@@ -46,6 +46,9 @@ variables:
4646 - workdir
4747 # temporary secret to pull community private preview image from quay.io
4848 - community_private_preview_pullsecret_dockerconfigjson
49+ - RELEASE_INITIAL_VERSION
50+ - RELEASE_INITIAL_COMMIT_SHA
51+ - RELEASE_OPERATOR_VERSION
4952
5053functions :
5154
@@ -564,42 +567,18 @@ functions:
564567 working_dir : src/github.com/mongodb/mongodb-kubernetes
565568 binary : scripts/dev/run_python.sh scripts/release/pipeline_main.py --parallel ${image_name} ${all_agents} ${build_scenario}
566569
567- # TODO: CLOUDP-335471 ; once all image builds are made with the new atomic pipeline, remove the following function
568- legacy_pipeline :
570+ # TODO: this function is very similar to pipeline and it will joined with it in the future
571+ release_operator_pipeline :
569572 - *switch_context
570- - command : shell.exec
571- type : setup
572- params :
573- shell : bash
574- script : |
575- # Docker Hub workaround
576- # docker buildx needs the moby/buildkit image when setting up a builder so we pull it from our mirror
577- docker buildx create --driver=docker-container --driver-opt=image=268558157000.dkr.ecr.eu-west-1.amazonaws.com/docker-hub-mirrors/moby/buildkit:buildx-stable-1 --use
578- docker buildx inspect --bootstrap
579- command : ec2.assume_role
580- display_name : Assume IAM role with permissions to pull Kondukto API token
581- params :
582- role_arn : ${kondukto_role_arn}
583- - command : shell.exec
584- display_name : Pull Kondukto API token from AWS Secrets Manager and write it to file
585- params :
586- silent : true
587- shell : bash
588- include_expansions_in_env : [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN]
589- script : |
590- set -e
591- # use AWS CLI to get the Kondukto API token from AWS Secrets Manager
592- kondukto_token=$(aws secretsmanager get-secret-value --secret-id "kondukto-token" --region "us-east-1" --query 'SecretString' --output text)
593- # write the KONDUKTO_TOKEN environment variable to Silkbomb environment file
594- echo "KONDUKTO_TOKEN=$kondukto_token" > ${workdir}/silkbomb.env
595573 - command : subprocess.exec
596574 retry_on_failure : true
597575 type : setup
598576 params :
599577 shell : bash
600578 << : *e2e_include_expansions_in_env
601579 working_dir : src/github.com/mongodb/mongodb-kubernetes
602- binary : scripts/dev/run_python.sh pipeline.py --include ${image_name} --parallel --sign
580+ # By default, use the git tag that triggered the task which can be overridden with RELEASE_OPERATOR_VERSION
581+ binary : scripts/dev/run_python.sh scripts/release/pipeline_main.py ${image_name} --build-scenario release --version ${RELEASE_OPERATOR_VERSION|*triggered_by_git_tag}
603582
604583 teardown_cloud_qa_all :
605584 - *switch_context
@@ -855,3 +834,65 @@ functions:
855834 - task_name
856835 script : |
857836 ./scripts/code_snippets/tests/${task_name}
837+
838+ #
839+ # kubectl mongodb plugin release functions
840+ #
841+ install_goreleaser :
842+ - command : shell.exec
843+ type : setup
844+ include_expansions_in_env :
845+ - goreleaser_pro_tar_gz
846+ params :
847+ script : |
848+ set -Eeu pipefail
849+ curl -fL "${goreleaser_pro_tar_gz}" --output goreleaser_Linux_x86_64.tar.gz
850+ tar -xf goreleaser_Linux_x86_64.tar.gz
851+ chmod 755 ./goreleaser
852+
853+ install_macos_notarization_service :
854+ - command : shell.exec
855+ type : setup
856+ params :
857+ include_expansions_in_env :
858+ - notary_service_url
859+ script : |
860+ set -Eeu pipefail
861+
862+ curl "${notary_service_url}" --output macos-notary.zip
863+ unzip -u macos-notary.zip
864+ chmod 755 ./linux_amd64/macnotary
865+
866+ release_kubectl_mongodb_plugin :
867+ - command : github.generate_token
868+ params :
869+ expansion_name : generated_token
870+ - command : shell.exec
871+ type : setup
872+ params :
873+ working_dir : src/github.com/mongodb/mongodb-kubernetes
874+ include_expansions_in_env :
875+ - GRS_USERNAME
876+ - GRS_PASSWORD
877+ - PKCS11_URI
878+ - ARTIFACTORY_URL
879+ - ARTIFACTORY_PASSWORD
880+ - SIGNING_IMAGE_URI
881+ - macos_notary_keyid
882+ - macos_notary_secret
883+ - workdir
884+ - triggered_by_git_tag
885+ - RELEASE_OPERATOR_VERSION
886+ env :
887+ XDG_CONFIG_HOME : ${go_base_path}${workdir}
888+ GO111MODULE : " on"
889+ GOROOT : " /opt/golang/go1.24"
890+ MACOS_NOTARY_KEY : ${macos_notary_keyid}
891+ MACOS_NOTARY_SECRET : ${macos_notary_secret}
892+ # shell.exec EVG Task doesn't have add_to_path, so we need to explicitly add the path export below.
893+ script : |
894+ set -Eeu pipefail
895+ export GORELEASER_CURRENT_TAG=${RELEASE_OPERATOR_VERSION|*triggered_by_git_tag}
896+ export PATH=$GOROOT/bin:$PATH
897+ export GITHUB_TOKEN=${generated_token}
898+ ${workdir}/goreleaser release --clean
0 commit comments