Why do Tekton projects have a folder called tekton? Cuz we think it would be cool if the tekton folder were the place to look for CI/CD logic in most repos!

We dogfood our project by using Tekton to build, test, and release Tekton! This directory contains the Tasks and Pipelines that we use.

• How to create a release
• Automated nightly releases
• Setup releases
• npm packages

To create an official release, follow the steps in the release-cheat-sheet

The nightly release pipeline is triggered nightly by Tekton.

This uses the same Pipeline and Tasks as an official release.

To start from scratch and use these Pipelines and Tasks:

1. Install Tekton
2. Setup the Tasks and Pipelines
3. Create the required service account + secrets

# If this is your first time installing Tekton in the cluster you might need to give yourself permission to do so
kubectl create clusterrolebinding cluster-admin-binding-someusername \
  --clusterrole=cluster-admin \
  --user=$(gcloud config get-value core/account)

# Example, Tekton v0.29.0
export TEKTON_VERSION=0.29.0
kubectl apply --filename  https://storage.googleapis.com/tekton-releases/pipeline/previous/v${TEKTON_VERSION}/release.yaml

Add all the Tasks to the cluster, including the git-clone and gcs-upload Tasks from the tektoncd/catalog, and the release Tasks from tektoncd/plumbing.

Use a version of the tektoncd/catalog tasks that is compatible with version of Tekton being released, usually main. Install Tasks from plumbing too:

# Apply the Tasks we are using from the catalog
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.2/git-clone.yaml
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/gcs-upload/0.1/gcs-upload.yaml
# Apply the Tasks we are using from tektoncd/plumbing
kubectl apply -f https://raw.githubusercontent.com/tektoncd/plumbing/main/tekton/resources/release/base/prerelease_checks.yaml

Apply the tasks from the dashboard repo:

# Apply the Tasks and Pipelines we use from this repo
kubectl apply -f tekton/build.yaml
kubectl apply -f tekton/publish.yaml
kubectl apply -f tekton/release-pipeline.yaml

Tasks and Pipelines from this repo are:

• build.yaml - This Task builds the UI bundles and places them in the kodata directory to be picked up by the backend
• publish.yaml - This Task uses ko to build all of the container images we release and generate the release.yaml
• release-pipeline.yaml - This Pipeline uses the above Tasks

In order to release, these Pipelines use the release-right-meow service account, which uses release-secret and has Storage Admin access to tekton-releases and tekton-releases-nightly.

After creating these service accounts in GCP, the kubernetes service account and secret were created with:

KEY_FILE=release.json
GENERIC_SECRET=release-secret
ACCOUNT=release-right-meow

# Connected to the `prow` in the `tekton-releases` GCP project
GCP_ACCOUNT="$ACCOUNT@tekton-releases.iam.gserviceaccount.com"

# 1. Create a private key for the service account
gcloud iam service-accounts keys create $KEY_FILE --iam-account $GCP_ACCOUNT

# 2. Create kubernetes secret, which we will use via a service account and directly mounting
kubectl create secret generic $GENERIC_SECRET --from-file=./$KEY_FILE

# 3. Add the docker secret to the service account
kubectl patch serviceaccount $ACCOUNT \
  -p "{\"secrets\": [{\"name\": \"$GENERIC_SECRET\"}]}"

To release a new version of the npm packages, e.g. @tektoncd/dashboard-components:

1. ensure you have the relevant commit checked out and that you're at the root of the project
2. npm --workspaces version <version> where version is a valid semver string, e.g. 0.24.1-alpha.0
3. npm --workspaces publish
4. enter your OTP when prompted
5. once the packages are published run npm install
6. stage and commit the changes to the package.json and package-lock.json files and open a new PR to record the release