Codefresh On-premises Release Notes

New features, bug fixes, feature flags for on-premises releases

Welcome to the release notes for our on-premises releases.

On-premises version 2.5

Features & enhancements

Installing v2.5

For detailed instructions on installing v2.5, visit ArtifactHub.

Upgrading to v2.5

For details, see Upgrade to 2.5 in ArtifactHub.

General: Service Accounts for centralized administration

We’re excited to announce the launch of service accounts in Codefresh.

Why service accounts?

Service accounts make administration simpler. They provide automated processes, applications, and services with the necessary permissions to interact securely with your infrastructure.

Create service account

Create service account
Key features of service accounts in Codefresh
  • Toggle status
    Easily turn service accounts on or off with a toggle. Deactivate service accounts when not in use or invalidate their API keys without removing the account. Reactivate them when needed.

  • RBAC compliance
    Assign service accounts to teams to ensure role-based access control (RBAC) compliance for your pipelines.

  • Multiple API keys for granular access
    Manage access effortlessly by allowing each service account to hold multiple API keys, each with specific scopes and purposes.

Service account list

Service account list

For details, see Managing service accounts

General: Personalized menus

We have introduced a powerful feature that gives admins even more control over the Codefresh platform: customizable menus!

Take control of your account’s menu items and personalize the interface to create a more user-friendly and productive environment. Simplify navigation by hiding unnecessary menu items and decluttering the sidebar, ensuring that users can quickly the pages they need.

We’ve added a new page to Settings entitled Modules. Admins can decide exactly which menu items are displayed in the sidebar for all users in the account.

How it works

We have three main modules for the plaform:

  • Continuous Delivery (CD) with GitOps
  • Continuous Integration (CI) with Pipelines
  • Continuous Delivery (CD) with Pipelines

By default, all modules, submodules, and menu items are enabled.

Using the toggle method, you can easily customize what’s visible: switch to ON to display an item and OFF to hide it.

Example of main module toggled OFF

Example of main module toggled OFF

For even more precise control, you can toggle individual pages on or off.

Example of customized sidebar with pipeline menu items

Example of customized sidebar with pipeline menu items

Admins can always view all hidden items in the sidebar by toggling the Show in sidebar option… to ON.

Start streamlining your team’s experience today!

General: Brand-new search mechanism and experience

We’re excited to introduce the revamped search mechanism for our doc site!

Context-aware
Wherever you are in Codefresh and open search from the toolbar, either from Global Search & Navigation by typing help or by clicking the Help icon, you’ll get a curated list of articles that are context-sensitive to your location in the UI to kick-start your search.

Additionally, for an enriched information experience, check out our collection of blog posts from our experts.

Here are more reasons to try the new search:

  • Preview
    Check out search results and preview articles before diving in. Just click an article in the list to display it in the Preview panel.
  • View Article
    Click View Article on the toolbar of the Preview panel to go straight to the article on the doc site.
  • Share Links
    Share useful articles easily with the deep link option, also on the Preview toolbar.
  • Additional Resources
    Access handy pages, including our collection of blogs, quickly with permalinks at the bottom of the search results.

Preview pane in search results

Preview pane in search results

Try our new search and don’t forget to send us your feedback!

Pipelines: RBAC for Pipeline Runtimes

We have further strengthened security for pipelines with RBAC permissions for Pipeline Runtimes.
RBAC for Pipeline Runtimes enhances the permissions system with granular access control not just for Pipeline Runtimes, but also for runtime environments and resources within pipelines.

Key benefits
  • Granular control over runtimes
    Precisely manage access to runtime environments. For example, restrict access to production environments to safeguard production resources, or grant exclusive access to high-performance runtime environments for high-priority projects, ensuring they have the necessary resources.
  • Optimized resource management for runtimes
    Optimize performance without admin intervention by allowing teams to adjust CPU and memory settings for pipeline builds.
How does it work?

Similar to other entities, you implement RBAC for Pipeline Runtimes, runtime builds, and resources, through tags and rules. After adding tags to Pipeline Runtimes, you can define rules for the Pipeline Runtimes, and for runtime environments and resources within pipelines.

Tags for Pipeline Runtimes

Tags for Pipeline Runtimes

Rules for runtime environments and resources in pipelines

Rules for runtime environments and resources in pipelines

For details, see Assign tags to Pipeline Runtimes and Creating rules for Pipeline Runtimes and runtime environments.

Pipelines: Dedicated environment variables for pull request titles

We’ve made a change to how pull request titles are handled by environment variables in pipelines.

The environment variables ${{CF_COMMIT_MESSAGE}} and ${{CF_COMMIT_MESSAGE_ESCAPED}} now return the commit message instead of the pull request title.

To get the pull request title, use the new environment variables:

  • ${{CF_PULL_REQUEST_TITLE}}
  • ${{CF_PULL_REQUEST_TITLE_ESCAPED}}

To use the new variables for pull request titles, update your pipelines accordingly. As they are already supported by the system, you can begin using them immediately.

For details, see System variables.

GitOps: Runtime upgrade

The Open Source ArgoCD project published a high-severity security vulnerability. We recommend upgrading your GitOps Runtime to version 0.9.0, which includes a fix for this issue, along with other fixes and features.

This CVE affects webhook processing and is relevant only to customers who have configured webhooks.

To upgrade to the latest release, follow the on-screen instructions to run helm upgrade.

The Current State tab in our GitOps Apps dashboard is the central location to view and manage all the resources in your applications. We are always looking to enhance productivity, and here are the newest features we support: external Links for application and ingress resources!

External links are user-defined URLs for Kubernetes resources in Argo CD that can point to any external resource such as monitoring pages or documentation. These links, added through annotations in resources, are also rendered in Codefresh, for smooth and easy navigation.

A Kubernetes resource with external links shows a clickable link icon below the resource’s context menu, from which you can navigate to the next to the resource in the Tree view for easy and smooth navigation.

External link for resource in Current State Tree view

External link for resource in Current State Tree view

We also support automatic links for ingress resources! Access links to ingress resources are also automatically generated and rendered in the Current State’s Tree view for visibility and easier management.

Ingress resource links in Current State Tree view

Ingress resource links in Current State Tree view

For details, see Access external links.

GitOps: Application menu enhancements in Environment & Product dashboards

We’ve restructured and redesigned the context menu for applications in the Environments and Products dashboards for easier navigation and quicker access to the information you need!

Context menu for applications in Environments and Products

Context menu for applications in Environments and Products

Here’s a round-up of the changes:

  • Application Info
    A new menu groups handy links for direct access to useful application info.
  • Quick View
    Now conveniently available in the Application Info menu.
  • Go to application This new option takes you straight to the Current State tab in the GitOps Apps dashboard for the application.
  • Timeline
    Directly opens the deployment history for the application for easy access. No need to click the application name.
  • Diff View
    Enabled when an app is out-of-sync, providing direct access to our visual Diff View editor to identify discrepancies between desired and live states.

Other actions remain unchanged.

For details, see Working with applications in Environments and Working with applications in Products.

Usability enhancements

We implemented a small but significant improvement to your Codefresh experience.

Now, when you try to access a shared link while not logged into the platform, you will be automatically redirected to the URL you entered after logging in, instead of being taken to the default Home dashboard view.

Pipelines: Project name in breadcrumbs in Builds page

In the Builds page, on selecting a build, the breadcrumbs path displays also the project name.

Builds page: Project name in breadcrumbs

Builds page: Project name in breadcrumbs

Feature Flags

Feature Flags are divided into new Feature Flags released in the current version, and changes to existing Feature Flags which are now enabled by default.

New Feature Flags in v2.5

The table below describes the new Feature Flags in the Codefresh On-Premises release v2.5.

Feature Flag Description Default Value
analyticsCommittersListTable When enabled, displays the Committers per month table in Usage > Active Seats. FALSE
batchRefsResolvmentApiGraphql When enabled, improves performance in GitOps. FALSE
hideHelmChartsMenuItem When enabled, hides the Helm Charts menu item for Pipelines in the sidebar. FALSE
hideHelmReleasesMenuItem When enabled, hides the Helm Releases menu item for Pipelines in the sidebar. FALSE
hideKubernetesServicesMenuItem When enabled, hides the Kubernetes Services menu item for Pipelines in the sidebar. FALSE
hideHelmBoardsMenuItem When enabled, hides the Helm Boards menu item for Pipelines in the sidebar. TRUE
limitAmountOfApplicationTreeWithErrorsRequests When enabled, improves performance in GitOps. FALSE
sharedLibTopBar When enabled (the default), displays the shared top menu bar common to Pipelines and GitOps. FALSE
sharedLibSideMenu When enabled (the default), displays the shared menu common to Pipelines and GitOps. TRUE
Updated Feature Flags in v2.5

The table below lists existing Feature Flags which have been updated by default to be either enabled (set to TRUE), or disabled (set to FALSE).

