diff --git a/.ci/gpg/create-keyring.sh b/.ci/gpg/create-keyring.sh new file mode 100755 index 00000000000..a7f1dce9b1b --- /dev/null +++ b/.ci/gpg/create-keyring.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" + +# Modified from https://blogs.itemis.com/en/secure-your-travis-ci-releases-part-2-signature-with-openpgp + +function err_exit() { + echo "ERROR: ${1:-"Unknown Error"} Exiting." 1>&2 + exit 1 +} + +declare -r GPG_HOME="${DIR}/keyring" +declare -r SECRING_AUTO="${GPG_HOME}/secring.auto" +declare -r PUBRING_AUTO="${GPG_HOME}/pubring.auto" + +mkdir -p "$GPG_HOME" +cp "${DIR}"/*.auto* "${GPG_HOME}" + +echo -e "\nDecrypting secret key..." +{ + # $GPG_PASSWORD is taken from the script's env (injected by Travis CI). + echo $GPG_PASSWORD | gpg --decrypt \ + --pinentry-mode loopback --batch \ + --passphrase-fd 0 \ + --output "${SECRING_AUTO}" \ + "${SECRING_AUTO}".gpg ; \ +} || { err_exit "Failed to decrypt secret key." ; } +echo "Success!" + +echo -e "\nImporting keys..." +{ gpg --home "${GPG_HOME}" --import "${PUBRING_AUTO}" ; } || { err_exit "Could not import public key into gpg." ; } +{ gpg --home "${GPG_HOME}" --import "${SECRING_AUTO}" ; } || { err_exit "Could not import secret key into gpg." ; } +echo "Success!" diff --git a/.ci/gpg/pubring.auto b/.ci/gpg/pubring.auto new file mode 100644 index 00000000000..41fa49fabb0 --- /dev/null +++ b/.ci/gpg/pubring.auto @@ -0,0 +1,64 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF+clTQBEADMHVz8qS+dcYC0qxlSNe4Yipbr/BtVuWGJay26OAbS4K7sjzs3 +XP+RhjUsJGOnPXn+N/zM6wVNczV7MrdfWNK1UAWBPVC4HjD/ysj/m5lMv/j0RNym +W6VNdSgV4YWyQHn6eD279gT4p6GAVvQj0eXnWtX7eA0SaITi6dMNqw8QcTOBxzFI +PXw+4MDJJKDAammtNKgj6LtmYc3o9d8aqbwtPfj3Vvi5d3SWfMx8a+2aSDkVcsva +bloGUBXYWFzO11T4OYvUYXgQdaKHyT+ZWGCpDsnQV/KqG5S456jmV+Qp+98vwe8k +XhXhlkjauhbvVR0uGAv0RJ4NZPSmWpie6f7ApQ3XTg3+ZvsrTvi3STCkOKA8/CLm +/xRhAF/aFZSOLlgzyAxr45j0PRjzX3XJfPePkV1D1cFso3JGDT5Y2oku8bNqYTof +fV/vw6jxylSNKApn1VyViwZ0+aE9kjMHXytKWWLK+woxrFOG74nGcI+xBOAOHvSU +GRh5EVXydbyMxqEpq2Su+rHlzfzgPh+hORNQgrag+qdbTVMimCoD+datX4854Hkb +nah+mq7RtI0k5Nn+ENm4ufbHEKiNb56qFTNgMkquG5vxpA6NOlZ0QfKUxiDU08+g +Pix7+TY7lzNhGipD7QjqfuJJr+1k3p/GrIpoHlU8/8FvlNYBDG3oMUvxNwARAQAB +tDJPcGVyYXRvciBTREsgKHJlbGVhc2UpIDxjbmNmLW9wZXJhdG9yLXNka0BjbmNm +LmlvPokCVAQTAQgAPhYhBDsvFIHRRiOAgLNGuwUpluKiC1x+BQJfnJU0AhsBBQkD +w7iABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEAUpluKiC1x+P5IQAJXpQMA1 +kIr6S2N9A4TE6z+dhN0g3oPdZqOYwlKpX32H4nLdv219Ns1mwBHUfTFmcbUuQLwH +1TjF7cVya/tUoyh/P7bBBOy/vC0NvvaOuhRXxeJJD7Q8neuXyCpIoCW8x2Eq47ut +21AL79ZrzZEBpavJ80S2uNTx7HGKYug491OKkEWO3Y+FOmTV38WsN+lpM+atn1LP +gWkEhWaxwkfLrYUgZ/lDBAIhPZ7n3gYptmTQdCzlp4dSEwJXesV35aMWfJOM848M +fVJFyFcMNo6ww0tHD+7btrGc4fHSJC/dKZcYVoiSHmpuAqRBXHWMxKPfijgwWQs5 +6JjxCWt4bwouF0D2uE6SD/MYsxN05yZL6OGfzzQES5Ilt0DS3QRLktN8PdeuS+WN +jLVo7/Q2SUGZcANm+5/ul7Qwj9JeFSK3VloLKY0YFEbnyTHw2TU4oDqyffUWTn+h +Pt34Wy+OWRM+2ykxFP1VklgCN07ESRSZOTN6iUzqets50rKpY3okNiZeMPcblxQo +uQ5/NFmYV/de87JuSmOKXB2yy/xdr7oxkbw9uYZmBEvw4etxH2yyzVxr0BJ4r0DW +5DlSxOeHaNa7aUVQnlK+Xf27Pj1XyYvV6G7NWEZYZQ/pclO0rhFH21ZiGo3DHgSo +cAGv6SWU01nELYYHTn3QFdmdjxmbqjSC0t+EuQINBF+clhYBEACj1YQhSMK8kp1W +oDL5As2yFlljmdkXTrYtMBLjLnkUaKoxIEGbrB/aeyph9PC84iKGLrHGC6rNBdVq +2mnGyJCXKKeJLovJnopz3+2bTOnypaOdk1QhovFw8CXRMVhjRehDe9PWQYXk2aL7 +sPvtLl5clw2iULdjxs2KfBGwSlEV6eXjGCFUGfIvMEQ/gjbTIiUtkhqaMCsEuyrB +aliNNfuBYsmnP5pHvn7yI/kMiNB8d0LmI8PCb+zdzZVbu9mID8P0Eyy6imbfwzIt +f21OP78lvGBVGzd2mH/EYyBswHEUblqBcb9maTz2Yy85dTFXKWU7n+OjKCCYpOK7 +SVffQFdR2ylUtv2JvLOCR/gH1Z0ac8ZF2DEI9C+owsVS9dqMk9l4p3cNeQzgRshN +qhO9eP9qGZ1LIgEKOeyLm5TgUcPLnq49vS4/eCo+p+Qa1FcGEs+b6rqIxSzyxNxs +v2lRmUQ/A3BToV321De2zfr51u1rJJVpYIEvbMPRyiciZzkDu/D5Z5fR1nytoFcR +t3osFILI0lilvzpSzxlHmnM480JADiTlKGz6YTnYG2mrZCFOxrmAsA/yDO4v41Ii +7O7z0cJO3l3mZ1fbqqAqqyHU0EGcxYOAmfM8azSrxj0MOM2jfGDMPWg3g3SXTXIl +6qyWOVUWfP4+QBsHrByHTSpGCgyTWwARAQABiQRyBBgBCAAmFiEEOy8UgdFGI4CA +s0a7BSmW4qILXH4FAl+clhYCGwIFCQPDuIACQAkQBSmW4qILXH7BdCAEGQEIAB0W +IQSGE9uHpbqCXvP9Dr4qhZ0Iv5iG2wUCX5yWFgAKCRAqhZ0Iv5iG2x3cD/9KqFC6 +gbhzNpIvZ2yrri1l1SIrB+PKvCeZSOYDlxDJ3YgAu/3+d7EwOovP8IuEb340R8w0 +onsdYDHCHODCgda+Pu/WvWxx5/wSObyd0kHPM55RLx5C5UHPdlt+yKJ0QwiMPF8g +AqVDXkc2XIghBID4ykP0V5re9ug87hVd2EYnrkMDa6N+lXtlvzptFTjBJVdu3reM +pLwHqS/GAmxhgwF6kVPxZRHcMIKLweLN2JgGd2aFaIQBj+O43XROhL5or+F/E60w +c4ZTUp/a8aRxJRrzlHgNFBbV6oknzwTQRaB1CD0YXjFZL2k5rEEfvyfXguCTDyZT +jJjYvCO0MDxL/KI9fyJpcU+entGod83Ne893XXCS2SmaTY3LvQ+v/e99trh4m7St +oOQ8xm6b10sI6TbhbgPOYgtTPLxw3BldTrU5Hphz+suPrcHybKn357l7bf9yYTfK +tsrAKPVOMNF7QEdR3UldqoGzkTo55l4omvMS93tWSG+w47W7QIAQjwTlqDyjYVg3 +2l8XlfDtcR0k+Y6ObguEMUwtsikK+FvqVS5ZCPIyvv4kMCIazMlEWocsfvrINjQ4 +II2W+oQv5vJmOyY30tPELq35taH9oOMjtY3KWZVmPzw6+DGRTA2RDR+7qm2v3lgl +i49Nzi/iSBvDeVZxSBHRRjH/OL7TKWN+WwC2I4wYD/4iox1+WcKPsI+77HaULvsP +qa+bXnKbZidrsqSejbPnLg3M9an2gDo0d62QxrnJLl9OhuhObXP/bzCjrcMkg9hY +BAHaTXbRtVlSKpXYEyuwO6HYQ7WyHlY9y9srHIvcWuBrpI9Kgd28rkT4QZB5WJD/ +Cgj4ksJAe+TsSmccdw3zG3OWWVs4HujQnWnh+NbBE7cyYqZaByKiDjL3vKP+0Zfj +M/TF8nnY7zqgSljQxScbW7//U3GiB9DKg1r9TEMzmSTDugwv7u2kM/iZPjq+dvUs +KqKuyX23WDKRLyzusDqIWKsRrkd+g1vBfxSUhWwxtwzyy1rL/tNcXGBuLOxjUit9 +LhdowjFRG93Tswac/Q8VGPEB5XjBgRNlW9vSYgw+5wTHf01UBWgEWtFhl6SJnD6u +AjnMBtduqXBXmncTA6Gz5XB1h7xM32pLncWJGHfixXiJcOgGqW+Lv1Y3eaPqCFOm +4yfYDfBL+UN8Y7sR3WrVy1R6Ut/8bf4sD/i1UyBNKSzeN5sBpi7KgA6yY7PpVIN7 +H7V1QN41Bw9vAG5WXCO8vmY0GoCMQAKM5p04mMuBr6nswy1W94q6uuINwq6q1ycf +YQJyoKhXifPhdicwDMYeuW7aP7WnPIb3VwdtlEyD+ycBsak0Jsq/+yrov3pXgrdL +dlF2O4uTr4frwKRl28eGEQ== +=ebPb +-----END PGP PUBLIC KEY BLOCK----- diff --git a/.ci/gpg/secring.auto.gpg b/.ci/gpg/secring.auto.gpg new file mode 100644 index 00000000000..29f151e6d87 Binary files /dev/null and b/.ci/gpg/secring.auto.gpg differ diff --git a/.gitignore b/.gitignore index c5bc0b3edce..7e83314920d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,9 @@ /tools/bin /images/*/bin +# CI GPG keyring +/.ci/gpg/keyring + # Website website/public/ website/resources/ diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 00000000000..f9944da90c6 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,90 @@ +# Global environment variables for builds. +env: + - CGO_ENABLED=0 + - GO111MODULE=on + - GOPROXY=https://proxy.golang.org|direct + - REPO=github.com/operator-framework/operator-sdk + +# Hooks to run before any build is run. +before: + hooks: + - go version | grep --quiet "go1\.15\.5" || echo "Go binary version must be 1.15.5" + - go mod download + +# Binary builds. +builds: + # operator-sdk build steps + - id: operator-sdk + main: ./cmd/operator-sdk + binary: operator-sdk + mod_timestamp: "{{ .CommitTimestamp }}" + asmflags: &build-asmflags + - all=-trimpath={{ .Env.PWD }} + gcflags: &build-gcflags + - all=-trimpath={{ .Env.PWD }} + ldflags: &build-ldflags + - -X {{ .Env.REPO }}/internal/version.Version={{ .Env.SIMPLE_VERSION }} + - -X {{ .Env.REPO }}/internal/version.GitVersion={{ .Env.GIT_VERSION }} + - -X {{ .Env.REPO }}/internal/version.GitCommit={{ .Env.GIT_COMMIT }} + - -X {{ .Env.REPO }}/internal/version.KubernetesVersion={{ .Env.K8S_VERSION }} + - -X {{ .Env.REPO }}/internal/version.ImageVersion={{ .Env.IMAGE_VERSION }} + targets: &build-targets + - darwin_amd64 + - linux_amd64 + - linux_arm64 + - linux_ppc64le + - linux_s390x + + # ansible-operator build steps + - id: ansible-operator + main: ./cmd/ansible-operator + binary: ansible-operator + mod_timestamp: "{{ .CommitTimestamp }}" + asmflags: *build-asmflags + gcflags: *build-gcflags + ldflags: *build-ldflags + targets: *build-targets + + # helm-operator build steps + - id: helm-operator + main: ./cmd/helm-operator + binary: helm-operator + mod_timestamp: "{{ .CommitTimestamp }}" + asmflags: *build-asmflags + gcflags: *build-gcflags + ldflags: *build-ldflags + targets: *build-targets + +# Use most recent tag and short commit for snapshot version. +snapshot: + name_template: "{{ .Env.GIT_VERSION }}" + +# We don't use archives, so skip creating them. +archives: + - format: binary + name_template: "{{ .Binary }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}" + +checksum: + name_template: "checksums.txt" + +# Sign the checksum file with the CI GPG key. +signs: + - signature: "${artifact}.asc" + artifacts: checksum + # Use the CI signing subkey A20B5C7E decrypted into .ci/gpg/keyring to sign the release. + args: ["--home", ".ci/gpg/keyring", "-u", "A20B5C7E", "--output", "${signature}", "--detach-sign", "${artifact}"] + +# We use a custom changelog generator. +changelog: + +# TODO(estroz): configure homebrew publishing +# brews: +# - name: operator-sdk +# ids: +# - operator-sdk + +# Uncomment for testing +# release: +# github: +# owner: +# name: operator-sdk diff --git a/.travis.yml b/.travis.yml index b87d5f9a956..ea48597d120 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ dist: xenial language: go go: -- 1.15.x +- 1.15.5 go_import_path: github.com/operator-framework/operator-sdk cache: @@ -47,12 +47,16 @@ x_base_steps: - docker stages: - - check - - test + - name: check + if: type == pull_request + - name: test + if: type == pull_request - name: deploy if: type != pull_request AND ( tag IS present OR branch = master OR commit_message =~ /\[travis deploy\]/ ) - name: deploy-manifest-multiarch if: type != pull_request AND ( tag IS present OR branch = master OR commit_message =~ /\[travis deploy\]/ ) + - name: release + if: type != pull_request AND tag IS present jobs: include: @@ -151,3 +155,12 @@ jobs: name: push manifest lists <<: *manifest-deploy script: make -f release/Makefile image-push-multiarch + + ## Release jobs ## + + - stage: release + name: publish release + before_install: git fetch origin --unshallow --tags + install: sudo ln -sf $(command -v gpg2) $(dirname $(command -v gpg2))/gpg + before_script: .ci/gpg/create-keyring.sh + script: make release diff --git a/CHANGELOG.md b/CHANGELOG.md index 08efe9354e1..9e0ae251732 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +**This file will no longer be updated. Instead, refer to generated `changelog/generated/.md`** + ## v1.2.0 ### Additions diff --git a/Makefile b/Makefile index e5a0960891f..ae2f7908244 100644 --- a/Makefile +++ b/Makefile @@ -12,10 +12,10 @@ export GIT_COMMIT = $(shell git rev-parse HEAD) export K8S_VERSION = 1.18.8 # Build settings +export TOOLS_DIR = tools/bin +export SCRIPTS_DIR = tools/scripts REPO = $(shell go list -m) BUILD_DIR = build -TOOLS_DIR = tools/bin -SCRIPTS_DIR = tools/scripts GO_ASMFLAGS = -asmflags "all=-trimpath=$(shell dirname $(PWD))" GO_GCFLAGS = -gcflags "all=-trimpath=$(shell dirname $(PWD))" GO_BUILD_ARGS = \ @@ -73,7 +73,7 @@ build/scorecard-test build/scorecard-test-kuttl build/custom-scorecard-tests: build/operator-sdk build/ansible-operator build/helm-operator: go build $(GO_BUILD_ARGS) -o $(BUILD_DIR)/$(@F) ./cmd/$(@F) -##@ Dev images +##@ Dev image build # Convenience wrapper for building all remotely hosted images. .PHONY: image-build @@ -90,6 +90,23 @@ image/%: build/% docker build -t $(BUILD_IMAGE_REPO)/$*:dev -f ./images/$*/Dockerfile ./images/$* rm -rf $(BUILD_DIR) +##@ Release + +.PHONY: release +release: ## Release target. See 'make -f release/Makefile help' for more information. + $(MAKE) -f release/Makefile $@ + +.PHONY: prerelease +prerelease: ## Write release commit changes. See 'make -f release/Makefile help' for more information. +ifneq ($(RELEASE_VERSION),$(IMAGE_VERSION)) + $(error "IMAGE_VERSION "$(IMAGE_VERSION)" must be updated to match RELEASE_VERSION "$(RELEASE_VERSION)" prior to creating a release commit") +endif + $(MAKE) -f release/Makefile $@ + +.PHONY: tag +tag: ## Tag a release commit. See 'make -f release/Makefile help' for more information. + $(MAKE) -f release/Makefile $@ + ##@ Test .PHONY: test-all @@ -156,16 +173,6 @@ test-e2e-integration:: ## Run integration tests ./hack/tests/integration.sh ./hack/tests/subcommand-olm-install.sh -# TODO(estroz): remove changelog/release when goreleaser is added as release tool (they shouldn't be exposed as dev targets). - -.PHONY: changelog -changelog: ## Generate CHANGELOG.md and migration guide updates - $(MAKE) -f release/Makefile changelog - -.PHONY: release -release: clean ## Release the Operator SDK - $(MAKE) -f release/Makefile GO_BUILD_ARGS='$(GO_BUILD_ARGS)' - .DEFAULT_GOAL := help .PHONY: help help: ## Show this help screen. diff --git a/README.md b/README.md index b8a0c35c420..5b2096f52c7 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,39 @@ operators easier by providing: - Tools for scaffolding and code generation to bootstrap a new project fast - Extensions to cover common operator use cases +## Dependency and platform support + +### Go version + +Release binaries will be built with the Go compiler version specified in the Operator SDK's [prerequisites section][doc-readme-prereqs]. + +### Kubernetes versions + +As the Operator SDK interacts directly with the Kubernetes API, certain API features are assumed to exist in the target cluster. +The currently supported Kubernetes version will always be listed in the SDK [prerequisites section][doc-readme-prereqs]. + +### Platforms + +The following matrix defines which architectures are supported for GNU Linux: + +| | `amd64` | `arm64` | `ppc64le` | `s390x` | +|-------------------------------|-----------------|-----------------|-----------------|-----------------| +| `operator-sdk` | ✓ | ✓ | ✓ | ✓ | +| `ansible-operator` | ✓ | ✓ | ✓ | ✓ | +| `helm-operator` | ✓ | ✓ | ✓ | ✓ | +| `scorecard-test` image | ✓ | ✓ | ✓ | ✓ | +| `scorecard-test-kuttl` image | ✓ | ✓ | ✓ | - | + +The following matrix defines which architectures are supported for MacOS Darwin: + +| | `amd64` | +|-------------------------------|-----------------| +| `operator-sdk` | ✓ | +| `ansible-operator` | ✓ | +| `helm-operator` | ✓ | + +Support for the Windows platform is not on the roadmap at this time. + ## License Operator SDK is under Apache 2.0 license. See the [LICENSE][license_file] file for details. diff --git a/hack/image/push-image-tags.sh b/hack/image/push-image-tags.sh index 88cb6383f8a..b47b0593610 100755 --- a/hack/image/push-image-tags.sh +++ b/hack/image/push-image-tags.sh @@ -16,7 +16,6 @@ function push_image_tags() { push_image=$1; shift || push_image=$source_image print_image_info $source_image - print_git_tags docker_login $push_image @@ -53,31 +52,4 @@ function print_image_info() { fi } -# -# print_git_tags -# -# print_git_tags prints all tags present in the git repository. -# -function print_git_tags() { - git_tags=$(git tag -l | sed 's|^| |') - if [[ -n "$git_tags" ]]; then - echo "Found git tags:" - echo "$git_tags" - echo "" - fi -} - - -# -# latest_git_version -# -# latest_git_version returns the highest semantic version -# number found in the repository, with the form "vX.Y.Z". -# Version numbers not matching the semver release format -# are ignored. -# -function latest_git_version() { - git tag -l | egrep "${semver_regex}" | sort -V | tail -1 -} - push_image_tags "$@" diff --git a/hack/image/push-manifest-list.sh b/hack/image/push-manifest-list.sh index 9b84ce8443e..b3af06942a3 100755 --- a/hack/image/push-manifest-list.sh +++ b/hack/image/push-manifest-list.sh @@ -28,12 +28,12 @@ function push_manifest_list() { } function get_arch_images(){ - image=$1; shift || fatal "${FUNCNAME} usage error" - tag=$1; shift || fatal "${FUNCNAME} usage error" - arches="$@" - for arch in $arches; do - echo "$image-$arch:$tag" - done + image=$1; shift || fatal "${FUNCNAME} usage error" + tag=$1; shift || fatal "${FUNCNAME} usage error" + arches="$@" + for arch in $arches; do + echo "$image-$arch:$tag" + done } push_manifest_list "$@" diff --git a/netlify.toml b/netlify.toml index b3fc59a5686..cf743111880 100644 --- a/netlify.toml +++ b/netlify.toml @@ -5,7 +5,13 @@ [build] publish = "public" base = "website" - command = "cd themes/docsy && git submodule update -f --init && cd ../.. && npm install postcss-cli autoprefixer@^9.0.0 && hugo version && hugo" + command = """ +git submodule update -f --init themes/docsy && \ +npm install postcss-cli autoprefixer@^9.0.0 && \ +./scripts/set_menu_version.sh && \ +hugo version && \ +hugo +""" # "production" environment specific build settings [build.environment] diff --git a/release.sh b/release.sh deleted file mode 100755 index cacff2da225..00000000000 --- a/release.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -set -eu - -if [[ $# != 1 ]]; then - echo "usage: $0 vX.Y.Z" - exit 1 -fi - -VER=$1 - -NUMRE="0|[1-9][0-9]*" -PRERE="\-(alpha|beta|rc)\.[1-9][0-9]*" - -if ! [[ "$VER" =~ ^v($NUMRE)\.($NUMRE)\.($NUMRE)($PRERE)?$ ]]; then - echo "malformed version: \"$VER\"" - exit 1 -fi - -if git ls-files --others --exclude-standard | grep -Ev 'build/operator-sdk-v.+'; then - echo "directory has untracked files" - exit 1 -fi - -if ! git diff-index --quiet HEAD --; then - echo "directory has uncommitted files" - exit 1 -fi - -GO_VER="1.15" -if ! go version | cut -d" " -f3 | grep -q "$GO_VER"; then - echo "must compile binaries with Go compiler version v${GO_VER}" - exit 1 -fi - -INSTALL_GUIDE_FILE="website/content/en/docs/installation/install-operator-sdk.md" -CURR_VER_INSTALL_GUIDE_FILE="$(sed -nr 's/.*RELEASE_VERSION=(.+)/\1/p' "$INSTALL_GUIDE_FILE" | tr -d ' \t\n')" -if [[ "$VER" != "$CURR_VER_INSTALL_GUIDE_FILE" ]]; then - echo "version '$VER' is not set correctly in $INSTALL_GUIDE_FILE" - exit 1 -fi - -# Tag the release commit and verify its tag. -git tag --sign --message "Operator SDK $VER" "$VER" -git verify-tag --verbose "$VER" - -# Run the release builds. -make release - -# Verify the signatures -for f in $(ls dist/*.asc); do gpg --verify $f; done diff --git a/release/Makefile b/release/Makefile index 0d748ed3c12..9d085684804 100644 --- a/release/Makefile +++ b/release/Makefile @@ -1,33 +1,60 @@ -## This Makefile should only be called from the project root ## +## This Makefile should only be called from the project root Makefile ## # Needed for glob expansion. SHELL = /bin/bash .SHELLFLAGS = -O extglob -c +# Dry run flags. ifneq ($(DRY_RUN),) -TAG ?= $(GIT_VERSION) +SNAPSHOT_FLAGS = --snapshot --skip-publish --rm-dist endif # Ensure that this Makefile is run from the project root (always contains the 'cmd/' directory). ifeq (,$(wildcard cmd)) -$(error "This Makefile must be invoked from the operator-sdk project root") + $(error "This Makefile must be invoked from the operator-sdk project root") endif -.PHONY: all -all: release +##@ Release -.PHONY: check_tag -check_tag: -ifeq ($(TAG),) - $(error "TAG must be set to a release tag") +.PHONY: release +release: ## Publish an operator-sdk release, with option for a dry run with DRY_RUN. +ifeq (,$(GIT_VERSION)) + $(error "GIT_VERSION must be set to a git tag") +endif + $(SCRIPTS_DIR)/fetch goreleaser 0.147.2 + GORELEASER_CURRENT_TAG=$(GIT_VERSION) $(TOOLS_DIR)/goreleaser $(SNAPSHOT_FLAGS) --release-notes=changelog/generated/$(GIT_VERSION).md --parallelism 5 + +##@ Pre-Release + +.PHONY: check_release_version +check_release_version: +ifeq (,$(RELEASE_VERSION)) + $(error "RELEASE_VERSION must be set to a release tag") endif +.PHONY: prerelease +prerelease: check_release_version changelog ## Create release commit changes to commit. + ./website/scripts/update_branch_mappings.sh $(RELEASE_VERSION) + .PHONY: changelog -changelog: check_tag ## Generate the changelog. - go run ./release/changelog/gen-changelog.go -tag=$(TAG) -changelog=CHANGELOG.md -ifeq ($(DRY_RUN),) +changelog: check_release_version ## Generate the changelog. + @mkdir -p changelog/generated && rm -f changelog/generated/$(RELEASE_VERSION).md + go run ./release/changelog/gen-changelog.go -tag=$(RELEASE_VERSION) -changelog=changelog/generated/$(RELEASE_VERSION).md rm -f ./changelog/fragments/!(00-template.yaml) + +.PHONY: tag +VERSION_REGEXP := ^v[0-9]+\.[0-9]+\.[0-9]+(\-(alpha|beta|rc)\.[0-9]+)?