# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: feature-flags
  namespace: tekton-pipelines
  labels:
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
data:
  # Setting this flag to "true" will prevent Tekton to create an
  # Affinity Assistant for every TaskRun sharing a PVC workspace
  #
  # The default behaviour is for Tekton to create Affinity Assistants
  #
  # See more in the Affinity Assistant documentation
  # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md
  # or https://github.com/tektoncd/pipeline/pull/2630 for more info.
  #
  # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior.
  disable-affinity-assistant: "false"
  # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant.
  # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled".
  #
  # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node.
  # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node.
  # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node,
  # and only allows one pipelinerun to run on a node at a time.
  # Setting it to "disabled" will not apply any coschedule policy.
  #
  # See more in the Affinity Assistant documentation
  # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md
  coschedule: "workspaces"
  # Setting this flag to "true" will prevent Tekton scanning attached
  # service accounts and injecting any credentials it finds into your
  # Steps.
  #
  # The default behaviour currently is for Tekton to search service
  # accounts for secrets matching a specified format and automatically
  # mount those into your Steps.
  #
  # Note: setting this to "true" will prevent PipelineResources from
  # working.
  #
  # See https://github.com/tektoncd/pipeline/issues/2791 for more
  # info.
  disable-creds-init: "false"
  # Setting this flag to "false" will stop Tekton from waiting for a
  # TaskRun's sidecar containers to be running before starting the first
  # step. This will allow Tasks to be run in environments that don't
  # support the DownwardAPI volume type, but may lead to unintended
  # behaviour if sidecars are used.
  #
  # See https://github.com/tektoncd/pipeline/issues/4937 for more info.
  await-sidecar-readiness: "true"
  # This option should be set to false when Pipelines is running in a
  # cluster that does not use injected sidecars such as Istio. Setting
  # it to false should decrease the time it takes for a TaskRun to start
  # running. For clusters that use injected sidecars, setting this
  # option to false can lead to unexpected behavior.
  #
  # See https://github.com/tektoncd/pipeline/issues/2080 for more info.
  running-in-environment-with-injected-sidecars: "true"
  # Setting this flag to "true" will require that any Git SSH Secret
  # offered to Tekton must have known_hosts included.
  #
  # See https://github.com/tektoncd/pipeline/issues/2981 for more
  # info.
  require-git-ssh-secret-known-hosts: "false"
  # Setting this flag to "true" enables the use of Tekton OCI bundle.
  # This is an experimental feature and thus should still be considered
  # an alpha feature.
  enable-tekton-oci-bundles: "false"
  # Setting this flag will determine which gated features are enabled.
  # Acceptable values are "stable", "beta", or "alpha".
  enable-api-fields: "beta"
  # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a
  # CloudEvents sink is configured in the config-defaults config map
  send-cloudevents-for-runs: "false"
  # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them.
  # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found.
  # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged.
  # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged.
  trusted-resources-verification-no-match-policy: "ignore"
  # Setting this flag to "true" enables populating the "provenance" field in TaskRun
  # and PipelineRun status. This field contains metadata about resources used
  # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline
  # definition was fetched.
  enable-provenance-in-status: "true"
  # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance.
  # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance.
  # If set to "none", then Tekton will not have non-falsifiable provenance.
  # This is an experimental feature and thus should still be considered an alpha feature.
  enforce-nonfalsifiability: "none"
  # Setting this flag will determine how Tekton pipelines will handle extracting results from the task.
  # Acceptable values are "termination-message" or "sidecar-logs".
  # "sidecar-logs" is an experimental feature and thus should still be considered
  # an alpha feature.
  results-from: "termination-message"
  # Setting this flag will determine the upper limit of each task result
  # This flag is optional and only associated with the previous flag, results-from
  # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result
  # max-result-size: "4096"
  # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns.
  # This allows TaskRuns to run in namespaces with "restricted" pod security standards.
  # Not all Kubernetes implementations support this option.
  set-security-context: "false"
  # Setting this flag to "true" will keep pod on cancellation
  # allowing examination of the logs on the pods from cancelled taskruns
  keep-pod-on-cancel: "false"
  # Setting this flag to "true" will enable the CEL evaluation in WhenExpression
  enable-cel-in-whenexpression: "false"
  # Setting this flag to "true" will enable the use of StepActions in Steps
  # This feature is in preview mode and not implemented yet. Please check #7259 for updates.
  enable-step-actions: "false"
  # Setting this flag to "true" will enable the built-in param input validation via param enum.
  enable-param-enum: "false"