Feature Flag Description Default Value
abacRuntimeEnvironments When enabled (the default), allows creating rules in Permissions which impacts options in Pipeline > Settings > Build Runtime:
  • Build Runtime Environment: When enabled, allows restricting Runtime Environments available for pipelines based on tags. Restricted Runtime Environments are disabled in the Runtime Environments list for the pipeline/build run.
  • Pipeline actions:
    • Manage resources: Select CPU, memory, and minimum disk space for the pipeline/build run.
    • Set runtime environment: Select a Runtime Environment from those available in the Runtime Environments list for the pipeline/build run.
    • Set cloud builds: Set Cloud build and select the resource size for the pipeline/build run.
TRUE
abacUIEnforcement When enabled (the default), for Pipelines, prevents the user from selecting options and performing actions which are not permitted. TRUE
abacV2UIEnforcement When enabled (the default), for GitOps, prevents the user from selecting options and performing actions which are not permitted. TRUE
accountInfoCopyButton When enabled (the default), adds the account ID to the URL. When sharing the URL with the account information, recipients can seamlessly switch accounts. TRUE
serviceAccounts When enabled (the default), allows Codefresh administrators to create shared Service Accounts not associated with specific users for centralized access and permissions management. TRUE

Bug fixes

General
  • Download Audit downloads empty CSV file.
  • Invite text in Welcome screen displays undefined instead of the organization name.
Pipelines
  • Secrets store integration breaks after upgrading dind to version 26.1.4-1.28.7.
  • Failed to write template value file Arguments to filesystem error for builds with codefresh-run step.
  • Permission and missing scope error when running codefresh validate yaml command.
  • Step-member variables not supported between different parallel blocks.
  • Trigger for Azure DevOps creates builds for files ignored in modified files.
  • Failed - build runtime settings not configured error for Hybrid Runner.
  • build step does not support images from different account for Amazon ECR (Elastic Container Registry).
GitOps
  • Audit log does not show changes made to GitOps permissions.
  • Command failure for argo-platform-analytics-reporter.
  • Manual Rollout actions not available in audit log.
  • GitOps permissions do not function correctly when attributes are applied.
  • Annotations added during a build run or via CLI not displayed in the Summary tab of the Images dashboard.
  • Current Release not displayed for multi-sourced apps.
  • Sync statuses for applications within ApplicationSets not correctly displayed in Codefresh UI.
  • Unresponsive Close button in Rollout drawer.

On-premises version 2.4

Features & enhancements

Welcome to our newest on-premises release!

Installing v2.4

For detailed instructions on installing v2.4, visit ArtifactHub.

Upgrading to v2.4

For details, see Upgrade to 2.4.0 in ArtifactHub.

General: New cfapi-auth role

We have introduced the cfapi-auth role in v2.4. Make sure it is enabled.

cfapi-auth:
  <<: *cf-api
  enabled: true

For details, see cfapi-auth role in Artifactory.

General: PROJECT_ONE as default for accounts

From v2.4 and higher, the default SYSTEM_TYPE has been changed to PROJECT_ONE.
To retain the original Classic version, you will need to update cfapi environment variables. See Default system type in ArtifactHub.

If you need a refresher on the new navigation, see our documentation.

General: More power to Global Search & Navigation

We’re excited to announce major enhancements powering our Global Search & Navigation:

  • Actions through Search
    Execute actions using search or keyboard shortcuts:
    • Run a pipeline: Search to navigate to a specific pipeline, and then use the R and N shortcut keys to trigger that pipeline.
    • Refresh an application: Search for the application you need, and then use the R and F shortcut keys to instantly refresh the application.
    • Sync an application: Within an application, use the S and Y shortcut keys to open the sync dialog.
  • Quick navigation
    • Integrated link to app-proxy logs
      We’ve introduced App-proxy logs as a new navigation item. You can now type App-proxy logs to access a list of GitOps Runtimes. From there, simply select a Runtime to view its app-proxy logs in the online terminal.
    • GitOps Runtimes for admins
      Type GitOps Runtimes and click to go directly to the GitOps Runtimes page.
    • GitOps Permissions for admins
      Type GitOps Permissions and click to go directly to the Permissions page.

Global Search & Navigation: app-proxy logs

Global Search & Navigation: app-proxy logs

General: Custom auto-sync intervals for SSO

Previously, integration with different SSO providers allowed automatic user and team synchronization with Codefresh at fixed hourly intervals.

With our latest update, you can now customize the auto-sync intervals to better suit your organization’s needs.
The new options allow you to set the sync frequency in minutes or hours. Alternatively, you can enable auto-sync without defining a specific interval, and Codefresh will automatically perform the sync every 12 hours.

This flexibility ensures more timely updates and improved efficiency in user and team management.

For details, see Syncing teams in IdPs with Codefresh.

Pipelines: Explore build relationships with Build Tree

Introducing Build Tree for easy rendering of relationships between pipeline builds! Seamlessly visualize complex parent-child-sibling relationships within the context of your selected build, simplifying pipeline monitoring and management.

Pipeline builds: Build Tree view

Pipeline builds: Build Tree view

In addition to the effortless visualization, other key benefits include:

  • The selected build as an anchor reference point to linked builds, indicated by the Current tag assigned to it.
  • Updated status for every build, with failed steps listed for quick alerting.
  • Quick access to essential actions without navigating away from the Build Tree, through the build’s context menu.
  • Single-click access to the individual build view for detailed insights.

For details, see Visualize build relationships for pipelines.

Pipelines: More Pull Request events support for GitHub

Our integration with GitHub events is now even stronger with the addition of more types of pull request (PR) event triggers.

You can now trigger builds for the following PR events:

  • Pull request review approved
  • Pull request review changes requested
  • Pull request review commented

New pull request events for GitHub in Codefresh

New pull request events for GitHub in Codefresh

For details, see Git triggers for pipelines.

Pipelines: Gerrit topic variable mapping

We have introduced a new system variable: CF_GERRIT_CHANGE_TOPIC. This variable maps directly to Gerrit’s topic variable, which groups related changes together in Gerrit, for better organization and management.

With CF_GERRIT_CHANGE_TOPIC in Codefresh pipelines, based on the topic’s context, you can:

  • Dynamically manage and execute steps .
  • Conditionally trigger specific actions or entire pipelines.

For details, see System variables in pipelines.

Pipelines: Automatic account switching for pipeline builds

Another usability enhancement for a seamless experience when navigating between accounts.

When accessing pipeline builds from an account different to the one you’re logged into, Codefresh automatically switches you to the correct account. This means no more prompts and having to manually select the account.

To support this enhancement, you need to enable the autoBuildSwitchAccount Feature Flag.

GitOps: GitOps Runtimes as Configuration Runtimes

We added new functionality for GitOps Runtimes. Starting with Runtime v0.1.49, you can now designate a Hosted or any Hybrid GitOps Runtime as a Configuration Runtime. Configuration Runtimes handle platform-level resources that are runtime-agnostic, such as those for GitOps Products.

Set GitOps Runtime as Configuration Runtime

Set GitOps Runtime as Configuration Runtime

Key features to note:

  • Redundancy
    Designate single or multiple GitOps Runtimes as Configuration Runtimes. Codefresh ensures that resources are not duplicated even when there are multiple Configuration Runtimes.
  • Ease of use
    Set and unset a Configuration Runtime with just a click in the UI or a quick edit in your values.yaml file.

For details, see Designating Configuration Runtimes.

GitOps: Rollout enhancements

  • Templated arguments in AnalysisTemplates
    Codefresh now supports templated arguments declared in AnalysisTemplates for metric configurations in AnalysisRuns.

  • Rollout Player
    To make Rollouts easier to manage, we added the Abort and Retry buttons to the Rollout Player. These options were previously available for the Rollout resource only in the Current State tab.

Abort & Retry in Rollout Player

Abort & Retry in Rollout Player

For details, see Manage rollouts for Argo CD application deployments.

Usability enhancements

Pipelines: Project name in breadcrumbs in Builds page

In the Builds page, on selecting a build, the breadcrumbs path displays also the project name.

Builds page: Project name in breadcrumbs

Builds page: Project name in breadcrumbs
GitOps: Breadcrumbs

We have improved the implementation of breadcrumbs for a smoother navigation experience.

Entity names in lowercase
Within the breadcrumbs path, entity names are now consistently displayed in lowercase.

Sibling display and navigation
The end of the path now shows all sibling items if available.
Clicking the dropdown displays all siblings, and clicking an item navigates directly to it.

Viewing and navigating to siblings in breadcrumbs

Viewing and navigating to siblings in breadcrumbs

Clean selection for copy
Clicking any item in the breadcrumb path now selects only that specific item, not the entire path, and also copies that item.

GitOps: Shared Configuration Repo in Organization Information

As a usability enhancement, we have made it easier to locate the Shared Configuration Repository used by GitOps Runtimes.

You can now find the link to your Shared Configuration Repository directly in the Organization Information page.

Link to Shared Configuration Repository in Organization Information

Link to Shared Configuration Repository in Organization Information

Feature Flags

Feature Flags are divided into new Feature Flags released in the current version, and changes to existing Feature Flags which are now enabled by default.

New Feature Flags in v2.4

The table below describes the new Feature Flags in the Codefresh On-Premises release v2.4.

