Alauda DevOps Pipelines Docs
  • English

    • Release Notes

    Tip

    The maintenance period for version v4.10.x is from 15 Apr, 2026 to 15 Apr, 2027.

    NOTE

    Release sequencing update: v4.9 is intentionally skipped. The next release after v4.8 is v4.10 (LTS).

    TOC

    Compatibility and support matrixChannel mappingv4.10.1New and Optimized FeaturesBreaking ChangesFixed IssuesKnown Issuesv4.10.0 (LTS)New and Optimized FeaturesBreaking ChangesFixed IssuesKnown Issues

    Compatibility and support matrix

    The following table shows the compatibility and support matrix between the Alauda DevOps Pipelines operator and ACP versions.

    Alauda DevOps Pipelines VersionComponent VersionACP Version
    OperatorPipelinesTriggersCLIChainsHubResultsPipelines as CodeManual Approval GatePruner
    4.10.x (LTS)1.6.x0.34.x0.43.x0.26.x1.23.x0.17.x0.39.x0.7.x0.3.x4.0, 4.1, 4.2, 4.3
    4.8.x1.6.x0.34.x0.43.x0.26.x1.23.x0.17.x0.39.x0.7.x0.3.x4.0, 4.1, 4.2
    4.7.x1.6.x0.34.x0.43.x0.26.x1.23.x0.17.x0.39.x0.7.x0.3.x4.0, 4.1, 4.2
    4.6.x (LTS)1.0.x0.32.x0.41.x0.25.x1.22.x0.15.x4.0, 4.1, 4.2
    4.4.x1.0.x0.32.x0.41.x0.25.x1.22.x0.15.x4.0, 4.1
    4.3.x1.0.x0.32.x0.41.x0.25.x1.22.x0.15.x4.0, 4.1
    4.2.x (LTS)1.0.x0.32.x0.41.x0.25.x1.22.x0.15.x4.0, 4.1, 4.2
    4.1.x0.65.x0.30.x0.39.x0.23.x1.19.x0.14.x4.0, 4.1
    4.0.x (LTS)0.65.x0.30.x0.39.x0.23.x1.19.x0.13.x4.0, 4.1, 4.2, 4.3

    The following table shows the recommended version mapping between Alauda DevOps Pipelines and Alauda DevOps Connectors.

    Alauda DevOps Pipelines VersionRecommended Alauda DevOps Connectors Version
    4.10.x (LTS)>= 1.10
    4.8.x>= 1.7
    4.7.x>= 1.7
    4.6.x (LTS)>= 1.6

    Channel mapping

    Version TypeChannel MappingDefault
    LTS versionsstable, latest, pipelines-x.ystable
    Non-LTS versionslatestN/A

    For details about channel behavior and upgrade targeting, see Upgrade Path and Lifecycle Policy.

    v4.10.1

    New and Optimized Features

    Fixed an issue where the maven and sonarqube-scanner Tasks failed to run on nodes that only support x86_64_v2 or lower CPU instruction sets, caused by images built with x86_64_v3 instructions.

    Breaking Changes

    No breaking changes in this release.

    Fixed Issues

    • Before this update, Maven and SonarQube Scanner tasks in Java and Python pipelines could fail in VMware environments because the maven and sonarqube-scanner images required the x86_64_v3 CPU instruction set, which is not available on nodes that support only x86_64_v2 or lower. With this update, these images are now compatible with such environments, allowing Maven/Sonar tasks and Java/Python pipelines to run normally.

    Known Issues

    • Before this update, the Connector forward proxy MITM-intercepted every HTTPS CONNECT request. As a result, in Tekton buildah task Containerfile RUN steps, requests to non-connector destinations such as curl, apt-get, and wget were also routed through the MITM proxy, forcing clients to trust the proxy CA even when the traffic did not need Connector interception. This caused major friction for buildah-based builds. With this update, the forward proxy chooses behavior based on whether the target matches a connector address: requests to connector addresses continue to use MITM with auth injection, while requests to non-connector addresses fall back to a transparent tunnel so the client sees the real upstream certificate and no proxy CA trust is required. This preserves proxy behavior for connector traffic while avoiding the incorrect CA requirement for unrelated HTTPS requests.
    • Before this update, the Connector forward proxy MITM-intercepted every HTTPS CONNECT request. As a result, in Tekton buildah task Containerfile RUN steps, requests to non-connector destinations such as curl, apt-get, and wget were also routed through the MITM proxy, forcing clients to trust the proxy CA even when the traffic did not need Connector interception. This caused major friction for buildah-based builds. With this update, the forward proxy chooses behavior based on whether the target matches a connector address: requests to connector addresses continue to use MITM with auth injection, while requests to non-connector addresses fall back to a transparent tunnel so the client sees the real upstream certificate and no proxy CA trust is required. This preserves proxy behavior for connector traffic while avoiding the incorrect CA requirement for unrelated HTTPS requests.

    v4.10.0 (LTS)

    New and Optimized Features

    Pipelines

    • With this update, catalog Task and Pipeline versions are upgraded. In these versions, tool image defaults are pinned to fixed tags, and some deprecated parameter fields are removed. Previous versions remain available and can continue to be used, but users are recommended to migrate to the new versions as early as possible. For detailed change descriptions, refer to the Task and Pipeline READMEs.

