Skip to content

Commit

Permalink
add-release-pipelines
Browse files Browse the repository at this point in the history
  • Loading branch information
@JasonPowr
JasonPowr committed Jan 23, 2025
1 parent 07f5a46 commit 9ab6ce3
Show file tree
Hide file tree
Showing 14 changed files with 943 additions and 1,136 deletions.
591 changes: 22 additions & 569 deletions .tekton/release-pull-request.yaml
View file

Large diffs are not rendered by default.

589 changes: 22 additions & 567 deletions .tekton/release-push.yaml
View file

Large diffs are not rendered by default.

Empty file added pipeline-tests/sample-release/v1.0/candidate/.keep
View file
Empty file.
13 changes: 13 additions & 0 deletions pipeline-tests/sample-release/v1.0/stable/releasePlans/FBCs/fbc-v4.13.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: appstudio.redhat.com/v1alpha1
kind: ReleasePlan
metadata:
labels:
release.appstudio.openshift.io/auto-release: "false"
release.appstudio.openshift.io/releasePlanAdmission: prod
release.appstudio.openshift.io/standing-attribution: "true"
release.rhtas.stage/releasePlanAdmission: fbc-staging-index
name: fbc-v4-13-v1-1-1
namespace: rhtas-tenant
spec:
application: fbc-v4-13
target: rhtap-releng-tenant
27 changes: 27 additions & 0 deletions pipeline-tests/sample-release/v1.0/stable/releasePlans/segment-backup-job.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: appstudio.redhat.com/v1alpha1
kind: ReleasePlan
metadata:
labels:
release.appstudio.openshift.io/auto-release: "false"
release.appstudio.openshift.io/releasePlanAdmission: prod
release.rhtas.stage/releasePlanAdmission: rhtas-staging
name: segment-backup-job-1-1-1
namespace: rhtas-tenant
spec:
data:
releaseNotes:
type: "RHEA"
synopsis: "RHTAS 1.1.1 - Red Hat Trusted Artifact Signer Release"
topic: |
The 1.1.1 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details see [product documentation](https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1).
description: "The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.14 and 4.13."
solution: |
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the [Sigstore project](https://sigstore.dev/). Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to [product documentation](https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1).
You can find the release notes for this version of Red Hat Trusted Artifact Signer [here](https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.1/html-single/release_notes/index).
references:
- "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1"
- "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.1/html-single/release_notes/index"
application: segment-backup-job
target: rhtap-releng-tenant
8 changes: 8 additions & 0 deletions pipeline-tests/sample-release/v1.0/stable/releases/FBCs/fbc-4.13.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: appstudio.redhat.com/v1alpha1
kind: Release
metadata:
name: fbc-v4-13-v1-1-1
namespace: rhtas-tenant
spec:
releasePlan: fbc-v4-13-v1-1-1
snapshot: fbc-v4-13-jdcp4
8 changes: 8 additions & 0 deletions pipeline-tests/sample-release/v1.0/stable/releases/segment-backup-job.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: appstudio.redhat.com/v1alpha1
kind: Release
metadata:
name: segment-backup-job-1-1-1
namespace: rhtas-tenant
spec:
releasePlan: segment-backup-job-1-1-1
snapshot: segment-backup-job-bq8g2
267 changes: 267 additions & 0 deletions pipelines/release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,267 @@
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: rhtas-release
namespace: rhtas-tenant
spec:
description: |
A pipeline used to process and apply release and releasePlan objects for RHTAS.
params:
- name: git-url
type: string
description: Source Repository URL
- name: revision
type: string
default: ""
description: Revision of the Source Repository
- name: releases
default: ""
description: "An array of yaml defined release configurations"
- name: env
type: string
default: stage
description: Release environment should be one of stage/prod
tasks:
- name: clone-repository
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
taskRef:
params:
- name: name
value: git-clone
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981
- name: kind
value: task
resolver: bundles
workspaces:
- name: output
workspace: workspace
- name: basic-auth
workspace: git-auth
when:
- input: "$(params.releases)"
operator: notin
values:
- ""
- name: parse-release-config
runAfter:
- clone-repository
params:
- name: env
value: $(params.env)
- name: releases
value: $(params.releases)
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/parse-release-config.yaml
workspaces:
- name: output
workspace: workspace
when:
- input: "$(params.releases)"
operator: notin
values:
- ""
- name: process-release-plans
runAfter:
- parse-release-config
params:
- name: component-release-plan-dir
value: "$(tasks.parse-release-config.results.componentReleasePlanDirectory)"
