Use unique identifiers for dashboard publish

LyndseyBu · Feb 3, 2020 · 9089e6b · 9089e6b
1 parent a0866ee
commit 9089e6b
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 56 deletions.
diff --git a/tekton/README.md b/tekton/README.md
@@ -14,7 +14,7 @@ First, ensure that your credentials are set up correctly. You will need an accou
 ```bash
 KEY_FILE=release.json
 GENERIC_SECRET=release-secret
-# The kubernetes ServiceAccount that will be used by your Tekton tasks. 'default' is the default. It should all ready exist.
+# The kubernetes ServiceAccount that will be used by your Tekton tasks. 'default' is the default. It should already exist.
 SERVICE_ACCOUNT=default
 GCP_ACCOUNT="release-right-meow@tekton-releases.iam.gserviceaccount.com"
 
@@ -53,14 +53,13 @@ You may want to run a test release first. To do this:
 So for example, we might want to run one or more test releases under the name 'test-release'. 
 
 - Go to https://console.cloud.google.com/storage/browser/tekton-releases/dashboard and click 'Create folder'. Create the folder Buckets/tekton-releases/dashboard/test-release.
-- Modify every reference of `latest` in `publish.yaml` so we don't write to that area.
-- Modify the tekton-bucket PipelineResource:
+- Modify the tekton-bucket-dashboard PipelineResource:
 
 ```yaml
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
 metadata:
-  name: tekton-bucket
+  name: tekton-bucket-dashboard
 spec:
   type: storage
   params:
@@ -84,13 +83,13 @@ Run a test release:
 ```bash
 VERSION_TAG=test-1
 PIPELINE_NAMESPACE=tekton-pipelines
-tkn pipeline start dashboard-release -p versionTag=$VERSION_TAG -r source-repo=tekton-dashboard-git -r bucket=tekton-bucket -r builtDashboardImage=dashboard-image -n $PIPELINE_NAMESPACE -s $SERVICE_ACCOUNT -p bucketName=test-release
+tkn pipeline start dashboard-release -p versionTag=$VERSION_TAG -r dashboard-source-repo=tekton-dashboard-git -r bucket-for-dashboard=tekton-bucket-dashboard -r builtDashboardImage=dashboard-image -n $PIPELINE_NAMESPACE -s $SERVICE_ACCOUNT -p bucketName=mytestbucket
 ```
 
-This will result in release artifacts appearing in the Google Cloud bucket `gs://tekton-releases/dashboard/test-release/test-1`. If you need to run a second build, incremement $VERSION_TAG. Once you're finished, clean up:
+This will result in release artifacts appearing in the Google Cloud bucket `gs://tekton-releases/dashboard/mytestbucket/test-1`. If you need to run a second build, incremement $VERSION_TAG. Once you're finished, clean up:
 
-- delete /test-release from the PipelineResource and reapply your changes
-- delete the temporary /test-release bucket in Google Cloud
+- delete /mytestbucket from the PipelineResource and reapply your changes
+- delete the temporary /mytestbucket bucket in Google Cloud
 
 ## Running a release build
 
@@ -99,17 +98,17 @@ Now you can kick off the release build:
 ```bash
 VERSION_TAG=vX.Y.Z
 PIPELINE_NAMESPACE=tekton-pipelines
-tkn pipeline start dashboard-release -p versionTag=$VERSION_TAG -r source-repo=tekton-dashboard-git -r bucket=tekton-bucket -r builtDashboardImage=dashboard-image -n $PIPELINE_NAMESPACE -s $SERVICE_ACCOUNT -p bucketName=latest
+tkn pipeline start dashboard-release -p versionTag=$VERSION_TAG -r dashboard-source-repo=tekton-dashboard-git -r bucket-for-dashboard=tekton-bucket-dashboard -r builtDashboardImage=dashboard-image -n $PIPELINE_NAMESPACE -s $SERVICE_ACCOUNT -p bucketName=latest
 ```
 
-Monitor the build logs to see the image coordinates that the image is pushed to. The `release.yaml` should appear under https://console.cloud.google.com/storage/browser/tekton-releases/dashboard.
+Monitor the build logs to see the image coordinates that the image is pushed to. The release yaml files should appear under https://console.cloud.google.com/storage/browser/tekton-releases/dashboard.
 
