diff --git a/release/release.sh b/release/release.sh index 741c89198..68e5b6b33 100755 --- a/release/release.sh +++ b/release/release.sh @@ -5,15 +5,23 @@ set -ex ROOT="$(git rev-parse --show-toplevel)" # Default to short SHA if release version not set. export RELEASE_VERSION=${RELEASE_VERSION:-"$(git rev-parse --short HEAD)"} +export GITHUB_REPO=${GITHUB_REPO:-"https://github.com/tektoncd/results"} export KO_DOCKER_REPO=${KO_DOCKER_REPO:-"ko.local"} +# Create a tag for ko +git tag ${RELEASE_VERSION} + RELEASE_DIR="${ROOT}/release" # Apply templated values from environment. sed -i "s/devel$/${RELEASE_VERSION}/g" ${RELEASE_DIR}/kustomization.yaml sed -i "s/devel$/${RELEASE_VERSION}/g" ${ROOT}/config/base/config-info.yaml -# Apply kustomiation + build images + generate yaml -kubectl kustomize ${RELEASE_DIR} | ko resolve --platform "linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x" -P -f - -t ${RELEASE_VERSION} > ${RELEASE_DIR}/release_base.yaml +# Apply kustomization + build images + generate yaml +kubectl kustomize ${RELEASE_DIR} | ko resolve \ + --image-label=org.opencontainers.image.source=${GITHUB_REPO} \ + --platform "linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x" \ + ${KO_EXTRA_ARGS} -f - -t ${RELEASE_VERSION} > ${RELEASE_DIR}/release_base.yaml + cp ${RELEASE_DIR}/release_base.yaml ${RELEASE_DIR}/release.yaml kubectl kustomize ${RELEASE_DIR}/localdb >> ${RELEASE_DIR}/release.yaml diff --git a/tekton/release-cheatsheet.md b/tekton/release-cheatsheet.md index 6e17b27d8..47145e185 100644 --- a/tekton/release-cheatsheet.md +++ b/tekton/release-cheatsheet.md @@ -8,7 +8,7 @@ the results repo, a terminal window and a text editor. 1. `cd` to root of Results git checkout. -1. Make sure the release `Task` and `Pipeline` are up-to-date on the +1. Make sure the release `Pipeline` is up-to-date on the cluster. - [results-release](https://github.com/tektoncd/results/blob/main/tekton/release.yaml) @@ -55,9 +55,10 @@ the results repo, a terminal window and a text editor. tkn --context dogfooding pipeline start results-release \ --serviceaccount=results-release \ --param=revision="${RELEASE_GIT_SHA}" \ - --param=version="${VERSION_TAG}" \ + --param=version="${VERSION_TAG}" \ + --param=docker_repo=ghcr.io/tektoncd/results \ --param=bucket=gs://tekton-releases/results \ - --workspace name=release-secret,secret=release-secret \ + --workspace name=release-secret,secret=ghcr-creds \ --workspace name=ws,volumeClaimTemplateFile=workspace-template.yaml ``` diff --git a/tekton/release-run.yaml b/tekton/release-run.yaml index 37a517604..9bddcb3e8 100644 --- a/tekton/release-run.yaml +++ b/tekton/release-run.yaml @@ -13,23 +13,35 @@ # limitations under the License. --- -apiVersion: tekton.dev/v1beta1 +apiVersion: tekton.dev/v1 kind: PipelineRun metadata: generateName: results-release-api- spec: - serviceAccountName: results-release + taskRunTemplate: + serviceAccountName: results-release pipelineRef: - name: results-release + resolver: git + params: + - name: repo + value: results + - name: org + value: tektoncd + - name: revision + value: $(params.gitRevision) + - name: pathInRepo + value: tekton/release.yaml params: - name: revision value: main - name: docker_repo - value: gcr.io/tekton-releases + value: ghcr.io/tektoncd/results - name: bucket value: gs://tekton-releases - name: version value: "dev" # Replace this + - name: runTests + value: false workspaces: - name: ws volumeClaimTemplate: @@ -39,3 +51,6 @@ spec: resources: requests: storage: 1Gi + - name: release-secret + secret: + secretName: ghcr-creds diff --git a/tekton/release.yaml b/tekton/release.yaml index ae61a9adc..a61538d8d 100644 --- a/tekton/release.yaml +++ b/tekton/release.yaml @@ -13,7 +13,7 @@ # limitations under the License. --- -apiVersion: tekton.dev/v1beta1 +apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: results-release @@ -32,33 +32,56 @@ spec: - name: version description: "Version label to use for published images / configs" default: "dev" + - name: runTests + description: If set to something other than "true", skip the build and test tasks + default: "true" workspaces: - name: ws + - name: release-secret + optional: true tasks: - name: checkout taskRef: - name: git-clone + resolver: bundles + params: + - name: bundle + value: ghcr.io/tektoncd/catalog/upstream/tasks/git-clone:0.7 + - name: name + value: git-clone + - name: kind + value: task + workspaces: + - name: output + workspace: ws params: - name: url value: $(params.repo) - name: revision value: $(params.revision) - workspaces: - - name: output - workspace: ws - name: unit-tests runAfter: [checkout] + when: + - cel: "'$(params.runTests)' == 'true'" taskRef: - name: golang-test + resolver: bundles + params: + - name: bundle + value: ghcr.io/tektoncd/catalog/upstream/tasks/golang-test:0.2 + - name: name + value: golang-test + - name: kind + value: task params: - name: package value: $(workspaces.source.path)/... workspaces: - name: source workspace: ws - - name: publish-image + - name: publish-image-gcr runAfter: - unit-tests + when: + - cel: "'$(params.docker_repo)'.matches('gcr.io/.*')" taskSpec: params: - name: repo @@ -79,6 +102,8 @@ spec: env: - name: KO_DOCKER_REPO value: "$(params.repo)" + - name: KO_EXTRA_ARGS + value: "-P" - name: RELEASE_VERSION value: "$(params.tag)" params: @@ -89,6 +114,80 @@ spec: workspaces: - name: source workspace: ws + - name: publish-image + runAfter: + - unit-tests + when: + - cel: "!'$(params.docker_repo)'.matches('gcr.io/.*')" + taskSpec: + params: + - name: repo + description: Docker repository to publish to. + - name: githubRepo + description: The source GitHub repo + - name: tag + default: latest + - name: imageRegistry + default: ghcr.io + - name: imageRegistryUser + default: tekton-robot + - name: serviceAccountPath + default: credentials + workspaces: + - name: source + - name: release-secret + optional: true + stepTemplate: + env: + - name: CONTAINER_REGISTRY_CREDENTIALS + value: "$(workspaces.release-secret.path)/$(params.serviceAccountPath)" + - name: IMAGE_REGISTRY + value: "$(params.imageRegistry)" + - name: CONTAINER_REGISTRY_USER + value: "$(params.imageRegistryUser)" + - name: RELEASE_VERSION + value: $(params.tag) + - name: GITHUB_REPO + value: $(params.githubRepo) + - name: DOCKER_CONFIG + value: /workspace/.docker + - name: KO_EXTRA_ARGS + value: "" + steps: + - name: container-registry-auth + image: cgr.dev/chainguard/crane:latest-dev@sha256:6fc6fcdeb173c7951f038e6a7b230f586c1be05a011d9e6f9db6c614ec412c2f + script: | + #!/bin/sh + set -ex + + if [ ! -f ${CONTAINER_REGISTRY_CREDENTIALS} ]; then + echo "The release-secret workspace is required with ghcr.io" + exit 1 + fi + + # Login to IMAGE_REGISTRY. Crane will honour DOCKER_CONFIG. + cat ${CONTAINER_REGISTRY_CREDENTIALS} | \ + crane auth login -u ${CONTAINER_REGISTRY_USER} --password-stdin ${IMAGE_REGISTRY} + - name: publish + image: gcr.io/tekton-releases/dogfooding/ko-gcloud@sha256:e3746b99c3269ae6db6ee615e42f51789f03cd0225276eede500cb5319a5dfb6 + workingDir: $(workspaces.source.path) + script: | + $(workspaces.source.path)/release/release.sh + env: + - name: KO_DOCKER_REPO + value: "$(params.repo)" + params: + - name: repo + value: $(params.docker_repo) + - name: githubRepo + value: $(params.repo) + - name: tag + value: $(params.version) + workspaces: + - name: source + workspace: ws + - name: release-secret + workspace: release-secret - name: publish-config runAfter: [publish-image] # Inline spec since we're relying on Workload Identity and can't use the diff --git a/tekton/trigger.yaml b/tekton/trigger.yaml index 6c0c115ab..9a7d33c53 100644 --- a/tekton/trigger.yaml +++ b/tekton/trigger.yaml @@ -24,7 +24,7 @@ spec: - name: repo - name: revision resourcetemplates: - - apiVersion: tekton.dev/v1beta1 + - apiVersion: tekton.dev/v1 kind: PipelineRun metadata: generateName: results-ci- diff --git a/tekton/vendor/README.md b/tekton/vendor/README.md deleted file mode 100644 index 74c7b32e7..000000000 --- a/tekton/vendor/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The images in this folder are vendored from the -[Tekton Catalog](https://github.com/tektoncd/catalog). - -This is intended to be a helper utility to bootstrap local clusters for testing -release configs. diff --git a/tekton/vendor/vendor.sh b/tekton/vendor/vendor.sh deleted file mode 100755 index 5b7564ec7..000000000 --- a/tekton/vendor/vendor.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /bin/bash -# Copyright 2021 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/golang-test/0.2/golang-test.yaml -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/golang-build/0.3/golang-build.yaml -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.7/git-clone.yaml \ No newline at end of file