[kots]: configure werft build command #8867
Conversation
mrsimonemms
force-pushed
the
sje/kots-release
branch
from
2b67982 to
ddd5f59
Compare
mrsimonemms
force-pushed
the
sje/kots-release
branch
4 times, most recently
from
cae19ea to
c9626cc
Compare
mrsimonemms
force-pushed
the
sje/kots-release
branch
5 times, most recently
from
a81e506 to
00bcc19
Compare
mrsimonemms
force-pushed
the
sje/kots-release
branch
7 times, most recently
from
07bca44 to
377a00b
Compare
mrsimonemms
force-pushed
the
sje/kots-release
branch
2 times, most recently
from
aba2179 to
de6c6c2
Compare
When a build is run on the main branch, it publishes the latest release to the unstable channel in KOTS.
mrsimonemms
force-pushed
the
sje/kots-release
branch
from
de6c6c2 to
0242301
Compare
github-actions
bot
added
the
team: delivery
mrsimonemms
changed the title
roboquat
added
release-note
and removed
do-not-merge/work-in-progress
do-not-merge/release-note-label-needed
labels
There was a problem hiding this comment.
Awesome Work, @mrsimonemms! This should be really great for testing.
I don't have experience working with werft but I see that we did the following, to publish automatic unstable kots releases on main, and perform lint for builds
- Create a new build job in
publish-kots-unstablethat is toggled only if its a main job! As this performs the publishing. - For the above job to work, we need the relevant env variables that we seem to have created K8s secrets for, and attach them as variables which are then passed to the job in
build-and-publish.ts - Update
BUILD.yamlto include the lint action which we probably use for CI PR builds. (So, the required env variables are automatically passed here as they are on the same k8s cluster?)
/hold to get a @corneliusludmann review just to make sure that we aren't missing any of the werft stuff that I am not aware of!
There was a problem hiding this comment.
Looks good to me as well. The comment I left is more a nit. Feel free to ignore or add a small follow-up PR. Nothing that should prevent us from merging this.
Probably a good idea if that person that removes the hold label has an eye on the main build to fix it in case we break it with this change.
By the way: I was wondering why the MIT license is used for these files. Maybe we need to figure out if this is really what we want. Most of our stuff is under AGPL and not MIT.
| // Set the tag to the current version | ||
| exec(`yq w -i ${REPLICATED_YAML_DIR}/gitpod-installer-job.yaml ${INSTALLER_JOB_IMAGE} ${image}:${config.version}`); | ||
|
|
||
| const app = exec(`kubectl get secret ${REPLICATED_SECRET} --namespace werft -o jsonpath='{.data.app}' | base64 -d`); |
There was a problem hiding this comment.
Wouldn't it be easier to just use process.env.REPLICATED_API_TOKEN and process.env.REPLICATED_APP instead?
I'll do a follow-up PR. It hadn't occurred to me at the time.
I just used the |
|
/unhold |
Description
Automate the KOTS process.
make linton the manifests during the build phase. Although this is far from perfect, it's a good indication if there are any problems in the manifests. As per the guidelines, warnings and below return successful. Thereplicated lintcommand requires theREPLICATED_APPandREPLICATED_API_TOKENenvvars being set. This is a bug in the systemmainbuild is successful, updates thegitpod-installer-job.yamlimage tag and pushes togitpod/unstablechannel in Replicated.Related Issue(s)
Fixes #8866
How to test
See release 20 as a demo of the
replicated release createcommand working on any branch and then release 21 of it being wrapped in theif mainBranchconditionalAnd here's proof that the release to Replicated works
Release Notes
Documentation