$ +tag: ## Create a release tag. +ifeq (,$(RELEASE_VERSION)) + $(error "RELEASE_VERSION must be set to tag HEAD") endif +ifeq (,$(shell [[ "$(RELEASE_VERSION)" =~ $(VERSION_REGEXP) ]] && echo 1)) + $(error "Version $(RELEASE_VERSION) must match regexp $(VERSION_REGEXP)") +endif + git tag --sign --message "Operator SDK $(RELEASE_VERSION)" $(RELEASE_VERSION) + git verify-tag --verbose $(RELEASE_VERSION) + +##@ Image deploy # Convenience wrappers for pushing all remotely hosted images. .PHONY: image-push image-push-multiarch @@ -51,60 +78,11 @@ image-push-multiarch/%: IMAGE_PUSH_TAG = $(IMAGE_REPO)/$* image-push-multiarch/%: ./hack/image/push-manifest-list.sh $(IMAGE_PUSH_TAG) $(ARCHES) -# Build/install/release the SDK. -release_builds := \ - dist/operator-sdk-$(GIT_VERSION)-aarch64-linux-gnu \ - dist/operator-sdk-$(GIT_VERSION)-x86_64-linux-gnu \ - dist/operator-sdk-$(GIT_VERSION)-x86_64-apple-darwin \ - dist/operator-sdk-$(GIT_VERSION)-ppc64le-linux-gnu \ - dist/operator-sdk-$(GIT_VERSION)-s390x-linux-gnu \ - dist/ansible-operator-$(GIT_VERSION)-aarch64-linux-gnu \ - dist/ansible-operator-$(GIT_VERSION)-x86_64-linux-gnu \ - dist/ansible-operator-$(GIT_VERSION)-x86_64-apple-darwin \ - dist/ansible-operator-$(GIT_VERSION)-ppc64le-linux-gnu \ - dist/ansible-operator-$(GIT_VERSION)-s390x-linux-gnu \ - dist/helm-operator-$(GIT_VERSION)-aarch64-linux-gnu \ - dist/helm-operator-$(GIT_VERSION)-x86_64-linux-gnu \ - dist/helm-operator-$(GIT_VERSION)-x86_64-apple-darwin \ - dist/helm-operator-$(GIT_VERSION)-ppc64le-linux-gnu \ - dist/helm-operator-$(GIT_VERSION)-s390x-linux-gnu - -.PHONY: release -release: $(release_builds) $(release_builds:=.asc) ## Release the Operator SDK - -dist/operator-sdk-%-aarch64-linux-gnu: GOARGS = GOOS=linux GOARCH=arm64 -dist/operator-sdk-%-x86_64-linux-gnu: GOARGS = GOOS=linux GOARCH=amd64 -dist/operator-sdk-%-x86_64-apple-darwin: GOARGS = GOOS=darwin GOARCH=amd64 -dist/operator-sdk-%-ppc64le-linux-gnu: GOARGS = GOOS=linux GOARCH=ppc64le -dist/operator-sdk-%-s390x-linux-gnu: GOARGS = GOOS=linux GOARCH=s390x - -dist/ansible-operator-%-aarch64-linux-gnu: GOARGS = GOOS=linux GOARCH=arm64 -dist/ansible-operator-%-x86_64-linux-gnu: GOARGS = GOOS=linux GOARCH=amd64 -dist/ansible-operator-%-x86_64-apple-darwin: GOARGS = GOOS=darwin GOARCH=amd64 -dist/ansible-operator-%-ppc64le-linux-gnu: GOARGS = GOOS=linux GOARCH=ppc64le -dist/ansible-operator-%-s390x-linux-gnu: GOARGS = GOOS=linux GOARCH=s390x - -dist/helm-operator-%-aarch64-linux-gnu: GOARGS = GOOS=linux GOARCH=arm64 -dist/helm-operator-%-x86_64-linux-gnu: GOARGS = GOOS=linux GOARCH=amd64 -dist/helm-operator-%-x86_64-apple-darwin: GOARGS = GOOS=darwin GOARCH=amd64 -dist/helm-operator-%-ppc64le-linux-gnu: GOARGS = GOOS=linux GOARCH=ppc64le -dist/helm-operator-%-s390x-linux-gnu: GOARGS = GOOS=linux GOARCH=s390x - -dist/%: ## Build the operator-sdk release binaries - { \ - cmdpkg=$$(echo $* | sed -E "s/(operator-sdk|ansible-operator|helm-operator).*/\1/"); \ - $(GOARGS) go build $(GO_BUILD_ARGS) -o $@ ./cmd/$$cmdpkg; \ - } - -dist/%.asc: ## Create release signatures for operator-sdk release binaries - { \ - default_key=$$(gpgconf --list-options gpg | awk -F: '$$1 == "default-key" { gsub(/"/,""); print toupper($$10)}'); \ - git_key=$$(git config --get user.signingkey | awk '{ print toupper($$0) }'); \ - if [ "$${default_key}" = "$${git_key}" ]; then \ - gpg --output $@ --detach-sig dist/$*; \ - gpg --verify $@ dist/$*; \ - else \ - echo "git and/or gpg are not configured to have default signing key $${default_key}"; \ - exit 1; \ - fi; \ - } +.DEFAULT_GOAL := help +.PHONY: help +help: ## Show this help screen. + @echo 'Usage: make ... ' + @echo '' + @echo 'Available targets are:' + @echo '' + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-25s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) diff --git a/tools/scripts/fetch b/tools/scripts/fetch index 577cf0d7d77..a6d5873f23c 100755 --- a/tools/scripts/fetch +++ b/tools/scripts/fetch @@ -34,6 +34,10 @@ fetch() { ver_cmd="cat ${DEST}/.envtest_version 2>/dev/null" fetch_cmd="(test -f ${DEST}/setup-envtest.sh || curl -sSLo ${DEST}/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v${ver}/hack/setup-envtest.sh) && (source ${DEST}/setup-envtest.sh; fetch_envtest_tools ${DEST}/../) && echo ${ver} > ${DEST}/.envtest_version" ;; + "goreleaser") + ver_cmd="${DEST}/goreleaser --version 2>/dev/null | grep version | cut -d' ' -f3" + fetch_cmd="curl -sSfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh -s -- -b \"${DEST}\" -d \"v${ver}\"" + ;; *) echo "unknown tool $tool" return 1 diff --git a/website/config.toml b/website/config.toml index 4fb81698b8f..4a5943b1ae6 100644 --- a/website/config.toml +++ b/website/config.toml @@ -94,6 +94,8 @@ algolia_docsearch = false version = "Latest Release" url = "https://sdk.operatorframework.io" +##RELEASE_ADDME## + [[params.versions]] version = "v1.2" url = "https://v1-2-x.sdk.operatorframework.io" diff --git a/website/content/en/docs/contribution-guidelines/developer-guide.md b/website/content/en/docs/contribution-guidelines/developer-guide.md index d84300f46bf..fa07d2d4eed 100644 --- a/website/content/en/docs/contribution-guidelines/developer-guide.md +++ b/website/content/en/docs/contribution-guidelines/developer-guide.md @@ -55,22 +55,6 @@ as an environment variable in `.travis.yml`, ex. `export SCORECARD_TEST_IMAGE= Branches` in the SDK repo. + 1. Under `Branch protection rules`, click `Edit` on the `master` branch rule. + 1. In section `Protect matching branches` of the `Rule settings` box, increase the number of required approving reviewers to 6. -Make sure you've [uploaded your GPG key][link-github-gpg-key-upload] and configured git to [use that signing key][link-git-config-gpg-key] either globally or for the Operator SDK repository. Tagging will be handled by `release.sh`. +### 1. Create and push a release commit -**Note:** the email the key is issued for must be the email you use for git. +Create a new branch to push the release commit: ```sh -$ git config [--global] user.signingkey "$GPG_KEY_ID" -$ git config [--global] user.email "$GPG_EMAIL" +git checkout master +git pull +git checkout -b release-v1.3.0 ``` -Also, make sure that you setup the git gpg config as follows. -```console -$ cat ~/.gnupg/gpg.conf -default-key $GPG_KEY_ID -``` +Run the pre-release `make` target: -**NOTE** If you do a release from an OSX machine, you need to configure `gnu-gpg` to sign the release's tag: -- Install the requirements by running: `brew install gpg2 gnupg pinentry-mac` -- Append the following to your ~/.bash_profile or ~/.bashrc or ~/.zshrc -```sh -export GPG_TTY=`tty` -``` -- Restart your Terminal or source your ~/.\*rc file -- Then, make sure git uses gpg2 and not gpg -```sh -$ git config --global gpg.program gpg2 -``` -- To make sure gpg2 itself is working ```sh -$ echo "test" | gpg2 --clearsign +make prerelease RELEASE_VERSION=v1.3.0 ``` -## Release branches - -Each minor release has a corresponding release branch of the form `vX.Y.x`, where `X` and `Y` are the major and minor -release version numbers and the `x` is literal. This branch accepts bug fixes according to our [backport policy][backports]. - -After the minor release is made, this branch must be fast-forwarded to that release's tag and a post-release PR made -against this branch. See the [release process](#8-create-a-pr-for-post-release-version-updates) for more details. +The following changes should be present: -#### Cherry-picking +- `changelog/generated/v1.3.0.md`: commit changes (created by changelog generation). +- `changelog/fragments/*`: commit deleted fragment files (deleted by changelog generation). +- `website/content/en/docs/upgrading-sdk-version/v1.3.0.md`: commit changes (created by changelog generation). +- `website/config.toml`: commit changes (modified by release script). -Once a minor release