rfc-795: add release manifest (#88)

* Test the finalize step

* finalize with config from commit

* Wait before doing any finalization

* Add test placeholder

* add release test phase

* upup

* Fix manifest

* small changes before internal build test

* fixup pin tag

* add promote to public build step

* fix pipeline

* add finalize step for promotion

* fix finalization

* fix promote finalize pipeline conditional

* Add missing test plan for automated PR

* Also push executors

* add steps for minor and major

---------

Co-authored-by: Jean-Hadrien Chabran <[email protected]>

Author: burmudar

.buildkite/pipeline.yaml

@@ -22,3 +22,31 @@ steps:
   - label: ":k8s:"
     command: .buildkite/verify-overlays.sh
     agents: { queue: standard }
+
+  - label: "Release: test"
+    if: "build.branch =~ /^wip_/"
+    command: |
+      wget https://storage.googleapis.com/buildkite_public_assets/sg-rfc795.tar.gz
+      tar zxf sg-rfc795.tar.gz
+      chmod +x ./sg-rfc795
+
+      ./sg-rfc795 release run test --workdir=. --config-from-commit
+
+  - wait
+
+  - label: "Release: finalize"
+    if: "build.branch =~ /^wip_/"
+    command: |
+      wget https://storage.googleapis.com/buildkite_public_assets/sg-rfc795.tar.gz
+      tar zxf sg-rfc795.tar.gz
+      chmod +x ./sg-rfc795
+
+      ./sg-rfc795 release run internal finalize --workdir=. --config-from-commit
+  - label: "Promote to public: finalize"
+    if: build.message =~ /^promote_release/ && build.branch =~ /^wip-release/
+    command: |
+      wget https://storage.googleapis.com/buildkite_public_assets/sg-rfc795.tar.gz
+      tar zxf sg-rfc795.tar.gz
+      chmod +x ./sg-rfc795
+
+      ./sg-rfc795 release run promote-to-public finalize --workdir=. --config-from-commit

