All Versions
29
Latest Version
Avg Release Cycle
27 days
Latest Release
22 days ago

Changelog History
Page 1

  • v6.0.0-pre

    January 28, 2020

    🚀 > This is a pre-release of 6.0 which brings major changes not yet captured by the following release notes. Watch this space! 🙂

    🍱 🔗 feature

    • 🏗 Include job label in build duration metrics exported to Prometheus. #4976

    🍱 🔗 fix

    • 💻 The dashboard page refreshes its data every 5 seconds. Until now, it was possible (especially for admin users) for the dashboard to initiate an ever-growing number of API calls, unnecessarily consuming browser, network and API resources. Now the dashboard will not initiate a request for more data until the previous request finishes. #5023

    🍱 🔗 feature

    With this feature enabled (via --tracing-(jaeger|stackdriver)-* variables in
    🌐 concourse web), the web node starts recording traces that represent the
    🏗 various steps that a build goes through, sending them to the configured trace
    collector. #4607

    👍 As this feature is being built using OpenTelemetry, expect to have support for
    other systems soon.

  • v5.8.0

    January 08, 2020

    🍱 🔗 feature

    The first step (heh) along our road to v10 has been taken!

    @evanchaoli implemented the set_pipeline step described by RFC #31. The RFC is still technically in progress so the step is 'experimental' for now.

    🏗 The set_pipeline step allows a build to configure a pipeline within the build's team. This is the first "core" step type added since the concept of "build plans" was introduced, joining get, put, and task. Exciting!

    🔧 The key goal of the v10 roadmap is to support multi-branch and PR workflows, which require something more dynamic than fly set-pipeline. The theory is that by making pipelines more first-class - allowing them to be configured and automated by Concourse itself - we can support these more dynamic use cases by leveraging existing concepts instead of adding complexity to existing ones.

    As a refresher, here's where this piece fits in our roadmap for multi-branch/PR workflows:

    🏗 With RFC #33: archiving pipelines, any pipelines set by a set_pipeline step will be subject to automatic archival once a new build of the same job completes that no longer sets the pipeline. This way pipelines that are removed from the build plan will automatically go away, while preserving their build history.

    🏗 With RFC #34: instanced pipelines, pipelines sharing a common template can be configured with a common name, using ((vars)) to identify the instance. For example, you could have many instances of a branches pipeline, with ((branch_name)) as the "instance" var. Building on the previous point, instances which are no longer set by the build will be automatically archived.

    ⚡️ With RFC #29: spatial resources, the set_pipeline step can be automated to configure a pipeline instance corresponding to each "space" of a resource - i.e. all branches or pull requests in a repo. This RFC needs a bit of TLC (it hasn't been updated to be prototype-based), but the basic idea is there.

    With all three of these RFCs delivered, we will have complete automation of pipelines for branches and pull requests! For more detail on the whole approach, check out the original v10 blog post.

    Looking further ahead on the roadmap, RFC #32: projects proposes introduce a more explicit GitOps-style approach to configuration automation. In this context the set_pipeline step may feel a lot more natural. Until then, the set_pipeline step can be used as a simpler alternative to the concourse-pipeline resource, with the key difference being that the set_pipeline step doesn't need any auth config.

    🍱 🔗 feature

    • @evanchaoli added support for var_sources in the pipeline config. With this feature, concourse can fetch secrets from multiple independent credential managers per pipeline. While this feature is currently in an experimental state and not yet tested in production, it is the first step to enabling workflows where teams sharing a Concourse instance can independently manage their own credential managers. For the moment, only vault or the dummy credential manager can be used to back a var_source (the other credential manager types do not work). #4600, #4777

    🍱 🔗 feature

    • 🔧 @evanchaoli added the ability to tune the mapping between API actions and roles via the --config-rbac flag. While you can't yet create your own roles, you can customize the built-in ones by promoting and demoting the roles to which certain API actions are assigned. #4657

    🍱 🔗 feature

    🍱 🔗 feature

    🍱 🔗 feature

    • 📌 The pin menu on the pipeline page now matches the sidebar, and the dropdown toggles on clicking the pin icon. #4688