 ## Manually complete the release work
 
 We have a number of tasks that are yet to be automated:
 
 - Write the release notes
-- Attach `release.yaml` and `openshift-tekton-dashboard.yaml` files from https://console.cloud.google.com/storage/browser/tekton-releases/dashboard
+- Attach `.yaml` files from https://console.cloud.google.com/storage/browser/tekton-releases/dashboard - be sure you copy the locked down image ones (look under `previous`): any containers such as `kubectl` and `oauth-proxy` should reference an image sha and not a tag such as `latest`
 - Optionally repeat for the Webhooks Extension (automation in progress)
 - Fix up image coordinates in `/README.md` for the normal and Openshift installs
 - Publish the GitHub release
diff --git a/tekton/build.yml b/tekton/build.yml
@@ -6,12 +6,12 @@ metadata:
 spec:
   inputs:
     resources:
-      - name: source
+      - name: dashboard-source-repo
         type: git
         targetPath: go/src/github.com/tektoncd/dashboard
   outputs:
     resources:
-      - name: source
+      - name: dashboard-source-repo
         type: git
   steps:
     - name: build-static
@@ -45,7 +45,7 @@ spec:
       command: ["/bin/sh", "-ce"]
       args:
         - |
-          # Further to https://github.com/tektoncd/pipeline/pull/1122 it is necessary to copy files into $(outputs.resources.source.path)
-          echo "Input source path=$(inputs.resources.source.path)"
-          echo "Output source path=$(outputs.resources.source.path)"
-          cp -r $(inputs.resources.source.path)/* $(outputs.resources.source.path)
+          # Further to https://github.com/tektoncd/pipeline/pull/1122 it is necessary to copy files into $(outputs.resources.dashboard-source-repo.path)
+          echo "Input source path=$(inputs.resources.dashboard-source-repo.path)"
+          echo "Output source path=$(outputs.resources.dashboard-source-repo.path)"
+          cp -r $(inputs.resources.dashboard-source-repo.path)/* $(outputs.resources.dashboard-source-repo.path)
diff --git a/tekton/publish.yaml b/tekton/publish.yaml
@@ -7,10 +7,10 @@ metadata:
 spec:
   inputs:
     resources:
-      - name: source
+      - name: dashboard-source-repo
         type: git
         targetPath: go/src/github.com/tektoncd/dashboard
-      - name: bucket
+      - name: bucket-for-dashboard
         type: storage
     params:
       - name: versionTag
@@ -23,12 +23,12 @@ spec:
         description: Use latest if it's a real release, otherwise the name of a test bucket you've made on GCS
         # For example, you may have made Buckets/tekton-releases/dashboard/mytestbucket for testing and then you'll get
         # lockdown.py, a folder called previous, and a folder called test-release if you run with
-        # tkn pipeline start dashboard-release -p versionTag=$VERSION_TAG -r source-repo=tekton-dashboard-git -r bucket=tekton-bucket -r builtDashboardImage=dashboard-image -n $PIPELINE_NAMESPACE -s $SERVICE_ACCOUNT -p bucketName=test-release
+        # tkn pipeline start dashboard-release -p versionTag=$VERSION_TAG -r dashboard-source-repo=tekton-dashboard-git -r bucket=tekton-bucket-dashboard -r builtDashboardImage=dashboard-image -n $PIPELINE_NAMESPACE -s $SERVICE_ACCOUNT -p bucketName=test-release
         # mytestbucket is specified in resources.yaml as the location value for the storage bucket
 
   outputs:
     resources:
-      - name: bucket
+      - name: bucket-for-dashboard
         type: storage
       - name: builtDashboardImage
         type: image
@@ -38,15 +38,15 @@ spec:
       command: ["cp"]
       args:
         - -r
-        - "/workspace/bucket"
+        - "/workspace/bucket-for-dashboard"
         - "/workspace/output/"
     - name: ensure-release-dirs-exist
       image: busybox
       command: ["mkdir"]
       args:
         - "-p"
-        - "/workspace/output/bucket/$(inputs.params.bucketName)/"
-        - "/workspace/output/bucket/previous/"
+        - "/workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/"
+        - "/workspace/output/bucket-for-dashboard/previous/"
     - name: dashboard-run-ko
       # TODO(#639) we should be able to use the image built by an upstream Task here instead of hardcoding
       # Want to use your own plumbing image? Change this
@@ -83,31 +83,33 @@ spec:
           ko version
           kustomize version # Tested with 3.5.4
 
