These steps provide a no-frills guide to performing an official release of Tekton Pipelines. To follow these steps you'll need a checkout of the pipelines repo, a terminal window and a text editor.
-
Setup a context to connect to the dogfooding cluster if you haven't already.
-
Install the rekor CLI if you haven't already.
-
cd
to root of Pipelines git checkout. -
Select the commit you would like to build the release from, most likely the most recent commit at https://github.com/tektoncd/pipeline/commits/main and note the commit's full (40-digit) hash.
-
Ensure the correct version of the release pipeline is installed on the cluster:
kustomize build tekton | kubectl --context dogfooding replace -f -
-
Create environment variables for bash scripts in later steps.
TEKTON_VERSION=# Example: v0.21.0 TEKTON_RELEASE_GIT_SHA=# SHA of the release to be released
-
Confirm commit SHA matches what you want to release.
git show $TEKTON_RELEASE_GIT_SHA
-
Create a workspace template file:
cat <<EOF > workspace-template.yaml spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi EOF
-
Execute the release pipeline (takes ~45 mins).
If you are back-porting include this flag:
--param=releaseAsLatest="false"
tkn --context dogfooding pipeline start pipeline-release \ --serviceaccount=release-right-meow \ --param=gitRevision="${TEKTON_RELEASE_GIT_SHA}" \ --param=serviceAccountPath=release.json \ --param=versionTag="${TEKTON_VERSION}" \ --param=releaseBucket=gs://tekton-releases/pipeline \ --workspace name=release-secret,secret=release-secret \ --workspace name=workarea,volumeClaimTemplateFile=workspace-template.yaml
Accept the default values of the parameters (except for "releaseAsLatest" if backporting).
-
Watch logs of pipeline-release.
-
Once the pipeline is complete, check its results:
tkn --context dogfooding pr describe <pipeline-run-name> (...) 📝 Results NAME VALUE ∙ commit-sha ff6d7abebde12460aecd061ab0f6fd21053ba8a7 ∙ release-file https://storage.googleapis.com/tekton-releases-nightly/pipeline/previous/v20210223-xyzxyz/release.yaml ∙ release-file-no-tag https://storage.googleapis.com/tekton-releases-nightly/pipeline/previous/v20210223-xyzxyz/release.notag.yaml (...)
The
commit-sha
should match$TEKTON_RELEASE_GIT_SHA
. The two URLs can be opened in the browser or viacurl
to download the release manifests. -
The YAMLs are now released! Anyone installing Tekton Pipelines will get the new version. Time to create a new GitHub release announcement:
- Choose a name for the new release! The usual pattern is "< cat breed > < famous robot >" e.g. "Ragdoll Norby". For LTS releases, add a suffix "LTS" in the name such as "< cat breed > < famous robot > LTS" e.g. "Ragdoll Norby LTS". Browse the releases page or run this command to check which names have already been used:
curl \ -H "Accept: application/vnd.github.v3+json" \ https://api.github.com/repos/tektoncd/pipeline/releases\?per_page=100 \ | jq ".[].name"
- Find the Rekor UUID for the release
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/${TEKTON_VERSION}/release.yaml CONTROLLER_IMAGE_SHA=$(curl $RELEASE_FILE | egrep 'gcr.io.*controller' | cut -d'@' -f2) REKOR_UUID=$(rekor-cli search --sha $CONTROLLER_IMAGE_SHA | grep -v Found | head -1) echo -e "CONTROLLER_IMAGE_SHA: ${CONTROLLER_IMAGE_SHA}\nREKOR_UUID: ${REKOR_UUID}"
- Create additional environment variables
TEKTON_OLD_VERSION=# Example: v0.11.1 TEKTON_RELEASE_NAME=# The release name you just chose, e.g.: "Ragdoll Norby"
- Execute the Draft Release Pipeline.
tkn --context dogfooding pipeline start \ --workspace name=shared,volumeClaimTemplateFile=workspace-template.yaml \ --workspace name=credentials,secret=release-secret \ -p package="tektoncd/pipeline" \ -p git-revision="$TEKTON_RELEASE_GIT_SHA" \ -p release-tag="${TEKTON_VERSION}" \ -p previous-release-tag="${TEKTON_OLD_VERSION}" \ -p release-name="${TEKTON_RELEASE_NAME}" \ -p bucket="gs://tekton-releases/pipeline" \ -p rekor-uuid="$REKOR_UUID" \ release-draft
-
Watch logs of create-draft-release
-
On successful completion, a URL will be logged. Visit that URL and look through the release notes.
-
Manually add upgrade and deprecation notices based on the generated release notes
-
Double-check that the list of commits here matches your expectations for the release. You might need to remove incorrect commits or copy/paste commits from the release branch. Refer to previous releases to confirm the expected format.
-
Un-check the "This is a pre-release" checkbox since you're making a legit for-reals release!
-
Publish the GitHub release once all notes are correct and in order.
-
Create a branch for the release named
release-<version number>x
, e.g.release-v0.28.x
and push it to the repo https://github.com/tektoncd/pipeline. (This can be done on the Github UI.) Make sure to fetch the commit specified inTEKTON_RELEASE_GIT_SHA
to create the released branch. -
If the release introduces a new minimum version of Kubernetes required, edit
README.md
onmain
branch and add the new requirement with in the "Required Kubernetes Version" section -
Edit
releases.md
on themain
branch, add an entry for the release.- In case of a patch release, replace the latest release with the new one, including links to docs and examples. Append the new release to the list of patch releases as well.
- In case of a minor or major release, add a new entry for the release, including links to docs and example
- Check if any release is EOL, if so move it to the "End of Life Releases" section
-
Push & make PR for updated
releases.md
andREADME.md
-
Test release that you just made against your own cluster (note
--context my-dev-cluster
):# Test latest kubectl --context my-dev-cluster apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# Test backport kubectl --context my-dev-cluster apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.11.2/release.yaml
-
Announce the release in Slack channels #general, #announcements and #pipelines. Optional: Add a photo of this release's "purr programmer" (someone's cat).
-
Update the catalog repo test infrastructure to use the new release by updating the
RELEASE_YAML
link in e2e-tests.sh. -
For major releases, the website sync configuration to include the new release.
Congratulations, you're done!
-
Configure
kubectl
to connect to the dogfooding cluster:gcloud container clusters get-credentials dogfooding --zone us-central1-a --project tekton-releases
-
Give the context a short memorable name such as
dogfooding
:kubectl config rename-context gke_tekton-releases_us-central1-a_dogfooding dogfooding
-
Important: Switch
kubectl
back to your own cluster by default.kubectl config use-context my-dev-cluster