@@ -46,6 +46,9 @@ variables:
4646 - workdir
4747 # temporary secret to pull community private preview image from quay.io
4848 - community_private_preview_pullsecret_dockerconfigjson
49+ - RELEASE_INITIAL_VERSION
50+ - RELEASE_INITIAL_COMMIT_SHA
51+ - RELEASE_OPERATOR_VERSION
4952
5053functions :
5154
@@ -564,42 +567,17 @@ functions:
564567 working_dir : src/github.com/mongodb/mongodb-kubernetes
565568 binary : scripts/dev/run_python.sh scripts/release/pipeline_main.py --parallel ${image_name} ${all_agents} ${build_scenario}
566569
567- # TODO: CLOUDP-335471 ; once all image builds are made with the new atomic pipeline, remove the following function
568- legacy_pipeline :
570+ release_operator_pipeline :
569571 - *switch_context
570- - command : shell.exec
571- type : setup
572- params :
573- shell : bash
574- script : |
575- # Docker Hub workaround
576- # docker buildx needs the moby/buildkit image when setting up a builder so we pull it from our mirror
577- docker buildx create --driver=docker-container --driver-opt=image=268558157000.dkr.ecr.eu-west-1.amazonaws.com/docker-hub-mirrors/moby/buildkit:buildx-stable-1 --use
578- docker buildx inspect --bootstrap
579- command : ec2.assume_role
580- display_name : Assume IAM role with permissions to pull Kondukto API token
581- params :
582- role_arn : ${kondukto_role_arn}
583- - command : shell.exec
584- display_name : Pull Kondukto API token from AWS Secrets Manager and write it to file
585- params :
586- silent : true
587- shell : bash
588- include_expansions_in_env : [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN]
589- script : |
590- set -e
591- # use AWS CLI to get the Kondukto API token from AWS Secrets Manager
592- kondukto_token=$(aws secretsmanager get-secret-value --secret-id "kondukto-token" --region "us-east-1" --query 'SecretString' --output text)
593- # write the KONDUKTO_TOKEN environment variable to Silkbomb environment file
594- echo "KONDUKTO_TOKEN=$kondukto_token" > ${workdir}/silkbomb.env
595572 - command : subprocess.exec
596573 retry_on_failure : true
597574 type : setup
598575 params :
599576 shell : bash
600577 << : *e2e_include_expansions_in_env
601578 working_dir : src/github.com/mongodb/mongodb-kubernetes
602- binary : scripts/dev/run_python.sh pipeline.py --include ${image_name} --parallel --sign
579+ # By default, use the git tag that triggered the task which can be overridden with RELEASE_OPERATOR_VERSION
580+ binary : scripts/dev/run_python.sh scripts/release/pipeline_main.py ${image_name} --build-scenario release --version ${RELEASE_OPERATOR_VERSION|*triggered_by_git_tag}
603581
604582 teardown_cloud_qa_all :
605583 - *switch_context
@@ -855,3 +833,65 @@ functions:
855833 - task_name
856834 script : |
857835 ./scripts/code_snippets/${task_name}_test.sh
836+
837+ #
838+ # kubectl mongodb plugin release functions
839+ #
840+ install_goreleaser :
841+ - command : shell.exec
842+ type : setup
843+ include_expansions_in_env :
844+ - goreleaser_pro_tar_gz
845+ params :
846+ script : |
847+ set -Eeu pipefail
848+ curl -fL "${goreleaser_pro_tar_gz}" --output goreleaser_Linux_x86_64.tar.gz
849+ tar -xf goreleaser_Linux_x86_64.tar.gz
850+ chmod 755 ./goreleaser
851+
852+ install_macos_notarization_service :
853+ - command : shell.exec
854+ type : setup
855+ params :
856+ include_expansions_in_env :
857+ - notary_service_url
858+ script : |
859+ set -Eeu pipefail
860+
861+ curl "${notary_service_url}" --output macos-notary.zip
862+ unzip -u macos-notary.zip
863+ chmod 755 ./linux_amd64/macnotary
864+
865+ release_kubectl_mongodb_plugin :
866+ - command : github.generate_token
867+ params :
868+ expansion_name : generated_token
869+ - command : shell.exec
870+ type : setup
871+ params :
872+ working_dir : src/github.com/mongodb/mongodb-kubernetes
873+ include_expansions_in_env :
874+ - GRS_USERNAME
875+ - GRS_PASSWORD
876+ - PKCS11_URI
877+ - ARTIFACTORY_URL
878+ - ARTIFACTORY_PASSWORD
879+ - SIGNING_IMAGE_URI
880+ - macos_notary_keyid
881+ - macos_notary_secret
882+ - workdir
883+ - triggered_by_git_tag
884+ - RELEASE_OPERATOR_VERSION
885+ env :
886+ XDG_CONFIG_HOME : ${go_base_path}${workdir}
887+ GO111MODULE : " on"
888+ GOROOT : " /opt/golang/go1.24"
889+ MACOS_NOTARY_KEY : ${macos_notary_keyid}
890+ MACOS_NOTARY_SECRET : ${macos_notary_secret}
891+ # shell.exec EVG Task doesn't have add_to_path, so we need to explicitly add the path export below.
892+ script : |
893+ set -Eeu pipefail
894+ export GORELEASER_CURRENT_TAG=${RELEASE_OPERATOR_VERSION|*triggered_by_git_tag}
895+ export PATH=$GOROOT/bin:$PATH
896+ export GITHUB_TOKEN=${generated_token}
897+ ${workdir}/goreleaser release --clean
0 commit comments