Feature Flag Description Default Value
abacUIEnforcement When enabled, for Pipelines, prevents the user from selecting options and performing actions which are not permitted. FALSE
abacV2UIEnforcement When enabled, for GitOps, prevents the user from selecting options and performing actions which are not permitted. FALSE
abacRuntimeEnvironments When enabled, allows creating rules in Permissions which impacts options in Pipeline > Settings > Build Runtime:
  • Build Runtime Environment: When enabled, allows restricting Runtime Environments available for pipelines based on tags. Restricted Runtime Environments are disabled in the Runtime Environments list for the pipeline/build run.
  • Pipeline actions:
    • Manage resources: Select CPU, memory, and minimum disk space for the pipeline/build run.
    • Set runtime environment: Select a Runtime Environment from those available in the Runtime Environments list for the pipeline/build run.
    • Set cloud builds: Set Cloud build and select the resource size for the pipeline/build run.
FALSE
autoBuildSwitchAccount When enabled, and a user accesses a build from a different account, automatically switches to the corresponding account instead of the user having to do so manually.
See Pipelines: Automatic account switching for pipeline builds in this article.
FALSE
delightedSurvey When enabled (the default), displays Delighted CX surveys in the Codefresh UI.
If there are security concerns because of outbound requests from clients, disable this Feature Flag.
TRUE
fullstory When enabled, allows Codefresh to track user activity in the Codefresh UI through FullStory.
NOTE: When enabled for air-gapped environments, client attempts to communicate with a Fullstory service may result in network errors.
FALSE
gitopsDynamicBreadcrumbs When enabled (the default), supports rendering dynamic breadcrumbs for GitOps.
See GitOps breadcrumbs in this article.
TRUE
piplineCreditConsumption When enabled (the default), supports credit-consumption analytics for pipelines. TRUE
productCRD New feature currently in development for GitOps.
When enabled, allows creating a Custom Resource Definition (CRD) for the Product entity in GitOps.
FALSE
promotionOrchestration New feature currently in development for GitOps.
When enabled, allows promotion orchestration for products including product’s releases API and promotion flow API.
FALSE
reportBuildStatusPerPipelineTriggerEvent Currently supported for Bitbucket cloud.
When enabled, for builds with the same pipelineId, reports build statuses separately per triggerId and trigger event.
FALSE
rolloutPlayerLiveState When enabled (the default), updates Rollout events directly from AppProxy for faster response times. TRUE
serviceAccounts Currently in development.
When enabled, allows Codefresh administrators to create shared Service Accounts not associated with specific users for centralized access and permissions management.
FALSE
Updated Feature Flags in v2.4

The table below lists existing Feature Flags which have been updated by default to be either enabled (set to TRUE), or disabled (set to FALSE).

Feature Flag Description Default Value
buildsTreeView This feature is now available for on-premises environments.
When enabled (the default), shows a visualization of the parent and child builds of pipelines.
See Explore build relationships with Build Tree in this article.
TRUE

Bug fixes

Pipelines
  • “Unknown error” failure on cloning a pipeline that includes a trigger.
  • “Codefresh is unable to reach your Kubernetes cluster, please check if there is a connection issue” error when selecting Account settings > Pipeline integrations > Kubernetes.
  • Debug mode fails to execute or hangs with engine version 1.169.1 and higher.
  • Upgrade to on-premises v2.3.2 causes out-of-disk issue for RabbitM because of dangling queues with no consumers.
  • error URL using bad/illegal format or missing URL for git-commit steps when password includes special characters.
  • Some repositories not displayed in Repository list when creating trigger for Bitbucket server.
  • Azure repos with YAML from repository settings throws TimeoutError: Connection to server has timed out error during trigger creation when listing repositories.
  • Builds for Gerrit in Codefresh triggered twice.
  • Metrics tab for pipeline build displays CPU utilization incorrectly as 100% instead of the actual usage.
  • When defining triggers, search in Select Branch does not display branch names including slashes.
  • Long loading time for Git repos when creating new pipelines and triggers.
  • For Bitbucket, reported statuses of two builds triggered for the same commit override each other.
  • For Bitbucket, build fails as CF_PULL_REQUEST_ACTION variable is not populated with correct value.
  • Constant restarts pf pipeline-manager pods during marketplace step executions for v2.2 and higher.
  • Queue-time metric reported to Datadog from Codefresh includes the duration of pending-approval steps.
  • Build failure for pipeline including mixture of regular and buildx parallel build steps.
  • Changing LOGGER_LEVEL variable does not impact verbosity of engine logs.
  • For Gerrit, username of build initiator not displayed.
  • Usability issues when selecting clone pipeline option from UI.
  • Upgrade to on-premises v2.3.2 causes out-of-disk issue for RabbitM because of dangling queues with no consumers.
GitOps
  • New Argo CD application deployed in Codefresh remains as Out of Sync in GitOps Apps > Current State.
  • Delay for new Argo CD applications to appear in Codefresh GitOps Apps dashboard.
  • Deleting a managed cluster from a GitOps Runtime results in an empty list of clusters for the same Runtime.
  • GitOps Apps dashboard > Applications tab displays Unknown status for Argo CD applications.
  • Truncated Kubernetes Label names in the GitOps Apps dashboard when selecting More filters.
  • Results for Analysis metrics not displayed in Rollout when using arguments from AnalysisTemplates.
  • Multi-container pods display a container name must be specified for pod.... message without option to select a specific container.

On-premises version 2.3

Features & enhancements

Here are the features and enhancements included in Codefresh On-Premises v2.3.

Install/upgrade to v2.3

Welcome to our newest on-premises release!

Installing v2.3 For detailed instructions on installing v2.3, visit ArtifactHub.

Upgrading to v2.3 In this release, we changed the default registry for Codefresh private images from Google Container Registry (GCR) gcr.io to Google Artifact Registry (GAR) us-docker.pkg.dev.
If you are upgrading to v2.3, you will need to update .Values.imageCredentials.registry to us-docker.pkg.dev.

For details, see Upgrade to 2.3.0 in ArtifactHub.

Pipelines: New strict_fail_fast to control pipelines

You’re probably familiar with the fail_fast flag available for steps in Codefresh pipelines. The flag determines the pipeline’s behavior when there is a step failure. Accordingly, when set to false, the pipeline continues execution and returns a Build status of Build completed successfully.

But what if you want to indicate that a step failed in the Build status even when the pipeline completes execution? Enter our new strict_fail_fast flag!
Now, you can indicate that the step failed execution by simply adding strict_fail_fast to the step and setting it to true. After the pipeline completes execution, the Build status is designated as Failed.

step_name:
  type: git-clone
  title: Step Title
  description: Step description
  ...
  credentials:
    ...
  fail_fast: false
  strict_fail_fast: true
  when:
    branch:
      ignore: [ develop ]
  on_success:
    ...
  on_fail:
    ...
  on_finish:
    ...
  retry:
    ...  
  ...

For details, check out the Fields table in the documentation for the different step types, as in the git-clone step for example.

Pipelines: Empty variables

We are happy to announce a highly-requested feature: the ability to use empty variables in Codefresh pipelines.
Now, you can add variables without any values to entities in Codefresh, whether it’s a project, pipeline, or trigger. The enhancement unlocks a myriad of possibilities that were previously unavailable.

Empty variables in a Codefresh project

Empty variables in a Codefresh project

Remember that encryption is not supported for empty variables. The priority for variable overrides remains unchanged.

For details, see User-defined variables in pipelines.

Pipelines: Share build run settings

Our newest enhancement to pipeline builds is designed to increase collaboration and productivity! How? Instead of redefining build settings manually, you can effortlessly share pipeline build settings with colleagues who have access to the same account.

How does it work?
By sharing build settings, you enable colleagues to pre-populate build configurations without the need for redundant manual input. This feature is useful for various scenarios, whether it’s for testing automation integration with third-party tools or triggering pipelines in specific situations.

Customizing build settings
You can override any existing setting - simulate a different trigger, select a different branch, modify existing or add new build variables, and even modify the build behavior.

With a click of the Share build settings button, Codefresh generates a unique URL. The URL includes modified and new settings as query parameters. Encrypted variables are excluded to ensure data protection.

Share build settings

Share build settings

For details, see Share build run settings.

Pipelines: Restart from failed step

At Codefresh, we highly value your feedback and are committed to continually enhancing your experience. In response to your feedback, we introduced the ability to configure the default restart behavior for failed steps in a pipeline at the account level.

Restart from failed step in Pipeline Settings

Restart from failed step in Pipeline Settings

When enabled (the default), the user can restart the pipeline directly from the failed step. Otherwise, users can only restart the pipeline from the beginning.
By default, individual pipelines are configured to inherit the account setting.
Note that this does not impact existing pipelines.

Being able to configure the restart behavior for failed steps centrally simplifies management and ensures consistency across pipelines, without the need for individual adjustments.
Imagine a scenario where you’re onboarding a large team of developers. You can disable failed-step restart for the account, and have the pipelines use the account-level setting, saving valuable time and promoting a consistent experience.

You can always change the behavior at any time based on evolving requirements. And users have the flexibility to override the account-level behavior for individual pipelines based on specific needs.

For details, see Restarting from failed steps.

Pipelines: Explicit versions for typed steps

As you’re aware, Codefresh is continually enhancing our typed step library in the Marketplace.

