web/wats: replace deprecated waitFor usage (#6922) @vito :link:

    • Correct a typo in project documentation (#6925) @plan-do-break-fix :link:

    • topgun/k8s: move dns proxy tests to integration (#6947) @chenbh :link:

    • Don't check resource-types from paused pipelines (#6961) @taylorsilva :link:

    • Add drills environment to major release template (#6967) @clarafu :link:

    • Using osFlag to fix windows worker error (#6971) @EstebanFS :link:

    • contributing: cover governance model, be brief (#6972) @vito :link:

    • [skip-migrations-check] bump secondary_order migration (#6979) @aoldershaw :link:

    • .github: set up security scanning action (#6992) @vito :link:

    • Fix bugs related to caching streamed volumes (#7001) @aoldershaw :link:

    • Fix caching when streamed volume was also streamed (#7024) @aoldershaw :link:

    • Upgraded xenial to bionic stemcell (#7037) @EstebanFS :link:

    • 7.3.x: make resource cache streaming opt-in (#7051) @taylorsilva :link:

    • 7.3.x: Fix capture of failing topgun tests logs (#7055) @taylorsilva :link:

    • 7.3.x: update regex for capturing instances (#7063) @taylorsilva :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.3.0-darwin-amd64.tgz(109.83 MB)
    concourse-7.3.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.3.0-linux-amd64.tgz(716.28 MB)
    concourse-7.3.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.3.0-windows-amd64.zip(105.64 MB)
    concourse-7.3.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.3.0-darwin-amd64.tgz(24.66 MB)
    fly-7.3.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.3.0-linux-amd64.tgz(24.77 MB)
    fly-7.3.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.3.0-windows-amd64.zip(24.75 MB)
    fly-7.3.0-windows-amd64.zip.sha1(70 bytes)
  • v7.2.0(Apr 14, 2021)

    🚨 Breaking

    • Wait for worker matching strategy when scheduling build steps (#6635) @multimac :link:
      • Previously, if no workers satisfied the container placement strategy for a step (with the exception of task steps when using the limit-active-tasks placement strategy), the step would simply error the build
      • Now, all steps will wait for a worker to become available
      • The metric concourse_tasks_waiting was removed and replaced with concourse_steps_waiting{type="task"}

    ✈️ Features

    • Add ability to navigate to resources page from build page (#6662) @chenbh :link:
      UI: clicking on the version text for a get/put step in the Build page will now navigate directly to the Resource page with the corresponding version expanded

    • Allow using LDAP as a password connector (#6671) @aoldershaw :link:

      • By setting --password-connector ($CONCOURSE_PASSWORD_CONNECTOR) to ldap, you can authenticate to Concourse with fly login -u ... -p ... using your LDAP credentials
        • Enabling this feature prohibits the use of local users
      • If you use an attribute other than username for authenticating with LDAP (e.g. email address), you can now configure --username-prompt ($CONCOURSE_USERNAME_PROMPT) to change the help text when logging in via the UI
    • Optimize check creation in DB (#6845) @aoldershaw :link:

    • Add DB index to optimize paginating job builds (#6871) @aoldershaw :link:

    • enhance put.inputs detect to ignore prefixed . and .. (#6705) @evanchaoli :link:

      • input: detect now can handle paths prefixed by . and ...

    🐞 Bug Fixes

    • Fix empty worker tags (#6057) @aholyoake-bc :link:

    • runtime: check if swap limits is enabled (#6652) @taylorsilva :link:

      • The containerd runtime will conditionally set memory swap limits if it detects that memory swap limits are enabled
    • runtime: timeout set to 0 means there is no timeout (#6655) @EstebanFS :link:

      • When CONCOURSE_CONTAINERD_REQUEST_TIMEOUT is set to 0 that means there is no timeout
    • feat(atc): add check build metrics. (#6656) @evanchaoli :link:

      • Fixed metrics BuildsStarted, BuildsRunning, BuildStarted, BuildFinsished to exclude check builds.
      • Added check build metrics: CheckBuildsStarted, CheckBuildsRunning, CheckBuildStarted, CheckBuildFinsished
    • better handling for containerd error message (#6668) @muntac :link:

      • Fixed a bug with the containerd runtime where gracefully stopping a container might have failed with an unhandled error. Now it gracefully shuts down.
    • Prevent UI from stalling when you keep the resource page open for a while (#6703) @aoldershaw :link:

    • move migration table updating SQL into a migration transaction (#6727) @xtremerui :link:
      Fix a bug where a completed migration was not recorded in migrations_history table

    • Build image resource caches foreign key constraint to job ids should be on delete cascade (#6757) @clarafu :link:

      • This change fixes a bug that was introduced in v7.1.0 where deleting a pipeline could possibly result in a 500 error. This was caused by a foreign key constraint within the build_image_resource_caches table referencing a job in the jobs table.
    • Fix race condition in containerd runtime resulting in lost output for quickly printing-then-exiting processes (#6776) @vito :link:

    • update check metrics comments. (#6858) @evanchaoli :link:

      • Just update code comments, no release impact.

    🤷 Miscellaneous

    • Bump dex to 0.4.0 and remove pkger (#6669) @aoldershaw :link:

    • github config updates (#6672) @vito :link:

    • Add "misc" label to dependabot (#6700) @chenbh :link:

    • fix go mod (#6716) @aoldershaw :link:

    • more lenient context deadline checking for containerd graceful process termination (#6717) @aoldershaw :link:
      Very rarely graceful shutdowns will return a context timeout error instead of gracefully shutting down.

    • fix font antialiasing issue due to less dependency bump (#6739) @aoldershaw :link:

    • Don't enforce step timeout during worker selection (#6760) @aoldershaw :link:

    • Avoid task specific error in load_var file artifact look-up (#6829) @kjgorman :link:

    • remove accidentally committed sql in migration (#6841) @xtremerui :link:

    • add release/undocumented labels to dependabot (#6842) @chenbh :link:

    • .github: add template for rfc tracking issue (#6844) @vito :link:

    • Remove unused ci folders (#6870) @taylorsilva :link:

    • [release/7.2.x] fast-forward (#6875) @chenbh :link:

    • [release/7.2.x] add help text for password connector flag (#6877) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.2.0-darwin-amd64.tgz(111.01 MB)
    concourse-7.2.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.2.0-linux-amd64.tgz(712.49 MB)
    concourse-7.2.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.2.0-windows-amd64.zip(107.04 MB)
    concourse-7.2.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.2.0-darwin-amd64.tgz(24.83 MB)
    fly-7.2.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.2.0-linux-amd64.tgz(24.92 MB)
    fly-7.2.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.2.0-windows-amd64.zip(25.16 MB)
    fly-7.2.0-windows-amd64.zip.sha1(70 bytes)
  • v6.7.6(Mar 29, 2021)

    🐞 Bug Fixes

    • backport #6197: Prevent retrying on worker error when build is aborted (#6598) @evanchaoli :link:

    • Bump lib/pq to 1.10.0 which fixes a regression in lib/pq where under certain circumstances the driver would not drop dead connections and never recover. (#6746) @taylorsilva :link:

    • Fix a panic in the New Relic metrics emitter (#6747) @taylorsilva :link:

    🤷 Miscellaneous

    • Fix unit test after go 1.16 (#6553) @chenbh :link:

    • 6.7 remove packr backport (#6585) @xtremerui :link:

    • switch base_image build arg to lowercase (#6754) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.6-darwin-amd64.tgz(88.69 MB)
    concourse-6.7.6-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.6-linux-amd64.tgz(790.30 MB)
    concourse-6.7.6-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.6-windows-amd64.zip(85.19 MB)
    concourse-6.7.6-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.6-darwin-amd64.tgz(19.36 MB)
    fly-6.7.6-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.6-linux-amd64.tgz(19.47 MB)
    fly-6.7.6-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.6-windows-amd64.zip(19.64 MB)
    fly-6.7.6-windows-amd64.zip.sha1(70 bytes)
  • v7.1.0(Mar 16, 2021)

    ✈️ Features

    • Allow favoriting instance groups (#6465) @aoldershaw :link:

    • Start non-privileged containers in their own cgroup namespace (#6492) @muntac :link:

    • Change SideBar "menu" icon (#6516) @chenbh :link:

      • Updated the visuals for the button to open and close the sidebar
    • Adjust spacing and padding for elements in pipeline card view in Dashboard (#6539) @xtremerui :link:

    • Show warning for pipelines configured with 'set_pipeline' step (#6621) @Infra-Red :link:

      • fly set-pipeline now prints warning message when the pipeline has already been configured through a set_pipeline step.
    • Bump baggageclaim to v1.11.0 (#6643) @taylorsilva :link:

      • Privileged container initialization will be much faster for workers using OverlayFS as the baggageclaim driver and if their kernel supports OverlayFS's metacopy feature

    🐞 Bug Fixes

    • Skip build log reaping process for paused jobs (#6573) @aoldershaw :link:

    • Fix reaped link in UI (#6579) @aoldershaw :link:

    • containerd: fix mount issues with certain images (#6592) @aoldershaw :link:

      • Fix an issue on the containerd runtime where processes fail to run with certain container images
    • Check parent resource types of resources that have set check_every: never (#6603) @taylorsilva :link:

      • Resources that had check_every: never who's type was defined in resource_types in their pipeline, would fail to check because the parent resource type would never be checked
    • Bump elm-ansi to support 8-bit and 24-bit ANSI colors (#6605) @aoldershaw :link:

      • Fixes a bug where ANSI escape codes for 8-bit/24-bit colors were misinterpreted, resulting in build logs blinking and other peculiarities
    • Only interpolate static vars when it does not contain a source (#6619) @chenbh :link:

      • Fixed bug where static vars from fly set-pipeline -v ... -y ... were interpolated into local vars ((.:var))
    • containerd: infer MTU from host's network interface (#6624) @aoldershaw :link:

      • In prior versions of Concourse, the Containerd runtime always set the MTU of the container bridge network to the system default
      • Now, the Containerd matches Guardian's behavior by:
        • Detecting the external IP of the host (can be set explicitly using CONCOURSE_CONTAINERD_EXTERNAL_IP)
        • Extracting the MTU from the network interface corresponding with that IP (can be set explicitly using CONCOURSE_CONTAINERD_MTU)

    🤷 Miscellaneous

    • Cache streamed volumes and try to get by looking for local cache (#6495) @evanchaoli :link:

      • was reverted https://github.com/concourse/concourse/pull/6659 due to multiple bugs found in testing
    • Fix unit test after go 1.16 (#6545) @chenbh :link:

    • Switch migrations + web assets to Go 1.16 embedding (#6550) @vito :link:

    • Cleanup from staticcheck (#6561) @taylorsilva :link:

    • Update fake files generated by latest version of counterfeiter. (#6564) @evanchaoli :link:

    • Default to containerd in docker-compose.yml (#6580) @aoldershaw :link:

    • Bump elliptic from 6.5.3 to 6.5.4 (#6653) @dependabot :link:

    • Revert "feat(atc): cache streamed volumes and try to get by looking for local cache" (#6659) @clarafu :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.1.0-darwin-amd64.tgz(102.44 MB)
    concourse-7.1.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.1.0-linux-amd64.tgz(706.22 MB)
    concourse-7.1.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.1.0-windows-amd64.zip(98.69 MB)
    concourse-7.1.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.1.0-darwin-amd64.tgz(22.69 MB)
    fly-7.1.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.1.0-linux-amd64.tgz(22.81 MB)
    fly-7.1.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.1.0-windows-amd64.zip(23.00 MB)
    fly-7.1.0-windows-amd64.zip.sha1(70 bytes)
  • v7.0.0(Feb 16, 2021)

    🚨 Breaking

    • Run checks as builds (#6022) @vito :link:

      • Breaking change: unique_version_history can no longer be configured on resource types. No one seemed to be using it, and it made internal architecture unnecessarily complicated. The need for it should go away entirely as we make progress on the v10 roadmap.
      • Resource check operations, which collect and save versions for pipeline resources, are now run as builds.
        • This is largely an internal architecture refactor, but it also improves UX - check output can now be viewed on the resource page!
      • fly check-resource and fly check-resource-type now stream the checking output to the user, just like fly watch and fly trigger-job.
      • This change includes a migration to convert id column of the builds table and all tables referencing build_id to a bigint. This is unfortunately a slow migration, so please anticipate downtime proportional to the amount of builds in your database.
        • If the migration fails with deadlock detected, shut down the other web nodes first.
        • Our large-ish scale test environment took about an hour.
    • Remove aggregate step (#6349) @taylorsilva :link:

      • Removing the aggregate step as planned. It is succeeded by the in_parallel step.

