Follow these steps to perform an official release of Tekton Chains! To follow these steps you'll need a checkout of the chains repo, a terminal window and a text editor.
Setup a context to connect to the dogfooding cluster if you haven't already.
to the root of the chains repo -
Apply release Tekton resources
- This task uses ko to build all container images we release and generate therelease.yaml
kubectl apply -f release/publish.yaml
- This is the pipeline that stitches everything together.kubectl apply -f release/release-pipeline.yaml
Select the commit you would like to build the release from, most likely the most recent commit at and note the commit's hash.
Create environment variables for bash scripts in later steps.
CHAINS_VERSION_TAG=# UPDATE THIS. Example: v0.6.2 CHAINS_RELEASE_GIT_SHA=# SHA of the release to be released
Confirm commit SHA matches what you want to release.
Create a workspace template file:
cat <<EOF > workspace-template.yaml spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi EOF
Decide if new release will be latest release.
CHAINS_LATEST_RELEASE='true' # Set to 'false' if not latest release
Execute the release pipeline.
tkn --context dogfooding pipeline start chains-release \ --param=gitRevision="${CHAINS_RELEASE_GIT_SHA}" \ --param=versionTag="${CHAINS_VERSION_TAG}" \ --param=serviceAccountPath=release.json \ --param=serviceAccountImagesPath=credentials \ --param=releaseBucket=gs://tekton-releases/chains \ --param=releaseAsLatest="${CHAINS_LATEST_RELEASE}" \ --workspace name=release-secret,secret=release-secret \ --workspace name=release-images-secret,secret=ghcr-creds \ --use-param-defaults \ --workspace name=workarea,volumeClaimTemplateFile=workspace-template.yaml
Watch logs of chains-release.
Once the pipeline run is complete, check its results:
tkn --context dogfooding pr describe <pipeline-run-name> (...) 📝 Results NAME VALUE commit-sha 420adfcdf225326605f2b2c2264b42a2f7b86e4e release-file release-file-no-tag (...)
. The two URLs can be opened in the browser or viacurl
to download the release manifests.-
The YAMLs are now released! Anyone installing Tekton Chains will now get the new version. Time to create a new GitHub release announcement:
Find the Rekor UUID for the release
RELEASE_FILE=${CHAINS_VERSION_TAG}/release.yaml CONTROLLER_IMAGE_SHA=$(curl $RELEASE_FILE | egrep '*controller' | cut -d'@' -f2) REKOR_UUID=$(rekor-cli search --sha $CONTROLLER_IMAGE_SHA | grep -v Found | head -1) echo -e "CONTROLLER_IMAGE_SHA: ${CONTROLLER_IMAGE_SHA}\nREKOR_UUID: ${REKOR_UUID}"
Create additional environment variables
Execute the Draft Release task.
tkn --context dogfooding pipeline start \ --workspace name=shared,volumeClaimTemplateFile=workspace-template.yaml \ --workspace name=credentials,secret=release-secret \ -p package="${CHAINS_PACKAGE}" \ -p git-revision="$CHAINS_RELEASE_GIT_SHA" \ -p release-tag="${CHAINS_VERSION_TAG}" \ -p previous-release-tag="${CHAINS_OLD_VERSION}" \ -p release-name="${CHAINS_RELEASE_NAME}" \ -p bucket="gs://tekton-releases/chains" \ -p rekor-uuid="$REKOR_UUID" \ release-draft
Watch logs of create-draft-release
On successful completion, a URL will be logged. Visit that URL and look through the release notes.
- Manually add upgrade and deprecation notices based on the generated release notes
- Double-check that the list of commits here matches your expectations for the release. You might need to remove incorrect commits or copy/paste commits from the release branch. Refer to previous releases to confirm the expected format.
Un-check the "This is a pre-release" checkbox since you're making a legit for-reals release!
Publish the GitHub release once all notes are correct and in order.
Create a branch for the release named
release-<version number>x
, e.g.release-v0.28.x
and push it to the repo Make sure to fetch the commit specified in$CHAINS_RELEASE_GIT_SHA
to create the released branch. -
Test release that you just made against your own cluster (note
--context my-dev-cluster
):# Test latest kubectl --context my-dev-cluster apply --filename
# Test backport kubectl --context my-dev-cluster apply --filename$CHAINS_VERSION_TAG/release.yaml
Update releases page at releases/.md
Announce the release in Slack channels #general, #chains and #announcements.
Congratulations, you're done!
to connect to the dogfooding cluster:gcloud container clusters get-credentials dogfooding --zone us-central1-a --project tekton-releases
Give the context a short memorable name such as
:kubectl config rename-context gke_tekton-releases_us-central1-a_dogfooding dogfooding
kubectl config use-context my-dev-cluster