When typed steps in pipelines lack a specified version, Codefresh automatically associates them with the latest version of the step. To avoid potential issues with breaking changes in typed steps, we now provide a warning if there are steps in your pipelines without an explicit version number.

Warning for typed steps without version numbers

Warning for typed steps without version numbers

For details, see Versioning for typed steps.

Pipelines: Blobless Git clone

Here’s an enhancement which contributes to workflow optimization - a new field in our git_clone step: the exclude_blob field. Filter out blob files from the Git repository and further streamline your development process. Fewer unnecessary files to clone and faster cloning times!

For blobless cloning, simply set exclude_blob to true. To always include blob files, you can retain the default value of false.

For details, see Fields in git-clone step.

Pipelines: Add tags during pipeline creation

With this update, you can effortlessly add tags when you create a pipeline, further streamlining the pipeline creation process. Add tags as you usually do, and they are instantly available in both the General Settings and the Permissions panel.

Add tags when creating pipeline

Add tags when creating pipeline

GitOps: Diff View for out-of-sync applications

We’re thrilled to introduce a significant enhancement simplifying troubleshooting Argo CD applications within Codefresh. With our new Diff View feature, you can instantly view the differences between the current and the desired states of out-of-sync applications. The Diff View option displays all the updated resources within the application, allowing you to easily pinpoint changes and swiftly identify the root cause of the sync failure.

If you have selected an application, the Diff View option is available in the context menu at the top right of the page. The option is enabled whenever the application is out-of-sync.

NOTE
Diff View for application resources is supported from Runtime v1.0.38 and higher.

For details, see Analyze out-of-sync applications with Diff View.

GitOps: Tailored sync timeouts for Argo CD applications

Tailor the timeout thresholds for sync operations for different applications, and receive instant alerts when the sync duration exceeds the threshold defined.
Instead of waiting indefinitely for syncs to complete and then navigating through the GitOps Apps dashboard, Codefresh provides you with timely warnings to proactively investigate and resolve sync issues.

Just include an annotation in the application’s YAML, and either retain the default timeout of 30 minutes (also Argo CD’s default for sync operations), or change it as needed.
Codefresh will display a warning in the Warnings/Errors panel for the app when the sync operation exceeds the timeout.

Sync timeout warning for Argo CD applications

Sync timeout warning for Argo CD applications

For details, see Configure sync-timeout for Argo CD applications.

GitOps: Argo CD application enhancements

We introduced a couple of usability enhancements for Argo CD applications in Codefresh.

Deployment record for Current Release

To more accurately represent the live deployment status of the selected application in the Timeline tab, we now clearly differentiate between current and historical deployments.

The Current Release is prominently displayed as a dedicated deployment record at the top of the Timelines tab, tagged as the Current Version. It is followed by the list of Previous Releases.

Current Release deployment record in Timeline tab

Current Release deployment record in Timeline tab
  • To prevent confusion with duplicate statuses, the application’s health and sync statuses are now exclusively displayed and tracked within the Application Header.

  • To validate that the current release as the live state, the release revision in the deployment record mirrors the sync revision displayed in Last Sync Result.

For details, see Monitoring deployments for selected Argo CD application.

The Configuration tab displays handy links to the application’s GitOps Runtime, Git Source, and YAML manifest in the Git repo.

Quick links for application in Configuration tab

Quick links for application in Configuration tab

GitOps: View/download logs for GitOps Runtime components

We are glad to announce that you can now view and download logs for individual GitOps Runtime components! Previously available for legacy CLI Runtimes, this functionality is now back for Helm GitOps Runtimes, with online viewing in our smart terminal and offline downloads as you need.

As a reminder, here’s where you can find the View logs option:

View logs for GitOps Runtime components

View logs for GitOps Runtime components

For details, see View/download logs for GitOps Runtime components.

GitOps: Argo Events upgrade

We’ve recently upgraded Argo Events to its latest version, v1.9.0, ensuring you can leverage all enhancements. For detailed information about the changes in this version, please refer to the Argo documentation.

Please be aware that this upgrade may introduce a potential breaking change for existing event sources that have defined githubBaseUrl without defining githubUploadURL which is required. In such cases, event sources will fail to sync, and the Git Source application will return a ..githubUploadURL is required when githubBaseURL is set error.

To address this, you’ll need to edit the event source YAMLs and add githubUploadURL where required.

GitOps: Deprecation of GitOps CLI for Runtime installation

As we have transitioned to Helm-based Runtimes for GitOps, we have permanently deprecated the CLI-based installation for GitOps Runtimes.

Feature Flags

Feature Flags are divided into new Feature Flags released in the current version, and changes to existing Feature Flags which are now enabled by default.

New Feature Flags in v2.3

The table below describes the new Feature Flags in the Codefresh On-Premises release v2.3.

Feature Flag Description Default Value
buildsTreeView New feature currently in development.
When enabled, shows a visualization of the parent and child builds of pipelines.
FALSE
gitopsRuntimeObservability New feature currently in development.
When enabled, displays metrics for GitOps Runtimes in dashboards.
FALSE
headerLiveState When enabled (the default), in Codefresh GitOps, updates Health and Sync statuses in the Application Header from Argo CD instead of Argo Events. TRUE
preFillBuildVariablesFromURL When enabled (the default), allows sharing pipeline build settings through the Share build settings button.
See Pipelines: Share build run settings in this article.
TRUE
promotionFlowsManagement New feature currently in development.
When enabled, allows users to create and execute Promotion Lifecycles in Codefresh.
FALSE
productReleasesPage New feature currently in development.
When enabled, displays the Releases tab in the GitOps Products dashboard.
FALSE
promotionPolicies New feature currently in development.
When enabled, shows the Promotion Policies option in the sidebar. Clicking this displays the Promotion Policy page where you can create and view Promotion Policies.
FALSE
helmHostedRuntime This feature is not relevant for on-premises environments.
When enabled, installs the Hosted GitOps Runtime using the GitOps Runtime’s Helm chart.
FALSE
Updated Feature Flags in v2.3

The table below lists existing Feature Flags which have been updated by default to be either enabled (set to TRUE), or disabled (set to FALSE).

Feature Flag Description Default Value
appDiffView This feature is now available for on-premises environments.
When enabled, and the application is out of sync, displays the differences for each resource in the application in either Compact or Split view modes.
TRUE

Bug fixes

General
  • GitOps features not loaded on accessing Account Settings from the Admin Management panel with both GitOps and Pipeline modules.
  • ABAC (Attribute-based access control) rules in GO not correctly resolved when multiple rules are configured for the same user.
Pipelines
  • Unable to deploy Helm charts to Helm boards after upgrade to v2.2.4
  • For Bitbucket Cloud, codefresh-report-image step fails with errors to get Pull Requests (PRs) and branches.
  • Builds for Gerrit in Codefresh are triggered twice because of webhook data delivery request timeouts or connection issues.
  • Replaced misleading warning message “The security token included in the request is invalid” for successful builds.
  • Cloning a pipeline in UI fails with “Unknown error” when triggered from UI.
  • build-manager microservice causing increased number of MongoDB connections.
GitOps
  • Renaming an ApplicationSet or GitSource removes all application’s resources and then adds them again.
  • Unable to delete clusters in the Codefresh UI.
  • Codefresh UI unresponsive when clicking Warnings/Errors button in the GitOps Apps dashboard.
  • Failed to create binary image error from Image reporter for images exceeding 2GB.
  • Audit log missing manual actions executed in Rollouts Player.
  • Delay for new Argo CD applications to appear in Codefresh GitOps Apps dashboard.
  • Error on enabling Argo CD notifications in Helm chart values.yaml for Codefresh GitOps Runtime v0.4.2.
  • For GitLab Actions, codefresh-image-reporter log displays actual values of encrypted secrets.
  • Codefresh UI not in sync with native Argo CD UI.
  • When adding a Git Source and manually defining the branch, metacharacters are not encoded as HTML in the YAML.
  • Empty page on clicking View Native Workflow for the selected workflow in the Workflows tab.

On-premises version 2.2

Features & enhancements

Features and enhancements are divided into those in general availability and those currently in Beta.

Install/upgrade to v2.2

Welcome to our newest on-premises release!

Installing v2.2 For detailed instructions on installing v2.2, visit ArtifactHub.

Upgrading to v2.2 Before initiating the upgrade process, review the instructions here.


Pipelines: Enhanced RBAC with AND logic for tags

We are excited to introduce a powerful enhancement to Codefresh pipelines: AND logic for rules in RBAC permissions. Now, you have even more control and precision when it comes to managing permissions for entities.

Up until this point, we’ve been all about OR logic, allowing you to define rules with a choice of Any of these tags. But we recognize that you need to be more specific in certain scenarios, and that’s where AND logic comes into play. With AND logic, you can require All of these tags to be present, providing a level of granularity to tighten security and ensure that only the right teams have access to entities.

Rules with OR/AND logic for tags

Rules with OR/AND logic for tags

For details, see ABAC for entities with tags and rules.


Pipelines: New timeout functionality for pipeline steps

We are happy to announce a new field for pipeline steps, the timeout flag to further enhance control over your pipelines! The timeout flag, when assigned to a step, prevents that step from running beyond a specific duration if so required.

Add the timeout flag with the <duration> and <units> to any of these step types: git-clone, freestyle, build, push, composition, pending-approval.