is complete, bug fixes can be merged into the release branch for the next patch release. -Fixes can be added automatically by posting a `/cherry-pick v1.3.x` comment in the `master` PR, or manually by running: +Commit these changes and push: ```sh -$ git checkout v1.3.x -$ git checkout -b cherrypick/some-bug -$ git cherry-pick "$GIT_COMMIT_HASH" # Hash of the merge commit to master. -$ git push upstream cherrypick/some-bug +git add --all +git commit -m "Release v1.3.0" +git push -u origin release-v1.3.0 ``` -Create and merge a PR from your branch to `v1.3.x`. +### 2. Create and merge a new PR -## GitHub release information +Create and merge a new PR for the commit created in step 1. You can force-merge your PR to the locked-down `master` +if you have admin access to the operator-sdk repo, or ask an administrator to do so. -### Locking down branches +### 3. Unlock the `master` branch -Once a release PR has been made and all tests pass, the SDK's `master` branch, or [release branch](#release-branches) for patch releases, -should be locked so commits cannot happen between the release PR and release tag push. To lock down a branch: +Unlock the branch by changing the number of required approving reviewers in the `master` branch rule back to 1. -1. Go to `Settings -> Branches` in the SDK repo. -1. Under `Branch protection rules`, click `Edit` on the `master` or release branches rule. -1. In section `Protect matching branches` of the `Rule settings` box, increase the number of required approving reviewers to its maximum allowed value. - -Now only administrators (maintainers) should be able to force merge PRs. Make sure everyone in the relevant Slack channel is aware of the release so they do not force merge by accident. - -Unlock `master` or release branch after the release has completed (after step 6 is complete) by changing the number of required approving reviewers back to 1. - -### Releasing - -The GitHub [`Releases` tab][release-page] in the operator-sdk repo is where all SDK releases live. -To create a GitHub release see the [releasing binaries section](#9-releasing-binaries-signatures-and-release-notes). - -#### Release notes - -GitHub release notes should thoroughly describe changes made to code, documentation, and design of the SDK. PR links should be included wherever possible. - -The following sections, often directly copied from our [changelog][doc-changelog], are used as release notes: - -```Markdown -[Version as title, ex. v1.2.3] - -### Added -- [Short description of feature added] (#PR) -... - -### Changed -- [Short description of change made] (#PR) -... - -### Deprecated -- [Short description of feature deprecated] (#PR) -... - -### Removed -- [Short description of feature removed] (#PR) -... - -### Bug Fixes -- [Short description of bug and fix] (#PR) -... -``` - -## Release Signing - -When a new release is created, the tag for the commit it signed with a maintainers' gpg key and -the binaries for the release are also signed by the same key. All keys used by maintainers will -be available via public PGP keyservers such as pool.sks-keyservers.net. - -For new maintainers who have not done a release and do not have their PGP key on a public -keyserver, output your armored public key using this command: +### 4. Create and push a release tag ```sh -$ gpg --armor --export "$GPG_EMAIL" > mykey.asc +make tag RELEASE_VERSION=v1.3.0 +git push upstream v1.3.0 ``` -Then, copy and paste the content of the outputted file into the `Submit a key` section on -pool.sks-keyservers.net or any other public keyserver that synchronizes -the key to other public keyservers. Once that is done, other people can download your public -key and you are ready to sign releases. - -## Verifying a release +### 5. Fast-forward the `latest` and release branches -To verify a git tag, use this command: +The `latest` branch points to the latest release tag to keep the main website subdomain up-to-date. +Run the following commands to do so: ```sh -$ git verify-tag --verbose "$TAG_NAME" -``` - -If you do not have the mantainers public key on your machine, you will get an error message similiar to this: - -```console -$ git verify-tag --verbose "$TAG_NAME" -object 61e0c23e9d2e217f8d95ac104a8f2545c102b5c3 -type commit -tag v0.6.0 -tagger Ish Shah 1552688145 -0700 - -Operator SDK v0.6.0 -gpg: Signature made Fri Mar 15 23:15:45 2019 CET -gpg: using RSA key -gpg: Can't check signature: No public key +git checkout latest +git reset --hard tags/v1.3.0 +git push -f upstream latest ``` -To download the key, use the following command, replacing `$KEY_ID` with the RSA key string provided in the output of the previous command: +Similarly, to update the release branch, run: ```sh -$ gpg --recv-key "$KEY_ID" +git checkout v1.3.x +git reset --hard tags/v1.3.0 +git push -f upstream v1.3.x ``` -To verify a release binary using the provided asc files see the [installation guide.][install-guide] - -## Release steps - -These steps describe how to conduct a release of the SDK, upgrading from `v1.2.0` to `v1.3.0`. -Replace these versions with the current and new version you are releasing, respectively. - -For major and minor releases, `master` should be locked between steps 3 and 6 so that all commits will be either in the new release -or have a pre-release version, ex. `v1.2.0+git`. Otherwise commits might be built into a release that shouldn't be. -For patch releases, ensure all required bugs are [cherry-picked](#cherry-picking), then the release branch `v1.3.x` should be locked down. +### 6. Post release steps -### 1. Update OLM bindata +- Make an [operator-framework Google Group][of-ggroup] post. +- Post to Kubernetes slack in #kubernetes-operators and #operator-sdk-dev. +- In the [GitHub milestone][gh-milestones], bump any open issues to the following release. -This step is to be preferably performed only during major releases. Update the `OLM_VERSION` variable in Makefile to the latest successful release of OLM. Run `make bindata` so that `internal/bindata/olm` is updated. Also, update the `availableVersions` map in `internal/bindata/olm/versions.go` to contain the version of OLM which you have specified in the Makefile. -Submit a PR with the changes and merge it with master. +## Patch releases -**Important:** -- Update OLM bindata just before starting the release so that we have the latest OLM version. -- Verify that the release of OLM version which you specify in Makefile is successful. +We will use the `v1.3.1` release version in this example. -### 2. Netlify configuration +### Before starting -**Important:** ensure a release branch-to-subdomain mapping exists in the SDK's Netlify configuration _prior to creating a release_, -ex. `v1.3.x` to `https://v1-3-x.sdk.operatorframework.io`. You can ping SDK [approvers][doc-owners] to ensure a -[release branch](#release-branches) is created prior to the release and that this mapping is created. - -### 3. Create release branch for Netlify +1. Create and merge a commit that updates the top-level [Makefile] variable `IMAGE_VERSION` +to the upcoming release tag `v1.3.1`. This variable ensures sample projects have been tagged +correctly prior to the release commit. -The release branch must be created before the release occurs to appease the Netlify website configuration demons. -You can do so by running the following before proceeding with the release, assuming the upstream SDK is the `upstream` remote repo: + ```sh + sed -i -E 's/(IMAGE_VERSION = ).