release.yaml

@@ -0,0 +1,201 @@
+meta:
+  productName: deploy-sourcegraph-k8s
+  repository: "github.com/sourcegraph/deploy-sourcegraph-k8s"
+  owners:
+    - "@sourcegraph/release"
+
+inputs:
+  - releaseId: server
+
+requirements:
+  - name: "Github CLI"
+    cmd: gh version
+    fixInstructions: brew install gh
+  - name: "Docker username"
+    env: DOCKER_USERNAME
+  - name: "Docker password"
+    env: DOCKER_PASSWORD
+
+internal:
+  create:
+    steps:
+      patch:
+        - name: "sg ops (base)"
+          cmd: |
+            sg-rfc795 ops update-images \
+              --kind k8s \
+              --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \
+              --docker-username=$DOCKER_USERNAME \
+              --docker-password=$DOCKER_PASSWORD \
+              --pin-tag {{inputs.server.tag}} \
+              base/
+        - name: "sg ops (executors)"
+          cmd: |
+            sg-rfc795 ops update-images \
+              --kind k8s \
+              --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \
+              --docker-username=$DOCKER_USERNAME \
+              --docker-password=$DOCKER_PASSWORD \
+              --pin-tag {{inputs.server.tag}} \
+              components/executors/
+        - name: "git:branch"
+          cmd: |
+            echo "Creating branch wip_{{version}}"
+            release_branch="wip_{{version}}"
+            git checkout -b $release_branch
+        - name: "git:commit"
+          cmd: |
+            find . -name "*.yaml" | xargs git add
+            find . -name "*.yml" | xargs git add
+            # Careful with the quoting for the config, using double quotes will lead
+            # to the shell dropping out all quotes from the json, leading to failed
+            # parsing.
+            git commit -m "release_patch: {{version}}" -m '{{config}}'
+        - name: "git:push"
+          cmd: |
+            git push origin wip_{{version}}
+        - name: "gh cli"
+          cmd: |
+            gh pr create -f -t "PRETEND RELEASE WIP: release_patch: build {{version}}" --body "Test plan: automated release PR, CI will perform additional checks"  # -l "wip_release"
+      minor:
+        - name: "sg ops (base)"
+          cmd: |
+            sg-rfc795 ops update-images \
+              --kind k8s \
+              --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \
+              --docker-username=$DOCKER_USERNAME \
+              --docker-password=$DOCKER_PASSWORD \
+              --pin-tag {{inputs.server.tag}} \
+              base/
+        - name: "sg ops (executors)"
+          cmd: |
+            sg-rfc795 ops update-images \
+              --kind k8s \
+              --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \
+              --docker-username=$DOCKER_USERNAME \
+              --docker-password=$DOCKER_PASSWORD \
+              --pin-tag {{inputs.server.tag}} \
+              components/executors/
+        - name: "git:branch"
+          cmd: |
+            echo "Creating branch wip_{{version}}"
+            release_branch="wip_{{version}}"
+            git checkout -b $release_branch
+        - name: "git:commit"
+          cmd: |
+            find . -name "*.yaml" | xargs git add
+            find . -name "*.yml" | xargs git add
+            # Careful with the quoting for the config, using double quotes will lead
+            # to the shell dropping out all quotes from the json, leading to failed
+            # parsing.
+            git commit -m "release_minor: {{version}}" -m '{{config}}'
+        - name: "git:push"
+          cmd: |
+            git push origin wip_{{version}}
+        - name: "gh cli"
+          cmd: |
+            gh pr create -f -t "PRETEND RELEASE WIP: release_minor: build {{version}}" --body "Test plan: automated release PR, CI will perform additional checks"  # -l "wip_release"
+      major:
+        - name: "sg ops (base)"
+          cmd: |
+            sg-rfc795 ops update-images \
+              --kind k8s \
+              --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \
+              --docker-username=$DOCKER_USERNAME \
+              --docker-password=$DOCKER_PASSWORD \
+              --pin-tag {{inputs.server.tag}} \
+              base/
+        - name: "sg ops (executors)"
+          cmd: |
+            sg-rfc795 ops update-images \
+              --kind k8s \
+              --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \
+              --docker-username=$DOCKER_USERNAME \
+              --docker-password=$DOCKER_PASSWORD \
+              --pin-tag {{inputs.server.tag}} \
+              components/executors/
+        - name: "git:branch"
+          cmd: |
+            echo "Creating branch wip_{{version}}"
+            release_branch="wip_{{version}}"
+            git checkout -b $release_branch
+        - name: "git:commit"
+          cmd: |
+            find . -name "*.yaml" | xargs git add
+            find . -name "*.yml" | xargs git add
+            # Careful with the quoting for the config, using double quotes will lead
+            # to the shell dropping out all quotes from the json, leading to failed
+            # parsing.
+            git commit -m "release_patch: {{version}}" -m '{{config}}'
+        - name: "git:push"
+          cmd: |
+            git push origin wip_{{version}}
+        - name: "gh cli"
+          cmd: |
+            gh pr create -f -t "PRETEND RELEASE WIP: release_major: build {{version}}" --body "Test plan: automated release PR, CI will perform additional checks"  # -l "wip_release"
+  finalize:
+    steps:
+      - name: "git"
+        cmd: |
+          git checkout -b wip-release-{{version}}
+          git push origin wip-release-{{version}}
+          git checkout -
+
+test:
+  steps:
+    - name: "placeholder"
+      cmd: |
+        echo "-- pretending to test release ..."
+
+promoteToPublic:
+  create:
+    steps:
+      - name: "git"
+        cmd: |
+          echo "Checking out origin/wip-release-{{version}}"
+          git fetch origin
+          git checkout origin/wip-release-{{version}}
+      - name: "sg ops"
+        cmd: |
+          sg-rfc795 ops update-images \
+            --kind k8s \
+            --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public \
+            --docker-username=$DOCKER_USERNAME \
+            --docker-password=$DOCKER_PASSWORD \
+            --pin-tag {{inputs.server.tag}} \
+            base/
+      - name: "sg ops (executors)"
+        cmd: |
+          sg-rfc795 ops update-images \
+            --kind k8s \
+            --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public \
+            --docker-username=$DOCKER_USERNAME \
+            --docker-password=$DOCKER_PASSWORD \
+            --pin-tag {{inputs.server.tag}} \
+            components/executors/
+      - name: "git:branch"
+        cmd: |
+          echo "Creating branch promote-release_{{version}}"
+          branch="promote-release_{{version}}"
+          git checkout -b $branch
+      - name: "git:commit"
+        cmd: |
+          find . -name "*.yaml" | xargs git add
+          find . -name "*.yml" | xargs git add
+          # Careful with the quoting for the config, using double quotes will lead
+          # to the shell dropping out all quotes from the json, leading to failed
+          # parsing.
+          git commit -m "promote_release: {{version}}" -m '{{config}}'
+      - name: "github"
+        cmd: |
+          git push origin promote-release_{{version}}
+          gh pr create -f -t "PRETEND PROMOTE RELEASE WIP: promote-release: build {{version}}" --base wip-release-{{version}} --body "Test plan: automated release PR, CI will perform additional checks"
+  finalize:
+    # These steps should only really run once the pr created in the create step is merged
+    steps:
+      - name: git:tag
+        cmd: |
+          branch="wip-release-{{version}}"
+          git checkout ${branch}
+          git tag {{version}}
+          git push origin ${branch} --tags