Skip to content

Versioning + extract-binaries-from-image future #2259

Description

@amandahla

Description

Our release pipeline failed because it was tracking the "development" branch, where the extract-binaries-from-image task was recently removed. We initially attempted to fix this by pinning the pipeline to a specific commit, but this was unsuccessful. As a temporary workaround, we pointed the revision to the "production" branch. However, this does not guarantee stability, as tasks on the production branch could still change or break in the future.

Questions

  • Is it possible to lock task versions using Git tags to ensure we are always running the exact same version of a pipeline task?
  • What is the recommended task (s) for releasing binaries to GitHub?

Reference

extracted from our RPA

 pipeline:
    pipelineRef:
      resolver: git
      params:
        - name: url
          value: "https://github.com/konflux-ci/release-service-catalog.git"
        - name: revision
          value: production
        - name: pathInRepo
          value: "pipelines/managed/release-to-github/release-to-github.yaml"
    serviceAccountName: release-github-terraform-prod
    taskRunSpecs:
      - pipelineTaskName: extract-binaries-from-image
        stepSpecs:
          - name: create-trusted-artifact
            computeResources: &compute_resources
              limits:
                cpu: "2"
                memory: 2Gi
              requests:
                cpu: "2"
                memory: 2Gi
      - pipelineTaskName: populate-release-notes
        stepSpecs:
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: collect-gh-params
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: populate-release-notes
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: check-data-keys
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: embargo-check
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: base64-encode-checksum
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: sign-base64-blob
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: create-github-release
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: create-advisory
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources
      - pipelineTaskName: close-advisory-issues
        stepSpecs:
          - name: use-trusted-artifact
            computeResources: *compute_resources
          - name: create-trusted-artifact
            computeResources: *compute_resources

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions