Merge pull request #2006 from simonbaird/update-cut-release-doc-script

Revise the "cut release" doc script

hack/cut-release.sh

@@ -21,14 +21,14 @@ set -o pipefail
 
 CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
 if [[ $CURRENT_BRANCH != "main" ]]; then
-	echo "Expecting to be in main branch!"
-	exit 1
+  read -r -p "Not in main branch. Continue anyway? [y/N] " ans
+  [[ "$ans" != "y" ]] && exit 1
 fi
 
 RELEASE_NAME="v$(cat VERSION)"
 if [[ $RELEASE_NAME != *.* || $RELEASE_NAME == *.*.* ]]; then
-	echo "Release name should include one dot, e.g. v0.5 or v1.1-candidate"
-	exit 1
+  echo "Release name should include one dot, e.g. v0.5 or v1.1-candidate"
+  exit 1
 fi
 
 # Use release name as-is for the branch name
@@ -37,7 +37,6 @@ BRANCH_NAME="release-${RELEASE_NAME}"
 # Konflux disallows . chars in names so remove those
 KONFLUX_APPLICATION_SUFFIX="${RELEASE_NAME/./}"
 
-# Could be whatever, but let's adopt a consistent convention
 KONFLUX_APPLICATION_NAME=ec-${KONFLUX_APPLICATION_SUFFIX}
 KONFLUX_CLI_COMPONENT_NAME=cli-${KONFLUX_APPLICATION_SUFFIX}
 
@@ -47,10 +46,8 @@ echo Release branch name: $BRANCH_NAME
 echo Konflux application name: $KONFLUX_APPLICATION_NAME
 echo Konflux cli component name: $KONFLUX_CLI_COMPONENT_NAME
 
-KONFLUX_APPS_URL=https://console.redhat.com/preview/application-pipeline/workspaces/rhtap-contract/applications
-
 nice_title() {
-	echo -e "\033[1m» $*\033[0m"
+  echo -e "\033[1m» $*\033[0m"
 }
 
 # Explain what needs to be done next
@@ -65,126 +62,64 @@ git fetch upstream
 git push upstream refs/remotes/upstream/main:refs/heads/${BRANCH_NAME}
 git checkout -b ${BRANCH_NAME} upstream/${BRANCH_NAME}
 
-$(nice_title Create new application in Konflux)
+$(nice_title Create a PR in for konflux-release-data)
 
-Login at ${KONFLUX_APPS_URL}
-Click "Create application"
-  Application name: ${KONFLUX_APPLICATION_NAME}
-Click "Add component"
-  Git repository url: https://github.com/enterprise-contract/ec-cli
-  Git reference: ${BRANCH_NAME} (under "Advanced Options")
-  Dockerfile: Dockerfile.dist
-  Component name: ${KONFLUX_CLI_COMPONENT_NAME}
-  Pipeline: docker-build
-Click "Create application" to submit
+This repo: https://gitlab.cee.redhat.com/releng/konflux-release-data/
+This directory: tenants-config/cluster/stone-prd-rh01/tenants/rhtap-contract-tenant/
 
-$(nice_title Wait for Konflux to generate its pipeline definition PR)
+Copy overlays/ec-v06 to overlays/${KONFLUX_APPLICATION_NAME}
 
-The PR should appear at https://github.com/enterprise-contract/ec-cli/pulls
-Wait for the PR to pass the ${KONFLUX_CLI_COMPONENT_NAME}-on-pull-request check
-You can also find the pipeline run at ${KONFLUX_APPS_URL}/${KONFLUX_APPLICATION_NAME}/activity/pipelineruns
-When it's done you can merge, or you can leave it unmerged and push more commits to it shortly.
-(Either way you can continue to next section while you're waiting.)
+Edit overlays/${KONFLUX_APPLICATION_NAME}/kustomization.yaml as required.
+Useful vimdiff command:
+  vimdiff overlays/ec-v06/kustomization.yaml overlays/${KONFLUX_APPLICATION_NAME}/kustomization.yaml
 
-EOT1
+Update kustomization.yaml to add the extra row.
 
-# (Breaking up the long heredoc)
-cat <<EOT2
-$(nice_title Modify the EC integration test policy param)
-
-Go to the automatically created integration tests at
-${KONFLUX_APPS_URL}/${KONFLUX_APPLICATION_NAME}/integrationtests
-Edit ${KONFLUX_APPLICATION_NAME}-enterprise-contract and add a parameter as follows:
-  Name: POLICY_CONFIGURATION
-  Value: rhtap-releng-tenant/registry-rhtap-contract
-Save changes
-
-$(nice_title Apply pipeline customizations from main branch to the new release branch)
-
-This should be done on top of the Konflux generated PR, (either before it's merged or after).
-
-git checkout ${BRANCH_NAME}
-hack/patch-release-pipelines.sh
-hack/patch-release-pipelines.sh digest_bumps # Maybe not needed now since digests should be pretty current
-
-Notes:
-- The script tries to apply hunks one by one, but some of the hunks may be already applied
-  and some of them might not apply cleanly.
-- For that reason always say "no" when it offers to force apply or apply in reverse
-- The manual diff review is super important since we expect this script to not get everying right
-- There could be some significant changes in the new generated pipeline that aren't in main branch,
-  e.g. brand new tasks, or modified task params. We should generally assume these are good changes
-  and keep them, and also aim to port them back (up/down/sideways?) into main branch. If this work
-  is non-trivial then file a story or stories to do that.
-
-Review the diff between the ${KONFLUX_CLI_COMPONENT_NAME}- and cli-main-ci- pipelines
-Make changes that need to be made that weren't handled by the script. The vimdiff commands
-suggested below are a good way to do that. Amend the commit until you're happy with it.
-
-Vimdiff commands:
+Run 'tenants-config/build-single.sh rhtap-contract' in that repo and create a PR.
+
+$(nice_title Update pipelines)
+
+We used to merge the PR generated by Konflux, but actually I think it's better if we
+ignore it and instead copy in the main branch pipeline with small edits for the app
+name, component name and branch name. It could probably be a yq one-liner.
+
+(To do: Create a little script for this.)
+
+Side note: We might want to "freshen" the pipeline to keep it roughly in sync with
+the Konflux defaults, but let's do that in main branch at some other time rather
+than have it coupled to this procedure.
+
+Useful vimdiff commands:
  vimdiff +'set ft=yaml' <(git show main:.tekton/cli-main-ci-pull-request.yaml) .tekton/cli-${KONFLUX_APPLICATION_SUFFIX}-pull-request.yaml
  vimdiff +'set ft=yaml' <(git show main:.tekton/cli-main-ci-push.yaml) .tekton/cli-${KONFLUX_APPLICATION_SUFFIX}-push.yaml
 
-EOT2
+EOT1
 
-cat <<EOT3
-$(nice_title Create pipeline customizations PR)
-
-With the above commit, create a new PR if the Konflux PR was merged already, or push an
-extra commit to that generated PR, for the ${BRANCH_NAME} branch. If creating a PR, be extra
-careful to choose the right target branch when creating the PR e.g. it must be release-v0.4
-not main, and not the konflux/references/release-v0.x branch used for PRs.
-
-$(nice_title Create a ReleasePlan record in the tenants config repo)
-
-Note: The tenants-config repo was retired. The ReleasePlans are in
-https://gitlab.cee.redhat.com/releng/konflux-release-data now. Todo: Update
-these instructions (https://issues.redhat.com/browse/EC-759).
-
-The goal is to make a PR similar to https://github.com/redhat-appstudio/tenants-config/pull/286
-or https://github.com/redhat-appstudio/tenants-config/pull/397 .
-Consider also if you want to remove older release plans. The new release plan should look
-something like this:
----
-apiVersion: appstudio.redhat.com/v1alpha1
-kind: ReleasePlan
-metadata:
-  labels:
-    release.appstudio.openshift.io/auto-release: "true"
-    release.appstudio.openshift.io/standing-attribution: "true"
-  namespace: rhtap-contract-tenant
-  name: ${KONFLUX_APPLICATION_NAME}-registry-redhat-io
-spec:
-  application: ${KONFLUX_APPLICATION_NAME}
-  target: rhtap-releng-tenant
-
-Note that you have to run the ./build-manifests.sh script in that repo and check in the
-resulting changes.
-
-EOT3
-
-cat <<EOT4
+cat <<EOT2
 $(nice_title Create a PR in the konflux-release-data repo to update the ReleasePlanAdmission record)
 