    ✈️ Features

    • The formerly-experimental containerd runtime is now GA and is considered ready for production use :link:

      • We will be changing the default container runtime from Guardian to containerd in coming releases, but we encourage using the containerd runtime ASAP
      • To enable the containerd runtime, set --runtime ($CONCOURSE_RUNTIME) to containerd on the concourse worker command
      • You will also need to convert any --garden-* ($CONCOURSE_GARDEN_*) flags to their containerd counterparts:
        • --garden-request-timeout ($CONCOURSE_GARDEN_REQUEST_TIMEOUT) -> --containerd-request-timeout ($CONCOURSE_CONTAINERD_REQUEST_TIMEOUT)
        • --garden-dns-proxy-enable ($CONCOURSE_GARDEN_DNS_PROXY_ENABLE) -> --containerd-dns-proxy-enable ($CONCOURSE_CONTAINERD_DNS_PROXY_ENABLE)
        • --garden-network-pool ($CONCOURSE_GARDEN_NETWORK_POOL) -> --containerd-network-pool ($CONCOURSE_CONTAINERD_NETWORK_POOL)
        • --garden-max-containers ($CONCOURSE_GARDEN_MAX_CONTAINERS) -> --containerd-max-containers ($CONCOURSE_CONTAINERD_MAX_CONTAINERS)
        • $CONCOURSE_GARDEN_DENY_NETWORKS -> --containerd-restricted-network ($CONCOURSE_CONTAINERD_RESTRICTED_NETWORK)
        • $CONCOURSE_GARDEN_DNS_SERVER -> --containerd-dns-server ($CONCOURSE_CONTAINERD_DNS_SERVER)
      • If you rely on any Garden config that is not yet supported on our containerd runtime, please open an issue
    • Perform image fetching using check/get sub-steps (#6153) @vito :link:

      • Image fetching for resources and resource types is now handled explicitly in the build plan using check and get steps, and can be inspected in the UI

      image

    • Show resource check build output in web UI (#6137) @vito :link:

    • Enforce SetPipeline policy check in set_pipeline step (#5932) @cludden :link:

      • When OPA integration is enabled, the set_pipeline step now respects the same policy check as fly set-pipeline
    • Speed up database queries by adding a job_id column to build image resource caches table and adding an index for ordering builds of a job (#5993) @clarafu :link:

    • Allow globs in groups (#6060) @andy-paine :link:

      • groups in a pipeline can now match jobs based on globs e.g.:
        groups:
        - name: deploy
          jobs:
          - deploy-*
        
    • Add flag to concourse worker to overwrite init binary path for the containerd runtime (#6086) @chenbh :link:

      • The init binary can be configured using the --containerd-init-bin flag ($CONCOURSE_CONTAINERD_INIT_BIN)
    • Make CNI plugins directory configurable for the containerd runtime (#6120) @muntac :link:

      • CNI plugins directory can be configured using the --containerd-cni-plugins-dir flag ($CONCOURSE_CONTAINERD_CNI_PLUGINS_DIR)
    • Fallback fly intercept to sh when bash is missing (#6098) @shua :link:

      • If no command is specified,fly intercept will first try to use bash for an interactive shell, but if the container returns an error indicating bash is not available, fly will fallback to the more common (but more limited) sh
      • If this fallback logic is not desired, the user can explicitly specify bash as the path argument to the fly intercept command
    • Add Honeycomb.io as optional tracing backend (#6103) @spire-allyjweir :link:

    • [experimental] Group instanced pipelines on UI (#6105) @aoldershaw :link:

      • Instanced pipelines (RFC) provide a mechanism for constructing multiple instances of a pipeline template that differ by some parameters
        • e.g. to support multiple release lines, you may have a collection of instanced pipelines called release that differ by the version line (1.0.x, 1.1.x, 2.0.x, etc.)
      • All instanced pipelines with the same name (but different parameters) will be collected in the UI into a grouping of related pipelines, removing clutter from the dashboard when there are many instances of a pipeline template
      • Instanced pipelines are currently experimental until we work out the UX, but if you'd like to play around with them, you can set the flag --enable-pipeline-instances ($CONCOURSE_ENABLE_PIPELINE_INSTANCES)
    • Update go module dependencies [go.opentelemetry.io/otel] (#6106) @christophermancini :link:

    • Implement support for Vault KV v2 backends (#6115) @daviddob :link:

    • add support for exporting traces via OTLP (#6122) @christophermancini :link:

      • Added support for OTLP as a target for traces to be exported to
    • Add index to speed up build deletion, fix up a few issues with checks as builds (#6125) @vito :link:

    • Add --team flag to fly order-pipelines command (#6132) @witjem :link:

    • Add --team option to fly get-pipeline command (#6144) @techgaun :link:

    • Add --team option to fly expose-pipeline command (#6169) @techgaun :link:

    • Ensure pipelines contain at least one job (#6159) @taylorsilva :link:

      • Pipelines are now validated to ensure that they contain at least one job - pipeline configs with no jobs will be rejected
    • set_pipeline step prints 'no changes to apply' (#6164) @mdb :link:

      • set_pipeline now prints "no changes to apply" and thereby behaves similarly to fly set-pipeline when a pipeline config contains no changes.
    • Update colours and contrast (#6168) @jomsie :link:

    • Experimental support for P2P Volume Streaming (#6186) @evanchaoli :link:

      • Support P2P volume streaming directly between two workers instead of through the ATC.
        • This is an opt-in feature enabled with --enable-p2p-volume-streaming or env var $CONCOURSE_ENABLE_P2P_VOLUME_STREAMING on the web nodes. When this feature is enabled, --baggageclaim-bind-ip on workers should be set to 0.0.0.0 so that baggage claim can be accessed from another workers.
        • This should only be used for clusters where all workers can reach each other on the same local network.
        • Adds --baggageclaim-p2p-interface-name-pattern and --baggageclaim-p2p-interface-family to the worker command.
    • Add a new metric "volumes streamed" (#6187) @evanchaoli :link:

    • Log the worker name when creating a container fails (#6188) @evanchaoli :link:

    • Support chained container placement strategies. (#6208) @evanchaoli :link:

      • Enhanced container placement strategy to support chained strategies, for example CONCOURSE_CONTAINER_PLACEMENT_STRATEGY=volume-locality,fewest-build-containers
    • Add new container placement strategies: limit-max-containers and limit-max-volumes (#6339) @evanchaoli :link:

