From 5d72079e9a1f2bd58c794fa079d459e17e717e4b Mon Sep 17 00:00:00 2001 From: Christie Wilson Date: Tue, 3 Sep 2019 12:41:08 -0400 Subject: [PATCH] =?UTF-8?q?Add=20nightly=20release=20pipeline=20?= =?UTF-8?q?=F0=9F=8C=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This Pipeline will be triggered via prow over in the tektoncd/plumbing repo every night. It will create releases of all images normally released when doing official releases, plus also the image used for building with ko, and tag them with the date and commit they were built at, and will create the release.yaml as well. This Pipeline is missing a few things that are in the manual release Pipeline - due to #1124 unit tests have a race condition, due to #1205 the linting is flakey and it would be frustrating to lose a whole nightly release, and finally due to using v0.3.1 it's not possible to use workingDir, which is required by the golang build Task. The Pipelines and Tasks have been updated to work with Tekton Pipelines v0.3.1 because that's what we're using in our official cluster (since currently Prow requires it). Made release instructions more oriented toward someone actually making a release vs. a random person trying to run the same pipeline against their own infrastructure. Removed example Runs b/c it's much simpler to invoke via `tkn`, or Prow (these were falling out of date with how we were actually using the Pipelines/Tasks as well). Removed the `gcs-uploader-image` PipelineResource which is no longer being used. Fixes #860 --- docs/install.md | 18 +- tekton/README.md | 416 +++++++++------------------ tekton/ci-images-run.yaml | 43 --- tekton/ci-images.yaml | 17 +- tekton/publish-nightly.yaml | 226 +++++++++++++++ tekton/publish-run.yaml | 233 --------------- tekton/publish.yaml | 41 +-- tekton/release-pipeline-nightly.yaml | 103 +++++++ tekton/release-pipeline-run.yaml | 62 ---- tekton/release-pipeline.yaml | 2 +- tekton/resources.yaml | 42 ++- 11 files changed, 555 insertions(+), 648 deletions(-) delete mode 100644 tekton/ci-images-run.yaml create mode 100644 tekton/publish-nightly.yaml delete mode 100644 tekton/publish-run.yaml create mode 100644 tekton/release-pipeline-nightly.yaml delete mode 100644 tekton/release-pipeline-run.yaml diff --git a/docs/install.md b/docs/install.md index 5286d0fcbbc..95ea19ec319 100644 --- a/docs/install.md +++ b/docs/install.md @@ -2,6 +2,11 @@ Use this page to add the component to an existing Kubernetes cluster. +* [Pre-requisites](#pre-requisites) +* [Versions](#versions) +* [Installing Tekton Pipelines](#installing-tekton-pipelines) +* [Installing Tekton PIpelines on OpenShift/MiniShift](#installing-tekton-pipelines-on-openshiftminishift) + ## Pre-requisites 1. A Kubernetes cluster version 1.11 or later (_if you don't have an existing @@ -25,7 +30,18 @@ Use this page to add the component to an existing Kubernetes cluster. [Role-based access control](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#prerequisites_for_using_role-based_access_control) for more information_. -## Adding the Tekton Pipelines +## Versions + +The versions of Tekton Pipelines available are: + +* [Officially released versions](https://github.com/tektoncd/pipeline/releases), e.g. `v0.6.0` +* [Nightly releases](../tekton/README.md#nightly-releases) are + published every night to `gcr.io/tekton-nightly` +* `HEAD` - To install the most recent, unreleased code in the repo see + [the development + guide](https://github.com/tektoncd/pipeline/blob/master/DEVELOPMENT.md) + +## Installing Tekton Pipelines To add the Tekton Pipelines component to an existing cluster: diff --git a/tekton/README.md b/tekton/README.md index da1bde7cd6c..459a53bff3e 100644 --- a/tekton/README.md +++ b/tekton/README.md @@ -9,187 +9,42 @@ Tekton Pipelines! This directory contains the [`Tasks`](https://github.com/tektoncd/pipeline/blob/master/docs/tasks.md) and [`Pipelines`](https://github.com/tektoncd/pipeline/blob/master/docs/pipelines.md) -that we (will) use. +that we use. -TODO(#538): In #538 or #537 we will update -[Prow](https://github.com/tektoncd/pipeline/blob/master/CONTRIBUTING.md#pull-request-process) -to invoke these `Pipelines` automatically, but for now we will have to invoke -them manually. +The Pipelines and Tasks in this folder are used for: -## Pull Request Pipeline +1. [Manually creating official releases from the official cluster](#create-an-official-release) +2. [Automated nightly releases](#nightly-releases) -The pull request pipeline will use the -[`golang`](https://github.com/tektoncd/catalog/tree/master/golang) -Tasks from the -[`tektoncd/catalog`](https://github.com/tektoncd/catalog). To add them -to your cluster: - -``` -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/lint.yaml -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/build.yaml -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/tests.yaml -``` - -TODO(#922) & TODO(#860): Add the Pipeline and hook it up with Prow, for now all -we have are `Tasks` which we can invoke individually by creating -[`TaskRuns`](https://github.com/tektoncd/pipeline/blob/master/docs/taskruns.md) -and -[`PipelineResources`](https://github.com/tektoncd/pipeline/blob/master/docs/resources.md). - -## Release Pipeline - -The release pipeline uses the -[`golang`](https://github.com/tektoncd/catalog/tree/master/golang) -Tasks from the -[`tektoncd/catalog`](https://github.com/tektoncd/catalog). To add them -to your cluster: - -``` -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/lint.yaml -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/build.yaml -kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/tests.yaml -``` - -The *local* `Tasks` which make up our release `Pipeline` are: - -- [`ci-images.yaml`](ci-images.yaml) - This `Task` uses - [`kaniko`](https://github.com/GoogleContainerTools/kaniko) to build and - publish [images for the CI itself](#supporting-images), which can then be used - as `steps` in downstream `Tasks` -- [`publish.yaml`](publish.yaml) - This `Task` uses - [`kaniko`](https://github.com/GoogleContainerTools/kaniko) to build and - publish base images, and uses - [`ko`](https://github.com/google/go-containerregistry/tree/master/cmd/ko) to - build all of the container images we release