- name: fbc-release-plan-dir
value: "$(tasks.parse-release-config.results.fbcReleasePlanDirectory)"
- name: env
value: $(params.env)
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/process-release-plans.yaml
workspaces:
- name: output
workspace: workspace
when:
- input: "$(params.releases)"
operator: notin
values:
- ""
- name: process-releases
runAfter:
- clone-repository
params:
- name: component-release-dir
value: "$(tasks.parse-release-config.results.componentReleaseDirectory)"
- name: fbc-release-dir
value: "$(tasks.parse-release-config.results.fbcReleaseDirectory)"
- name: env
value: $(params.env)
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/process-releases.yaml
workspaces:
- name: output
workspace: workspace
when:
- input: "$(params.releases)"
operator: notin
values:
- ""
- name: apply-component-release-plans
runAfter:
- process-release-plans
- process-releases
params:
- name: release
value: "$(tasks.parse-release-config.results.releaseComponent)"
matrix:
params:
- name: manifest
value: "$(tasks.process-release-plans.results.component-release-plans)"
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/apply-manifest.yaml
workspaces:
- name: output
workspace: workspace
- name: apply-component-release
runAfter:
- apply-component-release-plans
params:
- name: release
value: "$(tasks.parse-release-config.results.releaseComponent)"
matrix:
params:
- name: manifest
value: "$(tasks.process-releases.results.component-releases)"
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/apply-manifest.yaml
workspaces:
- name: output
workspace: workspace
- name: monitor-component-release
runAfter:
- apply-component-release
params:
- name: release
value: "$(tasks.parse-release-config.results.releaseComponent)"
matrix:
params:
- name: manifest
value: "$(tasks.process-releases.results.component-releases)"
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/monitor-release.yaml
timeout: "1h"
workspaces:
- name: output
workspace: workspace
- name: apply-fbc-release-plans
runAfter:
- monitor-component-release
params:
- name: release
value: "$(tasks.parse-release-config.results.releaseFBC)"
matrix:
params:
- name: manifest
value: "$(tasks.process-release-plans.results.fbc-release-plans)"
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/apply-manifest.yaml
workspaces:
- name: output
workspace: workspace
- name: apply-fbc-release
runAfter:
- apply-fbc-release-plans
params:
- name: release
value: "$(tasks.parse-release-config.results.releaseFBC)"
matrix:
params:
- name: manifest
value: "$(tasks.process-releases.results.fbc-releases)"
taskRef:
resolver: git
params:
- name: url
value: https://github.com/securesign/pipelines.git
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/apply-manifest.yaml
workspaces:
- name: output
workspace: workspace
- name: monitor-fbc-release
runAfter:
- apply-fbc-release
params:
- name: release
value: "$(tasks.parse-release-config.results.releaseFBC)"
matrix:
params:
- name: manifest
value: "$(tasks.process-releases.results.fbc-releases)"
taskRef:
resolver: git
params:
- name: url
value: https://github.com/JasonPowr/konflux-staging-test
- name: revision
value: add-release-pipelines # temp for testing
- name: pathInRepo
value: tasks/monitor-release.yaml
timeout: "1h"
workspaces:
- name: output
workspace: workspace
workspaces:
- name: workspace
- name: git-auth
optional: true
29 changes: 29 additions & 0 deletions release-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: rhtas-release
namespace: rhtas-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: rhtas-release-role
namespace: rhtas-tenant
rules:
- apiGroups: ["appstudio.redhat.com"]
resources: ["releaseplans", "releases"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rhtas-release-rolebinding
namespace: rhtas-tenant
subjects:
- kind: ServiceAccount
name: rhtas-release
namespace: rhtas-tenant
roleRef:
kind: Role
name: rhtas-release-role
apiGroup: rbac.authorization.k8s.io
37 changes: 37 additions & 0 deletions tasks/apply-manifest.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: apply-manifests
spec:
workspaces:
- name: output
stepTemplate:
env:
- name: HOME
value: /workspace
image: quay.io/konflux-ci/appstudio-utils:48c311af02858e2422d6229600e9959e496ddef1@sha256:91ddd999271f65d8ec8487b10f3dd378f81aa894e11b9af4d10639fd52bba7e8
workingDir: /workspace/output/source
params:
- name: manifest
type: string
description: Manifest to apply
- name: release
type: string
default: "false"
description: whether or not to apply the manifest
steps:
- name: apply-manifest
script: |
#!/usr/bin/env bash
set -euo pipefail
echo "Applying: $(params.manifest)"
cat "$(params.manifest)"
echo ""
if [ "$(params.release)" == "true" ]; then
oc apply -f "$(params.manifest)"
else
echo "Performing DRY RUN"
oc apply --dry-run=server -f "$(params.manifest)"
fi
Loading

0 comments on commit 9ab6ce3

Please sign in to comment.