changelog.yaml

## -------------------------------------------------------------------------------
## Changelog Entry Documentation
## -------------------------------------------------------------------------------
#  type             The type of this change.
#                     Possible values:
#                     - 'bug'           Bug has been fixed
#                     - 'documentation' Documentation change
#                     - 'enhancement'   Feature has been implemented or some general improvements
#                     - 'internal'      Internal change which does not affect consumers directly (e.g. refactorings)
#                     - 'security'      A security relevant fix
#                     - 'hotfix'        Emergency bug fix which needs to be rolled out immediately via hotfix process
# impact            The impact this change has regarding consumption. The impact also affects the semantic version.
#                     Possible values:
#                     - 'incompatible'  An incompatible change requires more information in the warning
#                                       and updateNotes sections. Affects major or minor SemVer digit.
#                     - 'minor'         A compatible change which introduces a new feature or enhancement.
#                     - 'patch'         A compatible change without new features.
# title             The title of the change
# description       The description of the change (markdown syntax possible)
# warning           [optional] A warning for consumers if appropriate
# upgradeNotes      [optional] Everything a consumer needs to know and adapt in order to consume this change.
# deprecations      [optional] If this change deprecates something we need to inform consumers to adapt early,
#                              before we remove it completely in the next months.
# pullRequestNumber The number of this pull request.
#                       A list is also possible in case more than one pull requests are involved in this change, e.g. [123, 456].
# jiraIssueNumber   The number of the Jira issue.
#                       A list is also possible in case more than one Jira issues are affected by this change, e.g. [123, 456].

## --------------------------------------------------------------------------------------------------
## For new change entries copy the template below to 'changes:' of the 'version: NEXT' array element.
## --------------------------------------------------------------------------------------------------
#    - type: [bug, enhancement, security, internal, hotfix, documentation]
#      impact: [incompatible, minor, patch]
#      title: <title>
#      description: |-
#        <description (markdown syntax)>
#      warning: |-
#        <optional warning message (markdown syntax)>
#      upgradeNotes: |-
#        <optional upgrade guidelines (markdown syntax)>
#      deprecations: |-
#        <optional deprecation notes (markdown syntax)>
#      pullRequestNumber: <pull request number(s)>
#      jiraIssueNumber: <Jira issue number(s)>


# Paste new changelog entries below 'changes:' of the 'version: NEXT' array element.
# ! Do NOT add change entries to already released versions! Only add to version 'NEXT'.
# ! Do NOT change any 'version' or 'date' values manually! The pipeline will take care.
# ! Do NOT change the order of version blocks! 'NEXT' needs to stay the first version block.
- version: NEXT
  date: TBD
  changes:

- version: "0.40.0"
  date: 2023-11-29
  changes:

    - type: enhancement
      impact: minor
      title: "Helm chart: Ensure atomic override of complex values"
      description: |-
        The following complex values can no longer be overridden partially:

        - `runController.resources`
        - `runController.podSecurityContext`
        - `runController.securityContext`
        - `runController.nodeSelector` (default was empty)
        - `runController.affinity` (default was empty)
        - `runController.tolerations` (default was empty)
        - `pipelineRuns.resources`

        Partial overrides should be avoided because they imply the
        risk of inconsistent or unintented results in case the default
        values change with newer Helm chart releases.
      upgradeNotes: |-
        Ensure that overrides of the above-mentioned values are
        complete, i.e. they override _all_ fields which where also set
        in the respective chart default in v0.39.1.
        If this is not the case, add the missing fields.
      pullRequestNumber: 398

    - type: enhancement
      impact: minor
      title: "Helm chart: Configure pods to run with Pod Security profile 'restricted'"
      description: |-
        Default security settings for the run controller and Helm hooks
        have been changed to be accepted by Kubernetes Pod Security profile
        `restricted`.

        The following additional parameters for CRD update hooks are now
        available:

        - `hooks.crdUpdate.podSecurityContext`
        - `hooks.crdUpdate.securityContext`
      pullRequestNumber: 398
      jiraIssueNumber: 725

    - type: enhancement
      impact: minor
      title: "Helm chart: Add parameters for crd-update hook pods"
      description: |-
        The following additional parameters for CRD update hooks are now
        available:

        - `hooks.crdUpdate.resources`
        - `hooks.crdUpdate.nodeSelector`
        - `hooks.crdUpdate.affinity`
        - `hooks.crdUpdate.tolerations`
      pullRequestNumber: 398

- version: "0.39.1"
  date: 2023-11-29
  changes:

    - type: enhancement
      impact: patch
      title: Update JFR image to tag 231120_3aac49d
      description: |-
        Noteworthy changes:

        - The JFR launcher script now allows to specify _any_ commit-ish
          as pipeline revision that exists in the remote repository.
          In case the given revision is not a commit-ish, a proper error
          message is provided and the scripts exits with `error_config`
          instead of `error_infra`.
      pullRequestNumber: 425
      jiraIssueNumber: 1675

    - type: internal
      impact: patch
      title: Upgrade Go SDK to v1.21.4
      description: |-
        Use Go SDK v1.21.4.
      pullRequestNumber: 426

    - type: internal
      impact: patch
      title: Update Go dependencies
      description: |-
        Updated all dependencies. Most important:

        - Kybernetes to v1.27.6
        - Tekton to v0.53.2
      pullRequestNumber: 426

    - type: bug
      impact: patch
      title: Recreate JFR TaskRun if pod creation failed
      description: |-
        The creation of the JFR pod may temporarily fail, e.g. due
        to a timeout calling a mandatory admission webhook.
        Steward now detects this and recreates the Tekton taskrun
        to retry.
      pullRequestNumber: 424

    - type: bug
      impact: patch
      title: Stop waiting for finished non-restartable JFR TaskRun
      description: |-
        If a JFR TaskRun was never started, is finished and is not
        restartable, Steward now fails the PipelineRun instead of
        waiting until timeout.
      pullRequestNumber: 424

    - type: bug
      impact: patch
      title: Fix error detected by checkmarx tool
      description: |-
        Remove redundant error from logFinalState function
      pullRequestNumber: 423

- version: "0.39.0"
  date: 2023-11-03
  changes:

    - type: enhancement
      impact: minor
      title: Add custom logging details
      description: |-
        Allow to configure additional log attributes to be set from pipeline
        run labels and annotations.