and generate the - `release.yaml` -- [`release-pipeline.yaml`](./release-pipeline.yaml) - This `Pipeline` - uses the - [`golang`](https://github.com/tektoncd/catalog/tree/master/golang) - `Task`s from the - [`tektoncd/catalog`](https://github.com/tektoncd/catalog) and - [`publish.yaml`](publish.yaml)'s `Task`. - -The official releases [are performed from the `prow` cluster in the `tekton-releases` -GCP project](https://github.com/tektoncd/plumbing#prow). To release you will want to: +To start from scratch and use these Pipelines and Tasks: -1. Install / update Tekton in the kubernetes cluster you'll be running against either via: +1. [Install Tekton v0.3.1](#install-tekton) +1. [Setup the Tasks and Pipelines](#setup) +1. [Create the required service account + secrets](#service-account-and-secrets) - * [An official release](https://github.com/tektoncd/pipeline/blob/master/docs/install.md) - * [From `HEAD`](https://github.com/tektoncd/pipeline/blob/master/DEVELOPMENT.md#install-pipeline) +## Create an official release - If this is your first time running in the cluster, you will need to give yourself admin permissions - in the cluster in order to deploy Tekton pipelines, e.g.: +Official releases are performed from [the `prow` cluster](https://github.com/tektoncd/plumbing#prow) +[in the `tekton-releases` GCP project](https://github.com/tektoncd/plumbing/blob/master/gcp.md). +This cluster +[already has the correct version of Tekton installed](#install-tekton). - ```bash - kubectl create clusterrolebinding cluster-admin-binding-someusername \ - --clusterrole=cluster-admin \ - --user=$(gcloud config get-value core/account) - ``` - -2. [Run the Pipeline](#run-the-pipeline). Note that since we don't yet have an actual Pipeline (#531) - we often just [create the release](#creating-a-new-release) and we skip the bit where we publish - the ci images (which rarely change anyway). Hashtag lazy manual anti-pattern. +To make a new release: +1. (Optionally) [Apply the latest versions of the Tasks + Pipelines](#setup) +2. (If you haven't already) [Install `tkn`](https://github.com/tektoncd/cli#installing-tkn) +2. [Run the Pipeline](#run-the-pipeline) 3. Create the new tag and release in GitHub ([see one of way of doing that here](https://github.com/tektoncd/pipeline/issues/530#issuecomment-477409459)). _TODO(#530): Automate as much of this as possible with Tekton._ - 4. Add an entry to [the README](../README.md) at `HEAD` for docs and examples for the new release ([README.md#read-the-docs](README.md#read-the-docs)). - 5. Update the new release in GitHub with the same links to the docs and examples, see [v0.1.0](https://github.com/tektoncd/pipeline/releases/tag/v0.1.0) for example. ### Run the Pipeline -TODO(#531): Add the Pipeline, for now all we have are `Tasks` which we can -invoke individually by creating -[`TaskRuns`](https://github.com/tektoncd/pipeline/blob/master/docs/taskruns.md) -and -[`PipelineResources`](https://github.com/tektoncd/pipeline/blob/master/docs/resources.md). - -TODO(#569): Normally we'd use the image `PipelineResources` to control which -image registry the images are pushed to. However since we have so many images, -all going to the same registry, we are cheating and using a parameter for the -image registry instead. - -- [`ci-images-run.yaml`](ci-images-run.yaml) - This example `TaskRun` and - `PipelineResources` demonstrate how to invoke `ci-images.yaml` (see - [Build and push the CI image](#creating-ci-image)) - -- [`publish-run.yaml`](publish-run.yaml) - This example `TaskRun` and - `PipelineResources` demonstrate how to invoke `publish.yaml` (see - [Creating a new release](#creating-a-new-release)) - -- You can use [`tkn`](https://github.com/tektoncd/cli) to run the [release - pipeline](./release-pipeline.yaml) (see [Creating a new - release](#creating-a-new-release)) - -#### Setting up your credentials - -Setup the required credentials for the `release-right-meow` service account, either: - -- For - [the GCP service account `release-right-meow@tekton-releases.iam.gserviceaccount.com`](#production-service-account) - which has the proper authorization to release the images and yamls in - [our `tekton-releases` GCP project](https://github.com/tektoncd/plumbing#prow) -- For - [your own GCP service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) - if running against your own infrastructure - -```bash -KEY_FILE=release.json -GENERIC_SECRET=release-secret -ACCOUNT=release-right-meow -# Replace with your own service account if using your own infra -GCP_ACCOUNT="release-right-meow@tekton-releases.iam.gserviceaccount.com" -``` - -The value of GCP_ACCOUNT for your own infrastructure is `[SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com`. -`[SA-NAME]` is the name of the service account, and `[PROJECT-ID]` is the ID of -your Google Cloud Platform project. Make sure you have both of them created for your own -account, before proceeding with the following commands. Please refer to [Google Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) -to create the project, and [Google Service Accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts) to create the service account, if necessary. - -```bash -# 1. Create a private key for the service account, which you can use -gcloud iam service-accounts keys create --iam-account $GCP_ACCOUNT $KEY_FILE - -# 2. Create kubernetes secret, which we will use via a service account and directly mounting -kubectl create secret generic $GENERIC_SECRET --from-file=./$KEY_FILE - -# 3. Add the docker secret to the service account -kubectl apply -f tekton/account.yaml -kubectl patch serviceaccount $ACCOUNT \ - -p "{\"secrets\": [{\"name\": \"$GENERIC_SECRET\"}]}" -``` - -#### Creating CI image - -After the credentials are configured, you can run the following commands to -build and push the CI image upstream. - -```bash -kubectl apply -f tekton/ci-images.yaml -kubectl apply -f tekton/ci-images-run.yaml -``` - -#### Creating a new release - -Currently, all the official release processes are conducted under [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/docs/). -Please follow the tutorial [here](https://cloud.google.com/kubernetes-engine/docs/quickstart) to launch your own infrastructure, if