    🍱 🔗 feature

    • Prometheus and NewRelic can receive Lidar check-finished event now. #4556

    🍱 🔗 feature

    • 🔧 Make Garden client HTTP timeout configurable. #4707

    🍱 🔗 feature

    🍱 🔗 feature

    🍱 🔗 feature

    • 🏗 @hfinucane added a --url flag to fly watch, so now you can just copy the URL of a build from your browser and paste it in your terminal to keep watching the build. #4323

    🍱 🔗 feature

    • Concourse team roles can now be assigned to different CF space roles independently. For example, you can now create role mappings like "auditors in my CF space should be viewers in my Concourse team", whereas before you could only assign Concourse roles to CF developers. #4712, #4729

    🍱 🔗 feature

    • 🚀 Concourse now emits some useful metrics when lidar is enabled: the size of the check queue, the number of checks queued per atc each tick, number of checks GCed at a time, checks started and checks finished. #4692

    🍱 🔗 feature

    • 🏗 The build page now shows text labels for different step types, like get:, task: and set_pipeline:, instead of the icons from previous versions. Hopefully this is more accessible and easier to interpret! #4942

    🍱 🔗 feature, stub

    • The Concourse team is in the early stages of implementing a new backend for our container runtime based on containerd, which is more featureful than the guardian we have relied on until now. We have not yet implemented all of the methods required by Garden, so the existing work (which can be enabled by passing the --use-containerd flag to concourse worker) is in a non-functional state. This work is tracked in this project. #4779, #4778, #4752, #4853, #4784

    🍱 🔗 fix

    • 🛠 @kcmannem finally fixed the jagged edges on the progress bar indicators used by the dashboard. #4865

    🍱 🔗 fix

    🏗 @evanchaoli fixed a weird behavior with secret redaction wherein a secret containing e.g. { on its own line (i.e. formatted JSON) would result in { being replaced with ((redacted)) in build logs. Single-character lines will instead be skipped. #4749

    As an aside, anyone with a truly single-character credential may want to add another character or two.

    🍱 🔗 fix

    • 0️⃣ @vito bumped the autocert dependency so that Let's Encrypt will default to the ACME v2 API. #4804

    🍱 🔗 fix

    • 🚀 Bumped the registry-image resource to v0.8.2, which should resolve DIGEST_INVALID errors (among others) introduced by faulty retry logic. Additionally, the resource will now retry on 429 Too Many Requests errors from the registry, with exponential back-off up to 1 hour.

    🍱 🔗 fix

    • 🛠 @evanchaoli fixed a race condition resulting in a crash with LIDAR enabled. #4808

    🍱 🔗 fix

    • 🏗 @evanchaoli fixed a regression introduced with the secret redaction work which resulted in build logs being buffered. #4817

    🍱 🔗 fix

    • Fixed the problem of when fail_fast for in_parallel is true, a failing step causes the in_parallel to fall into on_error. #4746

    🍱 🔗 fix

    • 🚚 @witjem removed superfluous mentions of register-worker from TSA. #4816

    🍱 🔗 fix

    • 🔧 @evanchaoli changed the behaviour of fly set-team so that when a role has no groups or users configured, it no longer raises an error. #4858

    🍱 🔗 fix

    • @witjem improved the error that fly reports when your .flyrc has invalid YAML. #4758

    🍱 🔗 fix

    • @xtremerui changed the concourse CLI to output help text on stdout when the -h or --help flag is passed. This makes it easier to use other tools like grep to find relevant parts of the usage text. #4745

    🍱 🔗 fix

    • 📜 Concourse used to check the existence of legacy migration table by accessing information_schema and parsed out the error message does not exist in English; @xtremerui changed it by using to_regclass in postgres 9.4+, which resolved the issue for users with non-English (i.e. German) system language setup failed to migrate database. #4701

    🍱 🔗 fix

    @vito bumped the default value for the Let's Encrypt ACME URL to point to their v2 API instead of v1. This should have been in v5.7.2, but we had no automated testing for Let's Encrypt integration so there wasn't really a mental cue to check for this sort of thing.