        See the chart README for details.
      pullRequestNumber: 412

    - type: enhancement
      impact: minor
      title: Add logging of pipeline run final state
      description: |-
        Log result, namespace, run id etc. for completed pipeline runs.
      pullRequestNumber: 415
      jiraIssueNumber: 1576

    - type: bug
      impact: patch
      title: Use result 'error_config' instead of 'error_content'
      description: |-
        ... in case

        - secrets referenced by pipeline runs don't exist
        - multiple secrets map to the same name
        - the configured Jenkinsfile repo server URL is invalid
      pullRequestNumber: 418

    - type: internal
      impact: patch
      title: Upgrade Go SDK to v1.21.3
      description: |-
        Use Go SDK v1.21.3.
      pullRequestNumber: 420

    - type: internal
      impact: patch
      title: Update Go dependencies
      description: |-
        Updated all dependencies. Most important:

        - Kybernetes to v1.26.10
        - Tekton to v0.50.2
        - knative.dev/pkg to release 1.12
      pullRequestNumber: 420

    - type: internal
      impact: patch
      title: Tweak container build
      description: |-
        Small improvements to container build files.
      pullRequestNumber: 421

- version: "0.38.1"
  date: 2023-10-18
  changes:

    - type: enhancement
      impact: patch
      title: Update JFR image to tag 231018_94c7e9a
      description: |-
        Noteworthy changes:

        - Updated Jenkins Core v2.414.2
        - Updated all Jenkins Plug-ins
        - Updated base image
      pullRequestNumber: 416
      jiraIssueNumber: 972

- version: "0.38.0"
  date: 2023-10-06
  changes:

    - type: enhancement
      impact: incompatible
      title: Update Jenkinsfile Runner image to tag 231006_5085985
      description: |-
        The new image contains elasticsearch-logs-plugin [v0.13.1](https://github.com/SAP/elasticsearch-logs-plugin/releases/tag/0.13.1).
      warning: |-
        Helm chart parameters changed incompatibly. See the upgrade notes for instructions.
      upgradeNotes: |-
        Adapt Helm chart parameters:

        - Remove `pipelineRuns.logging.forwarding.emitMaxRetriesIfBufferFull` (use `emitTimeoutMillis` instead; see below)
        - If needed, set `pipelineRuns.logging.forwarder.emitTimeoutMillis` (`emitMaxRetriesIfBufferFull` was removed)

        See the chart README for details on chart parameters.
      pullRequestNumber: 409
      jiraIssueNumber: 1258

    - type: enhancement
      impact: incompatible
      title: Change Helm chart parameters
      description: |-
        See the upgrade notes for necessary adaptations.
      warning: |-
        Helm chart parameters changed incompatibly. See the upgrade notes for instructions.
      upgradeNotes: |-
        Adapt Helm chart parameters:

        - Rename `pipelineRuns.sidecars` to `pipelineRuns.jenkinsfileRunner.sidecars`
        - Rename `pipelineRuns.logging.forwarding.*` to `pipelineRuns.logging.forwarder.*`
        - If needed, set `pipelineRuns.logging.forwarder.useSidecar` to `true` (default value changed to `false`)
        - If needed, set `pipelineRuns.logging.forwarder.tag` (default value changed to `logs`)

        See the chart README for details on chart parameters.
      pullRequestNumber: 409
      jiraIssueNumber: 1258

- version: "0.37.0"
  date: 2023-09-01
  recall:
    message: |-
      elasticsearch-logs-plugin in this version contained some bugs which are fixed in the next patch version. Please use version 0.37.1 instead.
  changes:

    - type: enhancement
      impact: minor
      title: Update stewardci-jenkinsfile-runner image to version '230825_1c09345'
      description: |-
        The new image contains new version "0.12.0" of elasticsearch-logs-plugin
        which enables configuring more parameters.

        See release note for [version 230825_1c09345](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/230825_1c09345)
      pullRequestNumber: 406

- version: "0.36.0"
  date: 2023-08-22
  changes:

    - type: enhancement
      impact: minor
      title: Update stewardci-jenkinsfile-runner image to version 230822_3c378b2
      description: |-
        The new image contains updates for Jenkins core (to 2.387.3) and all plugins.

        See release note for [version 230822_3c378b2](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/230822_3c378b2)
      pullRequestNumber: 404

- version: "0.35.0"
  date: 2023-08-10
  changes:

    - type: enhancement
      impact: minor
      title: Update stewardci-jenkinsfile-runner image to version 230810_ab62215
      description: |-
        The new image contains updates for Jenkins core (to 2.375.4), all plugins and the base image.

        See release note for [version 230810_ab62215](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/230810_ab62215)
      pullRequestNumber: 402
      jiraIssueNumber: 848

- version: "0.34.0"
  date: 2023-08-07
  changes:

    - type: enhancement
      impact: patch
      title: Migrate to structural and contextual logging
      description: |-
        Convert existing logging to structural and contextual logging as per
        [Kubernetes guidelines](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/migration-to-structured-logging.md).
      pullRequestNumber: 387
      jiraIssueNumber: 1157

- version: "0.33.0"
  date: 2023-07-13
  changes:

    - type: internal
      impact: patch
      title: Upgrade Go dependencies
      description: |-
        - "google.golang.org/protobuf" (v1.29.1)
      pullRequestNumber: 394
      jiraIssueNumber: 1313

    - type: enhancement
      impact: minor
      title: Upgrade Go modules and dependencies
      description: |-
        - "k8s.io/*" (v0.25.7)
        - "knative.dev/pkg"  release-1.9 (v0.0.0-20230221145627-8efb3485adcf)
        - "github.com/benbjohnson/clock" (v1.3.5)
        - "github.com/tektoncd/pipeline" (v0.46.0)
      pullRequestNumber: 393
      jiraIssueNumber: 1313

- version: "0.32.0"
  date: 2023-06-27
  changes:

    - title: Update Jenkinsfile Runner image
      type: enhancement
      impact: minor
      description: |-
        Noteworthy changes:
        - Build logs are no longer written to the container output if
          log forwarding to Elasticsearch is enabled via PipelineRun spec.

        For the details see stewardci-jenkinsfilerunner-image [PR #106](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/106) and [PR #108](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/108).
      pullRequestNumber: 391
      jiraIssueNumber: 1169

- version: "0.31.0"
  date: 2023-06-19
  changes:
    - title: Make OpenSearch/Elasticsearch index URL in pipeline runs usable
      type: enhancement
      impact: minor
      description: >-
        The OpenSearch/Elasticsearch index URL introduced with version 0.6.2 was not
        considered so far.

        With this change it is used to define log destinations per
        pipeline run.
      pullRequestNumber: 389
      jiraIssueNumber: 990

- version: "0.30.0"
  date: 2023-06-12
  changes:

    - type: enhancement
      impact: incompatible
      title: Remove the tenants concept
      description: |-
        The tenants concept was neither really used nor is it a core competency
        of Steward to manage namespaces. It has therefore been removed completely.
        Users of Steward are now required to set up the namespaces to manage
        `PipelineRun` objects on their own.
      upgradeNotes: |-
        Replace the usage of client namespaces and tenants by plain K8s namespaces.

        The Helm upgrade does _not_ remove the tenant CRD. This must be done manually:

        - For all client namespaces where all tenants can be deleted together with all their
          data in the respective tenant namespaces:

            - ___Before___ the upgrade of Steward, delete the respective client namespaces.
              This implicitly deletes the contained tenant object, which in turn lets
              Steward delete the corresponding tenant namespaces with all their contents,
              especially PipelineRun objects.