needed. - -The `TaskRun` will use - -- The kubernetes service account [`release-right-meow`](account.yaml), which by - default has no associated secrets -- A secret called `release-secret` - -It needs to run with a service account in the target GCP project with -[`Storage Admin`](https://cloud.google.com/container-registry/docs/access-control) -access), such as [the production service account](#production-service-account). - -To run the `publish-tekton-pipelines` `Task` and create a release: +To use [`tkn`](https://github.com/tektoncd/cli) to run the `publish-tekton-pipelines` `Task` and create a release: 1. Pick the revision you want to release and update the [`resources.yaml`](./resources.yaml) file to add a @@ -199,30 +54,7 @@ To run the `publish-tekton-pipelines` `Task` and create a release: apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: - name: tekton-pipelines-vX-Y-Z - spec: - type: git - params: - - name: url - value: https://github.com/tektoncd/pipeline # REPLACE with your own fork - - name: revision - value: vX.Y.Z-invalid-tags-boouuhhh # REPLACE with your own commit - ``` - - Also, validate that the `tektoncd-bucket` points to the correct - bucket if you are running the release on your own infrastructure. - - ```yaml - - name: location - value: gs://tekton-releases # REPLACE with your own bucket - ``` - -2. To run an official release [using the production cluster](https://github.com/tektoncd/plumbing#prow): - - ```bash - gcloud container clusters get-credentials prow --zone us-central1-a --project tekton-releases - ``` - + name: tekton-pipelines-vX-Y- 3. To run against your own infrastructure (if you are running [in the production cluster](https://github.com/tektoncd/plumbing#prow) the default account should already have these creds, this is just a bonus - plus `release-right-meow` might already exist in the @@ -234,63 +66,31 @@ To run the `publish-tekton-pipelines` `Task` and create a release: [our `tekton-releases` GCP project](https://github.com/tektoncd/plumbing#prow) - For [your own GCP service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) - if running against your own infrastructure - - ```bash - KEY_FILE=release.json - GENERIC_SECRET=release-secret - ACCOUNT=release-right-meow - # Replace with your own service account if using your own infra - GCP_ACCOUNT="release-right-meow@tekton-releases.iam.gserviceaccount.com" - - # 1. Create a private key for the service account, which you can use - gcloud iam service-accounts keys create --iam-account $GCP_ACCOUNT $KEY_FILE - - # 2. Create kubernetes secret, which we will use via a service account and directly mounting - kubectl create secret generic $GENERIC_SECRET --from-file=./$KEY_FILE - - # 3. Add the docker secret to the service account - kubectl apply -f tekton/account.yaml - kubectl patch serviceaccount $ACCOUNT \ - -p "{\"secrets\": [{\"name\": \"$GENERIC_SECRET\"}]}" + if running against your own infrastructureZ + spec: + type: git + params: + - name: url + value: https://github.com/tektoncd/pipeline + - name: revision + value: vX.Y.Z-invalid-tags-boouuhhh # REPLACE with the commit you'd like to build from ``` -4. To run the release you can either create a `PipelineRun` using - [`tkn`](https://github.com/tektoncd/cli), or using a yaml file. - - You will need to set the following parameters: - - `versionTag`: to set the tag to use for published images - - **TODO(#983) Be careful! if you use a tag that has already been released, you - can overwrite a previous release!** - - - `imageRegistry`: the default value points to - `gcr.io/tekton-releases`, to run against your own infrastructure - (not needed for actual releases) set it to your registry. +2. [Connect to the production cluster](https://github.com/tektoncd/plumbing#prow): -6. Run the `release-pipeline`: + ```bash + gcloud container clusters get-credentials prow --zone us-central1-a --project tekton-releases + ``` +6. Run the `release-pipeline` (assuming you are using the production cluster and + [all the Tasks and Pipelines already exist](#setup)): + ```shell - # If you are running in a cluster you've run this in previously, - # delete the previous run and resources - - # Apply golang tasks from the catalog - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/lint.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/build.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/golang/tests.yaml - - # Apply the publish Task - kubectl apply -f tekton/publish.yaml - - # Create the resoruces + # Create the resoruces - i.e. set the revision that you wan to build from kubectl apply -f tekton/resources.yaml - ``` - If you are using [`tkn`](https://github.com/tektoncd/cli), you can - run the following command. - - ```shell - # Do not forget to change those environment variables ! + # Change thie environment variable to the verison you would like to use. + # Be careful: due to #983 it is possible to overwrite previous releases. export VERSION_TAG=v0.X.Y tkn pipeline start \ @@ -312,58 +112,128 @@ To run the `publish-tekton-pipelines` `Task` and create a release: --resource=builtPullRequestInitImage=pull-request-init-image \ pipeline-release ``` - - If you don't want to use `tkn`, you can use - [`release-pipeline-run.yaml`](./release-pipeline-run.yaml)'s - `PipelineRun`. **Do not forget to update the `params` and the - `source-repo` resource**. -### Authentication +_TODO(#569): Normally we'd use the image `PipelineResources` to control which +image registry the images are pushed to. However since we have so many images, +all going to the same registry, we are cheating and using a parameter for the +image registry instead._ + +## Nightly releases + +[The nightly release pipeline](release-pipeline-nightly.yaml) is +[triggered nightly by Prow](https://github.com/tektoncd/plumbing/tree/master/prow). + +This Pipeline uses: -Users executing the publish task must be able to: +- [ci-images.yaml](ci-images.yaml) +- [publish-nightly.yaml](publish-nightly.yaml) (See [triggers#87](https://github.com/tektoncd/triggers/issues/87)) -- Push to the image registry (production registry is `gcr.io/tekton-releases`) -- Write to the GCS bucket (production bucket is `gs://tekton-releases`) +The nightly release Pipeline is