How it works

  • Steps that exceed the timeout limit are automatically terminated. If the steps are completed before the timeout limits are exceeded, the timeout values are ignored.
  • Steps terminated through timeouts have the same behavior as failed steps. If you notice any inconsistencies, please report them as bugs.
  • In parallel steps, by default, the timeout defined for the parent is inherited by child steps.

Example

version: '1.0'
steps:
  parallel:
    type: parallel
    timeout: 1m
    steps:
      first:
        image: alpine
      second:
        image: alpine
        timeout: 2m
      third:
        image: alpine
        timeout: null

For details, see Git-clone step and Add timeouts for parallel steps.


Pipelines: Share log URLs for pipeline builds with timestamps

Our latest enhancement simplifies troubleshooting and resolution process for issues in pipeline builds! How? By introducing the ability to share the URL of the build log with your team!

By selecting the part of the build log you want your team to look at for a specific step or for the entire build: a single row, a specific segment, or whatever you need, and clicking Share, you get a unique URL. When colleagues, logged in to the same account, access the shared URL link, the build log opens directly to the highlighted section for easy identification.

Sharing URL for build logs

Sharing URL for build logs

For details, see Sharing log URLs for pipeline builds.


Pipelines: Custom audiences for OIDC

You’ll be happy with our latest enhancement for OIDC in Codefresh pipelines. Now, our OIDC integration supports multiple audiences. This flexibility is crucial for working with audiences that require distinct names instead of defaulting to the platform’s hostname, such as the Codefresh platform URL.

Customize your audience In the obtain-oidc-id-token step, tailor your audience by defining custom values — either a single value or multiple values separated by commas.

Here’s an example of a single custom audience:

obtain_id_token:
  title: Obtain ID Token
  type: obtain-oidc-id-token:1.2.1
  arguments:
    AUDIENCE: "cosign"

For details, see Standard OIDC claims.


Other changes

Pipelines

  • Helm steps now support Helm releases 3.9.0 and higher.
  • Glob expressions support up to 65k characters.
  • Bitbucket and Azure Devops: Supported events include Pull Request (PR) commit events.
  • Higher throttle time ensures that delayed builds for pipelines do not affect performance.
  • Accurate memory metrics for pipeline builds that use buildx and docker driver.

GitOps

  • Restored option to download logs for GitOps Runtimes from the Codefresh UI.
  • Fast loading for Current State tab in the GitOps Apps dashboard for Argo CD applications with hundreds of resources.

Feature Flags

Feature Flags are divided into new Feature Flags released in the current version, and changes to existing Feature Flags which are now enabled by default.

New Feature Flags in v2.2 The table below describes the new Feature Flags in the Codefresh On-Premises release v2.2.

Feature Flag Description Default Value
abacAndRule When enabled, supports creating ABAC rules for entities in Codefresh pipelines using “AND”.
See Pipelines: Enhanced RBAC with AND logic for tags in this article.
TRUE
appDiffView This feature is currently in Beta, and the Feature Flag can be enabled only for SaaS environments. We will notify you when you can enable the Feature Flag for on-premises environments.
When enabled, and the application is out of sync, displays the differences for each resource in the application in either Compact or Split view modes.
FALSE
csdpFilterAppsByGitPermissions When enabled (the default), does not display the Git Sources and the Argo CD applications committed to these Git Sources for users without Git permissions or Git credentials for the same. TRUE
genAICronExpression When enabled, supports generating Cron expressions in the Codefresh UI using Generative AI. FALSE
hideCompositionsMenuItem When enabled, does not show Compositions within Artifacts & Insights in the sidebar of the Codefresh UI. FALSE
promotionFlow New feature currently in development.
When enabled, allows you to drag an application in the GitOps Product dashboard from its current Environment to a different Environment and trigger a promotion flow.
FALSE
promotionWorkflows New feature currently in development.
When enabled, allows you create and run workflows when a promotion is triggered.
FALSE
restrictedGitSource This feature is currently in Beta, and the Feature Flag can be enabled only for SaaS environments. We will notify you when you can enable the Feature Flag for on-premises environments.
When enabled, allows you to create a Restricted Git Source in addition to a standard Git Source.
FALSE
stepTimeout When enabled (the default), allows you to add the timeout flag with the <duration> and <units> to steps in pipelines. When added, the step terminates execution automatically if the step exceeds the duration of the specified timeout.
See Pipelines: New timeout functionality for pipeline steps in this article.
TRUE
useRepoAndBranchesNextPagination When enabled, the Repository dropdown to select branches and repositories for Triggers, supports infinite scrolling, and search on the server. FALSE

Updated Feature Flags in v2.2 The table below lists existing Feature Flags which have been updated by default to be either enabled (set to TRUE), or disabled (set to FALSE).

Feature Flag Description Default Value
accountInfoCopyButton When enabled, the account ID is added to the URL. When sharing the URL with the account information, recipients can seamlessly switch accounts. FALSE
cronTriggersInPipelineSpec When enabled, allows users to define Cron triggers in the pipeline YAMLs as a spec.cronTriggers array, instead of using a separate API.
See Cron trigger specifications in pipelines in our documentation.
TRUE
gitopsAppGroups When enabled, allows users to group Argo CD applications by annotations, and view these applications in the Groups tab of the GitOps Apps dashboard.
See Application Groups for Argo CD applications in our documentation.
TRUE
pipelineScopes When enabled, enables Codefresh administrators to configure the API scopes for pipelines at account level. All pipelines in the account inherit these scopes. Codefresh administrators can also override these scopes for individual pipelines.
See Pipeline settings: Scopes in our documentation.
TRUE

Bug fixes

General

  • Removing users from Codefresh UI, or via API or Terraform results in 504 error.
  • Organizations list not sorted in alphabetical order.
  • Page keeps on loading indefinitely when switching active account from a ProjectOne account to a Classic one.

Pipelines

  • Slow loading for Builds and Workflow pages for pipelines.
  • Cannot save views including Annotations as filters.
  • In Use YAML from repository screen, selecting a new Git integration resets all custom settings, including PATH TO YAML.
  • In Use YAML from repository screen, selecting a new Git integration without selecting a branch results in “undefined is not an object (evaluating ‘(0,v.first)(this.branchData.selectedItem).displayName’)” error.
  • Listing branches when setting up trigger or in Use YAML from repository results in error ‘Error: Failed to retrieve file’.
  • For Azure DevOps Pull Request (PR) (push commit, push reviewers changed, votes score changed, status changed) events, the build status in Azure DevOps is not identical to the build status in Codefresh.
  • Webhook for Bitbucket triggers two-three builds for a single event.
  • Builds stuck in Terminating state in Codefresh UI
  • Helm step does not support latest Helm versions.
  • Frequent timeouts when pushing to Codefresh Helm repo via Helm step.
  • Unable to upload more than 100 Allure reports from Codefresh.
  • “No such file or directory” error in Test History/Trends page for Allure test reports.
  • After upgrade to v2.0.9, Test reports screen does not display all elements.
  • For enhanced Cron triggers, restarting a Cron build or restarting a Cron build from a failed step results in error: “There was a problem rebuilding the selected item. Please make sure that the branch is accessible".
  • Bitbucket builds triggered for events not defined in pipeline.
  • Incorrect step-level metrics for build step when buildx is set to true and the builder driver is set to docker-container.
  • stepTemplateignores path in WORKING_DIR environment variable and runs in default volume path.
  • Statuses in build log outputs not color-coded.
  • Memory usage graph in Builds page shows Mib instead of MiB.


GitOps

  • Rollouts panel does not display control to expand Analysis Run.
  • Incorrect behavior with ServerSideApply for Hybrid GitOps Runtimes.
  • Incomplete list of Pull Requests and Jira issues in Timeline tab of GitOps Apps dashboard when Kubernetes and deployments and Rollouts are both used in the same application.
  • Unable to add managed clusters to GitOps Runtimes.
  • Unable to add a non-OpenShift cluster to GitOps Runtimes.
  • Creating a Git Source using Bitbucket does not load all available repos for selection.
  • codefresh-image-reporter failure for ECR (Elastic Container Registry) images.
  • Truncated names for the Labels filter when clicking More filters in GitOps Apps dashboard.
  • Missing Git Runtime tokens in Personal Access Token page.

On-premises version 2.1

Features & enhancements


Install/upgrade to v2.1

Welcome to our new major on-premises release!

Installing v2.1 For detailed instructions on installing v2.1, visit ArtifactHub.

Upgrading to v2.1 This major release includes new services and updates to existing services. Before initiating the upgrade process, review the instructions here.



New Helm installation for Codefresh Runner

In this major version, we have completely overhauled the installation process for the Codefresh Runner. Now, Runner installation is completely Helm-based, making it streamlined and easier to manage.

Starting with this version, Helm becomes the default installation method for the Codefresh Runner. This change has implications for the installation options from previous versions.

  • CLI installation is considered legacy, and will not be actively maintained going forward
  • For existing Helm installations with chart version 3.x or higher, we recommend migrating to the new chart version for the Runner

The new Helm installation for the Runner is described in Chart Configuration on ArtifactHub.

Refer also to Codefresh Runner installation in the documentation.