-          kustomize build overlays/dev | ko resolve --preserve-import-paths -f - > /workspace/output/bucket/$(inputs.params.bucketName)/tekton-dashboard-release.yaml
-          kustomize build overlays/dev-locked-down | ko resolve --preserve-import-paths -f - > /workspace/output/bucket/$(inputs.params.bucketName)/tekton-dashboard-release-readonly.yaml
-          kustomize build overlays/dev-openshift --load_restrictor=LoadRestrictionsNone | ko resolve --preserve-import-paths -f - > /workspace/output/bucket/$(inputs.params.bucketName)/openshift-tekton-dashboard-release.yaml
-          kustomize build overlays/dev-openshift-locked-down --load_restrictor=LoadRestrictionsNone | ko resolve --preserve-import-paths -f - > /workspace/output/bucket/$(inputs.params.bucketName)/openshift-tekton-dashboard-release-readonly.yaml
+          kustomize build overlays/dev | ko resolve --preserve-import-paths -f - > /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/tekton-dashboard-release.yaml
+          kustomize build overlays/dev-locked-down | ko resolve --preserve-import-paths -f - > /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/tekton-dashboard-release-readonly.yaml
+          kustomize build overlays/dev-openshift --load_restrictor=LoadRestrictionsNone | ko resolve --preserve-import-paths -f - > /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/openshift-tekton-dashboard-release.yaml
+          kustomize build overlays/dev-openshift-locked-down --load_restrictor=LoadRestrictionsNone | ko resolve --preserve-import-paths -f - > /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/openshift-tekton-dashboard-release-readonly.yaml
       volumeMounts:
         - name: gcp-secret
           mountPath: /secret
 
     - name: copy-to-tagged-bucket
       image: busybox
-      workingDir: "/workspace/output/bucket"
+      workingDir: "/workspace/output/bucket-for-dashboard"
       command:
         - /bin/sh
       args:
         - -ce
         - |
-          mkdir -p /workspace/output/bucket/previous/$(inputs.params.versionTag)/
-          cp /workspace/output/bucket/$(inputs.params.bucketName)/tekton-dashboard-release.yaml /workspace/output/bucket/previous/$(inputs.params.versionTag)/
-          cp /workspace/output/bucket/$(inputs.params.bucketName)/tekton-dashboard-release-readonly.yaml /workspace/output/bucket/previous/$(inputs.params.versionTag)/
-          cp /workspace/output/bucket/$(inputs.params.bucketName)/openshift-tekton-dashboard-release.yaml /workspace/output/bucket/previous/$(inputs.params.versionTag)/
-          cp /workspace/output/bucket/$(inputs.params.bucketName)/openshift-tekton-dashboard-release-readonly.yaml /workspace/output/bucket/previous/$(inputs.params.versionTag)/
+          set -x
+          find .
+          mkdir -p /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/
+          cp /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/tekton-dashboard-release.yaml /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/
+          cp /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/tekton-dashboard-release-readonly.yaml /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/
+          cp /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/openshift-tekton-dashboard-release.yaml /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/
+          cp /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/openshift-tekton-dashboard-release-readonly.yaml /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/
 