      • These strategies prevent scheduling on workers that already have too many containers or volumes on them (respectively), according to a limit set by --max-active-containers-per-worker, --max-active-volumes-per-worker
      • A possibly placement strategy chain to better balance workloads across workers could be [limit-max-containers, limit-max-volumes, volume-locality, fewest-build-containers]
        • This strategy chain first filters out workers that already have too many containers/volumes, then chooses all the workers with the most inputs already present locally, breaking ties by preferring the worker with fewer containers
      • Note: workers are not guaranteed to never exceed the maximum specified limits
    • go-concourse surfaces error messages on saving pipelines (#6222) @andy-paine :link:

      • where fly set-pipeline would simply print forbidden when the underlying API call returned a 403 status, now the body of the response will be printed. In particular, errors originating from OPA policy check rejections will be printed.
    • Don't enforce timeouts during image fetching (#6237) @vito :link:

    • Ignore paused jobs when displaying pipeline status in the UI (#6270) @chenbh :link:

      • The UI will no longer consider paused jobs when figuring out the overall status of a pipeline
    • Skip checking put-only resources (#6281) @evanchaoli :link:

      • An optimization which should lower the resource checking load on some instances: instead of checking all resources, only resources which are actually used as inputs will be checked. This feature was released in 6.0.0 and reverted in 6.6.0 because of its side effects. Now after resolving those side effects, it's back.
      • The --enable-skip-checking-not-in-use-resources flag has been removed as it is no longer needed.
    • fly set-pipeline prints pipeline name and instance vars (#6300) @aoldershaw :link:

    • Remove legacy logic for dealing with resource versions that have a check order of zero (#6323) @clarafu :link:

      • Includes a migration that will delete any versions with a check order of 0. This should not affect anything because versions with a check order of 0 are invalid versions.
      • Should speed up some queries that had legacy logic with filtering on versions with a check order of 0.
    • fly: Add fish auto complete (#6329) @Sasasu :link:

      • fly: add autocomplete for fish.
    • start containerd with low oom_score (#6330) @muntac :link:

      • It is recommended that containerd be started with an oom_score of -999. We want it to be at the level of other system daemons. This is so that containerd never runs into an out of memory state before the containers it's managing are cleaned up. At the same time it should not be unkillable.
    • Give worker registration its own database connection pool (#6332) @taylorsilva :link:

      • Give the worker registration endpoint its own database connection pool to avoid the situation where the API connection pool is maxed out and workers fail to register and stall
    • Allow underscore in identifiers (#6338) @aoldershaw :link:

    • Support for mTLS (#6355) @nickhyoti :link:

      • Added support for mTLS between Concourse and a reverse proxy that may be in front of Concourse
    • Allow configuring login and query timeouts for Vault (#6362) @evanchaoli :link:

      • These timeouts can be configured using CONCOURSE_VAULT_LOGIN_TIMEOUT and CONCOURSE_VAULT_QUERY_TIMEOUT respectively
      • The new default login timeout is 60s
    • Expose username of who manually triggered build to build metadata. (#6369) @evanchaoli :link:

      • fly builds has a new column created by that shows a user ID if a build is triggered manually.

      • A new build metadata BUILD_CREATED_BY may be exposed to resource. It is not exposed by default; you need to turn it by add expose_build_created_by when defining a resource:

        resources:
        - name: some-resource
          type: some-type
          expose_build_created_by: true
          source:
            ...
        
      • As different authentication connectors populate different claims, a new concourse web CLI option --concourse-display-user-id-per-connector is added that allow cluster administrator to configure which claims field should be consider as unique user id

        • Values of this option should be in format <connector>:<fieldname>
          • connector is one of: ldap, github, cf, bitbucket-cloud, gitlab, microsoft, oauth, oidc or saml
          • fieldname is one of:
            • user_id mapping to claims' user id field
            • name mapping to claims' username field
            • username mapping to claims' preferred username field
            • email mapping to claims' email field
    • Allow disabling resource checking for individual resources (#6386) @taylorsilva :link:

      • Automatic resource checking for individual resources can be disabled by setting check_every: never in a resource's definition
    • db: lidar checks put-only resources with failed checks (#6412) @taylorsilva :link:

      • Lidar now checks any put-only resources that ran a check which failed.
    • Add a flag to migrate to the latest db version (#6426) @taylorsilva :link:

      • add a --migrate-to-latest-version flag to the migrate command. This flag has concourse perform database migrations to the latest database version.
      • the concourse web command will still automatically migrate the database
    • Enhance search bar filtering and allow filtering by instance group (#6433) @aoldershaw :link:

      • Allow filtering by exact match on the dashboard by quoting search terms
      • Allow applying multiple search filters simultaneously (e.g. team:"main" status:paused)
      • Make search suggestions more intelligent
    • Add more tooltips for action buttons (#6453) @aoldershaw :link:

      • Many buttons in the UI now have a tooltip on hover to indicate what they do
    • Bump BaggageClaim to v1.10.0 (#6500) @vito :link:

      • Windows workers will now shell out to the much faster robocopy executable for copying local files. This should dramatically improve performance for Windows tasks which utilize caches: for caching a bunch of tiny files.
    • metrics: make tasks_wait_duration histogram record up to 1h (#6506) @marco-m-pix4d :link:

    • Removes unnecessary indexes from build events tables (#6522) @clarafu :link:

    • Allow @ in vars path (#6129) @xtremerui :link:

    🐞 Bug Fixes

    • fly pin-resource requires a version if the resource is unpinned (#6095) @jamieklassen :link:

      • Previously, you could run the command on an unpinned resource without passing a version -- it would run and succeed, but do nothing. Now the command will fail and print an error message.
    • Fix pipeline cards being rendered off-screen when sidebar was open (#6102) @aoldershaw :link:

      • Fixes occasional bug where pipelines would be rendered off-screen after a refresh on the dashboard
    • Fix quoting for var subkeys (#6108) @vixus0 :link:

      • Fix interpolation of quoted variable fields containing special characters.
    • Prevent set_pipeline runtime error (#6116) @mdb :link:

      • set_pipeline of a YML pipeline configuration file with no jobs: or resources: no longer causes a runtime error: invalid memory address or nil pointer dereference.
    • Use default uid:gid if passwd file does not exist and username is "root" (#6142) @chenbh :link:

      • The containerd runtime will now default to uid:gid 0:0 if username is "root" but /etc/passwd file does not exist
      • This matches the behaviour of the default guardian backend
    • Preserve whitespace within build output (#6157) @clarafu :link:

      • In v6.6.0, whitespace was collapsed in order to fix a bug with horizontal scrolling in the build output. This change will preserve all whitespace while also keeping the horizontal scrolling fix.
    • Prevent retrying on worker error when build is aborted (#6197) @evanchaoli :link:

      • Fixed a endless build retry bug
    • Limit configured by limit-active-tasks is not respected and more tasks can land on a worker (#6216) @aliculPix4D :link:

    • Remove any existing guardian assets (#6257) @taylorsilva :link:

      • The worker will now clear out any existing Guardian assets on start-up (/var/gdn/assets)
      • This fixes in-place upgrade scenarios where guardian was using old versions of runc
    • atc: abort a rerun build if input version gone (#6265) @xtremerui :link:

      • A rerun build will be aborted automatically if required version of any input is not available.
    • set-pipeline prompted unpause-pipeline command should have --team option. (#6336) @evanchaoli :link:

      • Fixed a bug of fly set-pipeline where --team option was missing in the prompted unpause-pipeline command.
    • Fix mount issues on containerd (#6348) @muntac :link:

      • Set the appropriate permissions for mounts in privileged containers.
      • Use the Linux default size for /dev/shm (shared memory) mount.
    • Bump baggageclaim to 1.9.1 to fix deeply-nested volumes with overlay driver (#6393) @vito :link:

      • This was partially fixed by #5961, but that original fix did not solve the problem in all cases
    • Ensure task, set_pipeline, load_var steps have names (#6410) @taylorsilva :link:

      • Return an error when no identifier is provided for task, set_pipeline, and load_var steps
    • add lock for concourse migrate to latest version cmd (#6510) @xtremerui :link:

    🤷 Miscellaneous

    • Apply bigint migrations to build_events partitions and read from old/new columns instead (#6305) @vito :link:

      • Rather than migrating the build_events table's build_id column to bigint, which we found to be too slow in large deployments, this PR adds a new bigint column to the build_events table that is populated at runtime
      • When querying for build events, we consider both the old and new column, since builds run prior to the upgrade to 7.0.0 will only have the old column set
    • Migrate build_id references to bigint (#6203) @vito :link:

      • This migration can be quite slow if you have a ton of builds, meaning web nodes may take a while to start upon upgrading.
      • This does not migrate the build_events table - that is handled in #6305
    • Update k8s-topgun for Helm v3 (#6034) @xtreme-vikram-yadav :link:

    • Refactor RunState to have ownership over build vars (#6082) @aoldershaw :link:

    • Switch back to upstream go-flags (#6096) @jamieklassen :link:

    • Fix fly integration tests on windows (#6099) @aoldershaw :link:

    • Add an example for the release note section in the pr template (#6109) @clarafu :link:

    • Add DeepSource config (#6110) @vito :link:

    • Emit start/finish metrics from check step (#6119) @vito :link:

    • Cleanup k8s topgun releases if failure occurs outside of It block (#6131) @chenbh :link:

    • Convert a few failing TopGun tests to Testflight (#6136) @vito :link:

    • Use custom types for CPU/Memory limits (#6143) @aoldershaw :link:

    • Minor refactoring around Variables (#6152) @aoldershaw :link:

    • Introduce dbtest package for higher-level test setup (#6156) @vito :link:

    • k8s topgun: fix panic (#6167) @chenbh :link:

    • Rename engine/builder types, merge into engine/ package (#6174) @vito :link:

    • Use dot notation in instanced pipelines API (#6177) @zoetian :link:

    • Respect tags when fetching images, send public plans in fetching events (#6184) @vito :link:

    • Fix topgun/k8s tests (#6185) @xtreme-sameer-vohra :link:

    • Fix check container placement, and only use check sessions for pipeline resource checks (#6189) @vito :link:

    • Update last check end time on check failure/error (#6192) @vito :link:

    • Bump dex module to v0.2.0 (#6195) @xtremerui :link:

      • Concourse uses a fork of Dex as its auth module. This Dex fork had not being synced up with upstream since v2.16.0. Now it tracks the latest v2.25.0. There are lots of improvements and bug fixes. Also some new connectors are available (Google, OpenShift, Atlassiancrowd etc,), we will evaluate and support them in future releases. An issue is created for tracking https://github.com/concourse/concourse/issues/6194.
    • Determine across step's max_in_flight at runtime (#6200) @aoldershaw :link:

    • Fix pipeline UI non-trigger input edges showing up as trigger (#6202) @vito :link:

    • topgun: use busybox for http proxy... for now (#6204) @vito :link:

    • Fix race condition with check build creation + starting (#6205) @vito :link:

    • Clear build events from previous resource/resource type check (#6211) @aoldershaw :link:

    • fast forward release branch (#6212) @chenbh :link:

    • Use proper types for jobs and resources on pipeline page (#6214) @aoldershaw :link:

    • Acquire lock on builds table in build_id migrations (#6219) @aoldershaw :link:

    • Revert "migration: acquire lock on builds table in build_id migrations" (#6220) @aoldershaw :link:

    • Use proper types for jobs and resources on pipeline page (#6221) @aoldershaw :link:

    • Use base resource type defaults in get/put steps (#6224) @aoldershaw :link:

      • This functionality already exists in v6.7.0+
    • [topgun/k8s] Stop leaking namespaces in test env (#6227) @taylorsilva :link:

    • [release/6.7.x] use k8s/client-go v11.0 for topgun (#6232) @chenbh :link:

    • Check step only acquires lock for periodic pipeline resource checks (#6235) @vito :link:

    • Fix up test data race for build tracker (#6254) @vito :link:

    • Add docker-compose overrides for SAML, LDAP, OAuth, and OIDC (#6262) @chenbh :link:

    • fly: give more leeway for slow test (#6264) @aoldershaw :link:

    • [topgun] skip failing topgun/k8s test (#6287) @taylorsilva :link:

    • Optimize fly tests (#6299) @muntac :link:

    • fly intercept falls back to sh when bash is missing (containerd runtime) (#6304) @aoldershaw :link:

    • add yarn install step to web ui instructions (#6313) @muntac :link:

    • Avoid recompiling fly in tests (#6317) @vito :link:

    • Fix 'fly sync' Windows tests (#6320) @vito :link:

    • fly rename-pipeline can rename an entire instance group (#6321) @aoldershaw :link:

    • Merge v6.7.2 into master [skip-migrations-check] (#6328) @vito :link:

    • limit-active-tasks strategy waits for a worker to be available (#6359) @taylorsilva :link:

      • This is the current behavior of limit-active-tasks, but it was broken during development. It does not impact a released version of concourse
    • Bump dex to patch an XML vulnerability (#6370) @taylorsilva :link:

      • Bump Dex to 2.27.0 which fixes a vulnerability in the go XML library
      • Concourse v6.7.3+ also has this patch applied
    • Refactor worker selection to facilitate adding multiple worker runtimes (#6387) @aoldershaw :link:

    • Deterministic ordering of ?vars params for instanced pipelines API (#6392) @aoldershaw :link:

    • build(deps): bump ini from 1.3.5 to 1.3.8 in /web/wats (#6394) @dependabot :link:

    • build(deps): bump ini from 1.3.5 to 1.3.8 (#6395) @dependabot :link:

    • Fix build finished metric for prometheus (#6401) @taylorsilva :link:

      • This doesn't affect any released version of Concourse, but the bug was introduced in a PR during development
    • Show instance vars in set_pipeline step header (#6409) @aoldershaw :link:

    • Fix archived pipeline check on the resource/job/build page for an instanced pipeline (#6414) @aoldershaw :link:

    • docker: add build arg for base image (#6415) @aoldershaw :link:

    • Fix groups with OIDC connector (#6436) @konstl000 :link:

      • Adds an --oidc-disable-groups flag that disables fetching groups claims from an upstream OIDC provider. By default, the groups claim is fetched (as with previous version of Concourse)
      • This was fixed in 6.7.4 as part of #6448.
    • make it clear on oidc scopes configuration (#6443) @xtremerui :link:

    • Remove --force in k8s-topgun test (#6449) @xtremerui :link:

    • Optimize fly windows tests (#6450) @aoldershaw :link:

    • introduce new integration test suite (#6479) @vito :link:

    • Skip Vault tests in Topgun (#6481) @aoldershaw :link:

    • move pkged.go to cmd/concourse/ (#6482) @vito :link:

    • runtime: add test coverage for container.Stop() (#6483) @muntac :link:

    • hide "group:" dropdown suggestion in search (#6487) @aoldershaw :link:

    • Optimize postgres runner for db tests (#6489) @aoldershaw :link:

    • Ignore archived pipelines for instance group count in top bar (#6491) @aoldershaw :link:

    • rename OIDC skip email verified flag (#6497) @aoldershaw :link:

    • Back-port integration test suite (#6499) @aoldershaw :link:

    • worker/runtime: remove no-op device rule (#6507) @muntac :link:

    • Optimize check deletion (#6511) @aoldershaw :link:

    • Add index and mini refactor to the check lifecycle query (#6517) @clarafu :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-7.0.0-darwin-amd64.tgz(108.17 MB)
    concourse-7.0.0-darwin-amd64.tgz.sha1(75 bytes)
    concourse-7.0.0-linux-amd64.tgz(710.97 MB)
    concourse-7.0.0-linux-amd64.tgz.sha1(74 bytes)
    concourse-7.0.0-windows-amd64.zip(103.56 MB)
    concourse-7.0.0-windows-amd64.zip.sha1(76 bytes)
    fly-7.0.0-darwin-amd64.tgz(23.78 MB)
    fly-7.0.0-darwin-amd64.tgz.sha1(69 bytes)
    fly-7.0.0-linux-amd64.tgz(23.92 MB)
    fly-7.0.0-linux-amd64.tgz.sha1(68 bytes)
    fly-7.0.0-windows-amd64.zip(24.02 MB)
    fly-7.0.0-windows-amd64.zip.sha1(70 bytes)
  • v6.7.5(Feb 10, 2021)

    🐞 Bug Fixes

    • backport pkger fix to 6.7.x (#6480) @vito :link:

    • Backport https://github.com/concourse/concourse/pull/6478 to 6.7.x branch (#6496) @kirillbilchenko :link:

      • Some OIDC providers don't include the email_verified claim, which causes a validation error by default
      • To support these providers, you can set CONCOURSE_OIDC_SKIP_EMAIL_VERIFIED_VALIDATION to true

    🤷 Miscellaneous

    • Back-port integration test suite (#6499) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.5-darwin-amd64.tgz(93.65 MB)
    concourse-6.7.5-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.5-linux-amd64.tgz(799.50 MB)
    concourse-6.7.5-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.5-windows-amd64.zip(89.45 MB)
    concourse-6.7.5-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.5-darwin-amd64.tgz(20.29 MB)
    fly-6.7.5-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.5-linux-amd64.tgz(20.40 MB)
    fly-6.7.5-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.5-windows-amd64.zip(20.49 MB)
    fly-6.7.5-windows-amd64.zip.sha1(70 bytes)
  • v6.7.4(Jan 26, 2021)

    This patch is focused on fixing some bugs that came from bumping dex in 6.7.3. If you were having auth issues after upgrading to 6.7.3 try this patch!

    ✈️ Features

    • Backport #6362 to 6.7.x: handle slow Vault (#6413) @evanchaoli :link:
      Enhanced var_sources to handle slow Vault, like Vault login might take longer than 5 seconds.

    🐞 Bug Fixes

    • Add team groups to Dex response for Bitbucket connector (#6442) @aoldershaw :link:

    • Fix OIDC connector not fetching groups claim (#6448) @xtremerui :link:
      Fixed a regression that introduced in 6.7.3 that OIDC connector by default not fetching groups claim. Now OIDC connector always fetches groups claim unless --oidc-disable-groups flag is set. Backport of https://github.com/concourse/concourse/pull/6436.