+/\1v1\.3\.1/g' Makefile + ``` -```sh -$ git checkout master -$ git pull -$ git checkout -b v1.3.x -$ git push -u upstream v1.3.x -``` +1. Lock down the `v1.3.x` branch to prevent further commits before the release completes: + 1. Go to `Settings -> Branches` in the SDK repo. + 1. Under `Branch protection rules`, click `Edit` on the `v.*` branch rule. + 1. In section `Protect matching branches` of the `Rule settings` box, increase the number of required approving reviewers to 6. -### 4. Create a PR for release version, CHANGELOG.md, and migration guide updates +### 1. Create and push a release commit -Once all PR's needed for a release have been merged, branch from `master`: +Create a new branch from the release branch, which should already exist for the desired minor version, +to push the release commit to: ```sh -$ git checkout master -$ git pull +git checkout v1.3.x +git pull +git checkout -b release-v1.3.1 ``` -If making a patch release, check out the corresponding minor version branch: +Run the pre-release `make` target: ```sh -$ git checkout v1.2.x -$ git pull +make prerelease RELEASE_VERSION=v1.3.1 ``` -Create a new branch to push release commits: +The following changes should be present: -```sh -$ git checkout -b release-v1.3.0 -``` +- `changelog/generated/v1.3.0.md`: commit changes (created by changelog generation). +- `changelog/fragments/*`: commit deleted fragment files (deleted by changelog generation). -Run the CHANGELOG and migration guide generator: +Commit these changes and push: ```sh -$ GEN_CHANGELOG_TAG=v1.3.0 make changelog +git add --all +git commit -m "Release v1.3.1" +git push -u origin release-v1.3.1 ``` -Commit the following changes: - -- `website/content/en/docs/installation/install-operator-sdk.md`: update the linux and macOS URLs to point to the new release URLs. -- `CHANGELOG.md`: commit changes (updated by changelog generation). -- `website/content/en/docs/upgrading-sdk-version/v1.3.0.md`: commit changes (created by changelog generation). -- `changelog/fragments/*`: commit deleted fragment files (deleted by changelog generation). -- **(Major and minor releases only)** `website/config.toml`: update `version_menu = "Releases"` with the patch-less version string `version_menu = "v1.3"`, -and add the following lines under `[[params.versions]]` for `master`: - ```toml - [[params.versions]] - version = "v1.3" - url = "https://v1-3-x.sdk.operatorframework.io" - ``` - -### 5. Lock down proper branch -Create and merge a new PR for `release-v1.3.0`. Once this PR is merged, lock down the master or release branch -to prevent further commits between this and step 7. See [this section](#locking-down-branches) for steps to do so. +### 2. Create and merge a new PR -### 6. Create a release tag, binaries, and signatures +Create and merge a new PR for the commit created in step 1. You can force-merge your PR to the locked-down `v1.3.x` +if you have admin access to the operator-sdk repo, or ask an administrator to do so. -The top-level `release.sh` script will take care of verifying versions in files described in step 3, and tagging and verifying the tag, as well as building binaries and generating signatures by calling `make release`. +### 3. Unlock the `v1.3.x` branch -Prerequisites: -- [`git`][doc-git-default-key] and [`gpg`][doc-gpg-default-key] default PGP keys are set locally. -- Your PGP key is publicly available in a [public key server](#release-signing). -- _For macOS users:_ GNU `sed` and `make` which are not installed by default. Install them with - ```sh - $ brew install gnu-sed make - ``` - then ensure they are present in your `$PATH`. +Unlock the branch by changing the number of required approving reviewers in the `v.*` branch rule back to 1. -Call the script with the only argument being the new SDK version: +### 4. Create and push a release tag ```sh -$ ./release.sh v1.3.0 +make tag RELEASE_VERSION=v1.3.1 +git push upstream v1.3.1 ``` -`operator-sdk` release binaries and signatures will be in `dist/`. Both binary and signature file names contain version, architecture, -and platform information; signature file names correspond to the binary they were generated from suffixed with `.asc`. -For example, signature file `operator-sdk-v1.3.0-x86_64-apple-darwin.asc` was generated from a binary named `operator-sdk-v1.3.0-x86_64-apple-darwin`. -To verify binaries and tags, see the [verification section](#verifying-a-release). - - -`ansible-operator` and `helm-operator` release binaries and signatures are similarly built for upload so `make run` -can download them in their respective operator type projects. See [#3327](https://github.com/operator-framework/operator-sdk/issues/3327) for details. - -Push tag `v1.3.0` upstream, assuming `upstream` is the name of the upstream remote: - -```sh -$ git push upstream v1.3.0 -``` - -Once this tag passes CI, go to step 6. For more info on tagging, see the [release tags section](#release-tags). - -**Note:** If CI fails for some reason, you will have to revert the tagged commit, re-commit, and make a new PR. - -### 7. Fast-forward the `latest` and release branches +### 5. Fast-forward the `latest` branch The `latest` branch points to the latest release tag to keep the main website subdomain up-to-date. Run the following commands to do so: ```sh -$ git checkout latest -$ git reset --hard tags/v1.3.0 -$ git push -f upstream latest +git checkout latest +git reset --hard tags/v1.3.1 +git push -f upstream latest ``` -Similarly, to update the release branch, run: - -```sh -$ git checkout v1.3.x -$ git reset --hard tags/v1.3.0 -$ git push -f upstream v1.3.x -``` - -### 8. Create a PR for post-release version updates +### 6. Post release steps -Check out a new branch from `master` or release branch and commit the following changes: +- Make an [operator-framework Google Group][of-ggroup] post. +- Post to Kubernetes slack in #kubernetes-operators and #operator-sdk-dev. +- In the [GitHub milestone][gh-milestones], bump any open issues to the following release. -- **(Major and minor releases only)** `website/config.toml`: update `version_menu = "v1.3"` to `version_menu = "Releases"`. ---- +## Further reading -Create a new PR for this branch targeting the `master` or release branch. +### Binaries and signatures -### 9. Releasing