From 30d778ae2c1cce9c50f45a47a49c565949f15064 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 8 Apr 2024 15:58:57 +0200 Subject: [PATCH] release: add a small script to "automate" bugfix releases Adding a `bugfix-release.sh` script to automate bugfix releases. Today it is meant to be started by a maintainer, like the following ``` ./tekton/bugfix-release upstream/release-v0.47.x ``` - It will detect the old version, and commit related to the version - It will compute the new version number - It will detect the release name - If there is no different between the old version and the new one (aka, no commit in the release branch since last release), it will be exit gracefully. The idea is that, from there, we can automate the bugfix release completely. We could run this script weekly for each "supported" release branch, and it would automatically do the release for us. Signed-off-by: Vincent Demeester --- tekton/bugfix-release.sh | 67 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100755 tekton/bugfix-release.sh diff --git a/tekton/bugfix-release.sh b/tekton/bugfix-release.sh new file mode 100755 index 00000000000..c432a65a3a5 --- /dev/null +++ b/tekton/bugfix-release.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash +set -eu -o pipefail + +RELEASE_BRANCH=${1:-$(git rev-parse --abbrev-ref HEAD)} +shift + +echo "> Make sure our remotes are up-to-date" +git fetch -p --all + +TEKTON_RELEASE_GIT_SHA=$(git rev-parse "${RELEASE_BRANCH}") +TEKTON_OLD_VERSION=$(git describe --tags --abbrev=0 "${TEKTON_RELEASE_GIT_SHA}") +TEKTON_OLD_VERSION_COMMIT_SHA=$(git rev-list -n 1 "${TEKTON_OLD_VERSION}") +TEKTON_RELEASE_NAME=$(gh release view v0.47.7 --json name | jq .name | sed -e 's/.*\\"\(.*\)\\"\"/\1/') + +if [[ "${TEKTON_RELEASE_GIT_SHA}" == "${TEKTON_OLD_VERSION_COMMIT_SHA}" ]]; then + echo "> No new commit in ${RELEASE_BRANCH} (${TEKTON_RELEASE_GIT_SHA}==${TEKTON_OLD_VERSION_COMMIT_SHA})" + return 0 +fi + +TEKTON_VERSION=$(echo ${TEKTON_OLD_VERSION} | awk -F. -v OFS=. '{$NF += 1 ; print}') + +echo "> Old version : ${TEKTON_OLD_VERSION}" +echo "> Old version commit : ${TEKTON_OLD_VERSION_COMMIT_SHA}" +echo "> New version : ${TEKTON_VERSION}" +echo "> New version commit: ${TEKTON_RELEASE_GIT_SHA}" +echo "> Tekton Release Name: ${TEKTON_RELEASE_NAME}" + +# Might be overkill +git --no-pager diff "${TEKTON_OLD_VERSION_COMMIT_SHA}" "${TEKTON_RELEASE_GIT_SHA}" + +cat < workspace-template.yaml +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +EOF + +echo "> Starting the release pipeline" +tkn pipeline start pipeline-release \ + --serviceaccount=release-right-meow \ + --param=gitRevision="${TEKTON_RELEASE_GIT_SHA}" \ + --param=serviceAccountPath=release.json \ + --param=versionTag="${TEKTON_VERSION}" \ + --param=releaseBucket=gs://tekton-releases/pipeline \ + --param=releaseAsLatest="false" \ + --workspace name=release-secret,secret=release-secret \ + --workspace name=workarea,volumeClaimTemplateFile=workspace-template.yaml --use-param-defaults --pipeline-timeout 3h --showlog + +RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/${TEKTON_VERSION}/release.yaml +CONTROLLER_IMAGE_SHA=$(curl $RELEASE_FILE | egrep 'gcr.io.*controller' | cut -d'@' -f2) +REKOR_UUID=$(rekor-cli search --sha $CONTROLLER_IMAGE_SHA | grep -v Found | head -1) +echo -e "CONTROLLER_IMAGE_SHA: ${CONTROLLER_IMAGE_SHA}\nREKOR_UUID: ${REKOR_UUID}" + +echo "> Starting the release-draft pipeline" +tkn pipeline start release-draft \ + --workspace name=shared,volumeClaimTemplateFile=workspace-template.yaml \ + --workspace name=credentials,secret=release-secret \ + -p package="tektoncd/pipeline" \ + -p git-revision="${TEKTON_RELEASE_GIT_SHA}" \ + -p release-tag="${TEKTON_VERSION}" \ + -p previous-release-tag="${TEKTON_OLD_VERSION}" \ + -p release-name="${TEKTON_RELEASE_NAME}" \ + -p bucket="gs://tekton-releases/pipeline" \ + -p rekor-uuid="$REKOR_UUID" \ + --showlog