    ✅ We're adding Let's Encrypt to our smoke tests now to catch API deprecations more quickly, and a unit test has been added to ensure that the default value for the ACME URL flag matches the default value for the client. #4869

    🍱 🔗 fix

    • 🛠 @pivotal-bin-ju fixed x509 issue when the super admin login without CACert after the first sucessful login. #4587

    🍱 🔗 fix

    • 👷 @kirillbilchenko fixed a bug where the concourse_workers_registered metric would never go below 1, even when workers were pruned. #4895

    🍱 🔗 enhancement

    • 🏗 @matthewpereira enlarged the build prep list font to match the other build log output styling. #4826

    🍱 🔗 fix

    • 🛠 @cirocosta fixed a bug where an error that's not specific could lead to null pointer exception during the container creation phase. #4932
  • v5.7.2

    November 29, 2019

    🍱 🔗 fix

    • 0️⃣ @vito bumped the autocert dependency so that Let's Encrypt will default to the ACME v2 API. #4805

    🍱 🔗 fix

    • 🛠 @evanchaoli fixed a race condition resulting in a crash with LIDAR enabled. #4808

    🍱 🔗 fix

    • 🏗 @evanchaoli fixed a regression introduced with the secret redaction work which resulted in build logs being buffered. #4817
  • v5.7.1

    November 18, 2019

    🍱 🔗 fix

    • v5.7.0 changed how CloudFoundry roles mapped to Concourse RBAC when using the CF Auth connector.
      🚀 Instead of enforcing this change, we would rather support both configurations in a future release.
      🚀 The original change is documented in v5.7.0 release notes. #4699

    🍱 🔗 feature

    • 🔧 Make Garden client HTTP timeout configurable. #4707

    🍱 🔗 feature

    • 🌲 Batch emissions and logging info for non-2xx responses from NewRelic, for NewRelic emitter #4698.
  • v5.7.0

    October 31, 2019

    🍱 🔗 feature

    🔀 We've introduced a components table in order to better synchronize all the internal processes that run on the web nodes.

    This should help reduce the amount of duplicated work (when running more than 1 ATC), and decrease the load on your database.

    🔧 There is no configuration required to take advantage of these new improvements.

    🍱 🔗 feature, breaking

    • 🔧 The CloudFoundry auth connector, when configured to authorize users based on CF space membership, will now authorize space auditors and space managers in addition to space developers. This is a breaking change as any teams with CF space-based configuration may grant access to users that they wouldn't have before. #4661

    🍱 🔗 feature, breaking

    • 🛰 All API payloads are now gzipped. This should help save bandwidth and make the web UI load faster. #4470

    🍱 🔗 feature

    • 🏗 @ProvoK added support for a ?title= query parameter on the pipeline/job badge endpoints! Now you can make it say something other than "build". #4480
      badge

    🍱 🔗 feature

    • @evanchaoli added a feature to stop ATC from attempting to renew Vault leases that are not renewable #4518.

    🍱 🔗 feature

    🍱 🔗 feature

    • 💻 API endpoints have been changed to use a single transaction per request, so that they become "all or nothing" instead of holding data in memory while waiting for another connection from the pool. In the past, this could lead to snowballing and increased memory usage as requests from the web UI (polling every 5 seconds) piled up. #4494

    🍱 🔗 feature

    • 📌 You can now pin a resource to different version without unpinning it first #4448, #4588.

    🍱 🔗 fix

    • 🏗 @iamjarvo fixed a bug where fly builds would show the wrong duration for cancelled builds #4507.

    🍱 🔗 feature

    • ⚡️ @pnsantos updated the Material Design icon library so now the concourse-ci icon is available for resources 🎉 #4590

    🍱 🔗 fix

    • The fly format-pipeline now always produces a formatted pipeline, instead of declining to do so when it was already in the expected format. #4492

    🍱 🔗 fix

    • 🛠 Fixed a regression when running fly sync it shows warning of parsing Content-Length and progress bar not showing downloading progress. #4666

    🍱 🔗 feature

    • 👷 Concourse now garbage-collects worker containers and volumes that are not tracked in the database. In some niche cases, it is possible for containers and/or volumes to be created on the worker, but the database (via the web) assumes their creation had failed. If this occurs, these untracked containers can pile up on the worker and use resources. #3600 ensures that they get cleaned appropriately.

    🍱 🔗 feature

    • ➕ Add 5 minute timeout for baggageclaim destroy calls. #4516

    🍱 🔗 feature

    • ➕ Add 5 minute timeout for worker's garden client http calls. This is primarily to address cases such as destroy which may hang indefinitely causing GC to stop occurring. #4467

    🍱 🔗 fix

    • 👷 Transition failed state containers to destroying resulting in them being GC'ed. This ensures that if web's call to garden to create a container times out, the container is subsequently deleted from garden prior to being deleted from the db. This keeps the web's and worker's state consistent. #4562

    🍱 🔗 fix

    • 🚚 Previously, if a worker stalled, the atc would still countdown and remove any 'missing' containers. If the worker ever came back it would still have these containers, but we would not longer be tracking them in the database. Even though we're now garbage collecting these unknown containers, we'd rather that be a last resort. So we fixed it.

