Skip to content

Releasing tooling for the cert-manager project

License

Notifications You must be signed in to change notification settings

hzhou97/release

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cert-manager release tooling

This repository contains release tooling for the cert-manager project.

cmrel

cmrel is the central hub for release managers interacting with the release process.

It has 3 primary functions:

  • Staging new releases
  • Listing staged releases
  • Publishing a staged release

Creating an official release

WARNING: following these steps exactly will push out a public facing release! Please use this as an example only.

In this example, we're going to build, stage and publish a full official release from source.

For example purposes, we'll:

  1. Use the release-0.14 branch in cert-manager as the 'source'
  2. Create the release with version v0.14.0

Step 1 - stage the release

'Staging' a release is the process of:

  • Cloning the cert-manager repository
  • Running a 'release build'
  • Storing build release artifacts & associated metadata in Google Cloud Storage

The cmrel tool provides a subcommand to start this process, cmrel stage. Full usage information for cmrel stage:

Flags:
      --branch string                 The git branch to build the release from. If --git-ref is not specified, the HEAD of this branch will be looked up on GitHub. (default "master")
      --bucket string                 The name of the GCS bucket to stage the release to. (default "cert-manager-release")
      --cloudbuild string             The path to the cloudbuild.yaml file used to perform the cert-manager crossbuild. The default value assumes that this tool is run from the root of the release repository. (default "./gcb/stage/cloudbuild.yaml")
      --git-ref string                The git commit ref of cert-manager that should be staged.
  -h, --help                          help for stage
      --org string                    Name of the GitHub org to fetch cert-manager sources from. (default "jetstack")
      --project string                The GCP project to run the GCB build jobs in. (default "cert-manager-release")
      --published-image-repo string   The docker image repository set when building the release. (default "quay.io/jetstack")
      --release-version string        Optional release version override used to force the version strings used during the release to a specific value.
      --repo string                   Name of the GitHub repo to fetch cert-manager sources from. (default "cert-manager")

The default values here are optimised for pushing an official release. If you are intending to publish this release to your own project/namespace, you should be sure to change the --published-image-repo flag accordingly.

If you are not a 'cert-manager release manager', you will also need to use an alternative --project and --bucket flag that you have sufficient permission to publish to.

We'll run cmrel stage below to start a GCB job to stage the release:

$ cmrel stage \
    --branch release-0.14 \
    --release-version v0.14.0

This will trigger a job to run on GCB which will build and push the release artifacts to the staging bucket.

After executing, you should see a message indicating where you can visit to follow along and view logs to track the build progress.

Once complete, cmrel stage should exit successfully.

Step 2 - listing staged builds

After a build has been staged, it's important that you verify the release has been published to the bucket as expected.

The cmrel staged command will print a simple list of releases that have been staged to the release bucket.

Full usage information for cmrel staged:

Flags:
      --bucket string            The name of the GCS bucket containing the staged releases. (default "cert-manager-release")
      --git-ref string           Optional specific git reference to list staged releases for - if specified, --release-version must also be specified.
  -h, --help                     help for staged
      --release-type string      The type of release to list - usually one of 'release' or 'devel' (default "release")
      --release-version string   Optional release version override used to force the version strings used during the release to a specific value.

Running it will print a list of staged releases:

$ cmrel staged
...
NAME                                             VERSION DATE
v0.14.0-f6da9c76877551ef32503b17189bb178501f59a7 v0.14.0 UNKNOWN

Here we can see a single release in the bucket, version v0.14.0. The git commit ref is also included as part of the name, so you can be sure that the correct revision of cert-manager has in fact been built.

Once you have found the release you wish to stage in this list, make a note of the release's name and proceed to step 3!

Step 3 - publishing a staged release

Once a release has been staged into the release bucket and we've verified it has been built from the correct revision of cert-manager, we are now ready to trigger the publishing stage of the release.

In this step, the staged release is fetched from Google Cloud Storage, validated, and then pushed out to public facing locations.


$ cmrel publish \
    --release-name v0.14.0-f6da9c76877551ef32503b17189bb178501f59a7 \
    --nomock

If you do not specify the --nomock flag, cmrel will not push any artifacts and will only fetch and validate the release before exiting.

The final stage of this step is to create a GitHub release in the cert-manager repository, as well as uploading 'static manifests' to the release. To allow you to update the release with proper release notes before publishing, cmrel will mark the created release as a DRAFT. You must then edit the release to include the appropriate release notes, and then hit 'Publish'!

If you are intending to publish to your own, private release buckets (i.e. to test this whole workflow, or for creating internal releases) you should be sure to set the following flags when calling cmrel publish:

    --published-image-repo='quay.io/mycompany' # prefix for images, e.g. 'quay.io/mycompany'
    --published-helm-chart-bucket='mycompany-helm-charts' # name of the GCS bucket where the built Helm chart should be stored
    --published-github-org='mycompany' # name of the GitHub org containing the repo that will be tagged at the end

About

Releasing tooling for the cert-manager project

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 98.9%
  • Shell 1.1%