Skip to content

Latest commit

 

History

History
205 lines (150 loc) · 7.97 KB

release-cheat-sheet.md

File metadata and controls

205 lines (150 loc) · 7.97 KB
Raw

Tekton Pipelines Official Release Cheat Sheet

These steps provide a no-frills guide to performing an official release of Tekton Pipelines. To follow these steps you'll need a checkout of the pipelines repo, a terminal window and a text editor.

  1. Setup a context to connect to the dogfooding cluster if you haven't already.

  2. Install the rekor CLI if you haven't already.

  3. cd to root of Pipelines git checkout.

  4. Select the commit you would like to build the release from, most likely the most recent commit at https://github.com/tektoncd/pipeline/commits/main and note the commit's full (40-digit) hash.

  5. Ensure the correct version of the release pipeline is installed on the cluster:

    kustomize build tekton | kubectl --context dogfooding replace -f -

  6. Create environment variables for bash scripts in later steps.

    TEKTON_VERSION=# Example: v0.21.0
TEKTON_RELEASE_GIT_SHA=# SHA of the release to be released

  7. Confirm commit SHA matches what you want to release.

    git show $TEKTON_RELEASE_GIT_SHA

  8. Create a workspace template file:

    cat <<EOF > workspace-template.yaml
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
EOF

  9. Execute the release pipeline (takes ~45 mins).

    If you are back-porting include this flag: --param=releaseAsLatest="false"

    tkn --context dogfooding pipeline start pipeline-release \
  --serviceaccount=release-right-meow \
  --param=gitRevision="${TEKTON_RELEASE_GIT_SHA}" \
  --param=serviceAccountPath=release.json \
  --param=versionTag="${TEKTON_VERSION}" \
  --param=releaseBucket=gs://tekton-releases/pipeline \
  --workspace name=release-secret,secret=release-secret \
  --workspace name=workarea,volumeClaimTemplateFile=workspace-template.yaml

    Accept the default values of the parameters (except for "releaseAsLatest" if backporting).

  10. Watch logs of pipeline-release.

  11. Once the pipeline is complete, check its results:

    tkn --context dogfooding pr describe <pipeline-run-name>

(...)
📝 Results

NAME                    VALUE
∙ commit-sha            ff6d7abebde12460aecd061ab0f6fd21053ba8a7
∙ release-file           https://storage.googleapis.com/tekton-releases-nightly/pipeline/previous/v20210223-xyzxyz/release.yaml
∙ release-file-no-tag    https://storage.googleapis.com/tekton-releases-nightly/pipeline/previous/v20210223-xyzxyz/release.notag.yaml

(...)

    The commit-sha should match $TEKTON_RELEASE_GIT_SHA. The two URLs can be opened in the browser or via curl to download the release manifests.

  12. The YAMLs are now released! Anyone installing Tekton Pipelines will get the new version. Time to create a new GitHub release announcement:

    1. Choose a name for the new release! The usual pattern is "< cat breed > < famous robot >" e.g. "Ragdoll Norby". Browse the releases page or run this command to check which names have already been used:
    curl \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/repos/tektoncd/pipeline/releases\?per_page=100 \
  | jq ".[].name"
    1. Find the Rekor UUID for the release
    RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/${TEKTON_VERSION}/release.yaml
CONTROLLER_IMAGE_SHA=$(curl $RELEASE_FILE | egrep 'gcr.io.*controller' | cut -d'@' -f2)
REKOR_UUID=$(rekor-cli search --sha $CONTROLLER_IMAGE_SHA | grep -v Found | head -1)
echo -e "CONTROLLER_IMAGE_SHA: ${CONTROLLER_IMAGE_SHA}\nREKOR_UUID: ${REKOR_UUID}"
    1. Create additional environment variables
    TEKTON_OLD_VERSION=# Example: v0.11.1
TEKTON_RELEASE_NAME=# The release name you just chose, e.g.: "Ragdoll Norby"
    1. Execute the Draft Release Pipeline.
    tkn --context dogfooding pipeline start \
  --workspace name=shared,volumeClaimTemplateFile=workspace-template.yaml \
  --workspace name=credentials,secret=release-secret \
  -p package="tektoncd/pipeline" \
  -p git-revision="$TEKTON_RELEASE_GIT_SHA" \
  -p release-tag="${TEKTON_VERSION}" \
  -p previous-release-tag="${TEKTON_OLD_VERSION}" \
  -p release-name="${TEKTON_RELEASE_NAME}" \
  -p bucket="gs://tekton-releases/pipeline" \
  -p rekor-uuid="$REKOR_UUID" \
  release-draft

    1. Watch logs of create-draft-release

    2. On successful completion, a URL will be logged. Visit that URL and look through the release notes.

    3. Manually add upgrade and deprecation notices based on the generated release notes

    4. Double-check that the list of commits here matches your expectations for the release. You might need to remove incorrect commits or copy/paste commits from the release branch. Refer to previous releases to confirm the expected format.

    5. Un-check the "This is a pre-release" checkbox since you're making a legit for-reals release!

    6. Publish the GitHub release once all notes are correct and in order.

  13. Create a branch for the release named release-<version number>x, e.g. release-v0.28.x and push it to the repo https://github.com/tektoncd/pipeline. (This can be done on the Github UI.) Make sure to fetch the commit specified in TEKTON_RELEASE_GIT_SHA to create the released branch.

  14. If the release introduces a new minimum version of Kubernetes required, edit README.md on main branch and add the new requirement with in the "Required Kubernetes Version" section

  15. Edit releases.md on the main branch, add an entry for the release.

    • In case of a patch release, replace the latest release with the new one, including links to docs and examples. Append the new release to the list of patch releases as well.
    • In case of a minor or major release, add a new entry for the release, including links to docs and example
    • Check if any release is EOL, if so move it to the "End of Life Releases" section

  16. Push & make PR for updated releases.md and README.md

  17. Test release that you just made against your own cluster (note --context my-dev-cluster):

    # Test latest
kubectl --context my-dev-cluster apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
    # Test backport
kubectl --context my-dev-cluster apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.11.2/release.yaml

  18. Announce the release in Slack channels #general, #announcements and #pipelines. Optional: Add a photo of this release's "purr programmer" (someone's cat).

  19. Update the catalog repo test infrastructure to use the new release by updating the RELEASE_YAML link in e2e-tests.sh.

  20. For major releases, the website sync configuration to include the new release.

Congratulations, you're done!

Setup dogfooding context

  1. Configure kubectl to connect to the dogfooding cluster:

    gcloud container clusters get-credentials dogfooding --zone us-central1-a --project tekton-releases

  2. Give the context a short memorable name such as dogfooding:

    kubectl config rename-context gke_tekton-releases_us-central1-a_dogfooding dogfooding

  3. Important: Switch kubectl back to your own cluster by default.

    kubectl config use-context my-dev-cluster