Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ref(*): sign and package release charts #303

Merged
merged 1 commit into from
Dec 13, 2016
Merged

ref(*): sign and package release charts #303

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
210 changes: 101 additions & 109 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,66 +117,69 @@ that follow the main steps of the job itself. See the [Workflow component job](

### Component Release Pipeline
```
Component Release Pipeline
start

┌───────────────────────────┐
│ │
│ │ - triggered by `v1.2.3` git tag
│ │ webhook
│ component-release │
│ │ - locate release candidate image
│ │ associated with git tag
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ │ - retag candidate image with
│ release candidate promote │ official release (v1.2.3)
│ │
│ │
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ component release │ - publish release data to
│ publish │ workflow-manager-api
│ │
│ │
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ component chart │ - package release component chart
│ publish │
│ │ - publish to both 'production' and
│ │ 'dev' chart repos
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ │ - sign release chart in 'production'
│ component chart sign │ chart repo
│ │
│ │
│ │
└───────────────────────────┘


Component Release Pipeline
start

┌───────────────────────────┐
│ │
│ │ - triggered by `v1.2.3` git tag
│ │ webhook
│ component-release │
│ │ - locate release candidate image
│ │ associated with git tag
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ │ - retag candidate image with
│ release candidate promote │ official release (v1.2.3)
│ │
│ │
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ component release │ - publish release data to
│ publish │ workflow-manager-api
│ │
│ │
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │ - publish signed and packaged chart
│ component chart │ to 'production'
│ publish │
│ │ - publish packaged chart 'dev'
│ │ chart repos
│ │
└───────────────────────────┘
┌───────────────────────────┐
│ │
│ │
│ │ - verifies signature of chart in
│ component chart verify │ 'production' chart repo
│ │
│ │
│ │
└───────────────────────────┘
```

### When Workflow-CLI is tagged
Expand Down Expand Up @@ -225,64 +228,53 @@ that follow the main steps of the job itself. See the [Workflow component job](

### When a Workflow Helm Chart is to be released
```

Workflow Chart Release
Pipeline

┌───────────────────────────┐ - triggered manually with
│ │ supplied release tag
│ │
│ │ - update chart dependencies by
│ workflow-chart-publish │ gathering latest releases for
│ │ all component charts
│ │
│ │ - update index file, package and
└───────────────────────────┘ upload to the 'staging' charts
┌───────────────────────────┐ - lease GKE cluster, install
│ │ Workflow chart (version handed
│ │ down from upstream)
│ │
│ workflow-chart-e2e │ - install workflow-e2e chart
│ │
│ │ - archive test results and
│ │ report job status to appropriate
└───────────────────────────┘ channel(s)
┌───────────────────────────┐ - triggered manually with
│ │ supplied release tag
│ │
│ │ - pull down approved chart
│ workflow-chart-release │ from 'staging' chart repo
│ │
│ │ - update index file, upload
│ │ chart to 'production' charts
└───────────────────────────┘ repo
- triggered manually with supplied release
┌───────────────────────────┐ tag
│ │
│ │ - update chart dependencies by gathering
│ │ latest releases for all component charts
│ workflow-chart-stage │
│ │ - upload signed and packaged candidate chart
│ │ (sans index file) to 'production' repo
│ │
└───────────────────────────┘ - upload packaged candidate chart (with
│ index file) to 'staging' charts repo
┌───────────────────────────┐
│ │ - lease GKE cluster, install Workflow chart
│ │ (version handed down from upstream) from
│ │ 'staging' repo
│ workflow-chart-e2e │
│ │ - install workflow-e2e chart
│ │
│ │ - archive test results and report job status
└───────────────────────────┘ to appropriate channel(s)
┌───────────────────────────┐
│ │ - triggered manually with supplied release
│ │ tag
│ │
│ │ - fetch specific chart version
│ │
│ helm-chart-sign │ - sign chart with signing key
│ workflow-chart-release │ - pull down approved, signed chart from
│ │ 'production' chart repo
│ │
│ │ - upload new *.tgz and *.tgz.prov
│ │ files to chart repo
└───────────────────────────┘
│ │ - update index file, upload to 'production'
└───────────────────────────┘ charts repo, making it officially
│ fetchable/installable
┌───────────────────────────┐
│ │
│ │ - verifies signature of chart from 'production'
│ │ repo
│ helm-chart-verify │
│ │ - (job succeeds if command succeeds)
│ │
│ │ - non-signatory node runs `helm fetch
│ helm-chart-verify │ --verify <chart> --version <version>`
│ │
│ │ - (job succeeds if command succeeds)
│ │
└───────────────────────────┘
```
Expand Down
Loading