        - ___After___ the upgrade of Steward:

            - Remove finalizers from all Tenant objects:

                ```
                for item in $(kubectl get tenants.steward.sap.com -A -o name); do
                    kubectl patch "$item" --type='json' -p='[{"op": "remove", "path": "/metadata/finalizers"}]'
                done
                ```

            - Remove tenant CRD:

                ```
                kubectl delete crd tenants.steward.sap.com
                ```

                This implicitly deletes all Tenant objects. But as the Tenant controller of Steward
                has been removed, the corresponding tenant namespaces are kept.
      pullRequestNumber: 383
      jiraIssueNumber: 1126

- version: "0.29.1"
  date: 2023-05-16
  changes:
    - type: internal
      impact: patch
      title: Update JFR image (patch)
      description: |-
        The elasticsearch plugin of the JFR had an internal bug that is now fixed with
        https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/105
      pullRequestNumber: 385
      jiraIssueNumber: CPCCICD-1125

- version: "0.29.0"
  date: 2023-05-02
  changes:
    - type: enhancement
      impact: minor
      title: Introduce switch for usage of tenants and clients
      description: |-
        Steward is providing a client/tenant concept which can be used.
        It is also possible to use Steward without client namespaces and tenants and use plain k8s namespaces instead.
        This change provides a possibility to disable the usage of tenants and client namespaces in the helm chart.
        This results in less resource consumption on the k8s cluster by saving one controller.
      pullRequestNumber: 381
      jiraIssueNumber: 1126

- version: "0.28.0"
  date: 2023-04-27
  changes:
    - type: enhancement
      impact: minor
      title: Enable log forwarding
      description: |-
        We want to add support for log-forwarders (i.e. fluentd) instead of sending logs directly to OpenSearch/Elasticsearch.
        For this purpose, two configuration extension are prepared:

        * Set environment variables to configure the elasticsearch-log-plugin to forward data to fluentd
        * Enable the use of tekton sidecars. This can be used to run the forwarder as a sidecar container in the JFR pod
      upgradeNotes: |-
        The change does not affect the current behavior as long as the new configuration options are not used.

        In order to use log forwarding, a version of the JFR image later than "230426_ed390b3" is required.

      pullRequestNumber: 379
      jiraIssueNumber: CPCCICD-1045

- version: "0.27.2"
  date: 2023-04-20
  changes:
    - type: internal
      impact: patch
      title: Refactorings
      description: |-
        This change only contains refactorings:
        - Reduce complexity of functions
      pullRequestNumber: 376
      jiraIssueNumber: 975

- version: "0.27.1"
  date: 2023-03-28
  changes:
    - type: internal
      impact: patch
      title: Refactorings
      description: |-
        This change only contains refactorings:
        - Introduce constants where strings are used multiple times
        - Remove unnecessary boolean literals
        - Use opposite operator in favour of negation
        - Reduce complexity of functions
        - Change function names to better reflect their semantics
      pullRequestNumber: 371

    - type: internal
      impact: patch
      title: Upgrade Go SDK to v1.18.10
      description: |-
        Use Go SDK to v1.18.10.
      pullRequestNumber: 371

- version: "0.27.0"
  date: 2023-03-06
  changes:

    - type: enhancement
      impact: minor
      title: Use Tekton cluster resolver
      description: |-
        Tekton ClusterTasks are deprecated since Tekton v0.41.0.
        Therefore, Tekton's cluster resolver is used instead.
      pullRequestNumber: 363

- version: "0.26.0"
  date: 2023-02-15
  changes:

    - type: enhancement
      impact: minor
      title: Use K8s auto-mount of service account token
      description: |-
        Instead of configuring a volume for the service account token,
        Steward now just sets `automountServiceAccountToken` to true
        so that Kubernetes takes care for the token injection.
        During the prepare phase of pipeline runs Steward no longer waits
        for service account token secrets to be created by Kubernetes.
      pullRequestNumber: 361
      jiraIssueNumber: 726

    - type: enhancement
      impact: minor
      title: Allow running on K8s v1.24+
      description: |-
        As a consequence of using K8s auto-mount of service account
        tokens, Steward should now work on K8s v1.24+.
      pullRequestNumber: 361
      jiraIssueNumber: 726

    - type: enhancement
      impact: patch
      title: Improve message
      description: |-
        Improve readability of message in pipeline runs.
      pullRequestNumber: 364

- version: "0.25.2"
  date: 2023-02-09
  changes:

    - type: enhancement
      impact: patch
      title: Use JFR image with updated plugins
      description: |-
        Use Jenkins 2.346.3 with [updated plugins](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/98).
        Including the use of the [compatible kubernetes related plugins](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/100).

        In addition, the base images was updated to include updating some alpine packages updates.
      pullRequestNumber: 360

- version: "0.25.1"
  date: 2023-01-30
  changes:
    - type: bug
      impact: patch
      title: Rollback updated plugins
      description: |-
        Rollback `stewardci/stewardci-jenkinsfile-runner` image to `230126_b29a3f0` version
      pullRequestNumber: 358
- version: "0.25.0"
  date: 2023-01-26
  recall:
    message: |-
      This version contains a non working JFR image. Use version 0.25.1 instead.
  changes:
    - type: enhancement
      impact: minor
      title: Use JFR image with updated plugins
      description: |-
        Use Jenkins 2.346.3 with [updated plugins](https://github.com/SAP/stewardci-jenkinsfilerunner-image/pull/98).
      pullRequestNumber: 356

    - type: internal
      impact: minor
      title: Use JFR image with improved error handling
      description: |-
        Steward can now handle different error codes provided by the improved JFR image.
      pullRequestNumber: 354
      jiraIssueNumber: 715
- version: "0.24.1"
  date: 2023-01-12
  changes:
    - type: bug
      impact: minor
      title: Fix not working imagePullPolicy parameter in backend-api
      description: |-
        Before the parameter `imagePullPolicy` in the PipelineRun was not handled correctly.
        This is fixed with this change.
      pullRequestNumber: 351

    - type: internal
      impact: patch
      title: Fix start time of phase "running"
      description: |-
        The start time of phase "running" was set to the start time of the
        Tekton TaskRun for JFR, which is when the pod has been _created_.
        But phase "waiting" now covers the time until successful start-up
        of the containers in the pod, which can be significantly after pod
        creation, e.g. due to image pull time.
        Therefore, the start time of phase "running" is now the start time
        of the the JRF container.
      pullRequestNumber: 350
      jiraIssueNumber: 1974

- version: "0.24.0"
  date: 2022-12-23
  changes:
    - type: internal
      impact: minor
      title: Retry on ImagePullBackOff
      description: |-
        Since Tekton v0.41.0 TaskRuns fail if the corresponding pod is subject to
        image pull back-off ([#4921](https://github.com/tektoncd/pipeline/pull/4921).
        In case of transient image pull failures this can fail Steward PipelineRun
        processing (`error_infra`).