    🍱 🔗 feature

    • ⚡️ @wagdav updated worker heartbeat log level from debug to info to reduce extraneous log output for operators #4606

    🍱 🔗 fix

    • 🛠 Fixed a bug where your dashboard search string would end up with +s instead of spaces when logging in. #4265

    🍱 🔗 fix

    • 🛠 Fixed a bug where the job page would show a loading spinner forever when there were no builds (like before the job had ever been run) #4636.

    🍱 🔗 fix

    • 🛠 Fixed a bug where the tooltip that says 'new version' on a get step on the build page could be hidden underneath the build header #4630.

    🍱 🔗 fix

    • 🛠 Fixed a bug where log lines on the build page would have all their timestamps off by one. #4637

    🍱 🔗 fix

    • 🔊 @evanchaoli fixed a bug where secret redaction incorrectly "redacts" empty string resulting in mangled logs. #4668

    🍱 🔗 feature

    • 📇 We've restyled the resource metadata displayed in a get step on the build page. It should be easier to read and follow, let us know your critiques on the issue. #4421 #4476

    🍱 🔗 fix

    🍱 🔗 fix

    🍱 🔗 fix

    🍱 🔗 fix

    🍱 🔗 fix

    • 🛠 @ProvoK fixed an issue, that will help resource authors better understand the errors being returned by concourse.

    🍱 🔗 fix

    🛠 We fixed an issue, introduced in 5.6.0, where checking a resource would fail if the resource and resource type shared the same name.

    👀 This actually seemed to exacerbate another issue, which we also took the time to fix in #4626.

    You gotta spend money to make money.

    🍱 🔗 feature

    🍱 🔗 fix

    🛠 We fixed a migration from 5.4.0. It only affected a small number users that had old unused resources left over from the ancient times. This probably isn't you, so don't worry.

    If you ran into this error <3s for being a long time concourse user.

    🍱 🔗 fix

    • 🔒 @aledeganopix4d added some lock types that weren't getting emitted as part of our metrics, so that's neat. You might actually see your lock metrics shoot up because of this, don't panic, it's expected.

    🍱 🔗 fix

    • 🔧 @evanchaoli fixed a bug where vault users, that hadn't configured a shared path, would end up searching the top level prefix path for secrets.

    🍱 🔗 fix

    • 🏗 @evanchaoli fixed yet another bug where the builds api would return the wrong builds if you gave it a date newer than the most recent build.
  • v5.6.0

    October 02, 2019

    🍱 🔗 feature

    There is a new experimental method of resource checking, which is off by default but can be turned on via CONCOURSE_ENABLE_LIDAR.

    The entire system has been redesigned to be asynchronous, but that shouldn't have any affect on your existing workflows. fly check-resource and fly check-resource-type will continue to work the way you expect them to (except for a small change to the command output). In addition you can now specify an --async flag if you don't want to wait for the check to finish.

    It's worth noting that concourse performs a lot of checks (like A LOT). Since we're now storing checks in the database, this table will tend to grow very quickly. By default checks get gc'ed every 6 hrs, but this interval can be configured by specifying a CONCOURSE_GC_CHECK_RECYCLE_PERIOD. If you want to reduce the number of checks that happen, you can start making heavier use of the webhook endpoint to trigger checks from external sources. This allows you to significantly reduce the check_every interval (default 1m) for your resource without impacting the time it takes to schedule a build.

    If you're interested in more detail about what changed you can have a look at the corresponding PR #4202 or the initial issue #3788.

    🍱 🔗 feature

    • 📌 Fly has a new sub-command pin-resource, which will pin a resource (and optionally comment) given at least one field of the version to pin to #2702 #4417.

    🍱 🔗 feature

    🍱 🔗 feature

    🍱 🔗 feature

    🏗 Credentials fetched from a credential manager will now be automatically redacted from build output, thanks to a couple of PRs by @evanchaoli! #4311 #4398

    📄 This feature is currently opt-in. To learn how to enable it, check out the docs.