    • Fix an ATC crash caused by parallel load_var steps (#6457) @evanchaoli :link:

      • When multiple load_var steps were running in parallel, there was the risk of the ATC crashing due to concurrent map writes

    🤷 Miscellaneous

    • Optimize fly windows tests (#6450) @aoldershaw :link:

    📦 Bundled resource types

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.4-darwin-amd64.tgz(94.46 MB)
    concourse-6.7.4-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.4-linux-amd64.tgz(800.29 MB)
    concourse-6.7.4-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.4-windows-amd64.zip(92.07 MB)
    concourse-6.7.4-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.4-darwin-amd64.tgz(20.56 MB)
    fly-6.7.4-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.4-linux-amd64.tgz(20.67 MB)
    fly-6.7.4-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.4-windows-amd64.zip(20.77 MB)
    fly-6.7.4-windows-amd64.zip.sha1(70 bytes)
  • v6.7.3(Jan 12, 2021)

    🚨 Breaking

    • [6.7.x] Bump dex to 2.27.0 (#6371) @taylorsilva :link:
      • Bump Dex to 2.27.0 which fixes a vulnerability in the go XML library
      • This is only a breaking change for the OIDC connector when the downstream provider returns a preferred_username claim
        • Previously, the preferred_username claim would be ignored in favor of the --oidc-user-name-key concourse auth flag.
        • Now, the preferred_username claim takes precedence so its value will be used as concourse OIDC username.

    ✈️ Features

    • Allow underscore in identifiers (#6389) @aoldershaw :link:

    🐞 Bug Fixes

    • Fix auth bug (#6396) @evanchaoli :link:
      Fix an authorization bug, when a user has multiple roles in a team, then it may randomly hit "forbidden" error. Backport of #6368.

    • Add missing --team to fly set-pipeline: (#6406) @evanchaoli :link:
      Fixed a bug of fly set-pipeline where --team option was missing in the prompted unpause pipeline command. Backport of #6336.

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.3-darwin-amd64.tgz(94.41 MB)
    concourse-6.7.3-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.3-linux-amd64.tgz(804.89 MB)
    concourse-6.7.3-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.3-windows-amd64.zip(91.70 MB)
    concourse-6.7.3-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.3-darwin-amd64.tgz(20.53 MB)
    fly-6.7.3-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.3-linux-amd64.tgz(20.67 MB)
    fly-6.7.3-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.3-windows-amd64.zip(20.76 MB)
    fly-6.7.3-windows-amd64.zip.sha1(70 bytes)
  • v6.7.2(Nov 30, 2020)

    This release focuses on optimizations and bug fixes.

    ✈️ Features

    • Optionally skip resource checking for put-only resources. (#6271) @evanchaoli :link:
      Resource checking for put resources can be optionally turned off by using the feature flag CONCOURSE_ENABLE_SKIP_CHECKING_NOT_IN_USE_RESOURCES on the web command. Only resources which are used as inputs to a job will be checked as a result. This can lower the resource checking load on some instances. This feature was originally added in 6.0.0 and reverted in 6.6.0 because of two side effects: 1) put-only resources will no longer show version history in the UI, and 2) custom resource types of put-only resources will no longer be automatically checked. Please note that these side effects still exist at the moment.

    • Add index to improve pipeline and build deletion (#6273) @vito :link:
      Pipeline deletion had become slow and even caused some deadlocks in the database. This migration fixes those issues.

    • Ensure pipelines contain at least one job (#6310) @taylorsilva :link:
      Pipelines are now validated to ensure that they contain at least one job. Pipeline configurations with no jobs will be rejected.

    🐞 Bug Fixes

    • Remove any existing guardian assets on worker startup (#6257) @taylorsilva :link:
      The guardian runtime executable contains some other executables as dependencies, such as runc. Interestingly, it writes them to disk (/var/gdn/assets) at startup, and proceeds to run them from there. If the dependencies already exist from a previous version of guardian then they're not overwritten preventing the updated dependencies from being used. The worker will now clear out any preexisting guardian assets every time it starts. This fixes in-place upgrade scenarios on BOSH deployments where guardian kept using older versions of runc.

    • Abort a rerun build if input version is gone (#6265) @xtremerui :link:
      Sometimes a rerun of a build can get stuck in the pending state forever. This can happen if the resource version used for the original build no longer exists. For example, an older commit disappears when a user force pushes to a git repository. Builds will now abort instead of getting stuck when the resource version no longer exists.

    • Fix regression preventing the use of nested fields with fly set-pipeline --var (#6280) @aoldershaw :link:

      • A regression was introduced in 6.5.0 that prevented the use of nested fields when setting a pipeline variable via fly set-pipeline --var
        • For instance, pre 6.5.0, fly set-pipeline --var foo.bar=123 --var foo.baz=456 would create the variable foo with value {bar: 123, baz: 456} (that can be referenced in the pipeline config as ((foo.bar)), ((foo.baz)))
        • In 6.5.x/6.6.x, the same command would create variables "foo.bar" = 123 and "foo.baz" = 456 (that would have to be referenced in the pipeline config as (("foo.bar")) and (("foo.baz")), respectively)
        • If you want to set a variable with a . in it, you can now quote the flag: e.g. fly set-pipeline --var '"foo.bar"=123' (note that this requires quoting the entire flag in '...' to avoid shell expansion)
    • Only increment checks-enqueued when a check is created. (#6282) @evanchaoli :link:
      There was a metrics bug where checks-enqueued would get incremented even if a check already exists. This gave it a higher value than checks that have just been created.

    • Prevent set_pipeline runtime error (#6307) @evanchaoli :link:
      set_pipeline of a YML pipeline configuration file with no jobs: or resources: no longer causes a runtime error: invalid memory address or nil pointer dereference. This is a backport #6116.

    🤷 Miscellaneous

    • Optimize fly tests (#6299) @muntac :link:
    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.2-darwin-amd64.tgz(91.90 MB)
    concourse-6.7.2-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.2-linux-amd64.tgz(800.46 MB)
    concourse-6.7.2-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.2-windows-amd64.zip(89.63 MB)
    concourse-6.7.2-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.2-darwin-amd64.tgz(20.19 MB)
    fly-6.7.2-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.2-linux-amd64.tgz(20.33 MB)
    fly-6.7.2-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.2-windows-amd64.zip(20.42 MB)
    fly-6.7.2-windows-amd64.zip.sha1(70 bytes)
  • v6.7.1(Nov 2, 2020)

    This release bumps the docker-image resource type to v1.5.1 which contains a fix for the HEAD => GET request flow.

    NOTE: the docker-image resource type does not support configuring credentials in registry_mirror. This issue is somewhat fundamental, as the the docker CLI which the resource type uses doesn't support it either. If your registry mirror requires credentials, we recommend using the registry-image resource type instead - it's much more efficient, and it will replace the docker-image resource type entirely once it's ready.