        Steward now detects aborted TaskRuns due to ImagePullBackOff and retries with
        a new TaskRun for a configurable period (`waitTimeout`).
        This happens in the 'waiting' phase of Steward PipelineRun processing.
      pullRequestNumber: 345
      jiraIssueNumber: 1974

- version: "0.23.1-hotfix1"
  date: 2023-01-13
  changes:

    - type: hotfix
      impact: patch
      title: Fix not working imagePullPolicy parameter in backend-api
      description: |-
        Before the parameter `imagePullPolicy` in the PipelineRun was not handled correctly.
        This is fixed with this change.
      pullRequestNumber: 351

- version: "0.23.1"
  date: 2022-12-09
  changes:

    - type: security
      impact: patch
      title: Update JFR to 221118_24e6615
      description: |-
        Update to latest JFR [221118_24e6615](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/221118_24e6615)
      upgradeNotes: |-
        If you use an image cache you might want to update the image there as well.
      pullRequestNumber: 346

- version: "0.23.0"
  date: 2022-11-17
  changes:
    - type: security
      impact: patch
      title: Upgrade go version to 1.18.8
      description: Upgrade go version to 1.18.8
      pullRequestNumber: 341

    - type: enhancement
      impact: minor
      title: Add aggregated cluster roles for crds
      description: |-
        Add aggregated cluster roles for the generic view, edit and admin roles
        for the custom resources tenants and pipelineruns.
      pullRequestNumber: 340

- version: "0.22.1"
  date: 2022-10-19
  changes:

    - type: enhancement
      impact: patch
      title: Upgrade Go dependencies
      description: |-
        Upgrade to highest possible versions.
      pullRequestNumber: 338

- version: "0.22.0"
  date: 2022-10-17
  changes:

    - type: enhancement
      impact: incompatible
      title: Upgrade Go dependencies
      description: |-
        - Tekton: v0.40.2
        - Kubernetes: v1.23.9
        - knative.dev/pkg: release-1.7 (v0.0.0-20220818004048-4a03844c0b15)
        - others
      warning: |-
        Requires Tekton v0.40.0+ and Kubernetes v1.22+ at runtime.
      upgradeNotes: |-
        Ensure that runtime dependency requirements are met (see warning above).
      pullRequestNumber: 336
      jiraIssueNumber: 1832

    - type: enhancement
      impact: patch
      title: Upgrade Go SDK to v1.18.7
      description: |-
        Use Go SDK to v1.18.7.
      pullRequestNumber: 336

- version: "0.21.2"
  date: 2022-07-19
  changes:

    - type: enhancement
      impact: patch
      title: Increase memory limit of Steward tenant controller
      description: |-
        Increase the memory limit of Steward tenant controller to avoid OOMKilled.
      pullRequestNumber: 332

- version: "0.21.1"
  date: 2022-07-04
  changes:

    - type: security
      impact: patch
      title: Update JFR to 220701_94864a5
      description: |-
        Update to latest JFR [220701_94864a5](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/220701_94864a5)
      upgradeNotes: |-
        If you use an image cache you might want to update the image there as well.
      pullRequestNumber: 330

- version: "0.21.0"
  date: 2022-06-15
  changes:

    - type: security
      impact: patch
      title: Update JFR to 220615_7db71b2
      description: |-
        Update to latest JFR [220615_7db71b2](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/220615_7db71b2)
      upgradeNotes: |-
        If you use an image cache you might want to update the image there as well.
      pullRequestNumber: 326
      jiraIssueNumber: 1640

    - type: enhancement
      impact: incompatible
      title: "Network policy: Remove rule for cluster-internal API Server access"
      description: |-
        We cannot provide a rule allowing access to service `kubernetes.default`
        that works in general.
        It always depends on the particular K8s setup.
        Therefore, remove the rule.
      upgradeNotes: |-
        If you use the network policy for pipeline runs provided with the Helm
        chart, check whether a rule for API Server access is required.
        If so, define your own network policy (see the chart README).
      pullRequestNumber: 328
      jiraIssueNumber: 1604

- version: "0.20.0"
  date: 2022-05-25
  changes:

    - type: enhancement
      impact: minor
      title: Extend permissions of default service account in run namespaces
      description: |-
        The permissions of the default service account in run namespaces are extended
        by full CRUD permissions on:
        - configmaps
        - secrets
      pullRequestNumber: 324
      jiraIssueNumber: 1609

- version: "0.19.1"
  date: 2022-05-04
  changes:

    - type: bug
      impact: patch
      title: Fix metric steward_pipelineruns_ongoing_state_duration_periodic_observations_seconds
      description: |-
        No observations were made for phases `preparing` and `waiting`.
        For observations of phases `cleaning` and `finished` the duration
        was including the duration of phase `running`.
      pullRequestNumber: 322

- version: "0.19.0"
  date: 2022-04-19
  changes:
    - type: enhancement
      impact: minor
      title: Provide a timeout setting for each pipeline run
      description: |-
        With this change it is now possible to define timeout for each pipeline run.
      pullRequestNumber: 316
      jiraIssueNumber: CLOUDCI-1286

    - type: security
      impact: patch
      title: Update go version
      description: |-
        Update go version to 1.16.15
      pullRequestNumber: 317

    - type: security
      impact: patch
      title: Update go version
      description: |-
        - Update go version to 1.17.9
        - Update build tags. See https://go.dev/design/draft-gobuild
      pullRequestNumber: 318
    - type: security
      impact: patch
      title: Update k8s version
      description: |-
        - Update k8s version to 1.23.5
        - Update other dependencies to latest versions. See go.mod
      pullRequestNumber: [319, 320]

- version: "0.18.4"
  date: 2022-03-23
  changes:

    - type: security
      impact: patch
      title: Updated `tektoncd/pipeline` and `prometheus/client_golang` package versions
      description: |-
        - Updated "github.com/tektoncd/pipeline" version to `v0.34.0` due to [CVE-2021-44716](https://github.com/advisories/GHSA-vc3p-29h2-gpcp).
        - Updated "github.com/prometheus/client_golang" version to `v1.12.1` due to [CVE-2022-21698](https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-21698)
      pullRequestNumber: 314
      jiraIssueNumber: CLOUDCI-1198

- version: "0.18.3"
  date: 2022-02-16
  changes:

    - type: security
      impact: patch
      title: Updated JFR image to 220215_5d89c43
      description: |-
        Updated JFR image to [220215_5d89c43](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/220215_5d89c43).
      pullRequestNumber: 312
      jiraIssueNumber: CLOUDCI-1417

- version: "0.18.2"
  date: 2022-01-24
  changes:

    - type: security
      impact: patch
      title: new JFR image with everything updated and fixed vulnerabilities
      description: |-
        Jenkins core, plugins and adoptopenjdk base image on latest versions.
        See [changes](https://github.com/SAP/stewardci-jenkinsfilerunner-image/compare/211220_cf0ea4a...220124_2022975).
      upgradeNotes: |-
        If you use an image cache make sure to add the new image `stewardci/stewardci-jenkinsfile-runner:220124_2022975`.
      pullRequestNumber: 310
      jiraIssueNumber: [1337, 1338, 1339, 1340]

- version: "0.18.1"
  date: 2022-01-17
  changes:

    - type: bug
      impact: patch
      title: Adapt configuration for K8s API request timeouts
      description: |-
        - Do not set default timeout values in the Helm chart.
          If no value is set, use the default value built into
          the controller (15 minutes).
        - Renamed the Helm chart parameters. See the upgrade
          notes for details.
      upgradeNotes: |-
        - Rename Helm chart parameters:
            - `runController.args.serverRequestTimeout` to `runController.args.k8sAPIRequestTimeout`
            - `tenantController.args.serverRequestTimeout` to `tenantController.args.k8sAPIRequestTimeout`
      pullRequestNumber: 307

    - type: bug
      impact: patch
      title: "Fix: Helm hooks do not use configured image pull secrets"
      description: |-
        The Helm chart uses hooks to install/update the CRDs.
        These hooks are K8s jobs, which also need a container image.
        The configured image pull secrets should be used for Helm hooks, too.
      pullRequestNumber: 302

    - type: enhancement
      impact: patch
      title: Add ignore label
      description: |-
        For tests it is required to create/update Steward CROs, but avoid that
        Steward controllers act on them.

