search

cert-manager / release

Releasing tooling for the cert-manager project
Apache License 2.0
4 stars 12 forks source link

Publish latest release number as part of creating a final release #42

Open irbekrm opened 3 years ago

irbekrm commented 3 years ago

See https://github.com/cert-manager/website/pull/690#issuecomment-905434505 for context.

It would be good if, as part of cutting a new release that is meant to be the latest final (non-alpha/beta release) we could also publish somewhere (probably a txt file in a bucket) the latest release version (i.e v.1.5.3) so we can then use that in our installation instructions (see i.e kubectl install instructions where version number is read from https://dl.k8s.io/release/stable.txt).

maelvls commented 3 years ago

That is a great idea.

Which bucket should that be?

It would have to be set to public, but I think cert-manager-release is not publically available:

# gsutil acl get gs://cert-manager-release
[
  {
    "entity": "project-editors-1021342095237",
    "projectTeam": {
      "projectNumber": "1021342095237",
      "team": "editors"
    },
    "role": "OWNER"
  },
  {
    "entity": "project-owners-1021342095237",
    "projectTeam": {
      "projectNumber": "1021342095237",
      "team": "owners"
    },
    "role": "OWNER"
  },
  {
    "entity": "project-viewers-1021342095237",
    "projectTeam": {
      "projectNumber": "1021342095237",
      "team": "viewers"
    },
    "role": "READER"
  }
]

To try it out, I created a bucket:

gsutil mb -p cert-manager-release gs://cert-manager-rel
gsutil web set gs://cert-manager-rel
gsutil iam ch allUsers:objectViewer gs://cert-manager-rel
echo 1.5.3 >latest
gsutil cp latest gs://cert-manager-rel

That would give:

$ curl https://storage.googleapis.com/cert-manager-rel/latest
1.5.3
irbekrm commented 3 years ago

Thanks for investigating @maelvls 🙏🏼

Which bucket should that be?

It could have been nice if it was the same release bucket as that way we wouldn't need to make another bucket name configurable via params/would minimize the risk that someone accidentally overwrites the stable release name when testing publishing. Perhaps we can make public just a single file in the release bucket publicly accessible? Else I guess it'd have to be another bucket in the same project and we'd have to ensure that cmrel allows parameterizing that bucket name as well.

maelvls commented 3 years ago

You are correct, it is possible to set the public-read role to a single object, meaning that we can reuse the existing cert-manager-release bucket:

echo 1.5.3 >latest
gsutil cp latest gs://cert-manager-release
gsutil acl set public-read gs://cert-manager-release/latest

And then:

$ curl https://storage.googleapis.com/cert-manager-release/latest
1.5.3