currently missing Tasks which we want to add once we are able: -TODO: To be able to publish images via `kaniko` or `ko`, you must be able to -push to your image registry. At the moment, the publish `Task` will try to use -your default service account in the namespace where you create the `TaskRun`. If -that default service account is able to push to your image registry, you are -good to go. Otherwise, you need to use -[a secret annotated with your docker registry credentials](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker). +- The unit tests aren't run due to the data race reported in [#1124](http://github.com/tektoncd/pipeline/issues/1124) +- Linting isn't run due to it being flakey [#1205](http://github.com/tektoncd/pipeline/issues/1205) +- Build isn't run because it uses `workingDir` which is broken in v0.3.1 ([kubernetes/test-infra#13948](https://github.com/kubernetes/test-infra/issues/13948)) -#### Production credentials +## Install Tekton -[Members of the Tekton governing board](https://github.com/tektoncd/community/blob/master/governance.md) -[have access to the underlying resources](https://github.com/tektoncd/community/blob/master/governance.md#permissions-and-access). +The Pipelines and Tasks in this repo work with v0.3.1 due to +[Prow #13948](https://github.com/kubernetes/test-infra/issues/13948), so that +they can be used [with Prow](https://github.com/tektoncd/plumbing/tree/master/prow). -Users who need access to our production registry (`gcr.io/tekton-releases`) and -production GCS bucket (`gs://tekton-releases`) should ping -[a member of the governing board](https://github.com/tektoncd/community/blob/master/governance.md) -to request access to -[the production service account](#production-service-account). -##### Production service account +```bash +# If this is your first time installing Tekton in the cluster you might need to give yourself permission to do so +kubectl create clusterrolebinding cluster-admin-binding-someusername \ + --clusterrole=cluster-admin \ + --user=$(gcloud config get-value core/account) + +# Apply version v0.3.1 of Tekton +kubectl apply --filename https://storage.googleapis.com/tekton-releases/previous/v0.3.1/release.yaml +``` + +## Setup + +Add all the `Tasks` to the cluster, including the +[`golang`](https://github.com/tektoncd/catalog/tree/master/golang) +Tasks from the +[`tektoncd/catalog`](https://github.com/tektoncd/catalog) (pinned to a version that +works [with v0.3.1](#install-tekton)) + +```bash +# Apply the Tasks we are using from the catalog +kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/a844eaa0be8cba2c1fbe6c4c336a2333bdbcdf1c/golang/lint.yaml +kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/a844eaa0be8cba2c1fbe6c4c336a2333bdbcdf1c/golang/build.yaml +kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/a844eaa0be8cba2c1fbe6c4c336a2333bdbcdf1c/golang/tests.yaml + +# Apply the Tasks and Pipelines we use from this repo +kubectl apply -f tekton/ci-images.yaml +kubectl apply -f tekton/publish.yaml +kubectl apply -f tekton/publish-nightly.yaml +kubectl apply -f tekton/release-pipeline.yaml +kubectl apply -f tekton/release-pipeline-nightly.yaml -The GCP service account for creating release is -`release-right-meow@tekton-releases.iam.gserviceaccount.com`. This account has -the role +# Apply the resources - note that when manually releasing you'll re-apply these +kubectl apply -f tekton/resources.yaml +``` + +`Tasks` from this repo are: + +- [`ci-images.yaml`](ci-images.yaml) - This `Task` uses + [`kaniko`](https://github.com/GoogleContainerTools/kaniko) to build and + publish [images for the CI itself](#supporting-images), which can then be used + as `steps` in downstream `Tasks` +- [`publish.yaml`](publish.yaml) - This `Task` uses + [`kaniko`](https://github.com/GoogleContainerTools/kaniko) to build and + publish base images, and uses + [`ko`](https://github.com/google/go-containerregistry/tree/master/cmd/ko) to + build all of the container images we release and generate the + `release.yaml` +- [`release-pipeline.yaml`](./release-pipeline.yaml) - This `Pipeline` + uses the + [`golang`](https://github.com/tektoncd/catalog/tree/master/golang) + `Task`s from the + [`tektoncd/catalog`](https://github.com/tektoncd/catalog) and + [`publish.yaml`](publish.yaml)'s `Task`. + +## Service account and secrets + +In order to release, these Pipelines use the `release-right-meow` service account, +which uses `release-secret` and has [`Storage Admin`](https://cloud.google.com/container-registry/docs/access-control) -in order to be able to read and write buckets and images. +access to +[`tekton-releases`]((https://github.com/tektoncd/plumbing/blob/master/gcp.md)) +and +[`tekton-releases-nightly`]((https://github.com/tektoncd/plumbing/blob/master/gcp.md)). -## Supporting scripts +After creating these service accounts in GCP, the kubernetes service account and +secret were created with: -Some supporting scripts have been written using Python 2.7: +```bash +KEY_FILE=release.json +GENERIC_SECRET=release-secret +ACCOUNT=release-right-meow -- [koparse](./koparse) - Contains logic for parsing `release.yaml` files created - by `ko` +# Connected to the `prow` in the `tekton-releases` GCP project +GCP_ACCOUNT="$ACCOUNT@tekton-releases.iam.gserviceaccount.com" -## Supporting images +# 1. Create a private key for the service account +gcloud iam service-accounts keys create --iam-account $GCP_ACCOUNT $KEY_FILE -TODO(#639) Ensure we are using the images that are published by the `Pipeline` -itself. +# 2. Create kubernetes secret, which we will use via a service account and directly mounting +kubectl create secret generic $GENERIC_SECRET --from-file=./$KEY_FILE -These images are built and published to be used by the release Pipeline itself. +# 3. Add the docker secret to the service account +kubectl apply -f tekton/account.yaml +kubectl patch serviceaccount $ACCOUNT \ + -p "{\"secrets\": [{\"name\": \"$GENERIC_SECRET\"}]}" +``` + +## Supporting scripts and images + +Some supporting scripts have been written using Python 2.7: + +- [koparse](./koparse) - Contains logic for parsing `release.yaml` files created + by `ko` ### ko image diff --git a/tekton/ci-images-run.yaml b/tekton/ci-images-run.yaml deleted file mode 100644 index aba01542643..00000000000 --- a/tekton/ci-images-run.