Why do Tekton projects have a folder called tekton? Cuz we think it would be cool if the tekton folder were the place to look for CI/CD logic in most repos!

We dogfood our project by using Tekton to build, test, and release Tekton! This directory contains the Tasks and Pipelines that we use.

• How to create a release
• How to create a patch release
• Automated nightly releases
• Setup releases
• npm packages

To create an official release, follow the steps in the release-cheat-sheet

Sometimes we'll find bugs that we want to backport fixes for into previous releases or discover things that were missing from a release that are required by upstream consumers of a project. In that case we'll make a patch release. To make one:

1. Create a branch for the release named release-<version number>.x, e.g. release-v0.18.x and push it to the repo https://github.com/tektoncd/dashboard (you may need help from an OWNER with permission to push) if that release branch does not exist.
2. Use git cherry-pick to cherry pick the fixes from main into the release branch you have created (use -x to include the original commit information).
3. Create an official release for the patch, with the patch version incremented

The nightly release pipeline is triggered nightly by Tekton.

This uses the same Pipeline and Tasks as an official release.

If you need to manually trigger a nightly release, switch to the dogfooding context and run the following (substituting the date/time with current values):

kubectl create job --from=cronjob/nightly-cron-trigger-dashboard-nightly-release dashboard-nightly-20220426-1314

To start from scratch and use these Pipelines and Tasks:

1. Install Tekton
2. Setup the Tasks and Pipelines
3. Create the required service account + secrets

# If this is your first time installing Tekton in the cluster you might need to give yourself permission to do so
kubectl create clusterrolebinding cluster-admin-binding-someusername \
  --clusterrole=cluster-admin \
  --user=$(gcloud config get-value core/account)

# Example, Tekton v0.29.0
export TEKTON_VERSION=0.29.0
kubectl apply --filename  https://storage.googleapis.com/tekton-releases/pipeline/previous/v${TEKTON_VERSION}/release.yaml

Add all the Tasks to the cluster, including the git-clone and gcs-upload Tasks from the tektoncd/catalog, and the release Tasks from tektoncd/plumbing.

Use a version of the tektoncd/catalog tasks that is compatible with version of Tekton being released, usually main. Install Tasks from plumbing too:

# Apply the Tasks we are using from the catalog
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.2/git-clone.yaml
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/gcs-upload/0.1/gcs-upload.yaml
# Apply the Tasks we are using from tektoncd/plumbing
kubectl apply -f https://raw.githubusercontent.com/tektoncd/plumbing/main/tekton/resources/release/base/prerelease_checks.yaml

Apply the tasks from the dashboard repo:

# Apply the Tasks and Pipelines we use from this repo
kubectl apply -f tekton/build.yaml
kubectl apply -f tekton/publish.yaml
kubectl apply -f tekton/release-pipeline.yaml

Tasks and Pipelines from this repo are:

• build.yaml - This Task builds the UI bundles and places them in the kodata directory to be picked up by the backend
• publish.yaml - This Task uses ko to build all of the container images we release and generate the release.yaml
• release-pipeline.yaml - This Pipeline uses the above Tasks

In order to release, these Pipelines use the release-right-meow service account, which uses release-secret and has Storage Admin access to tekton-releases and tekton-releases-nightly.

After creating these service accounts in GCP, the kubernetes service account and secret were created with:

KEY_FILE=release.json
GENERIC_SECRET=release-secret
ACCOUNT=release-right-meow

# Connected to the `prow` in the `tekton-releases` GCP project
GCP_ACCOUNT="$ACCOUNT@tekton-releases.iam.gserviceaccount.com"

# 1. Create a private key for the service account
gcloud iam service-accounts keys create $KEY_FILE --iam-account $GCP_ACCOUNT

# 2. Create kubernetes secret, which we will use via a service account and directly mounting
kubectl create secret generic $GENERIC_SECRET --from-file=./$KEY_FILE

# 3. Add the docker secret to the service account
kubectl patch serviceaccount $ACCOUNT \
  -p "{\"secrets\": [{\"name\": \"$GENERIC_SECRET\"}]}"

To release a new version of the npm packages, e.g. @tektoncd/dashboard-components:

1. ensure you have the relevant commit checked out and that you're at the root of the project
2. npm --workspaces version <version> where version is a valid semver string, e.g. 0.24.1-alpha.0
   • Note: On Windows set the npm script-shell to git-bash, e.g.: npm config set script-shell "C:\\Program Files\\Git\\bin\\bash.exe"
3. npm --workspaces publish --otp <one-time-passcode>
4. once the packages are published run npm install
5. stage and commit the changes to the package.json and package-lock.json files and open a new PR to record the release