Concourse v5.1.0

« Changelog History

Concourse v5.1.0 Release Notes

• 🍱 🔗 fix, breaking

  🌐 tl;dr: concourse web --peer-url and concourse web --tsa-peer-ip are gone in favor of concourse web --peer-address

  🔨 We have been doing a lot of internal refactoring and decoupling between various components. One side effect of this is that the web nodes no longer need to stream user artifacts to one another, which was the only reason the concourse web --peer-url flag was needed, so it has been removed.

  👷 However, the SSH gateways (the "TSAs"), which also run on the web nodes, still need their address for the forwarded worker connections advertised to other web nodes. This value used to be inferred by --peer-url, so we've added a new --peer-address flag for it.

  🔒 🔗 security, breaking

  0️⃣ The web node now defaults X-Frame-Options to deny to safeguard against clicjacking attacks. If you run Concourse in an iframe, you'll notice that it doesn't work anymore.

  👀 To configure X-Frame-Options otherwise, see Ingress.

  🍱 🔗 feature

  • Steps can now be annotated with an on_error step hook, thanks to a PR by @amanw!

  🍱 🔗 feature

  • 🏗 Each step in the build log will now show how long it took to initialize and run when hovering over the icon to the right of the header. Thanks for the PR, @mockersf!

  🍱 🔗 feature

  • Resources can now be annotated with icon to put pretty little icons in your pipeline and make different resource types easier to distinguish. This was also a PR by @mockersf - thanks a bunch!

  🔒 🔗 feature, security

  📇 Resource metadata will no longer be shown by default in exposed pipelines.

  📇 Metadata should never contain credentials or any criticial information, but for some use cases it is not desireable to show e.g. commit messages and authors even though the pipeline is public.

  The resource must now have the public value set in order to show metadata, just like jobs. One caveat is build output: if a job is public, any get step and put steps will still show their metadata.

  🍱 🔗 feature

  • fly execute will now upload inputs and download outputs in parallel.

  🍱 🔗 feature

  🚀 The Concourse BOSH release now packages Ubuntu-flavored images for each core resource type instead of Alpine. This is primarily for compliance reasons. Nothing should really be affected.

  👀 The .tgz distribution continues to use Alpine so the tarball doesn't get even bigger. Once we minimize the amount of resource types we package with Concourse (see (RF)RFC #23) we'll be removing them and standardizing on Ubuntu for simplicity's sake.

  🍱 🔗 feature

  • Generic oAuth can now be configured with different user ID/name keys. They default to user_id and user_name, just as before.

  🍱 🔗 feature

  • 🔧 Generic OIDC auth can now be configured with a different user name key. It defaults to username, just as before.

  🍱 🔗 feature

  🚚 Previously, workers would garbage collect containers in volumes sequentially, destroying containers first and then volumes. This meant that if a worker had thousands of volumes to remove, it would go through and destroy them one by one - meanwhile, containers were not being garbage-collected.

  0️⃣ Containers and volumes are now garbage-collected in parallel to each other, with a default max-in-flight of 5 containers and 5 volumes at a time. This speeds up garbage-collection overall and prevents an imbalance in volume/container counts from slowing each other down. This is especially important as workers are typically capped at 250 containers, but may have thousands of volumes and may even have a slow disk.

  🍱 🔗 feature

  • 🔧 The Vault credential manager can now be configured with a global shared path for credential lookup. This should make sharing credentials between teams a bit easier to manage, in lieu of RFC #21 (per-team credential managers). Use with care! All teams will be able to access it.

  🍱 🔗 feature

  • Pipelines now have a play/pause button at the top bar, so you don't have to go all the way back to the dashboard and find the pause button there. Thanks for the PR, @robwhitby!

  🍱 🔗 feature

  • 📇 URLs in resource metadata are now clickable, thanks to a PR by @Twiknight!

  🔒 🔗 fix, security

  Fixed a minor information leak that would allow unauthenticated users to fetch the step names and structure for a build whose job is not marked public.

  This only exposed step names, but it was still a little weird to allow it to be fetched. It will now return a 401 Unauthorized instead.

  🍱 🔗 fix

  ⏱ Previously, manually-triggered builds would cause resource checking to be performed in the job scheduling loop. This ensured that manually triggered builds ran with the latest versions available, but it also slowed down scheduling for every other job in the pipeline, because they're all scheduled one-by-one.

  🏗 In the worst case, this meant a hanging resource check could result in all builds in the pipeline being stuck in the "pending" state for a long period of time (or, "like, forever").

  ⏱ So we changed things around a bit: instead, the scheduler just won't start a manually triggered build until the "last checked" timestamp of each of its resources is after the build's "created at" timestamp. And to make that go faster, when a build is manually triggered we'll short-circuit the checking interval for each of its input resources.

  ⏱ With this change, if/when a resource check is hanging or slow it at least won't gum up the pipeline scheduling for all the other jobs.

  Expect more improvements in this area in the next few releases! We'll be making jobs schedule in parallel soon so they can't affect each other, and we're working on a new "algorithm" that should scale a lot better with pipelines that have a ton of data or versions.

  🍱 🔗 fix

  • 🔨 The above refactoring also fixed a race condition that could result in inputs configured with version: every having versions skipped when a build is manually triggered.

  🍱 🔗 feature

  • The fly CLI learned two new commands: fly delete-target and fly edit-target. Thanks for the PR, @pivotal-kahin-ng!

  🍱 🔗 feature

  • 🏗 The fly intercept command can now be given a specific container --handle to intercept, thanks to another PR by @pivotal-kahin-ng!

  🍱 🔗 feature

  • 👷 The fly prune-worker can now be given an --all-stalled or -a flag to prune all the stalled workers, thanks to a PR by @aledeganopix4d!

  🍱 🔗 fix

  • version on a get step will now take precedence over versions pinned via the web UI or via version on a resource definition.

  🍱 🔗 fix

  • 🚀 The HD dashboard view got a little weird in the last couple releases - it's fixed now.

  🍱 🔗 fix

  • 🛠 Fixed the spacing of the pipeline view so super tall pipelines don't get clipped by the top bar.

  🍱 🔗 fix

  • 🛠 Fixed the status:running search functionality on the dashboard view.

  🍱 🔗 fix

  • 🏗 When viewing a pipeline build by ID (/builds/123), the top bar will show the breadcrumb for its pipeline and job instead of being empty.

  🍱 🔗 fix

  • The breadcrumb in the top bar now uses actual links, so they can be middle-clicked and right-clicked to your heart's content.

  🍱 🔗 fix

  • The groups bar on the pipeline view now has hover states for each group.

  🍱 🔗 fix

  • 🛠 Fixed a bug that caused credential managers to be instantiated twice, resulting in two auth loops.

  🍱 🔗 fix

  • 🏗 When viewing a one-off build in the web UI, the build will now render instead of chucking errors in the browser console.

  🍱 🔗 fix

  • 💻 The web UI is now up-to-date with Elm 0.19! You shouldn't really notice anything, but...yay!

  🍱 🔗 fix

  • 🛠 Fixed a crash that would occur when a build finished that produced outputs for a resource that had been un-configured from the pipeline in the meantime.

  🍱 🔗 fix

  • 🏗 The web node will now retry on unexpected EOF errors which could occur when a worker was restarted while a build was running a container on it.

  🍱 🔗 fix

  • 🛠 Fixed a bug with the Vault login re-try logic that caused it to go into a fast loop after reaching the maximum interval. Now it'll actually stay at the maximum interval.

  🍱 🔗 fix

  • 🏗 When viewing a build for a job that has a ton of builds, only the first batch of builds will be fetched and rendered instead of all of them. Older builds will be automatically loaded if the build being viewed is old, or as the user scrolls to see them.

  🍱 🔗 feature

  • 💻 We're now consistently using Material Design icons everywhere in our UI - the last of the Font Awesome stragglers have been replaced!

  🍱 🔗 fix

  🛠 Fixed quite a few quirks with the dashboard search:

  Team name autocomplete will now work even if you're not logged in.

  🛠 Fixed the unstyled autosuggest menu in Chrome.

  Hitting the escape key will now un-focus the search field.

  The search autocomplete will now only appear if you press a key with the search field focused.

  Typing ? into the search field will no longer bring up the hotkey help pane.

  🍱 🔗 fix

  • 🏗 fly execute will now print the correct URL for the build when running with -j.

  🍱 🔗 fix

  • fly login will now create ~/.flyrc with stricter permissions (0600).

  🍱 🔗 feature

  • 🏗 We've added a (hopefully subtle) stripey animation to running builds in the build number list to help differentiate between errored and running builds.

  🍱 🔗 feature

  • 🖨 fly set-pipeline will now print a copy-pasteable fly unpause-pipeline command, thanks to a PR by @benchristel!

  🍱 🔗 fix

  With v5.0.0 we introduced a bit of a performance regression with loading the versions for a pipeline during scheduling. We've made an incremental change to make it a bit faster.

  🛠 This will also be fixed by the new input candidate algorithm mentioned previously.

  🍱 🔗 fix

  • 🔧 The dashboard will no longer crash when a pipeline is configured with a circular dependency.

  🍱 🔗 fix

  • 🛠 Fixed the rendering of many, many pipeline groups.

• All Versions
• Previous v5.0.1
• Next v5.2.0-rc.24
• Latest Version