Gerrit as Git provider for Pipelines and GitOps

We are excited to announce the integration of Gerrit, the open-source web-based code review tool for Git repositories, with Codefresh.

Gerrit and Codefresh Pipelines By integrating Gerrit as a Git provider for Codefresh Pipelines, you can leverage its capabilities to trigger builds and tests automatically whenever a new change is pushed to Git repositories hosted in Gerrit. The integration allows you to closely monitor the status of builds and tests within the Gerrit environment itself, providing you with a comprehensive view of your development process. With Codefresh’s CF_PULL_REQUEST group of environment variables, you can achieve similar functionality to Gerrit’s Changes directly within Codefresh.

For details, see Pipeline integrations - Git providers.

Gerrit and Codefresh GitOps By configuring Gerrit as the primary Git provider for your Hosted GitOps Runtime, you can integrate Gerrit information into your third-party CI tools or platforms for image enrichment and reporting in Codefresh. If you are interested in using Gerrit for Hybrid GitOps Runtimes, please contact us.

For details, see GitOps Gerrit Git provider integration.



Multi-account sync for Okta with OIDC

Check out the latest enhancements to the integration settings for Okta with OIDC: Multi-account sync and automatic deletion of users removed during sync from Codefresh.

Multi-account sync Following the successful implementation of just-in-time provisioning support for Okta, we are taking it a step further by introducing multi-account sync for OIDC-Okta. This feature enables you to synchronize multiple Codefresh accounts in Okta simultaneously in Codefresh, ensuring a seamless SSO setup for enterprise customers.

With multi-account sync, you can easily select additional Codefresh accounts to sync with your Okta OIDC account in Codefresh. Codefresh validates admin privileges and access for each of the selected accounts, guaranteeing secure and reliable authentication.

You have the flexibility to sync users in multiple ways: through the UI’s Auto-group sync, performing on-demand synchronization through the CLI, or integrating sync into a Codefresh pipeline using the CLI synchronize command.

Delete users removed during sync We added an option to further streamline Okta SSO account and user management in Codefresh. You can now easily remove individual users who are deactivated in Okta from both the current account in Codefresh and any additional accounts defined in your current account. The Users list is updated accordingly, ensuring that both the Teams and Users lists are always organized.

Multi-account sync and remove deactivated users for Okta OIDC

Multi-account sync and remove deactivated users for Okta OIDC

For details, see Configure OIDC SSO settings for Okta in Codefresh.



Codefresh & OpenShift

We are excited to announce that Codefresh now supports OpenShift! Seamlessly integrate with OpenShift for enhanced container orchestration capabilities, and discover new possibilities in your deployment workflows with Codefresh and OpenShift integration.

For details, see Deploying Codefresh with OpenShift.



Pipelines: OpenID Connect (OIDC) integration

Introducing OIDC (OpenID Connect) for Codefresh pipelines! Boost pipeline security and streamline access control with OIDC. Instead of referencing static credentials stored in Codefresh for the cloud provider, allow pipelines to authenticate and authorize actions through short-lived ID tokens.

Configure Codefresh as an OIDC provider with your preferred cloud provider, and let Codefresh handle ID token acquisition, and then add the actions to perform on the cloud provider in the pipeline.

Key benefits:

  • Enhanced security You no longer need to define, store, and manage cloud-provider credentials in Codefresh. Obtain ID tokens from the cloud provider when needed. The ID tokens remain valid only for the duration of the workflow build and automatically expire upon completion.

  • Ease of use Once the OIDC provider configuration is completed, obtaining the ID token is seamless. Our dedicated Marketplace step, the obtain-oidc-id-token step, when added to the pipeline, gets the ID token, without additional configuration or parameters on your part.

For details, see OpenID Connect for Codefresh pipelines.



Pipelines: Access control for endpoints

With this feature, Codefresh admins gain enhanced control over the security of their pipelines by being able to restrict access to specific endpoint scopes. Scopes are defined at the account level, ensuring a consistent security baseline for all pipelines. These predefined scopes are inherited by every pipeline, which Codefresh admins can override for individual pipelines when necessary. To enable this, you need to turn on the pipelineScopes feature flag.

Configure scopes for pipeline

Configure scopes for pipeline

For details, see Configure scopes for pipelines.



Pipelines: Enhanced version of Cron triggers

We have extended the capabilities of Cron triggers within Codefresh pipelines for a more powerful implementation. The new functionality is available as a Beta version.

Cron triggers can now simulate Git events to enrich pipelines with repository details, include environment variables, and custom settings for caching, volume reuse, and notifications. The new settings are supported in the Codefresh UI and in the pipeline specifications. To enable this, you need to turn on the cronTriggersInPipelineSpec feature flag.

Extended settings for Cron triggers

Extended settings for Cron triggers

These additional settings are optional, so you can continue to use just the timer component of the Cron trigger.

Legacy versions of Cron triggers are flagged in the Codefresh UI and include an option to migrate them to the new version.

For details, see Cron (timer)triggers and Cron trigger specifications.



Pipelines: Pipeline Dashboard enhancements

Review the latest enhancements in the Pipelines Dashboard.

Favorites filter and Last Update in Pipelines Dashboard

Favorites filter and Last Update in Pipelines Dashboard

Filter by favorite pipelines The Pipelines Dashboard now has a Favorites filter. If you starred any projects or pipelines as favorites, you can easily view your favorite pipelines, both by projects or individual pipelines.

Recent update indication The Last Update timestamp on the top right of the Pipelines Dashboard, refreshes automatically to show you the exact time the data was retrieved.

Full path display for pipelines in filter Previously, in the Pipelines filter, it was challenging to identify the correct pipeline, when multiple pipelines shared the same name across different projects. Now, when you mouse over a pipeline name in the list, the tooltip displays the full path, including the name of the project to which the pipeline belongs, followed by the name of the pipeline.

For details, see Pipelines Dashboard.



Pipelines: New icons for pipeline build statuses

Pipeline builds have new status icons. With distinct icons for each status, you can easily differentiate between builds, bringing clarity and saving time. Previously, both terminated and failed builds had the same icon for example, causing confusion.

Here are the icons and the build statuses they represent:

  • Running:
  • Completed:
  • Delayed:
  • Pending approval:
  • Denied approval:
  • Terminating:
  • Terminated:
  • Failed:

For details, see Viewing status for pipeline builds.



Pipelines: New terminal emulator

In this release, we have introduced a NEW terminal emulator for a superior user experience, featuring lightning-fast scrolling, online rendering for large logs, enhanced accessibility support, and more…

The new terminal emulator provides:

  • Improved performance through GPU acceleration
  • Convenient online viewing for log files, including large logs with up to 100,000 lines, avoiding the need to download the file
  • Faster navigation with improved mouse support
  • Improved search functionality
  • Accessibility support with Screen Reader Mode



Pipelines: Configure limit for project’s pipelines

The PROJECT_PIPELINES_LIMIT variable allows to you set a limit for the number of pipelines in a project. Capping the number of pipelines in a project prevents projects from becoming unwieldy and cluttered, and makes it easier to view the pipelines belonging to a project. For details, see Pipeline limit in projects.



GitOps: ABAC for Argo CD applications

In this release, we bring the power of ABAC for access control to GitOps for the first time as a Beta version. You can define fine-grained access to Argo CD application entities. Similar to ABAC for pipelines, access is controlled through the use of rules, created by defining teams, actions, and attributes. To enable this, you need to turn on the abacV2 feature flag.

Access control for Argo CD application entities

Access control for Argo CD application entities

For details, see Access control for GitOps.



GitOps: Application Groups in GitOps Apps dashboard

Introducing a new view in the GitOps Apps dashboard, the Group view! The Group view for GitOps applications is a simple and efficient way to streamline application deployment monitoring within your enterprise. To enable this, you need to turn on the gitopsAppGroups feature flag.

Application Groups in GitOps Apps dashboard

Application Groups in GitOps Apps dashboard

With App Groups, you can effortlessly focus on specific app deployments, as it consolidates deployment information for all applications within the group in the same view. This feature eliminates the need to navigate between the different applications for information on them. Tailor groupings according to the unique requirements of your organization and applications.

Codefresh also adds the Group name as an annotation to the application manifest for easy organization and management.

For details, see Application Groups for GitOps applications.



For GitOps app-proxy, when disabling concurrent sessions for cf-api through DISABLE_CONCURRENT_SESSIONS=true, the CF_UUID_COOKIE_DOMAIN environment variable allows you to customize the domain for the session cookie. For example, .mydomain.com.

For details, see Customize session cookie.

Bug fixes

General

  • Unable to add users to Codefresh via team sync for Okta.
  • Auto-sync option not available for Azure SSO.
  • 404 errors on clicking documentation links in Build > Triggers.
  • For Azure, auto-sync operations removes groups that were previously synced.
  • Page keeps on loading indefinitely when switching active account from a ProjectOne account to a Classic one.