-You need to change a few lines in the ec-cli.yaml ReleasePlanAdmission file in the konflux-release-data repo.
-https://gitlab.cee.redhat.com/releng/konflux-release-data/-/merge_requests/557/diffs?commit_id=43c03446f2330f31913613fb5a0f757832780fba
-should be a useful reference. Again, consider if you want to retire one of our older repo mappings.
+This repo: https://gitlab.cee.redhat.com/releng/konflux-release-data/
+This file: config/stone-prd-rh01.pg1f.p1/product/ReleasePlanAdmission/rhtap-contract/ec-cli.yaml
+
+Add the new release under /spec/applications and /spec/data/mapping/components and create a PR.
+
+(This could perhaps be done together with the the tenants-config change.)
 
 $(nice_title Confirming it\'s working)
 
-If the RP and the RPA PRs are both merged, any changed merged to the release branch should push out a release.
-You can see releases in the releases tab:
-https://console.redhat.com/preview/application-pipeline/workspaces/rhtap-contract/applications/ec-${KONFLUX_APPLICATION_SUFFIX}/releases
-Viewing the release pipeline itself requires permissions in the rhtap-releng workspace.
+Make sure builds are green in the new release branch, and sure they're passing EC:
+https://console.redhat.com/application-pipeline/workspaces/rhtap-contract/applications/${KONFLUX_APPLICATION_NAME}/activity/pipelineruns
 
-You can confirm what images were released using the show-latest-build-versions.sh script in the hacks repo,
-or by look at https://catalog.redhat.com/software/containers/rhtas/ec-rhel9/65f1f9dcfc649a18c6075de5.
-or using skopeo, e.g. 'skopeo inspect docker://registry.redhat.io/rhtas/ec-rhel9:latest' or podman, e.g.
-'podman run --rm registry.redhat.io/rhtas/ec-rhel9:latest version'.
+Check that a new release appeared in the releases tab:
+https://console.redhat.com/preview/application-pipeline/workspaces/rhtap-contract/applications/${KONFLUX_APPLICATION_NAME}/releases
+(Note that viewing the release pipeline itself requires permissions in the rhtap-releng workspace.)
 
-EOT4
+Check that images are released:
+Look at https://catalog.redhat.com/software/containers/rhtas/ec-rhel9/65f1f9dcfc649a18c6075de5.
+Use show-latest-build-versions.sh script in the hacks repo.
+Use skopeo, e.g. 'skopeo inspect docker://registry.redhat.io/rhtas/ec-rhel9:${KONFLUX_APPLICATION_SUFFIX}'
+Use podman, e.g. 'podman run --rm registry.redhat.io/rhtas/ec-rhel9:${KONFLUX_APPLICATION_SUFFIX} version'
 
-cat <<EOT5
 $(nice_title Create stable versioned branch in ec-policies repo and corresponding config in the config repo)
 
 For better or for worse, we create a branch in the ec-policies repo and a corresponding config file that RHTAP templates can use.
@@ -205,4 +140,17 @@ https://github.com/redhat-appstudio/tssc-sample-pipelines/blob/37a514dee543f7308
 https://github.com/redhat-appstudio/tssc-sample-pipelines/blob/37a514dee543f730831d1d078ce4a11f7778e79b/pac/pipelines/gitops-pull-request-rhtap.yaml#L18
 (It's probably a good idea to sync with RHTAP and RHTAS folks to understand their release schedules and let them know what version of EC they'll likely be using.)
 
-EOT5
+$(nice_title File a story to get the release notes created)
+
+(If not done already.)
+
+For example: https://issues.redhat.com/browse/EC-869
+
+$(nice_title Bump the ref in the RHTAS repo)
+
+See https://github.com/securesign/cosign/blob/611cf29fcb9797ece334433a2cb2adc4899259c7/Dockerfile.clients.rh#L10
+and possibly https://github.com/securesign/cosign/blob/611cf29fcb9797ece334433a2cb2adc4899259c7/Dockerfile.client-server-re.rh#L5
+but IIUC the second one will be removed soon.
+
+Update the ref and create a PR. IIUC main branch is all that's needed.
+EOT2