    Source code(tar.gz)
    Source code(zip)
    concourse-6.7.1-darwin-amd64.tgz(94.87 MB)
    concourse-6.7.1-darwin-amd64.tgz.sha1(75 bytes)
    concourse-6.7.1-linux-amd64.tgz(805.79 MB)
    concourse-6.7.1-linux-amd64.tgz.sha1(74 bytes)
    concourse-6.7.1-windows-amd64.zip(90.92 MB)
    concourse-6.7.1-windows-amd64.zip.sha1(76 bytes)
    fly-6.7.1-darwin-amd64.tgz(21.22 MB)
    fly-6.7.1-darwin-amd64.tgz.sha1(69 bytes)
    fly-6.7.1-linux-amd64.tgz(20.39 MB)
    fly-6.7.1-linux-amd64.tgz.sha1(68 bytes)
    fly-6.7.1-windows-amd64.zip(20.51 MB)
    fly-6.7.1-windows-amd64.zip.sha1(70 bytes)
Owner
Concourse
Continuous thing doer
Concourse
this is a esohack buildeable src with rat (okhttp rat thing) people ask me for it so i did this

esohack 1.0.5 WITH RAT buildeable Src How to build: paste this in cmd gradlew setupDecompWorkspace gradlew build u gansta ill fix the mapped things la

Venuz !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 8 Dec 2, 2022
Sometimes people say that playing on anarchy servers far away from spawn is like Singleplayer with chat, so this mod just makes the exact thing possible.

Singleplayer With Chat Sometimes people say that playing on anarchy servers far away from spawn is like singleplayer with chat, so this mod just makes

null 5 Dec 2, 2022
Distributed and fault-tolerant realtime computation: stream processing, continuous computation, distributed RPC, and more

IMPORTANT NOTE!!! Storm has Moved to Apache. The official Storm git repository is now hosted by Apache, and is mirrored on github here: https://github

Nathan Marz 8.9k Dec 26, 2022
Free continuous integration platform for GitHub projects.

✋ Do not open new issues here! ✋ Travis CI Travis CI is a hosted continuous integration and deployment system. You can now test and deploy open source

Travis CI 8.3k Dec 31, 2022
Continuous Inspection

SonarQube Continuous Inspection SonarQube provides the capability to not only show health of an application but also to highlight issues newly introdu

SonarSource 7.4k Jan 4, 2023
Manage your continuous commit history beautifully ⭐

⭐ 스타를 눌러주세요 개발에 큰 도움이 됩니다! ⭐️ English 연속된 커밋기록을 아름답게 관리하세요 커밋을 끊기지 않고 연속해서 할 경우 숫자가 올라갑니다. 하루라도 커밋을 안하면 숫자가 0으로 초기화 됩니다. 아이디어나 발견 한 버그가 있다면 제보 해주세요 Co

xb205 33 Oct 11, 2022
IntelliJ plugin for continuous OpenAPI linting using the Spectral OpenAPI linter

Spectral IntelliJ Plugin This plugin is a wrapper for the tool Spectral, a linter for OpenApi schemas. It supports all Jetbrains IDEs starting at vers

Schwarz IT 19 Jun 6, 2022
Find solutions for the Cognizant Early Engagement Program [ Continuous Skill Development ].

Cognizant-Early-Engagement Early Engagement is a learning portal offered by Cognizant, where you can learn basic concepts of Java, Sql, Web Develepome

Saravana Kumar 176 Jan 3, 2023
Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more

Eclipse Jetty Canonical Repository This is the canonical repository for the Jetty project, feel free to fork and contribute now! Submitting a patch or

Eclipse Foundation 3.5k Dec 28, 2022
A little container and simulator for Complex Adaptive Systems (CAS)

Complex Adaptive Systems Description This is a little container and simulator for Complex Adaptive Systems (CAS). CAS are typically living Complex Sys

Pietro Dondi 1 Feb 13, 2022
Jetserver is a high speed nio socket based multiplayer java game server written using Netty and Mike Rettig's Jetlang.It is specifically tuned for network based multiplayer games and supports TCP and UDP network protocols.

Note New version of Jetserver is called Nadron and is in a new netty 4 branch of this same repo. JetServer is a java nio based server specifically des

Abraham Menacherry 1.2k Dec 14, 2022
Testcontainers is a Java library that supports JUnit tests, providing lightweight, throwaway instances of common databases, Selenium web browsers, or anything else that can run in a Docker container.

Testcontainers Testcontainers is a Java library that supports JUnit tests, providing lightweight, throwaway instances of common databases, Selenium we

null 6.7k Jan 9, 2023
Docker container orchestration platform

Helios Status: Bug-fix only This project was created when there were no open source container orchestration frameworks. Since the advent of Kubernetes

Spotify 2.1k Dec 20, 2022
Melnica Server is a custom basic Servlet Container application which depends on Socket Programming.

Melnica Server Melnica Server is a custom basic Servlet Container application which depends on Socket Programming. The Description of Project Melnica

Batuhan Düzgün 18 Jun 26, 2022
ESA Cabin is a lightweight class isolation container for Java applications.

Cabin Cabin是一款Java类隔离框架,用于隔离各个模块之间、模块和业务之间使用的第三方依赖库。使用Cabin后,模块SDK将只是用自己指定 版本的三方依赖,不会被业务引入的依赖所影响,保证业务正常运行,提高业务的开发效率,减少中间件同学此类重复的支持工作。 概述 ESA Cabin用于解决

ESA Stack 22 Dec 1, 2022
🏗 Build container images for your Java applications.

Jib ☑️ Jib User Survey What do you like best about Jib? What needs to be improved? Please tell us by taking a one-minute survey. Your responses will h

null 12.4k Jan 9, 2023
Isolated MinIO container management for Java code testing

TestContainers for MinIO MinIO support for the test containers project. Installation Unfortunately, TestContainers for MinIO is not available in any p

Olsi Qose 3 Sep 30, 2022
Team 5468's 2022 FRC robot code. This code is written in Java and is based off of WPILib's Java control system and utilizes a command based system

FRC 2022 Team 5468's 2022 FRC robot code. This code is written in Java and is based off of WPILib's Java control system and utilizes a command based s

null 4 Oct 4, 2022
Time-Based One-Time Password (RFC 6238) and HMAC-Based One-Time Password (RFC 4226) reference implementations and more.

Crypto Time-Based One-Time Password (RFC 6238) and HMAC-Based One-Time Password (RFC 4226) reference implementations and more. Getting Started TOTP ge

Oliver Yasuna 1 May 12, 2022