binaries, signatures, and release notes +Binaries will be signed using our CI system's GPG key. Both binary and signature will be uploaded to the release. -The final step is to upload binaries, their signature files, and release notes from `CHANGELOG.md` for `v1.3.0`. -To create a GitHub release: +### Release branches -1. Go to the SDK [`Releases` tab][release-page] and click the `Draft a new release` button in the top right corner. -1. Select the tag version `v1.3.0`, and set the title to `v1.3.0`. -1. Copy and paste `CHANGELOG.md` updates under the `v1.3.0` header into the description form (see [below](#release-notes)). -1. Attach all binaries and `.asc` signature files to the release by dragging and dropping them. -1. Click the `Publish release` button. - -**Note:** if this is a pre-release, make sure to check the `This is a pre-release` box under the file attachment frame. If you are not sure what this means, ask another maintainer. +Each minor release has a corresponding release branch of the form `vX.Y.x`, where `X` and `Y` are the major and minor +release version numbers and the `x` is literal. This branch accepts bug fixes according to our [backport policy][backports]. -### 10. Unlock proper branch -Unlock the `master` or release branch after the Github release is complete. -See [this section](#locking-down-branches) for steps to do so. +##### Cherry-picking -### 11. Announce the release +Once a minor release is complete, bug fixes can be merged into the release branch for the next patch release. +Fixes can be added automatically by posting a `/cherry-pick v1.3.x` comment in the `master` PR, or manually by running: -Send an email to the [mailing list][mailing-list] -Post to Kubernetes slack in #kubernetes-operators and #operator-sdk-dev. +```sh +git checkout v1.3.x +git checkout -b cherrypick/some-bug +git cherry-pick +git push upstream cherrypick/some-bug +``` -### 12. Bump open issues to the next release. +Create and merge a PR from your branch to `v1.3.x`. -In the [GitHub milestone][gh-milestones], bump any open issues to the -following release. +### GitHub release information ---- +GitHub releases live under the [`Releases` tab][release-page] in the operator-sdk repo. -You've now fully released a new version of the Operator SDK. Good work! -[install-guide]: /docs/installation/ -[doc-maintainers]: https://github.com/operator-framework/operator-sdk/blob/master/MAINTAINERS +[git]:https://git-scm.com/downloads +[gpg]:https://gnupg.org/download/ +[gpg-key-create]:https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/managing-commit-signature-verification +[gpg-upload]:https://www.gnupg.org/gph/en/manual/x457.html +[netlify-deploy]:https://docs.netlify.com/site-deploys/overview/#deploy-summary [doc-owners]: https://github.com/operator-framework/operator-sdk/blob/master/OWNERS -[doc-readme-prereqs]: /docs/installation/#prerequisites-for-compilation -[doc-git-default-key]:https://help.github.com/en/articles/telling-git-about-your-signing-key -[doc-gpg-default-key]:https://lists.gnupg.org/pipermail/gnupg-users/2001-September/010163.html -[link-github-gpg-key-upload]:https://github.com/settings/keys -[link-git-config-gpg-key]:https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work -[doc-changelog]: https://github.com/operator-framework/operator-sdk/blob/master/CHANGELOG.md -[backports]:/docs/upgrading-sdk-version/backport-policy [release-page]:https://github.com/operator-framework/operator-sdk/releases -[homebrew]:https://brew.sh/ -[homebrew-formula]:https://github.com/Homebrew/homebrew-core/blob/master/Formula/operator-sdk.rb -[homebrew-readme]:https://github.com/Homebrew/homebrew-core/blob/master/CONTRIBUTING.md#to-submit-a-version-upgrade-for-the-foo-formula -[homebrew-repo]:https://github.com/Homebrew/homebrew-core -[sdk-samples-repo]:https://github.com/operator-framework/operator-sdk-samples -[mailing-list]:https://groups.google.com/g/operator-framework +[backports]:/docs/upgrading-sdk-version/backport-policy +[of-ggroup]:https://groups.google.com/g/operator-framework [gh-milestones]:https://github.com/operator-framework/operator-sdk/milestones +[Makefile]:https://github.com/operator-framework/operator-sdk/blob/master/Makefile diff --git a/website/content/en/docs/contribution-guidelines/testing.md b/website/content/en/docs/contribution-guidelines/testing.md index 742785ba6cf..bce6c72a22e 100644 --- a/website/content/en/docs/contribution-guidelines/testing.md +++ b/website/content/en/docs/contribution-guidelines/testing.md @@ -15,6 +15,23 @@ Cluster tests consist of several test types: bound to external projects, such as [OLM][olm]. - Subcommand: ensure individual subcommands function as intended with a variety of input options. +## Before submitting a PR + +Always run tests before submitting a PR to reduce the number of needless CI errors. + +##### Docs only + +```sh +make test-static +``` + +##### Code + +```sh +make test-all +``` + + ## Local Test Environment If running tests locally, access to a Kubernetes cluster of server version v1.11.3 or higher is required. @@ -25,18 +42,10 @@ for setup instructions. ### Local clusters -Two options for testing with a local cluster are [minikube][minikube] and [kind][kind]. -Ensure `KUBECONFIG` is set correctly for the chosen cluster type. +A local [kind][kind] cluster is used for running tests. ## Running Tests -On any PR, the entire test suite is run against your changes in a CI environment. -Therefore it is advantageous to run all tests before pushing changes to the remote repo: - -```sh -make test-sanity test-links test-unit test-subcommand test-integration test-e2e -``` - All the tests are run through the [`Makefile`][makefile]. Run `make help` for a full list of available tests. [unit-tests]: https://onsi.github.io/gomega/ diff --git a/website/content/en/docs/installation/_index.md b/website/content/en/docs/installation/_index.md index 82ae5658797..5b8f7ccbdd0 100644 --- a/website/content/en/docs/installation/_index.md +++ b/website/content/en/docs/installation/_index.md @@ -1,99 +1,91 @@ --- -title: "Installation" -linkTitle: "Installation" -date: 2020-03-25 +title: Installation +linkTitle: Installation weight: 2 description: Install the Operator SDK CLI --- -- [Prerequisites](#prerequisites) - [Install from Homebrew (macOS)](#install-from-homebrew-macos) - [Install from GitHub release](#install-from-github-release) - [Compile and install from master](#compile-and-install-from-master) -## Prerequisites - -- [docker][docker-tool] version 17.03+ (or another tool compatible with multi-stage Dockerfiles). -- [kubectl][kubectl-tool] version v1.11.3+ (v1.16.0+ if using `apiextensions.k8s.io/v1` CRDs). - -[docker-tool]:https://docs.docker.com/install/ -[kubectl-tool]:https://kubernetes.io/docs/tasks/tools/install-kubectl/ - ## Install from Homebrew (macOS) If you are using [Homebrew][homebrew_tool], you