     - name: tag-external-images
       image: python
-      workingDir: "/workspace/output/bucket"
+      workingDir: "/workspace/output/bucket-for-dashboard"
       command:
         - /bin/sh
       args:
@@ -116,10 +118,10 @@ spec:
           curl https://raw.githubusercontent.com/tektoncd/dashboard/master/tekton/scripts/lockdown.py --output lockdown.py
           chmod +x lockdown.py
           pip install docker
-          ./lockdown.py --omit dashboard --path /workspace/output/bucket/previous/$(inputs.params.versionTag)/tekton-dashboard-release.yaml
-          ./lockdown.py --omit dashboard --path /workspace/output/bucket/previous/$(inputs.params.versionTag)/tekton-dashboard-release-readonly.yaml
-          ./lockdown.py --omit dashboard --path /workspace/output/bucket/previous/$(inputs.params.versionTag)/openshift-tekton-dashboard-release.yaml
-          ./lockdown.py --omit dashboard --path /workspace/output/bucket/previous/$(inputs.params.versionTag)/openshift-tekton-dashboard-release-readonly.yaml
+          ./lockdown.py --omit dashboard --path /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/tekton-dashboard-release.yaml
+          ./lockdown.py --omit dashboard --path /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/tekton-dashboard-release-readonly.yaml
+          ./lockdown.py --omit dashboard --path /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/openshift-tekton-dashboard-release.yaml
+          ./lockdown.py --omit dashboard --path /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/previous/$(inputs.params.versionTag)/openshift-tekton-dashboard-release-readonly.yaml
       volumeMounts:
         - name: docker-socket
           mountPath: /var/run/docker.sock
@@ -145,7 +147,7 @@ spec:
             $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtDashboardImage.url)
           )
           # Parse the built images from the release.yaml generated by ko
-          BUILT_IMAGES=( $(/usr/bin/koparse.py --path /workspace/output/bucket/$(inputs.params.bucketName)/tekton-dashboard-release.yaml --base $(inputs.params.imageRegistry)/$(inputs.params.pathToProject) --images ${IMAGES[@]}) )
+          BUILT_IMAGES=( $(/usr/bin/koparse.py --path /workspace/output/bucket-for-dashboard/$(inputs.params.bucketName)/tekton-dashboard-release.yaml --base $(inputs.params.imageRegistry)/$(inputs.params.pathToProject) --images ${IMAGES[@]}) )
 
           # Auth with account credentials
           gcloud auth activate-service-account --key-file=/secret/release.json

diff --git a/tekton/release-pipeline.yml b/tekton/release-pipeline.yml
@@ -15,9 +15,9 @@ spec:
     - name: bucketName
       description: The name of the bucket to use
   resources:
-    - name: source-repo
+    - name: dashboard-source-repo
       type: git
-    - name: bucket
+    - name: bucket-for-dashboard
       type: storage
     - name: builtDashboardImage
       type: image
@@ -27,11 +27,11 @@ spec:
         name: build-tekton-dashboard
       resources:
         inputs:
-          - name: source
-            resource: source-repo
+          - name: dashboard-source-repo
+            resource: dashboard-source-repo
         outputs:
-          - name: source
-            resource: source-repo
+          - name: dashboard-source-repo
+            resource: dashboard-source-repo
     - name: publish-images
       runAfter: [build]
       taskRef:
@@ -47,13 +47,13 @@ spec:
           value: $(params.bucketName)
       resources:
         inputs:
-          - name: source
-            resource: source-repo
+          - name: dashboard-source-repo
+            resource: dashboard-source-repo
             from: [build]
-          - name: bucket
-            resource: bucket
+          - name: bucket-for-dashboard
+            resource: bucket-for-dashboard
         outputs:
-          - name: bucket
-            resource: bucket
+          - name: bucket-for-dashboard
+            resource: bucket-for-dashboard
           - name: builtDashboardImage
             resource: builtDashboardImage
diff --git a/tekton/resources.yaml b/tekton/resources.yaml
@@ -14,17 +14,16 @@ spec:
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
 metadata:
-  name: tekton-bucket
+  name: tekton-bucket-dashboard
 spec:
   type: storage
   params:
     - name: type
       value: gcs
     - name: location
       # This value is where our folder sits, so for example
-      # https://console.cloud.google.com/storage/browser/tekton-releases/dashboard/mytestbucket
-      value: gs://tekton-releases/dashboard/mytestbucket
-      # If you're ready to publish you would omit the mytestbucket part
+      # https://console.cloud.google.com/storage/browser/tekton-releases/dashboard
+      value: gs://tekton-releases/dashboard
     - name: dir
       value: "y"
 ---