tekton

Tekton Dashboard CI/CD

Why do Tekton projects have a folder called tekton? Cuz we think it would be cool if the tekton folder were the place to look for CI/CD logic in most repos!

We dogfood our project by using Tekton to build, test, and release Tekton! This directory contains the Tasks and Pipelines that we use.

• How to create a release
• How to create a patch release
• Automated nightly releases
• Setup releases
• Update dogfooding
• npm packages

Create an official release

To create an official release, follow the steps in the release-cheat-sheet

Create a patch release

Sometimes we'll find bugs that we want to backport fixes for into previous releases or discover things that were missing from a release that are required by upstream consumers of a project. In that case we'll make a patch release. To make one:

1. On the PR for the change you want to backport add a comment:

   /cherrypick <branch>
   

   where <branch> is the target release branch. For example, to backport a fix to v0.43.x:

   /cherrypick release-v0.43.x-lts
   

   This will create a new PR cherry picking the relevant change onto the target branch.
2. Review the PR as normal
3. Repeat steps above for any other changes to be backported
4. Create an official release for the patch, with the patch version incremented

Nightly releases

The nightly release pipeline is triggered nightly by Tekton.

This uses the same Pipeline and Tasks as an official release.

If you need to manually trigger a nightly release, switch to the dogfooding context and run the following:

kubectl create job --from=cronjob/nightly-cron-trigger-dashboard-nightly-release dashboard-nightly-$(date +"%Y%m%d-%H%M")

Setup

To start from scratch and use these Pipelines and Tasks:

1. Install Tekton
2. Setup the Tasks and Pipelines
3. Create the required service account + secrets

Install Tekton

# If this is your first time installing Tekton in the cluster you might need to give yourself permission to do so
kubectl create clusterrolebinding cluster-admin-binding-someusername \
  --clusterrole=cluster-admin \
  --user=$(gcloud config get-value core/account)

# Example, Tekton v0.29.0
export TEKTON_VERSION=0.29.0
kubectl apply --filename  https://storage.googleapis.com/tekton-releases/pipeline/previous/v${TEKTON_VERSION}/release.yaml

Install tasks and pipelines

Add all the Tasks to the cluster, including the git-clone and gcs-upload Tasks from the tektoncd/catalog, and the release Tasks from tektoncd/plumbing.

Use a version of the tektoncd/catalog tasks that is compatible with version of Tekton being released, usually main. Install Tasks from plumbing too:

# Apply the Tasks we are using from the catalog
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.2/git-clone.yaml
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/gcs-upload/0.1/gcs-upload.yaml
# Apply the Tasks we are using from tektoncd/plumbing
kubectl apply -f https://raw.githubusercontent.com/tektoncd/plumbing/main/tekton/resources/release/base/prerelease_checks.yaml

Apply the tasks from the dashboard repo:

# Apply the Tasks and Pipelines we use from this repo
kubectl apply -f tekton/build.yaml
kubectl apply -f tekton/publish.yaml
kubectl apply -f tekton/release-pipeline.yaml

Tasks and Pipelines from this repo are:

• build.yaml - This Task builds the UI bundles and places them in the kodata directory to be picked up by the backend
• publish.yaml - This Task uses ko to build all of the container images we release and generate the release.yaml
• release-pipeline.yaml - This Pipeline uses the above Tasks

Service account and secrets

In order to release, these Pipelines use the release-right-meow service account, which uses release-secret and has Storage Admin access to tekton-releases and tekton-releases-nightly.

After creating these service accounts in GCP, the kubernetes service account and secret were created with:

KEY_FILE=release.json
GENERIC_SECRET=release-secret
ACCOUNT=release-right-meow

# Connected to the `prow` in the `tekton-releases` GCP project
GCP_ACCOUNT="$ACCOUNT@tekton-releases.iam.gserviceaccount.com"

# 1. Create a private key for the service account
gcloud iam service-accounts keys create $KEY_FILE --iam-account $GCP_ACCOUNT

# 2. Create kubernetes secret, which we will use via a service account and directly mounting
kubectl create secret generic $GENERIC_SECRET --from-file=./$KEY_FILE

# 3. Add the docker secret to the service account
kubectl patch serviceaccount $ACCOUNT \
  -p "{\"secrets\": [{\"name\": \"$GENERIC_SECRET\"}]}"

Update dogfooding

To update the Dashboard release on the dogfooding cluster:

1. Ensure you have a valid context for the robocat cluster in your kubeconfig
2. Run the following script from tektoncd/plumbing:

   ./scripts/deploy-release.sh -p dashboard -v <version>
   

   where <version> is the desired Dashboard release version, e.g. v0.43.0
3. Wait for the new pod to be ready, should only take a few seconds
4. Ensure the Dashboard has been updated (check the About page) and is working correctly

NPM Packages

To release a new version of the npm packages, e.g. @tektoncd/dashboard-components:

1. ensure you have the relevant commit checked out and that you're at the root of the project
2. npm --workspaces version <version> where version is a valid semver string, e.g. 0.24.1-alpha.0
   • Note: On Windows set the npm script-shell to git-bash, e.g.: npm config set script-shell "C:\\Program Files\\Git\\bin\\bash.exe"
3. npm --workspaces publish --otp <one-time-passcode>
4. once the packages are published run npm install
5. stage and commit the changes to the package.json and package-lock.json files and open a new PR to record the release
6. build and publish the Storybook:
   1. npm run storybook:build
   2. npm run storybook:deploy -- --remote upstream
   3. verify that the updated version is available at https://tektoncd.github.io/dashboard/