Skip to content

Latest commit

 

History

History
202 lines (149 loc) · 6.66 KB

README.md

File metadata and controls

202 lines (149 loc) · 6.66 KB

Tekton Chains Official Release Cheat Sheet

Follow these steps to perform an official release of Tekton Chains! To follow these steps you'll need a checkout of the chains repo, a terminal window and a text editor.

  1. Setup a context to connect to the dogfooding cluster if you haven't already.

  2. cd to the root of the chains repo

  3. Apply release Tekton resources

    • publish-chains-release - This task uses ko to build all container images we release and generate the release.yaml

      kubectl apply -f release/publish.yaml
    • chains-release - This is the pipeline that stitches everything together.

      kubectl apply -f release/release-pipeline.yaml
  4. Select the commit you would like to build the release from, most likely the most recent commit at https://github.com/tektoncd/chains/commits/main and note the commit's hash.

  5. Create environment variables for bash scripts in later steps.

    CHAINS_VERSION_TAG=# UPDATE THIS. Example: v0.6.2
    CHAINS_RELEASE_GIT_SHA=# SHA of the release to be released
  6. Confirm commit SHA matches what you want to release.

    git show $CHAINS_RELEASE_GIT_SHA
  7. Create a workspace template file:

      cat <<EOF > workspace-template.yaml
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
    EOF
  8. Decide if new release will be latest release.

    CHAINS_LATEST_RELEASE='true' # Set to 'false' if not latest release
    
  9. Execute the release pipeline.

    tkn --context dogfooding pipeline start chains-release \
      --param=gitRevision="${CHAINS_RELEASE_GIT_SHA}" \
      --param=versionTag="${CHAINS_VERSION_TAG}" \
      --param=serviceAccountPath=release.json \
      --param=serviceAccountImagesPath=credentials \
      --param=releaseBucket=gs://tekton-releases/chains \
      --param=releaseAsLatest="${CHAINS_LATEST_RELEASE}" \
      --workspace name=release-secret,secret=release-secret \
      --workspace name=release-images-secret,secret=ghcr-creds \
      --use-param-defaults \
      --workspace name=workarea,volumeClaimTemplateFile=workspace-template.yaml
  10. Watch logs of chains-release.

  11. Once the pipeline run is complete, check its results:

    tkn --context dogfooding pr describe <pipeline-run-name>
    
    (...)
    📝 Results
    
    NAME                    VALUE
    commit-sha                 420adfcdf225326605f2b2c2264b42a2f7b86e4e
    release-file               https://storage.googleapis.com/tekton-releases/chains/previous/v0.13.0/release.yaml
    release-file-no-tag        https://storage.googleapis.com/tekton-releases/chains/previous/v0.13.0/release.notag.yaml
    
    (...)

    The commit-sha should match $CHAINS_RELEASE_GIT_SHA. The two URLs can be opened in the browser or via curl to download the release manifests.

    1. The YAMLs are now released! Anyone installing Tekton Chains will now get the new version. Time to create a new GitHub release announcement:

    2. Find the Rekor UUID for the release

      RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/${CHAINS_VERSION_TAG}/release.yaml
      CONTROLLER_IMAGE_SHA=$(curl $RELEASE_FILE | egrep 'ghcr.io.*controller' | cut -d'@' -f2)
      REKOR_UUID=$(rekor-cli search --sha $CONTROLLER_IMAGE_SHA | grep -v Found | head -1)
      echo -e "CONTROLLER_IMAGE_SHA: ${CONTROLLER_IMAGE_SHA}\nREKOR_UUID: ${REKOR_UUID}"
    3. Create additional environment variables

      CHAINS_OLD_VERSION=# Example: v0.11.1
      CHAINS_RELEASE_NAME=$CHAINS_VERSION_TAG
      CHAINS_PACKAGE=tektoncd/chains
    4. Execute the Draft Release task.

      tkn --context dogfooding pipeline start \
        --workspace name=shared,volumeClaimTemplateFile=workspace-template.yaml \
        --workspace name=credentials,secret=release-secret \
        -p package="${CHAINS_PACKAGE}" \
        -p git-revision="$CHAINS_RELEASE_GIT_SHA" \
        -p release-tag="${CHAINS_VERSION_TAG}" \
        -p previous-release-tag="${CHAINS_OLD_VERSION}" \
        -p release-name="${CHAINS_RELEASE_NAME}" \
        -p bucket="gs://tekton-releases/chains" \
        -p rekor-uuid="$REKOR_UUID" \
        release-draft
    5. Watch logs of create-draft-release

    6. On successful completion, a URL will be logged. Visit that URL and look through the release notes.

      1. Manually add upgrade and deprecation notices based on the generated release notes
      2. Double-check that the list of commits here matches your expectations for the release. You might need to remove incorrect commits or copy/paste commits from the release branch. Refer to previous releases to confirm the expected format.
    7. Un-check the "This is a pre-release" checkbox since you're making a legit for-reals release!

    8. Publish the GitHub release once all notes are correct and in order.

  12. Create a branch for the release named release-<version number>x, e.g. release-v0.28.x and push it to the repo https://github.com/tektoncd/chains. Make sure to fetch the commit specified in $CHAINS_RELEASE_GIT_SHA to create the released branch.

  13. Test release that you just made against your own cluster (note --context my-dev-cluster):

    # Test latest
    kubectl --context my-dev-cluster apply --filename https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml
    # Test backport
    kubectl --context my-dev-cluster apply --filename https://storage.googleapis.com/tekton-releases/chains/previous/$CHAINS_VERSION_TAG/release.yaml
  14. Update releases page at releases/.md

  15. Announce the release in Slack channels #general, #chains and #announcements.

Congratulations, you're done!

Setup dogfooding context

  1. Configure kubectl to connect to the dogfooding cluster:

    gcloud container clusters get-credentials dogfooding --zone us-central1-a --project tekton-releases
  2. Give the context a short memorable name such as dogfooding:

    kubectl config rename-context gke_tekton-releases_us-central1-a_dogfooding dogfooding

Important: Switch kubectl back to your own cluster by default.

    kubectl config use-context my-dev-cluster