Description
Our release pipeline failed because it was tracking the "development" branch, where the extract-binaries-from-image task was recently removed. We initially attempted to fix this by pinning the pipeline to a specific commit, but this was unsuccessful. As a temporary workaround, we pointed the revision to the "production" branch. However, this does not guarantee stability, as tasks on the production branch could still change or break in the future.
Questions
- Is it possible to lock task versions using Git tags to ensure we are always running the exact same version of a pipeline task?
- What is the recommended task (s) for releasing binaries to GitHub?
Reference
extracted from our RPA
pipeline:
pipelineRef:
resolver: git
params:
- name: url
value: "https://github.com/konflux-ci/release-service-catalog.git"
- name: revision
value: production
- name: pathInRepo
value: "pipelines/managed/release-to-github/release-to-github.yaml"
serviceAccountName: release-github-terraform-prod
taskRunSpecs:
- pipelineTaskName: extract-binaries-from-image
stepSpecs:
- name: create-trusted-artifact
computeResources: &compute_resources
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "2"
memory: 2Gi
- pipelineTaskName: populate-release-notes
stepSpecs:
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: collect-gh-params
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: populate-release-notes
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: check-data-keys
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: embargo-check
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: base64-encode-checksum
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: sign-base64-blob
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: create-github-release
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: create-advisory
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
- pipelineTaskName: close-advisory-issues
stepSpecs:
- name: use-trusted-artifact
computeResources: *compute_resources
- name: create-trusted-artifact
computeResources: *compute_resources
Description
Our release pipeline failed because it was tracking the "development" branch, where the extract-binaries-from-image task was recently removed. We initially attempted to fix this by pinning the pipeline to a specific commit, but this was unsuccessful. As a temporary workaround, we pointed the revision to the "production" branch. However, this does not guarantee stability, as tasks on the production branch could still change or break in the future.
Questions
Reference
extracted from our RPA