        A new label `steward.sap.com/ignore` (without value) instructs Steward
        controllers to ignore this API object.
        The label should never be added to an existing API object.
      pullRequestNumber: 300

    - type: internal
      impact: patch
      title: Fix and overhaul CRD schema tests
      description: |-
        CRD schema tests where broken, incomplete and fragile.
      pullRequestNumber: 301

    - type: internal
      impact: patch
      title: Update Go SDK to v1.16.12
      description: |-
        Build with Go SDK [v1.16.12](https://golang.org/doc/go1.16).
      pullRequestNumber: 308

- version: "0.18.0"
  date: 2022-01-12
  changes:

    - type: enhancement
      impact: minor
      title: Make K8s API request timeout configurable
      description: |-
        The request timeout of K8s API calls can be configured now
        via additional Helm chart parameters.
      pullRequestNumber: 303

- version: "0.17.1"
  date: 2021-12-20
  changes:

    - type: security
      impact: patch
      title: Updated Jenkinsfile Runner image to 211220_cf0ea4a
      description: |-
        Updated Jenkinsfile Runner image to [211220_cf0ea4a](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/211220_cf0ea4a)
        with latest Jenkins Core and plugins.
      pullRequestNumber: 303

- version: "0.17.0"
  date: 2021-12-13
  changes:

    - type: enhancement
      impact: incompatible
      title: Remove use of deprecated K8s APIs
      description: |-
        Steward used some Kubernetes API versions that are deprecated in newer
        Kubernetes releases.
        The following replacements have been applied:
        - `apiextensions.k8s.io/v1beta1` → `apiextensions.k8s.io/v1`
        - `rbac.authorization.k8s.io/v1beta1` → `rbac.authorization.k8s.io/v1`
      warning: |-
        -   Steward does no longer run on Kubernetes v1.15 or below.

        -   Rolling back to an earlier version of Steward might fail.

            All Steward releases up to v0.16.0 have a bug in the CRD update
            hook of the Helm chart.
            Using `helm rollback` or `helm upgrade` with such target version
            will fail.

            The problem has been fixed in Steward v0.16.1 and higher.
            Rolling back to an earlier version can be achieved by first rolling
            back to v0.16.1 and then to the desired target version.
      upgradeNotes: |-
        See the warnings section.
      pullRequestNumber: 296

- version: "0.16.1"
  date: 2021-12-13
  changes:

    - type: bug
      impact: patch
      title: "Helm chart: Fix CRD updates"
      description: |-
        So far `kubectl apply` has been used to create or update
        CRDs.
        But in case of updating an existing CRD the result may be
        a mixture of existing and new CRD that is possibly broken.

        Now `kubectl create` and `kubectl replace` are used instead.
      upgradeNotes: |-
        The helper image `docker.io/bitnami/kubectl` has been upgraded
        to `1.23@sha256:df3de0bb32b3d9f829da5a7608bd5bec85431d26ed89109b6158d8329b5305c9`.
      pullRequestNumber: 297

- version: "0.16.0"
  date: 2021-12-08
  changes:

    - type: enhancement
      impact: minor
      title: Improve controller heartbeat
      description: |-
        - Add heartbeat for tenant controller
        - Introduce heartbeat counter metrics
        - Make heartbeat configurable via command line options
        - Handle heartbeat in function `syncHandler`, not
          `processNextWorkItem`, to make the heartbeat call
          more similar to normal work item processing.
      pullRequestNumber: 294

- version: "0.15.0"
  date: 2021-12-06
  changes:

    - type: bug
      impact: patch
      title: "Fix: Integration tests are failing because of changed revision"
      description: |-
        The revision of the pipelines used in the integration tests changed.
        It is adjusted with this pull request.
      pullRequestNumber: 290

    - type: enhancement
      impact: patch
      title: Don't panic but exit gracefully
      description: |-
        Instead of panicking (which prints stack dumps), just exit with error message.
      pullRequestNumber: 285

    - type: internal
      impact: patch
      title: Refactor metric support
      description: |-
        The metric support code needs refactoring.
      pullRequestNumber: 282

    - type: enhancement
      impact: minor
      title: Embed workqueue metrics
      description: |-
        Embed metrics provided by package `k8s.io/client-go/util/workqueue` into
        Steward Core metrics.
      upgradeNotes:
        Metric `steward_queued_total` has been removed.
        Change existing monitoring tools to use `steward_piperuns_workqueue_depth`
        instead.
      pullRequestNumber: 282

    - type: enhancement
      impact: minor
      title: Embed client-go rest client metrics
      description: |-
        Embed metrics provided by package `k8s.io/client-go/util/rest` into
        Steward Core metrics.
      pullRequestNumber: 282

    - type: enhancement
      impact: minor
      title: Use consistent metric names
      description: |-
        Steward Core metrics had inconsistent names.
        New metrics with consistent names have been added, while old ones have
        been deprecated.
      deprecations: |-
        -   Metric `steward_pipelinerun_ongoing_state_duration_periodic_observations_seconds` is deprecated.
            Use `steward_pipelineruns_ongoing_state_duration_periodic_observations_seconds` instead.
        -   Metric `steward_pipelinerun_state_duration_seconds` is deprecated.
            Use `steward_pipelineruns_state_duration_seconds` instead.
        -   Metric `steward_tenants_total` is deprecated.
            Use `steward_tenants_count_total` instead.
      pullRequestNumber: 282

    - type: enhancement
      impact: minor
      title: Add metrics for retry loops
      description: |-
        For the analysis of performance issues it can be helpful to have metrics
        for retry loops (number of retries, latency).
      pullRequestNumber: 282

    - type: enhancement
      impact: patch
      title: Deprecate metric `steward_pipelinerun_update_seconds`
      description: |-
        Besides the deprecation nothing has been changed.
      deprecations: |-
        -   Metric `steward_pipelinerun_update_seconds` is deprecated.
            Use REST client metrics and retries metrics instead.
      pullRequestNumber: 282

    - type: documentation
      impact: patch
      title: Add metrics reference documentation
      description: |-
        A new page `docs/monitoring/Metrics Reference.md` describes all metrics
        exposed by Steward binaries.
      pullRequestNumber: 282

    - type: internal
      impact: patch
      title: Own Go module for Helm chart tests
      description: |-
        The tests for the Helm chart should not belong to the main Go module,
        because they are completely independent of it.
      pullRequestNumber: 284

    - type: internal
      impact: minor
      title: Update Go build dependencies
      description: |-
        Most noteworthy:

        - Kubernetes libraries to v1.21.7
        - Tekton to v0.30.0
      upgradeNotes: |-
        Steward should still _run_ with lower versions of Kubernetes and Tekton.
        However, this has not been tested.
        Therefore, test your setup carefully.
      pullRequestNumber: 284

    - type: internal
      impact: minor
      title: Increase Go language version to 1.16
      description: |-
        Steward now needs Go 1.16 to build.
      upgradeNotes: |-
        When using Steward as a Go dependency (which should not be the case
        as Steward is not designed as a library), make sure it still can be
        built in your context.
      pullRequestNumber: 284