Pipelines

  • Pipeline builds terminate with error message: Pipeline could not be executed because retry attempts limit has been exceeded....
  • Shallow clone for a specific revision with depth argument results in error: pathspec 'test' did not match any file(s) known to git.
  • Pipeline resuming execution after approval shows previously executed steps as skipped in Codefresh UI.
  • Cross-account ECR pull in freestyle step fails with (HTTP code 500) server error....
  • Unable to add Hybrid Runner and run builds in Version 2.0.1.
  • Pipeline trigger for BitBucket server does not fire on commit.
  • Creating a Git trigger for a repo name containing spaces fails with error: Failed to create trigger...fails to match the required pattern....
  • “Internal server error” displayed when creating a pipeline with project-level permissions though pipeline is created.
  • Discrepancy in list of builds returned when running GET {{baseUrl/workflow?pipeline=[pipeline-id]}} query.
  • Composition stops randomly with error: Could not get status for container <container-name>.
  • Image enrichment with GitHub Actions fails with message: EventSourceError: Request-URI Too Large.
  • In Pipelines dashboard (Home Dashboard), for a renamed pipeline, the Pipeline filter displays the original name instead of the new name.
  • In the Pipelines page, the context-menu for the last pipeline in the list does not display all available actions.
  • Save button remains disabled when modifying an External Resource in Pipeline > Settings.
  • Unable to set requiredAvailableStorage programmatically for Hybrid Pipeline Runtimes.
  • Commit message passed through the system variable CF_COMMIT_MESSAGE is truncated and does not include the full content.
  • Prefix for Docker registries omitted when using a custom Docker registry as a Public Marketplace Registry.
  • DinD pod does not use Service Account (SA) defined in Runner.
  • After upgrade to v2.0.9, Test reports screen does not display all elements.
  • Invited users prompted for phone number during sign-up.

GitOps

  • Save button remains disabled when modifying fields for an existing Git Source.
  • DISABLED_CONCURRENT_SESSIONS set to true results in UNAUTHORIZED_ERROR token is not valid error for graphql API call.
  • Unable to create Git Sources both from the Codefesh CLI and UI with Bitbucket Server.
  • Rollouts Reporter for managed cluster uses SaaS instead of on-premises URL.
  • Commits to a second application in the same repository as another application, marks the Rollout for the first application as terminated in the UI when it actually continues execution.
  • In the Timeline tab, on-going deployments do not display link to Rollout Player.

Feature Flags

The table below describes the new Feature Flags in the Codefresh On-Premises release v2.1.

Feature Flag Description Default Value
abacHermesTriggers When enabled, restricts access to the legacy version of Cron triggers for users without permissions to edit pipelines. FALSE
accountInfoCopyButton When enabled (the default), the account ID is added to the URL. When sharing the URL with the account information, recipients can seamlessly switch accounts. TRUE
accessibilityContrast When enabled, displays an icon in the Codefresh toolbar allowing you to control the contrast by selecting the option that best suits the logged in user:
  • Invert colors and Bold colors (saturate): Optimized for visually impaired users.
  • Smart Contrast: Increases the contrast between the text and the background to the maximum possible.
FALSE
cronTriggersInPipelineSpec When enabled, allows users to define Cron triggers in the pipeline YAMLs as a spec.cronTriggers array, instead of using a separate API.
See Pipelines: Enhanced version of Cron triggers in this article.
FALSE
disableInviteWelcomeMail When enabled, does not send the Welcome email to users invited to an account. FALSE
gerritIntegration When enabled, enables Gerrit integration in Account settings.
See Gerrit as Git provider for Pipelines and GitOps in this article.
FALSE
nextGenTerminal When enabled, uses the new terminal emulator for improved performance, online rendering for large logs (more than 100,000 lines), search functionality, and Screen Reader support for accessibility. FALSE
supportOpenIdConnectInBuilds When enabled (the default), supports OIDC in pipeline builds, including obtaining and using ID tokens to authenticate and authorize pipeline actions on cloud providers.
See Pipelines: OPenID Connect (OIDC) integration in this article.
TRUE
supportGerrit When enabled, adds the capability to connect to Gerrit as a Git provider.
See Gerrit as Git provider for Pipelines and GitOps in this article.
FALSE
pipelineScopes When enabled, enables Codefresh administrators to configure the API scopes for pipelines at account level. All pipelines in the account inherit these scopes. Codefresh administrators can also override these scopes for individual pipelines.
See Pipelines: Access control for endpoints in this article.
FALSE
gitopsAppGroups When enabled, allows users to group Argo CD applications by annotations, and view these applications in the Groups tab of the GitOps Apps dashboard.
See GitOps: Application Groups in GitOps Apps dashboard in this article.
FALSE

On-premises version 2.0.3

Welcome to our newest On-Premises release, version 2.0.3! This major release is finally here, and it’s packed with an array of exciting usability enhancements, new features, and improvements. We listened carefully to your feedback, and worked to incorporate your suggestions into this release.

On-premises v2.0.3 comes with the exciting addition of Codefresh GitOps! Set up and deploy applications/infrastructure using Git as the single source of truth. Read the details later in this document.

Features & enhancements


Upgrading to v2.0.3

In this major release, we have deprecated the kcfi installer. Codefresh on-premises is now installed with Helm. The config.yaml is not compatible for Helm-based installation. To use config.yaml in the Helm chart, you need to remove some sections and update others.

Before running the upgrade, read the details here.


GitOps in Codefresh On-Premises

This version includes support for On-Premises GitOps, including an on-premises version of GitOps Runtimes. With GitOps, Git repositories are the source-control systems that declaratively describe applications and infrastructure using code. The continuous integration and continuous delivery processes synchronize these changes with live environments, making sure that the production state always matches the desired state in Git.

Codefresh is the easiest way to get started with GitOps and Argo CD. Codefresh leverages Argo components to have the entire desired state applied from Git to your Kubernetes cluster, and then reported back to Codefresh.

For details, see Codefresh for GitOps and On-premises GitOps Runtimes.


Enabling the new Codefresh experience

After installing/upgrading to version 2.0.3, Codefresh admins can Enable the new Codefresh experience through the Account Information option.

The new experience exposes new functionality such as Universal Search and Navigation, and the Pipelines Dashboard.

Get up to speed with the navigation improvements in the new Codefresh experience. See the navigation quick reference for a detailed breakdown of the navigation options. Navigations options are categorized by user options (accessed by clicking your Avatar in the toolbar), account-level administration and configuration, and features and functionality.


System Type in Accounts

Codefresh admins can now switch between Classic only and the unified version with both Classic and GitOps.

The Accounts table has a new column, System Type, that allows you to select the module for the account, as Classic or ProjectOne.

Settings in toolbar

We added a new Settings icon to the toolbar to simplify account-level management for Codefresh administrators. With the Settings icon always available, Codefresh admins have single-click access to account-level options and settings whenever you need.


Global Search & Navigation

Boost your Codefresh experience with our latest feature, Global Search & Navigation! Always available in the toolbar, Global Search & Navigation lets you get to what and where you need to in Codefresh while staying where you are.

Search & find With Global Search & Navigation, you can easily monitor and find resources in your projects, pipelines, and builds, with frequently used entities organized into categories for quick search. Easily find a specific project, pipeline, or build, or browse them all. In addition, Global Search & Navigation pulls up links to relevant information from our documentation that may be useful within your current context, making it even easier to find what you need.

Switch accounts You can also switch accounts in Codefresh with Global Search & Navigation, without needing to navigate to your avatar drop-down menu. Simply search for the account, select the Switch Account action, and then choose the account you wish to switch to. We are always adding more options, so stay tuned for announcements.


Pipelines Dashboard

This release introduces the much-awaited Pipelines Dashboard! The dashboard, dedicated to pipelines and pipeline metrics, is a new experience of pipeline visibility and monitoring. Clicking Home Dashboard located at the top of the sidebar displays the Pipelines Dashboard. If you’re currently using both GitOps and Pipelines, the Pipelines Dashboard is displayed below the GitOps and Argo Workflow dashboards.

Use the Pipelines dashboard to:

  • Identify pipelines with low performance, both in terms of number of executions and execution duration
  • Review the performance of a specific pipeline or project
  • Compare KPIs to previous time periods to track progress
  • Ensure you are meeting your SLA with your customers*

The Pipelines dashboard requires new services and databases, as listed here.

For details, see Pipelines Dashboard in the Home Dashboard.


Annotations for builds

We are happy to introduce two enhancements to annotations for pipeline builds! It’s now easier than ever to find the builds you’re looking for, and customize your build views. First, you can configure an annotation as the build’s display annotation, from among the available annotations. Why would you do this? When configured, the annotation is displayed for the build in the Builds page, making it easy to see which builds share common properties like target environments. For details, see Configure display annotation for builds.

Second, you can filter builds by annotations. Filter builds by any annotation added for the build, whether it’s a display annotation or any other annotation with the Annotation filter in the Builds page. Note that filtering builds by annotations applies only to those builds created after upgrading to v2.0.3. For details, see Applying filters to build views.


Project-based ABAC

We are excited to announce project-level Attribute-Based Access Control (ABAC) in this release. ABAC for projects saves a lot of effort without compromising security as now you can control access to both project and to pipeline entities based on project tags.

  • Project access to teams with project-tags Now you can decide which teams have access to which projects, and at which level. By adding tags to projects, you can define rules for different teams that can create, update, delete, and view projects. Also, read the next feature description, Auto-create projects for teams.