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: tekton-pipelines -spec: - type: git - params: - - name: url - value: https://github.com/tektoncd/pipeline # REPLACE with your own fork - - name: revision - value: master # REPLACE with your own commit ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: ko-image -spec: - type: image - params: - - name: url - value: ko-ci # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: TaskRun -metadata: - name: publish-ci-images-run -spec: - serviceAccount: release-right-meow - taskRef: - name: publish-ci-images - inputs: - resources: - - name: source - resourceRef: - name: tekton-pipelines - params: - - name: imageRegistry - value: gcr.io/tekton-releases # REPLACE with your own registry - outputs: - resources: - - name: builtKoImage - resourceRef: - name: ko-image \ No newline at end of file diff --git a/tekton/ci-images.yaml b/tekton/ci-images.yaml index 657521f0d24..57a587d71ef 100644 --- a/tekton/ci-images.yaml +++ b/tekton/ci-images.yaml @@ -23,5 +23,18 @@ spec: - /kaniko/executor args: - --dockerfile=/workspace/source/tekton/ko/Dockerfile - - --destination=$(inputs.params.imageRegistry)/$(outputs.resources.builtKoImage.url) - - --context=/workspace/source \ No newline at end of file + - --destination=${inputs.params.imageRegistry}/${outputs.resources.builtKoImage.url} + - --context=/workspace/source + + volumeMounts: + - name: gcp-secret + mountPath: /secret + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /secret/release.json + + volumes: + - name: gcp-secret + secret: + secretName: release-secret + diff --git a/tekton/publish-nightly.yaml b/tekton/publish-nightly.yaml new file mode 100644 index 00000000000..b216aed0afa --- /dev/null +++ b/tekton/publish-nightly.yaml @@ -0,0 +1,226 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: publish-tekton-pipelines-nightly +spec: + inputs: + resources: + - name: source + type: git + targetPath: go/src/github.com/tektoncd/pipeline + - name: bucket + type: storage + params: + # TODO(triggers#87) This Task has no verisonTag parameter (like publish-tekton-pipelines) because Prow does not allow the value to be provided dynamically + - name: imageRegistry + description: TODO(#569) This is a hack to make it easy for folks to switch the registry being used by the many many image outputs + - name: pathToProject + description: The path to the folder in the go/src dir that contains the project, which is used by `ko` to name the resulting images + outputs: + resources: + - name: bucket + type: storage + - name: builtBaseImage + type: image + - name: builtEntrypointImage + type: image + - name: builtKubeconfigWriterImage + type: image + - name: builtCredsInitImage + type: image + - name: builtGitInitImage + type: image + - name: builtNopImage + type: image + - name: builtBashImage + type: image + - name: builtGsutilImage + type: image + - name: builtControllerImage + type: image + - name: builtWebhookImage + type: image + - name: builtDigestExporterImage + type: image + - name: builtPullRequestInitImage + type: image + - name: builtGcsFetcherImage + type: image + steps: + + - name: build-push-base-images + image: gcr.io/kaniko-project/executor:v0.9.0 + command: + - /kaniko/executor + args: + - --dockerfile=/workspace/go/src/github.com/tektoncd/pipeline/images/Dockerfile + - --destination=${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtBaseImage.url} + - --context=/workspace/go/src/github.com/tektoncd/pipeline + + volumeMounts: + - name: gcp-secret + mountPath: /secret + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /secret/release.json + + - name: create-ko-yaml + image: busybox + command: + - /bin/sh + args: + - -ce + - | + set -e + set -x + + cat < /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml + # By default ko will build images on top of distroless + baseImageOverrides: + # Use the images we just built as base images + $(inputs.params.pathToProject)/$(outputs.resources.builtCredsInitImage.url): ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/build-base:latest + $(inputs.params.pathToProject)/$(outputs.resources.builtGitInitImage.url): ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/build-base:latest + + $(inputs.params.pathToProject)/$(outputs.resources.builtBashImage.url): busybox # image should have shell in $PATH + $(inputs.params.pathToProject)/$(outputs.resources.builtEntrypointImage.url): busybox # image should have shell in $PATH + $(inputs.params.pathToProject)/$(outputs.resources.builtGsutilImage.url): google/cloud-sdk:alpine # image should have gsutil in $PATH + EOF + + cat /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml + + - name: ensure-release-dirs-exist + image: busybox + command: ["mkdir"] + args: + - "-p" + - "/workspace/bucket/latest/" + - "/workspace/bucket/previous/" + + - name: run-ko + # TODO(#639) we should be able to use the image built by an upstream Task here instead of hardcoding + image: gcr.io/tekton-nightly/ko-ci + env: + - name: KO_DOCKER_REPO + value: ${inputs.params.imageRegistry} + - name: GOPATH + value: /workspace/go + - name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE + value: /secret/release.json + command: + - /bin/sh + args: + - -ce + - | + set -e + set -x + + # Auth with CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE + gcloud auth configure-docker + + # ko requires this variable to be set in order to set image creation timestamps correctly https://github.com/google/go-containerregistry/pull/146 + export SOURCE_DATE_EPOCH=`date +%s` + + # Change to directory with our .ko.yaml + cd /workspace/go/src/github.com/tektoncd/pipeline + + # Publish images and create release.yaml + ko resolve --preserve-import-paths -f /workspace/go/src/github.com/tektoncd/pipeline/config/ > /workspace/bucket/latest/release.yaml + volumeMounts: + - name: gcp-secret + mountPath: /secret + + - name: generate-release-version + image: alpine/git + command: + - /bin/sh + args: + - -ce + - | + set -e + set -x + + # Can't use workingDir due to #1267 + cd /workspace/go/src/github.com/tektoncd/pipeline + + # Nightly releases use vYYYYMMDD-commit + COMMIT=$(git rev-parse HEAD | cut -c 1-10) + DATE=$(date +"%Y%m%d") + VERSION_TAG="$DATE-$COMMIT" + + echo $VERSION_TAG > "/builder/home/version" + + - name: copy-to-tagged-bucket + image: busybox + command: + - /bin/sh + args: + - -ce + - | + set -e + set -x + + # Can't use workingDir due to #1267 + cd /workspace/bucket + + # TODO(https://github.com/tektoncd/triggers/issues/87) if the versionTag could be generated dynamically, we could use the same Task for nightly + official releases + export VERSION_TAG="$(cat /builder/home/version)" + + mkdir -p /workspace/bucket/previous/$VERSION_TAG/ + cp /workspace/bucket/latest/release.yaml /workspace/bucket/previous/$VERSION_TAG/release.yaml + + - name: tag-images + image: google/cloud-sdk + command: + - /bin/bash + args: + - -ce + - | + set -e + set -x + + # TODO(https://github.com/tektoncd/triggers/issues/87) if the versionTag could be generated dynamically, we could use the same Task for nightly + official releases + export VERSION_TAG="$(cat /builder/home/version)" + + REGIONS=(us eu asia) + IMAGES=( + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtEntrypointImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtKubeconfigWriterImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtCredsInitImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGitInitImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtNopImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtBashImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGsutilImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtControllerImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtWebhookImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtDigestExporterImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtPullRequestInitImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGcsFetcherImage.url} + ) + # Parse the built images from the release.yaml generated by ko + BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/pipeline/tekton/koparse/koparse.py --path /workspace/bucket/latest/release.yaml --base ${inputs.params.imageRegistry}/${inputs.params.pathToProject} --images ${IMAGES[@]}) ) + + # Auth with account credentials + gcloud auth activate-service-account --key-file=/secret/release.json + + # Tag the images and put them in all the regions + for IMAGE in "${BUILT_IMAGES[@]}" + do + IMAGE_WITHOUT_SHA=${IMAGE%%@*} + gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:latest + gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:$VERSION_TAG + for REGION in "${REGIONS[@]}" + do + for TAG in "latest" $VERSION_TAG + do + gcloud -q container images add-tag ${IMAGE} ${REGION}.${IMAGE_WITHOUT_SHA}:$TAG + done + done + done + volumeMounts: + - name: gcp-secret + mountPath: /secret + + volumes: + - name: gcp-secret + secret: + secretName: release-secret diff --git a/tekton/publish-run.yaml b/tekton/publish-run.yaml deleted file mode 100644 index 1fe67d73c9e..00000000000 --- a/tekton/publish-run.yaml +++ /dev/null @@ -1,233 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: tekton-pipelines -spec: - type: git - params: - - name: url - value: https://github.com/tektoncd/pipeline # REPLACE with your own fork - - name: revision - value: master # REPLACE with your own commit ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: tekton-bucket -spec: - type: storage - params: - - name: type - value: gcs - - name: location - value: gs://tekton-releases # REPLACE with your own bucket - - name: dir - value: "y" ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: base-image -spec: - type: image - params: - - name: url - value: build-base # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: entrypoint-image -spec: - type: image - params: - - name: url - value: cmd/entrypoint # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: kubeconfigwriter-image -spec: - type: image - params: - - name: url - value: cmd/kubeconfigwriter # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: creds-init-image -spec: - type: image - params: - - name: url - value: cmd/creds-init # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: git-init-image -spec: - type: image - params: - - name: url - value: cmd/git-init # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: nop-image -spec: - type: image - params: - - name: url - value: cmd/nop # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: bash-image -spec: - type: image - params: - - name: url - value: cmd/bash # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: gsutil-image -spec: - type: image - params: - - name: url - value: cmd/gsutil # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: controller-image -spec: - type: image - params: - - name: url - value: cmd/controller # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: webhook-image -spec: - type: image - params: - - name: url - value: cmd/webhook # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: digest-exporter-image -spec: - type: image - params: - - name: url - value: cmd/imagedigestexporter # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: pullrequest-init-image -spec: - type: image - params: - - name: url - value: cmd/pullrequest-init # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: gcs-fetcher-image -spec: - type: image - params: - - name: url - value: vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: gcs-uploader-image -spec: - type: image - params: - - name: url - value: vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-uploader # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: TaskRun -metadata: - name: publish-run -spec: - serviceAccount: release-right-meow - taskRef: - name: publish-tekton-pipelines - inputs: - resources: - - name: source - resourceRef: - name: tekton-pipelines - - name: bucket - resourceRef: - name: tekton-bucket - params: - - name: versionTag - value: v0.11111.0 # REPLACE with the version you want to release, including `v`. For nightly releases, we might want to use `vYYYYMMDD-commit` - - name: imageRegistry - value: gcr.io/tekton-releases # REPLACE with your own registry - - name: pathToProject - value: github.com/tektoncd/pipeline - outputs: - resources: - - name: bucket - resourceRef: - name: tekton-bucket - - name: builtBaseImage - resourceRef: - name: base-image - - name: builtEntrypointImage - resourceRef: - name: entrypoint-image - - name: builtKubeconfigWriterImage - resourceRef: - name: kubeconfigwriter-image - - name: builtCredsInitImage - resourceRef: - name: creds-init-image - - name: builtGitInitImage - resourceRef: - name: git-init-image - - name: builtNopImage - resourceRef: - name: nop-image - - name: builtBashImage - resourceRef: - name: bash-image - - name: builtGsutilImage - resourceRef: - name: gsutil-image - - name: builtControllerImage - resourceRef: - name: controller-image - - name: builtWebhookImage - resourceRef: - name: webhook-image - - name: builtDigestExporterImage - resourceRef: - name: digest-exporter-image - - name: builtPullRequestInitImage - resourceRef: - name: pullrequest-init-image - - name: builtGcsFetcherImage - resourceRef: - name: gcs-fetcher-image diff --git a/tekton/publish.yaml b/tekton/publish.yaml index 87765ccabbc..42fc1b4f1ab 100644 --- a/tekton/publish.yaml +++ b/tekton/publish.yaml @@ -55,7 +55,7 @@ spec: - /kaniko/executor args: - --dockerfile=/workspace/go/src/github.com/tektoncd/pipeline/images/Dockerfile - - --destination=$(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtBaseImage.url) + - --destination=${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtBaseImage.url} - --context=/workspace/go/src/github.com/tektoncd/pipeline volumeMounts: @@ -78,8 +78,8 @@ spec: cat < /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml # By default ko will build images on top of distroless baseImageOverrides: - $(inputs.params.pathToProject)/$(outputs.resources.builtCredsInitImage.url): $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/build-base:latest - $(inputs.params.pathToProject)/$(outputs.resources.builtGitInitImage.url): $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/build-base:latest + $(inputs.params.pathToProject)/$(outputs.resources.builtCredsInitImage.url): ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/build-base:latest + $(inputs.params.pathToProject)/$(outputs.resources.builtGitInitImage.url): ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/build-base:latest $(inputs.params.pathToProject)/$(outputs.resources.builtBashImage.url): busybox # image should have shell in $PATH $(inputs.params.pathToProject)/$(outputs.resources.builtEntrypointImage.url): busybox # image should have shell in $PATH $(inputs.params.pathToProject)/$(outputs.resources.builtGsutilImage.url): google/cloud-sdk:alpine # image should have gsutil in $PATH @@ -100,7 +100,7 @@ spec: image: gcr.io/tekton-releases/ko-ci env: - name: KO_DOCKER_REPO - value: $(inputs.params.imageRegistry) + value: ${inputs.params.imageRegistry} - name: GOPATH value: /workspace/go - name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE @@ -136,6 +136,9 @@ spec: args: - -ce - | + set -e + set -x + mkdir -p /workspace/bucket/previous/$(inputs.params.versionTag)/ cp /workspace/bucket/latest/release.yaml /workspace/bucket/previous/$(inputs.params.versionTag)/release.yaml @@ -151,21 +154,21 @@ spec: REGIONS=(us eu asia) IMAGES=( - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtEntrypointImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtKubeconfigWriterImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtCredsInitImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtGitInitImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtNopImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtBashImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtGsutilImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtControllerImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtWebhookImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtDigestExporterImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtPullRequestInitImage.url) - $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtGcsFetcherImage.url) + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtEntrypointImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtKubeconfigWriterImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtCredsInitImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGitInitImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtNopImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtBashImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGsutilImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtControllerImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtWebhookImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtDigestExporterImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtPullRequestInitImage.url} + ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGcsFetcherImage.url} ) # Parse the built images from the release.yaml generated by ko - BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/pipeline/tekton/koparse/koparse.py --path /workspace/bucket/latest/release.yaml --base $(inputs.params.imageRegistry)/$(inputs.params.pathToProject) --images ${IMAGES[@]}) ) + BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/pipeline/tekton/koparse/koparse.py --path /workspace/bucket/latest/release.yaml --base ${inputs.params.imageRegistry}/${inputs.params.pathToProject} --images ${IMAGES[@]}) ) # Auth with account credentials gcloud auth activate-service-account --key-file=/secret/release.json @@ -175,10 +178,10 @@ spec: do IMAGE_WITHOUT_SHA=${IMAGE%%@*} gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:latest - gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:$(inputs.params.versionTag) + gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:${inputs.params.versionTag} for REGION in "${REGIONS[@]}" do - for TAG in "latest" $(inputs.params.versionTag) + for TAG in "latest" ${inputs.params.versionTag} do gcloud -q container images add-tag ${IMAGE} ${REGION}.${IMAGE_WITHOUT_SHA}:$TAG done diff --git a/tekton/release-pipeline-nightly.yaml b/tekton/release-pipeline-nightly.yaml new file mode 100644 index 00000000000..7837992d440 --- /dev/null +++ b/tekton/release-pipeline-nightly.