      Task Version Upgrades

      TaskVersion Upgrade Path
      Buildahv0.9 -> v0.10
      Helm Chart Build Pushv0.1 -> v0.2
      Cosignv0.1 -> v0.2
      Git CLIv0.4 -> v0.5
      Git Clonev0.9 -> v0.10
      Merge Imagenew -> v0.2
      Pytestv0.2 -> v0.3
      Pythonv0.1 -> v0.2
      Syftv0.1 -> v0.2
      Trivy Scannerv0.4 -> v0.5
      Mavenv0.5 -> v0.6
      SonarQube Scannerv0.5 -> v0.6

      Pipeline Version Upgrades

      PipelineVersion Upgrade Path
      Java Image Build Scan Deployv0.1 -> v0.2
      Python Image Build Scan Deployv0.1 -> v0.2

    • With this update, a new Helm Upgrade Task is added to support pulling a specific chart version from an OCI repository and deploying or updating Helm applications directly from a Git source directory.

    • With this update, a new Helm Chart Build Push Task is added to package Helm charts from a directory and push them to an OCI registry by using Helm and ORAS.

    • With this update, a new Golang Task is added to support Golang build, test, lint, dependency caching, and test result collection.

    • With this update, a new Node.js Task is added to support npm/yarn build, test, lint, and npm registry publishing.

    • With this update, a new .NET Task is added to support command execution, optional caching, and NuGet configuration.

    • With this update, a new Merge Image Task is added to merge images built for different CPU architectures into a single image.

    • With this update, a new Workload Apply Task is added to support Kubernetes workload updates, image updates, custom patch YAML, and configurable deployment and rollback timeouts.

    • With this update, a new Send Mail Task is added to support email notifications based on built-in templates or custom content. Learn More.

    • With this update, when rerunning a PipelineRun, the system prioritizes generating the new name based on the original PipelineRun name or its naming rule.

    • With this update, graphical pipeline editing supports card-level error indication and blocking validation before submission.

    Triggers

    • With this update, Trigger orchestration in the UI supports TriggerBinding and ClusterTriggerBinding preview, helping users inspect available parameters before referencing them.

    Breaking Changes

    No breaking changes in this release.

    Fixed Issues

    • Before this update, transient network or infrastructure issues during the catalog synchronization process could cause the update task to fail and stop, preventing new tasks or updates from appearing in the Hub. With this update, a resilient retry and recovery mechanism has been implemented, ensuring that the Hub can automatically recover from temporary failures and keep the task catalog consistently up-to-date.
    • Before this update, when adding an integration (OCI or Harbor type) in the pipeline and selecting a connector, the system failed to correctly invoke the connector API when interacting with fields such as projects or repositories, resulting in no available options being loaded; with this update, the connector API is properly called, enabling tool information to be retrieved and populated into the input fields as selectable options.
    • Before this update, when creating a pipeline and using an integration to mount a connector for setting parameters (for example, using a Harbor integration for a buildah task), triggering the pipeline would fail because the generated PipelineRun did not include the complete workspace configuration and the workspace defined via the integration was missing; with this update, the system correctly propagates and mounts the integration-defined workspace, ensuring the PipelineRun is created with complete workspace content and can run successfully.
    • Before this update, Tekton pipeline runs occasionally failed with the reason CouldntGetPipeline when the resolver was unable to fetch the remote Pipeline definition, and this transient error—which should have been recoverable—was not automatically retried, reducing pipeline reliability; with this update, retry logic is added for this error type, so affected pipeline runs are automatically retried and can recover from such transient resolver failures.
    • Before this update, retrying a PipelineRun created in inline mode (without a Pipeline reference) would prompt users to select a Pipeline and result in failure; with this update, the system correctly reuses the original inline definition, allowing the PipelineRun to be retried directly and run successfully.

    Known Issues

    • - Impact Scope: The maven and sonarqube-scanner images will fail to run on nodes that only support x86_64_v2 or lower CPU instruction sets.
      - Root Cause: The maven and sonarqube-scanner images require the x86_64_v3 instruction set.
      - Temporary Workaround: Use the separately provided workaround images.
    • - Impact Scope: When GitLab is exposed over HTTP/HTTPS on a non-standard port (e.g. http://HOST:8081, https://HOST:8443), the gitlab-mr-create Task fails immediately in step-create-mr with Error parsing --hostname: invalid hostname and cannot create the Merge Request; GitLab deployments on the standard 80/443 ports are not affected.
      - Root Cause: The Task extracts the hostname from gitlabURL / projectPath without stripping the port and passes HOST:PORT directly to glab --hostname, which glab rejects at argument validation. The affected Task version always passes --hostname unconditionally, so switching to Connector proxy mode does not work around it either.
      - Temporary Workaround: Place an Ingress / nginx / HAProxy in front of GitLab that listens on port 80 or 443 and forwards to the real backend port, then change gitlabURL (or projectPath) in the pipeline to the port-less entry point. No Task version upgrade, Secret, or workspace binding changes are required.