can install the SDK CLI tool with the following command: ```sh -$ brew install operator-sdk +brew install operator-sdk ``` ## Install from GitHub release -### Download the release binaries +#### Prerequisites + +- [curl](https://curl.haxx.se/) +- [gpg](https://gnupg.org/) version 2.0+ + +#### 1. Download the release binary + +Set platform information: ```sh -# Set the release version variable -$ RELEASE_VERSION=v1.2.0 -# Linux -$ curl -LO https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu -# macOS -$ curl -LO https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin +export ARCH=$(case $(arch) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(arch) ;; esac) +export OS=$(uname | awk '{print tolower($0)}') ``` -#### Verify the downloaded release binaries +Download the binary for your platform: ```sh -# Linux -$ curl -LO https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu.asc -# macOS -$ curl -LO https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin.asc +export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/latest/download +curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} ``` -To verify a release binary using the provided asc files, place the binary and corresponding asc file into the same directory and use the corresponding command: +#### 2. Verify the downloaded binary + +Import the operator-sdk release GPG key: ```sh -# Linux -$ gpg --verify operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu.asc -# macOS -$ gpg --verify operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin.asc +gpg --recv-keys 052996E2A20B5C7E ``` -If you do not have the maintainers public key on your machine, you will get an error message similar to this: +Download the checksums file and its signature, then verify the signature: ```sh -$ gpg --verify operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin.asc -$ gpg: assuming signed data in 'operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin' -$ gpg: Signature made Fri Apr 5 20:03:22 2019 CEST -$ gpg: using RSA key -$ gpg: Can't check signature: No public key +curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt +curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc +gpg -u "Operator SDK (release) " --verify checksums.txt.asc ``` -To download the key, use the following command, replacing `$KEY_ID` with the RSA key string provided in the output of the previous command: +You should see something similar to the following: -```sh -$ gpg --recv-key "$KEY_ID" +```console +gpg: assuming signed data in 'checksums.txt' +gpg: Signature made Fri 30 Oct 2020 12:15:15 PM PDT +gpg: using RSA key ADE83605E945FA5A1BD8639C59E5B47624962185 +gpg: Good signature from "Operator SDK (release) " [ultimate] ``` -You'll need to specify a key server if one hasn't been configured. For example: +Make sure the checksums match: ```sh -$ gpg --keyserver keyserver.ubuntu.com --recv-key "$KEY_ID" +grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c - ``` -Now you should be able to verify the binary. +You should see something similar to the following: + +```console +operator-sdk_linux_amd64: OK +``` -### Install the release binary in your PATH +#### 3. Install the release binary in your PATH ```sh -# Linux -$ chmod +x operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu && sudo mkdir -p /usr/local/bin/ && sudo cp operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu /usr/local/bin/operator-sdk && rm operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu -# macOS -$ chmod +x operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin && sudo mkdir -p /usr/local/bin/ && sudo cp operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin /usr/local/bin/operator-sdk && rm operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin +chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk ``` ## Compile and install from master -### Prerequisites for compilation +#### Prerequisites - [git][git_tool] - [mercurial][mercurial_tool] version 3.9+ @@ -101,14 +93,14 @@ $ chmod +x operator-sdk-${RELEASE_VERSION}-x86_64-apple-darwin && sudo mkdir -p - [go][go_tool] version v1.15+. ```sh -$ git clone https://github.com/operator-framework/operator-sdk -$ cd operator-sdk -$ git checkout master -$ make install +git clone https://github.com/operator-framework/operator-sdk +cd operator-sdk +git checkout master +make install ``` **Note:** Ensure that your `GOPROXY` is set with its default value for Go -versions 1.15+ which is `https://proxy.golang.org,direct`. +versions 1.15+ which is `"https://proxy.golang.org|direct"`. [homebrew_tool]:https://brew.sh/ [git_tool]:https://git-scm.com/downloads diff --git a/website/scripts/set_menu_version.sh b/website/scripts/set_menu_version.sh new file mode 100755 index 00000000000..a326725d9eb --- /dev/null +++ b/website/scripts/set_menu_version.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +# This script updates the hugo config's "version_menu" param +# to the current ${MAJOR}.${MINOR} string. + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" +CONFIG_PATH="${DIR}/../config.toml" + +BRANCH_NAME="$(git rev-parse --abbrev-ref HEAD)" +if [[ "$BRANCH_NAME" =~ v[0-9]+\.[0-9]+\.x ]]; then + VERSION_MENU="$(echo $BRANCH_NAME | awk -F. '{ print v$1"."$2 }')" + sed -i -E 's/version_menu = ".+"/version_menu = "'${VERSION_MENU}'"/g' "$CONFIG_PATH" + + # Ensure config.toml was updated. + if ! grep -q "version_menu = \"${VERSION_MENU}\"" "$CONFIG_PATH"; then + echo "$0 failed to update config.toml" + exit 1 + fi +fi diff --git a/website/scripts/update_branch_mappings.sh b/website/scripts/update_branch_mappings.sh new file mode 100755 index 00000000000..17ad9e6f070 --- /dev/null +++ b/website/scripts/update_branch_mappings.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +# This script writes a branch-to-subdomain mapping for the previously created +# release branch to the hugo config. This change should be committed in the prerelease commit. + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" +CONFIG_PATH="${DIR}/../config.toml" + +VERSION="${1?"A Version is required"}" +VERSION_PATCHLESS="$(echo $VERSION | awk -F. '{ print v$1"."$2 }')" +VERSION_X_DOMAIN="$(echo $VERSION | awk -F. '{ print v$1"-"$2"-x" }')" + +if grep -C 1 "\[\[params\.versions\]\]" website/config.toml | grep -q "version = \"${VERSION_PATCHLESS}\""; then + echo "Version mapping ${VERSION_PATCHLESS} already exists, skipping" + exit 0 +fi + +MARKER="##RELEASE_ADDME##" +PARAMS_VERSION="[[params.versions]]\\n version = \"${VERSION_PATCHLESS}\"\\n url = \"https://${VERSION_X_DOMAIN}.sdk.operatorframework.io\"" + +sed -i -E $'s@'${MARKER}'@'"${MARKER}\\n\\n${PARAMS_VERSION}"'@g' "$CONFIG_PATH" + +# Ensure config.toml was updated. +if ! grep -q "url = \"https://${VERSION_X_DOMAIN}.sdk.operatorframework.io\"" "$CONFIG_PATH"; then + echo "$0 failed to update config.toml" + exit 1 +fi