    🍱 🔗 feature

    • @ralekseenkov added a web runtime flag CONCOURSE_SECRET_CACHE_DURATION_NOTFOUND to set a separate caching interval when a secret is not successfully found in the config store. Defaults to 10s. Addresses #3895 #4009.

    🍱 🔗 feature

    • 🔊 The cluster name can now be added to each and every log line with the handy dandy --log-cluster-name flag, available on the web nodes. This can be used in a scenario where you have multiple Concourse clusters forwarding logs to a common sink and have no other way of categorizing the logs. Thanks again @evanchaoli! #4387

    🍱 🔗 feature

    • @thoHeinze added CONCOURSE_GARDEN_NETWORK_POOL as configurable flag in BOSH release.
      0️⃣ Defaults to Garden's range of 10.254.0.0/22. Addresses #4153.

    🍱 🔗 feature

    • @joshzarrabi and @aemengo added CONCOURSE_GARDEN_MAX_CONTAINERS as configurable flag in BOSH release.
      🚀 Defaults to 250. Please note that setting this limit over 250 has not been tested by the Garden team or the Concourse team. #43.

    🍱 🔗 feature

    • 🔊 When the web node is instructing a worker to create a container, any logs emitted will mention that worker's name #4438. Thanks @christophermancini!

    🍱 🔗 feature

    🍱 🔗 fix

    • 🛠 @robwhitby fixed an issue with fly login where Safari would block your token from being transferred to fly #4314, #4423, #4439.

    🍱 🔗 fix

    🍱 🔗 fix

    • 📚 The fly set-team documentation when running --help previously suggested that a list is a valid input to any auth configuration flags. This doesn't mean you can supply a comma-separated list to the flag, rather that the flag can be provided multiple times. The fly set-team help documentation now reflects this, thanks to @niall-byrne! #4348

    🍱 🔗 fix

    • 🛠 @nelsam fixed a delicate bug where /opt/resource/out scripts in resources could crash web nodes by outputing null to stdout, causing a nil pointer dereference #4442.

    🍱 🔗 fix

    • 🚀 @kmdouglass fixed a bug introduced by #3037 in v5.5.0 where prometheus metrics would get clogged up with data about workers that were no longer registering #4445.

    🍱 🔗 fix

    🍱 🔗 fix

    🍱 🔗 fix

    🍱 🔗 fix

    • 🐳 @int-tt corrected the DNS proxy used by workers when running in Docker to compress the response message sent to the client. #4479 #4478
  • v5.5.7

    December 19, 2019

    🔒 🔗 security

    • 🚀 Updates the git resource to v1.6.3 to address a recently reported security vulnerability:
      • CVE-2019-19604:
      • Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

    🍱 🔗 fix

    0️⃣ @vito bumped the autocert dependency so that Let's Encrypt will default to the ACME v2 API. #4912

    0️⃣ > Note: This backported fix includes the bump to the default value, which was

    originally a follow-up patch in v5.7.3.

  • v5.5.6

    November 15, 2019

    🍱 🔗 feature

    • 💻 API endpoints have been changed to use a single transaction per request, so that they become "all or nothing" instead of holding data in memory while waiting for another connection from the pool. This could lead to snowballing and increased memory usage as requests from the web UI (polling every 5 seconds) piled up. #4494
  • v5.5.5

    November 08, 2019

    🍱 🔗 feature

  • v5.5.4

    October 24, 2019

    🍱 🔗 fix

    • 👷 Concourse now garbage-collects worker containers and volumes that are not tracked in the database. In some niche cases, it is possible for containers and/or volumes to be created on the worker, but the database (via the web) assumes their creation had failed. If this occurs, these untracked containers can pile up on the worker and use resources. #3600 ensures that they get cleaned appropriately.

    🍱 🔗 fix

    • ➕ Add 5 minute timeout for baggageclaim destroy calls. #4516

    🍱 🔗 fix

    • ➕ Add 5 minute timeout for worker's garden client http calls. This is primarily to address cases such as destroy which may hang indefinitely causing GC to stop occurring. #4467

    🍱 🔗 fix

    • 👷 Transition failed state containers to destroying resulting in them being GC'ed. This ensures that if web's call to garden to create a container times out, the container is subsequently deleted from garden prior to being deleted from the db. This keeps the web's and worker's state consistent. #4562