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: Pipeline +metadata: + name: pipeline-release-nightly +spec: + params: + - name: package + description: package to release + default: github.com/tektoncd/pipeline + - name: imageRegistry + default: gcr.io/tekton-nightly + resources: + - name: source-repo + type: git + - name: bucket + type: storage + - name: builtKoImage + type: image + - name: builtBaseImage + type: image + - name: builtEntrypointImage + type: image + - name: builtKubeconfigWriterImage + type: image + - name: builtCredsInitImage + type: image + - name: builtGitInitImage + type: image + - name: builtNopImage + type: image + - name: builtBashImage + type: image + - name: builtGsutilImage + type: image + - name: builtControllerImage + type: image + - name: builtWebhookImage + type: image + - name: builtDigestExporterImage + type: image + - name: builtPullRequestInitImage + type: image + - name: builtGcsFetcherImage + type: image + tasks: + - name: publish-ko-image + taskRef: + name: publish-ci-images + params: + - name: imageRegistry + value: ${params.imageRegistry} + resources: + inputs: + - name: source + resource: source-repo + outputs: + - name: builtKoImage + resource: builtKoImage + - name: publish-images + runAfter: [publish-ko-image] + taskRef: + name: publish-tekton-pipelines-nightly + params: + - name: pathToProject + value: ${params.package} + - name: imageRegistry + value: ${params.imageRegistry} + resources: + inputs: + - name: source + resource: source-repo + - name: bucket + resource: bucket + outputs: + - name: bucket + resource: bucket + - name: builtBaseImage + resource: builtBaseImage + - name: builtEntrypointImage + resource: builtEntrypointImage + - name: builtKubeconfigWriterImage + resource: builtKubeconfigWriterImage + - name: builtCredsInitImage + resource: builtCredsInitImage + - name: builtGitInitImage + resource: builtGitInitImage + - name: builtNopImage + resource: builtNopImage + - name: builtBashImage + resource: builtBashImage + - name: builtGsutilImage + resource: builtGsutilImage + - name: builtControllerImage + resource: builtControllerImage + - name: builtWebhookImage + resource: builtWebhookImage + - name: builtDigestExporterImage + resource: builtDigestExporterImage + - name: builtPullRequestInitImage + resource: builtPullRequestInitImage + - name: builtGcsFetcherImage + resource: builtGcsFetcherImage diff --git a/tekton/release-pipeline-run.yaml b/tekton/release-pipeline-run.yaml deleted file mode 100644 index 61751ffeaed..00000000000 --- a/tekton/release-pipeline-run.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineRun -metadata: - generateName: run-pipeline-release- -spec: - pipelineRef: - name: pipeline-release - serviceAccount: 'release-right-meow' - params: - - name: versionTag - value: v0.X.Y # REPLACE with the version you want to release, including `v`. For nightly releases, we might want to use `vYYYYMMDD-commit` - - name: imageRegistry - value: gcr.io/tekton-releases # REPLACE with your own registry - - name: package - value: github.com/tektoncd/pipeline - resources: - - name: source-repo - resourceRef: - name: tekton-pipelines-git - - name: bucket - resourceRef: - name: tekton-bucket - - name: builtBaseImage - resourceRef: - name: base-image - - name: builtEntrypointImage - resourceRef: - name: entrypoint-image - - name: builtKubeconfigWriterImage - resourceRef: - name: kubeconfigwriter-image - - name: builtCredsInitImage - resourceRef: - name: creds-init-image - - name: builtGitInitImage - resourceRef: - name: git-init-image - - name: builtNopImage - resourceRef: - name: nop-image - - name: builtBashImage - resourceRef: - name: bash-image - - name: builtGsutilImage - resourceRef: - name: gsutil-image - - name: builtControllerImage - resourceRef: - name: controller-image - - name: builtWebhookImage - resourceRef: - name: webhook-image - - name: builtDigestExporterImage - resourceRef: - name: digest-exporter-image - - name: builtPullRequestInitImage - resourceRef: - name: pull-request-init-image - - name: builtGcsFetcherImage - resourceRef: - name: gcs-fetcher-image diff --git a/tekton/release-pipeline.yaml b/tekton/release-pipeline.yaml index 12c4b45eded..68a3b6d0980 100644 --- a/tekton/release-pipeline.yaml +++ b/tekton/release-pipeline.yaml @@ -9,7 +9,7 @@ spec: description: package to release default: github.com/tektoncd/pipeline - name: imageRegistry - default: gcr.io/tekton-releases # REPLACE with your own registry + default: gcr.io/tekton-releases - name: versionTag description: The X.Y.Z version that the artifacts should be tagged with resources: diff --git a/tekton/resources.yaml b/tekton/resources.yaml index f66a09405c4..d6f89d5fdd8 100644 --- a/tekton/resources.yaml +++ b/tekton/resources.yaml @@ -6,9 +6,9 @@ spec: type: git params: - name: url - value: https://github.com/tektoncd/pipeline # REPLACE with your own fork + value: https://github.com/tektoncd/pipeline - name: revision - value: vX.Y.Z-invalid-tags-boouuhhh # REPLACE with your own commit + value: vX.Y.Z-invalid-tags-boouuhhh # REPLACE with the commit you want to release --- apiVersion: tekton.dev/v1alpha1 kind: PipelineResource @@ -20,12 +20,36 @@ spec: - name: type value: gcs - name: location - value: gs://tekton-releases # REPLACE with your own bucket + value: gs://tekton-releases - name: dir value: "y" --- apiVersion: tekton.dev/v1alpha1 kind: PipelineResource +metadata: + name: tekton-bucket-nightly +spec: + type: storage + params: + - name: type + value: gcs + - name: location + value: gs://tekton-releases-nightly + - name: dir + value: "y" +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: ko-image +spec: + type: image + params: + - name: url + value: ko-ci # Registry is provided via parameter, this is a hack see #569 +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource metadata: name: base-image spec: @@ -152,14 +176,4 @@ spec: type: image params: - name: url - value: vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher # Registry is provided via parameter, this is a hack see #569 ---- -apiVersion: tekton.dev/v1alpha1 -kind: PipelineResource -metadata: - name: gcs-uploader-image -spec: - type: image - params: - - name: url - value: vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-uploader # Registry is provided via parameter, this is a hack see #569 \ No newline at end of file + value: vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher # Registry is provided via parameter, this is a hack see #569 \ No newline at end of file