    - type: bug
      impact: patch
      title: Fix improper error handling
      description: |-
        In `pkg.k8s` the functions
        `(*serviceAccountHelper) GetServiceAccountSecretName` and
        `(*serviceAccountHelper) GetServiceAccountSecretNameRepeat` swallow
        errors that can occur when performing K8s API calls.
      pullRequestNumber: 287

    - type: bug
      impact: patch
      title: Fix improper error handling
      description: |-
        The run controller did not put back a pipeline run into its work queue
        for later retry if it was in state `running` but updating the resource
        status failed.
      pullRequestNumber: 288

    - type: enhancement
      impact: patch
      title: Update Go SDK to v1.16.11
      description: |-
        Build with Go SDK [v1.16.11](https://golang.org/doc/go1.16).
      pullRequestNumber: 292

- version: "0.14.4"
  date: 2021-11-17
  changes:

    - type: security
      impact: patch
      title: Updated JFR to 211116_03f24d5
      description: |-
        Updated JFR to [211116_03f24d5](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/211116_03f24d5)
        with latest dependencies and fixed vulnerabilities.
      pullRequestNumber: 280
      jiraIssueNumber: 1182

    - type: internal
      impact: patch
      title: Prepare `build.sh` for Go v1.16+
      description: |-
        Adjust 'build.sh' script to be compatible with Go v1.16+.
      pullRequestNumber: 278
      jiraIssueNumber: 1131

    - type: bug
      impact: patch
      title: fix heartbeat
      description: |-
        Heartbeat was not working correctly. It was only working if items were queued or processed.
        This change is fixing the heartbeat.
      pullRequestNumber: 275
      jiraIssueNumber: 1131

    - type: internal
      impact: patch
      title: Use Go v1.16.10
      description: |-
        Use Go [v1.16.10](https://golang.org/doc/go1.16) to build the project.
      pullRequestNumber: 277

- version: "0.14.3"
  date: 2021-10-29
  changes:

    - type: bug
      impact: patch
      title: "Fix: Tekton fails to start JFR pod if container registry rate limit is exceeded"
      description: |-
        Steward uses Tekton to run JFR pods for pipeline runs.
        The respective ClusterTask contains a pod template that does _not_ specify
        the entrypoint of the JFR container.
        Therefore Tekton tries to obtain the entrypoint by downloading the
        container image manifest from the registry.
        This may fail if the registry's rate limit is exceeded.
        As a workaround, specify the JFR container entrypoint in the ClusterTask.
      pullRequestNumber: 272
      jiraIssueNumber: 1109

- version: "0.14.2"
  date: 2021-10-14
  changes:

    - type: internal
      impact: patch
      title: add additional logging for commitState
      description: |-
        Logging of pipelineRun.CommitState() function is extended on log level 6.
      pullRequestNumber: 268

- version: "0.14.1"
  date: 2021-10-14
  changes:

    - type: bug
      impact: patch
      title: fix binary names on helm level
      description: |-
        In v0.14.0 the binary names has been changed. The binary names has not
        been adjusted on helm level. The binary names are adjusted now.
      pullRequestNumber: 266

- version: "0.14.0"
  date: 2021-10-13
  changes:

    - type: enhancement
      impact: minor
      title: Write stack dumps on sig quit
      description: |-
        Enable writing threaddumps. Similar to jstack for java. Makes troubleshooting easier.
        On SIGQUIT (3) the dumps are written to the log with severity info.
      pullRequestNumber: 256

    - type: enhancement
      impact: minor
      title: Provide reasonable names for the binaries
      description: |-
        For troubleshooting cases we need to be able to send signals to
        the processes which corresponds to the binaries (run controller,
        tenant controller). In order to be able to send those signals we
        need to be able to distinguish these processes.
      pullRequestNumber: 260

- version: "0.13.3"
  date: 2021-10-08
  changes:

    - type: bug
      impact: patch
      title: Fix nil pointer dereference when Tekton task run failed to create pod
      description: |-
        Currently a nil pointer dereference error occures if a Tekton task is finished but has no
        finished time. This is fixed with this change.
      pullRequestNumber: 259
      jiraIssueNumber: 179

    - type: internal
      impact: patch
      title: Fix stewardci-example-pipelines repo branch name
      description: |-
        The `master` branch of repo `stewardci-example-pipelines`
        has been renamed to `main` which made the examples fail.
      pullRequestNumber: 257

- version: "0.13.2"
  date: 2021-10-05
  changes:

    - type: internal
      impact: patch
      title: Increase default log level
      description: |-
        Default log level was increaset to 3.
        Small adjustments to log output.
      pullRequestNumber: 254
      jiraIssueNumber: CLOUDCIFEAT1-173

    - type: bug
      impact: patch
      title: Fix measuring ongoing state durations
      description: |-
        Measuring ongoing state duration failed for pipeline runs in state `new`
        with error message:

        ```
        cannot observe StateItem if StartedAt is not set
        ```
      pullRequestNumber: 255

- version: "0.13.1"
  date: 2021-09-27
  changes:

    - type: internal
      impact: patch
      title: Updated JenkinsfileRunner image to 210924_6ec1ff6
      description: |-
        JenkinsfileRunner image was updated to [210924_6ec1ff6](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210924_6ec1ff6)
      pullRequestNumber: 252

- version: "0.13.0"
  date: 2021-08-17
  changes:

     - type: bug
       impact: minor
       title: Avoid non atomic status updates
       description: |-
         Without this change the state might be upated e.g. to a final state
         without setting a corresponding result. The result is provided a short period
         of time later with an other update. In the meantime we have an invalid state.
         With this change we apply both changes to the memory representation of a
         pipeline run and send the update only once. With this approach there is no
         short period of time with an invalid state
       warning: |-
         needs to be validated carefully since this is a bigger refactoring
       pullRequestNumber: 248
       jiraIssueNumber: CLOUDCIFEAT1-130

     - type: bug
       impact: patch
       title: Fix deletion bug #241
       description: |-
         When a pipeline run was deleted the state and the result were not updated in some edge cases. This is fixed now.
       pullRequestNumber: 250

- version: "0.12.1"
  date: 2021-07-28
  changes:
     - type: bug
       impact: patch
       title: Fix deletion bug #241
       description: |-
         When a pipeline run was deleted the state and the result has not been updated. This is fixed now.
       upgradeNotes: |-
         `ResultDeleted` was only used in the metrics before. Now it can also occur as a pipeline run result.
       pullRequestNumber: 242

- version: "0.12.0"
  date: 2021-07-28
  changes:

    - type: enhancement
      impact: minor
      title: Meter ongoing state durations periodically
      description: |-
        Introduced a new histogram metric `steward_pipelinerun_ongoing_state_duration_periodic_observations_seconds`.
        The purpose of this metric is the detection of overly long processing times, caused by e.g. hanging controllers.
      pullRequestNumber: 236
      jiraIssueNumber: 719

    - type: enhancement
      impact: incompatible
      title: Rename metric
      description: |-
        Metric `steward_pipelinerun_duration_seconds` has been renamed to
        `steward_pipelinerun_state_duration_seconds` to better express the
        fact that durations are reported for pipeline run _states_, not pipeline
        runs as a whole.
      upgradeNotes: |-
        Adapt consumers of monitoring data to the new metric name.
      pullRequestNumber: 236

- version: "0.11.1"
  date: 2021-07-28
  changes:

    - type: internal
      impact: patch
      title: Update JenkinsfileRunner image to 210728_f8be088
      description: |-
        JenkinsfileRunner image was updated to [210728_f8be088](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210728_f8be088)
      pullRequestNumber: 244

- version: "0.11.0"
  date: 2021-06-29
  changes:

    - type: enhancement
      impact: minor
      title: Configurable pod security policies
      description: |-
        There are new chart parameters to specify which _existing_ pod security
        policies should be used by pipeline run pods and Steward controllers:

        - `pipelineRuns.podSecurityPolicyName`
        - `tenantController.podSecurityPolicyName`
        - `runController.podSecurityPolicyName`

        If such parameters are _not_ specified, the chart generates default
        pod security policies as before.

        See the chart README for details.
      pullRequestNumber: 237
      jiraIssueNumber: 738

- version: "0.10.0"
  date: 2021-06-16
  changes:

    - type: enhancement
      impact: minor
      title: Make PodSecurityPolicies for pipelineRun and both controllers configurable
      description: |-
        Make 'PodSecurityPolicy' configurable to be able to change the policy during installation with helm.
        steward helmchart loads default 'PodSecurityPolicy' from a file if corresponding fields are not set inside 'Values.yaml' file.
      pullRequestNumber: 234
      jiraIssueNumber: 738

- version: "0.9.0"
  date: 2021-05-18
  changes:

    - type: enhancement
      impact: minor
      title: Updated Jenkinsfile Runner image to 210518_50469d1
      description: |-
        The Jenkinsfile Runner image has been updated to [210518_50469d1](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210518_50469d1).
        This image version contains an updated LTS Jenkins Core version 2.277.4, updated plugins and an updated Jenkinsfile Runner 1.0-beta-27 with
        [steward specific adjustments](https://github.com/SAP/stewardci-jenkinsfilerunner-image/tree/jenkinsfile-runner--1.0-beta-27-steward-1).
      deprecations: |-
        The following plugins were removed: 'analysis-collector', 'badge', 'email-ext'. Make sure your pipelines do not use those plugins.
      pullRequestNumber: 229
      jiraIssueNumber: 722

- version: "0.8.3"
  date: 2021-05-04
  changes:

  - type: internal
    impact: patch
    title: Fixed checkmarx scan
    description: |-
      The checkmarks scan reported some low findings which are fixed now.
    pullRequestNumber: 223

  - type: security
    impact: patch
    title: Update JFR image to 210413_777e270 with secure agent protocols
    description: |-
      Insecure Jenkins agent protocols have been disabled by configuring only secure ones.
      Here you can see the [Jenkinsfile Runner Image changes](https://github.com/SAP/stewardci-jenkinsfilerunner-image/compare/210205_1988c5e...210413_777e270).
    pullRequestNumber: 222
    jiraIssueNumber: 62

  - title: Introduce auxiliary pipeline run namespaces
    type: enhancement
    impact: patch
    description: |-
      In the future Steward will be enabled to provision service instances
      per pipeline run, e.g. a pipeline log forwarder.
      This change introduces auxiliary pipeline run namespaces where
      those run-specific service instances are defined in Kubernetes.

      The pattern of pipeline run namespace names changes.

      By default auxiliary namespaces are not created because they are not
      used yet. Enabling the feature flag `CreateAuxNamespaceIfUnused`
      enforces creating auxiliary namespaces.
    pullRequestNumber: 168

  - type: documentation
    impact: patch
    title: "Update secret examples"
    description: |-
      Move secret examples to own folder and extend the documentation.
    pullRequestNumber: 203

- version: "0.8.2"
  date: 2021-03-05
  changes:

    - type: internal
      impact: patch
      title: Updated release pipeline
      description: |-
        The release pipeline has been updated with compliance aspects
      pullRequestNumber: 220

- version: "0.8.1"
  date: 2021-02-23
  changes:

  - type: bug
    impact: patch
    title: fix args qps and burst of tenant controller deployment
    description: |-
      fix use qps and burst of tenant controller from the corresponding config values and not from run controller configuration
    warning:
    deprecations:
    pullRequestNumber: 218
    jiraIssueNumber: 214

- version: "0.8.0"
  date: 2021-02-19
  changes:

  - type: enhancement
    impact: minor
    title: "Make threadiness configurable for controllers"
    description: |-
      The threadiness for both run controller and tenant controller is now configurable.
      This allows for adjusting to the needs of particular usage scenarios.
    pullRequestNumber: 216
    jiraIssueNumber: 502

  - type: documentation
    impact: patch
    title: Add network policy examples
    description: Add examples for pipeline runs with configured network profiles.
    pullRequestNumber: 188

  - type: internal
    impact: patch
    title: "[Developer] update-codegen.sh: make generators selectable"
    description: |-
      The code generation script `hack/update-codegen.sh` got two new options `--gen-clients`
      and `--gen-mocks` to select what should be generated.
      If none of the `--gen-*` options is specified, _all_ generators are enabled.
    pullRequestNumber: 208

  - type: enhancement
    impact: minor
    title: "Client-side rate limiting configurable for tenant controller"
    description: |-
      The default values of are equal to those of the rest api.
      If many tenants exists, increasing the limit will make the processing of tenants faster e.g. creating a new tenant will take less time.
    pullRequestNumber: 214

  - type: bug
    impact: patch
    title: Delete finalizer after pipeline run is cleaned.
    description: |-
      Delete finalizer after pipeline run is cleaned.
    warning:
    deprecations:
    pullRequestNumber: 210
    jiraIssueNumber: 413

- version: "0.7.0"
  date: 2021-02-08
  changes:

  - type: enhancement
    impact: minor
    title: Make retry parameters for cloning the pipeline repo configurable
    description: |-
      Jenkinsfile Runner container entrypoint retries cloning the pipeline
      repository. The retry parameters (retry interval and timeout) are now
      configurable via Helm chart parameters.
      Jenkinsfile Runner image version which enables configuring retry
      parameters is also updated in the same PR. Changes in the new
      release of JFR image can be found [here](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210205_1988c5e).
    pullRequestNumber: 209
    jiraIssueNumber: 350

  - type: enhancement
    impact: minor
    title: Update Jenkinsfile-runner image version
    description: |-
      Update Jenkinsfile-runner image to a newer version.
      All the changes on this version can be found [here](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/210202_42eb583).
    pullRequestNumber: 207
    jiraIssueNumber: [350, 441]

  - type: enhancement
    impact: minor
    title: "Add maintenance mode to run controller"
    description: |-
      Steward can be put in _maintenance mode_.
      It prevents _new_ pipeline runs to be processed, while pipeline runs that are in progress _already_ still run to completion.
    pullRequestNumber: 204
    jiraIssueNumber: 393

  - type: bug
    impact: patch
    title: "Fix update of state history"
    description: |-
      The state history of a pipeline run is not updated correctly if a concurrent change happens.
      This change will fix this bug.
    pullRequestNumber: 206

  - type: security
    impact: patch
    title: "network: don't allow local subnet multicast traffic"
    description: |-
      Local subnet multicast addresses (224.0.0.0/24; see [Wikipedia](https://en.wikipedia.org/wiki/Multicast_address))
      should not be allowed by rule "allow internet access" of the pipeline run network policy.
    warning: You should apply the network policy change from [#200](https://github.com/SAP/stewardci-core/pull/200) manually in case you override the default network policy from the Helm chart.
    pullRequestNumber: 200

- version: "0.6.3"
  date: 2020-12-14
  changes:
  - type: enhancement
    impact: minor
    title: Allow renamed secrets in run namespaces if annotation is provided
    description: Secrets can be renamed if you provide an annotation when they are copied to the run namespace.
    pullRequestNumber: 165
    jiraIssueNumber: 315

- version: "0.6.2"
  date: 2020-12-08
  changes:

  - type: bug
    impact: patch
    title: Fixed struct field tag syntax
    description: Fixed struct field tag syntax for "pkg/apis/steward/v1alpha1".JenkinsfileRunnerSpec
    warning:
    upgradeNotes:
    deprecations:
    pullRequestNumber: 186
    jiraIssueNumber:

  - title: Upgrade Go dependencies
    type: internal
    impact: patch
    description: |-
      Upgrade `github.com/aws/aws-sdk-go` from v1.32.1 to [v1.34.1](https://github.com/aws/aws-sdk-go/releases/tag/v1.34.1)
    pullRequestNumber: 183

  - title: Make Elasticsearch index URL configurable per pipeline run
    type: enhancement
    impact: minor
    description: >-
      Enhance the `pipelineruns.steward.sap.com` CRD by fields to configure the
      Elasticsearch index URL and credential to be used to store build logs.

      However, these values are still ignored by Steward. Log destinations per
      pipeline run will be enabled with a later change.
    pullRequestNumber: 172
    jiraIssueNumber: 984

- version: "0.6.1"
  date: 2020-11-11
  changes:
  - type: internal
    impact: patch
    title: The release pipeline is now enabled for hotfix releases
    description: See [developer documentation](https://github.com/SAP/stewardci-core/blob/master/docs/development/README.md#hotfix-releases) for more information.
    warning:
    upgradeNotes:
    deprecations:
    pullRequestNumber: 179
    jiraIssueNumber: 316

  - title: Upgrade Go dependencies
    type: internal
    impact: patch
    description: |-
      - upgrade Kubernetes libs from v1.17.6 to v1.17.13 (see [K8s changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md))
    pullRequestNumber: 180

  - title: improve pkg/runctl/cfg
    type: internal
    impact: patch
    description: |-
      - fix: pipeline run fails with `error_config` if its `spec.profiles.network` is set to the name of the _default_ network profile
      - do not trim whitespace from configured network policies, as it may destroy YAML wellformedness
      - fail loading the pipeline runs configuration if the network policies config map does not exist
      - give more precise error messages in case of erroneous pipeline runs configuration
      - lots of refactoring in `pkg/runctl/cfg`
    pullRequestNumber: 181

- version: "0.6.0"
  date: 2020-11-09
  changes:
  - title: Introduce feature flags
    type: internal
    impact: patch
    description: |-
      There's a new Go package `pkg/featureflag` to deal
      with feature flags in Steward controllers.
      Feature flags can be configured via Helm Chart.
    pullRequestNumber: 178

  - type: enhancement
    impact: minor
    title: Introduce network profiles
    description: |-
      Allow Steward clients to select a network profile per pipeline run.

      Network profiles are named network-related configurations defined by Steward operators.
      Currently they define a Kubernetes network policy. Additional network-related settings may be
      added in the future.

      Clients can choose a network profile via `spec.profiles.network` of a PipelineRun
      resource object.
    warning: ""
    upgradeNotes: |-
      - PiplineRun objects may now have a `status.result` value `error_config` (see Steward API docs).
      - Activating the new feature flag `RetryOnInvalidPipelineRunsConfig` will let the pipeline run controller retry reconciling in case the controller configuration (in ConfigMaps) is invalid or cannot be loaded. Without the feature flag all PipelineRun objects will be set to finished with result code `error_infra`. The new behaviour will become the default in a future release of Steward.
    deprecations: |-
      Helm configuration value `pipelineRuns.networkPolicy` is deprecated:
      use `pipelineRuns.networkPolicies` instead.
    pullRequestNumber: 160
    jiraIssueNumber: 1305

  - type: enhancement
    impact: incompatible
    title: Make Jenkinsfile Runner properties configurable in PipelineRun custom resource objects.
    description: |-
      Jenkinsfile Runner properties are configurable in Steward PipelineRun manifests at `spec.jenkinsfileRunner` now.
    warning: |-
        Old configuration will not work anymore! See upgrade notes.
    upgradeNotes: |-
      Helm Chart Configuration changed:

      - `pipelineRuns.jenkinsfileRunner.image.repository` is outdated: use `pipelineRuns.jenkinsfileRunner.image` instead
      - `pipelineRuns.jenkinsfileRunner.image.tag` is outdated: use `pipelineRuns.jenkinsfileRunner.image` instead
      - `pipelineRuns.jenkinsfileRunner.image.pullPolicy` is outdated: use `pipelineRuns.jenkinsfileRunner.imagePullPolicy` instead
    deprecations:
    pullRequestNumber: 162
    jiraIssueNumber: 983
  - type: enhancement
    impact: minor
    title: Replace insensitive terms with inclusive language
    description: |-
      Insensitive terms should be replaced by inclusive language in all SAP open source repositories.
    warning:
    upgradeNotes:
    deprecations:
    pullRequestNumber: 176
    jiraIssueNumber: 20

- version: "0.5.2"
  date: 2020-10-28
  changes:

  - type: internal
    impact: patch
    title: Fix clustertask
    description: |-
      Fix variables in clustertask to changed structure.
    warning:
    upgradeNotes:
    deprecations:
    pullRequestNumber: 173

  - type: internal
    impact: patch
    title: Updated Jenkinsfile Runner based on adoptopenjdk11 instead of openjdk8
    description: |-
      Besides plugin updates, Jenkins Core update and a Jenkinsfile Runner update the
      Jenkinsfile Runner image has been switched to adoptopenjdk11, mainly to reduce the attack vector.
    warning:
    upgradeNotes:
    deprecations:
    pullRequestNumber: 175
    jiraIssueNumber: 1348

- version: "0.5.1"
  date: 2020-10-05
  changes:

  - type: bug
    impact: patch
    title: Fix clustertask
    description: |-
      Fix clustertask to match v1beta1 specification.
    pullRequestNumber: 163

- version: "0.5.0"
  date: 2020-08-29
  changes:

  - type: enhancement
    impact: incompatible
    title: Upgrade dependency to Tekton v0.14.3
    description: |-
      Build and run against Tekton v0.14.3.
    warning: Requires Tekton v0.14.3.
    upgradeNotes: |-
      The target Kubernetes system must have Tekton v0.14.3 installed. Higher versions may also work.
      In addition, Steward Jenkinsfile Runner Image version [200921_6cc247f](https://github.com/SAP/stewardci-jenkinsfilerunner-image/releases/tag/200921_6cc247f) or later is required.
    pullRequestNumber: 151
    jiraIssueNumber: 1330