    Migrating existing accounts If you have existing accounts with team-based access control for projects, you can either migrate all accounts or a specific account, as described in Project ABAC migration.

  • Pipeline access to teams with project-tags You can define access to pipelines on the basis of the projects that house the pipelines. Instead of tagging each pipeline, you can add tags to the project, and define rules that determine which teams can access the pipelines which share the project tags. Builds now honor the permissions of the pipelines. Users without access to the pipeline, will also not have access to its builds. This also means fewer email notifications, as these are only sent for builds that users have access to.

For details, see ABAC for entities with tags and rules.


Auto-create projects for teams

Simplify access control and setup with Auto-create projects for teams. Enabled by default, this global pipeline setting automatically creates projects whenever you create teams in your account. In addition to automatically creating a project for the team, it also automatically creates a Project rule, and a Pipeline rule for the same team, with basic permissions.

For details, see Auto-create projects for teams.


Selective restart for failed build steps

We added the Restart from a failed step as an option to the pipeline’s Policy settings, which you can enable/disable per pipeline. Previously, this option was available for all pipelines in the Builds page. Now, you can make it available according to the requirements of the specific pipeline. When disabled in the pipeline’s settings, it is also disabled for that pipeline in the Builds page.

Why did we make this selective per pipeline? Because restarting from a failed step is not always the answer to the problem, especially as the pipelines restarts with the same state as before. If you have a failed Helm promotion step, and you updated the image, you would want the pipeline to use the new image. With the Restart option, the pipeline resumes execution at the same state as at the point of failure, never uses the updated image, and continues to fail.

For details, see Policy settings for pipelines and Restarting pipelines.


Multi-platform builds in Codefresh

Build and push Docker images, including multi-platform images in Codefresh with BuildX.

We extended the capabilities of our build step with the new buildx field. Leverage Docker’s support for multi-architecture/multi-platform support right here in Codefresh. Build an image once and reuse it on multiple architectures/platforms. We also support custom buildx configurations with QEMU and Builder, giving you all the options you may need.

For details, see Build step field descriptions.


On-demand encryption for build run variables

Manual build runs allow you to create new and modify existing variables. You can now encrypt sensitive variables on-demand, adding an extra layer of security.

For details, see [Encrypt variables for pipeline build runs]/docs/docs/pipelines/variables/#encrypt-variables-for-pipeline-build-runs).


Mask variables in cf_export

On the subject of variables, in our latest enhancement to cf_export in pipelines, we added support to mask exported variables. You can now use the --mask argument to mask any sensitive variables that you export. The values of these variables are replaced with asterisks in the build logs. This ensures that sensitive information is never exposed, helping to keep your builds and pipelines secure.

For details, see Masking variables within cf_export.


Datadog integration enhancements

We enhanced our integration with Datadog to report additional information from Codefresh pipelines in Datadog. The new information should make it even easier to monitor and analyze Codefresh pipelines in Datadog:

  • For manually triggered pipelines, the name of the user who initiated the pipeline.
  • The Resumed field, if the pipeline was resumed after manual approval.
  • The Parameters field with user-defined variables and Git parameters.
  • Error messages for pipelines with errors.

For details, see Datadog pipeline integration.


Custom certificates

Codefresh allows configuring custom certificates for Pipelines. You can use your own trusted SSL/TLS certificates for secure communication between Codefresh and external services.

For details, see Configure custom TLS certificates.


TLS and MTLS for Redis

Codefresh On-Premises supports both TLS (Transport Layer Security) and MTLS (Mutual TLS) for Redis. This enhancement provides enhanced security and encryption capabilities for Redis data communication with Codefresh in on-premises environments. Administrators can customize the level of security according to their requirements. Using TLS and MTLS for Redis communication requires additional configuration.

For details, see Redis with TLS and Redis with MTLS.


Preferred date and time format selection

US and international users can select their preferred format for date and time in the Codefresh UI. With this latest enhancement, you can now choose between US and international date formats, as well as 24 or 12-hour time formats, to best suit your needs.

Simply navigate to User Settings and select your preferred format.

For details, see Customize date and time formats.


SAML SSO Okta: auto-sync teams and auto-activate users

Just-in-time (JIT) user provisioning is becoming increasingly important for IT administrators. The auto-sync and activate-user options when setting up SAML SSO settings for Okta are designed to achieve this without any manual intervention.

  • Auto-Sync allows you to automatically sync users and teams provisioned in Okta with Codefresh at intervals you define.
  • Auto-Activate creates and activates personal accounts for synced users in Codefresh, without the need to send an email invite and have the user click on the link.

Both options streamline the SSO setup for SAML Okta in Codefresh, saving valuable time.

For details, see Configure SSO settings for SAML Okta in Codefresh.


Runtime environment override for GitOps pipeline integrations

A GitOps pipeline integration uses the default runtime environment. After creating a GitOps pipeline integration, you can now override its runtime environment. Codefresh uses the runtime environment for system actions such as Rollback.


New layout for Helm Boards

Helm Boards now display information in a horizontal layout. The new layout prevents fields with long names from overlapping with each other.


Builds view improvements

We are pleased to announce infrastructure changes that have significantly improved the responsiveness of the Builds page. You will now experience much faster response times when working with projects that have a large number of pipelines.

Bug Fixes

  • 200 error for inactive webhook triggers.
  • Liveness probe failures on cf-api pods.
  • Tooltip on hover over build/project names in the Builds page, shows topbar.title instead of the build/project name.
  • Opening build deleted by retention policy shows pop-up for switching accounts: Build is from a different account: . To view this build, you must switch accounts.
  • Unable to edit Inline YAML when returning to the Workflow tab and switching from Use YAML from repository to Inline YAML.
  • Modifying an encrypted variable for a manual build, decrypts and displays the variable in plain text.
  • Removing a trigger from a Git repository, also deletes the associated webhook in Git with other trigger dependencies.
  • Git trigger filters allows filtering by deleted branch causing builds to fail.
  • In full-screen view mode, the pipeline list panel on the left overlaps the pipeline YAML.
  • Incorrect start time for builds in offline logs.
  • Enabling forbidDecrypt Feature Flag breaks github-release step.
  • UI logs not available with on-premises release version 1.3.9.
  • Creating account via Terraform results in plugin error.
  • Inconsistent formats for date and time across Codefresh UI.
  • Modified files filter option for Git trigger events missing for Bitbucket Server.
  • Selecting Import from text/Import from file/Add shared configuration from the context menu in Workflows tab Variables does not open the corresponding panel.
  • Overrides for pipeline-level variables during manual build run not displayed correctly in Build Variable list .
  • Null namespaces result in failure to load Codefresh UI.

Feature Flags

The table below describes the Feature Flags in the Codefresh On-Premises release v 2.0.3.

Feature Flag Description Default Value
parallelKubectlOperations When enabled, allows running multiple kubectl commands in parallel steps. For example, parallel Helm install steps, or parallel deploy steps. FALSE
gitOpsIntegrationEdit When enabled, allows overriding the runtime environment of an existing GitOps pipeline integration. Codefresh uses the runtime environment for different system actions. FALSE
disableActionBtnByAbac When ABAC is enabled for the user and the user does not have permissions for the action, disables Create/Edit/Delete action buttons for projects and pipelines. FALSE
showBuildAnnotations When enabled, allows users to:
  • Configure a display annotation for a pipeline build in the pipeline’s YAML. The build’s display annotation is then displayed in the build entry’s row (Pipelines > Builds).
  • Filter by any annotation assigned to builds.
See Annotations for builds in this article.
FALSE
filterMailsByAbac When enabled and ABAC permissions are defined for projects, sends email notifications on builds only for those pipelines to which the user has access.
See Project-based ABAC in this article.
FALSE
syncClassicAnnotationsToGitOps When enabled, displays annotations assigned to entities in the Annotations area of the Images dashboard. The following annotation types are displayed:
  • String
  • Boolean
  • Link
  • Percentage
  • Number
NOTE: This feature flag does not impact Issue and Git (PR)-based annotations. These are displayed in the Issue and Git areas.
FALSE
gitopsArgoCdRollback When enabled, allows users to rollback to a previously deployed version of an active GitOps application. FALSE
commandbar When enabled, activates Codefresh Universal Search & Navigation. Displayed in the top-left of the toolbar, allows users to find and navigate to project/pipeline/build entities, switch accounts, and more. See Global Search & Navigation in this article. FALSE
gerritIntegration When enabled, allows configuring Git integrations with Gerrit for Codefresh pipelines. FALSE
abacProject When enabled, allows admins to define rule-based access to projects for teams by project tags.
IMPORTANT: Before enabling this feature flag, make sure to read Project ABAC migration.
See Project-based ABAC in this article.
FALSE
abacRuleRelatedResource When enabled, allows admins to define rule-based access to pipelines for teams by project tags.
See Project-based ABAC in this article.
FALSE
workflowAbacByPipeline When enabled, builds will not be visible to users who don’t have access to the corresponding pipelines.
See Project-based ABAC in this article.
FALSE
filterMailsByAbac When enabled, together with workflowAbacByPipeline, email notifications are not sent for users without access to the builds.
See Project-based ABAC in this article.
FALSE