Provide Tekton manifests to release ks

Signed-off-by: John Niang <johnniang@fastmail.com>

.github/tekton/README.md

@@ -6,13 +6,18 @@ We dogfood our project by using Tekton Pipelines to build and test `ks`. This di
 
 ## Tekton manifests
 
-| Manifest                           | Description                                                                        |
-| ---------------------------------- | ---------------------------------------------------------------------------------- |
-| build-bot.yaml                     | Needed by `PipelineRun`. For more granularity in specifying execution credentials. |
-| pull-request-pipeline.yaml         | `Pipeline` configuration for ks when pull request event is comming.                |
-| shared-storage.yaml                | Share volume among tasks. Such as source code output from `git-clone` task.        |
-| pull-request-trigger.yaml          | Indicate what happens when the EventListener detects an event.                     |
-| pull-request-trigger-template.yaml | Specifies a blueprint for PipelineRun.                                             |
+| Manifest                           | Description                                                                                        |
+| ---------------------------------- | -------------------------------------------------------------------------------------------------- |
+| shared-storage.yaml                | Share volume among tasks. Such as source code output from `git-clone` task.                        |
+| build-bot.yaml                     | Needed by `PipelineRun`. For more granularity in specifying execution credentials.                 |
+| pull-request-pipeline.yaml         | `Pipeline` configuration for ks when pull request event is comming.                                |
+| pull-request-trigger.yaml          | Indicate what happens when the EventListener detects an event.                                     |
+| pull-request-trigger-template.yaml | Specifies a blueprint for PipelineRun.                                                             |
+| release-bot.yaml                   | Needed by `ks-release-trigger-template`. For more granularity in specifying execution credentials. |
+| release-pipeline.yaml              | Tasks defined in it when releasing.                                                                |
+| release-trigger-template.yaml      | Specifies a blueprint for releasing.                                                               |
+| release-trigger.yaml               | Indicate what happens when the EventListener detects an event.                                     |
+| goreleaser-release.yaml            | For releasing using goreleaser.                                                                    |
 
 ## FAQ
 

.github/tekton/build-bot.yaml

@@ -3,4 +3,5 @@ kind: ServiceAccount
 metadata:
   name: ks-pipeline-bot
 secrets:
+  # For setting commit status
   - name: github

.github/tekton/goreleaser-release.yaml

@@ -0,0 +1,105 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: goreleaser-release
+  labels:
+    app.kubernetes.io/version: "0.2"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/categories: Automation, Publishing
+    tekton.dev/tags: golang, release-automation, package
+    tekton.dev/displayName: "GoReleaser"
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: |-
+    GoReleaser builds Go binaries for several platforms.
+    It creates a GitHub release and then pushes a Homebrew formula to a tap repository.
+  params:
+    - description: base package to build in
+      name: package
+      type: string
+    - default: bot-token-github
+      description: name of the secret holding the github-token
+      name: github-token-secret
+      type: string
+    - default: bot-token
+      description: name of the secret key holding the github-token
+      name: github-token-secret-key
+      type: string
+    - default: --timeout=30m
+      description: flags to pass to `goreleaser release`
+      name: flags
+      type: string
+    - default: docker.io/goreleaser/goreleaser@sha256:0e87d0e33840a556d3b9c10a7f71a3a69bcd9c29b86a180cbbf7d7ad1f3fa280
+      description: container image location for goreleaser
+      name: image
+      type: string
+    - name: insecure_registry
+      description: Allows the user to push to an insecure registry that has been specified
+      default: ""
+    - name: dind_image
+      description: The location of the docker-in-docker image.
+      default: docker:dind
+  steps:
+    - image: $(params.image)
+      name: fetch-all-tags
+      script: |
+        git status
+        git diff
+        git fetch -p --all
+      workingDir: $(workspaces.source.path)
+    - name: release
+      image: $(params.image)
+      env:
+        - name: GOPATH
+          value: /workspace
+        - name: GITHUB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: $(params.github-token-secret-key)
+              name: $(params.github-token-secret)
+        # Connect to the sidecar over TCP, with TLS.
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        # Verify TLS.
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        # Use the certs generated by the sidecard daemon.
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+      script: |
+        apk add --no-cache upx
+        goreleaser release $(params.flags)
+      volumeMounts:
+        - mountPath: /certs/client
+          name: dind-certs
+      workingDir: $(workspaces.source.path)
+  sidecars:
+  - image: $(params.dind_image)
+    name: server
+    args:
+      - --storage-driver=vfs
+      - --userland-proxy=false
+      - --debug
+    securityContext:
+      privileged: true
+    env:
+    # Write generated certs to the path shared with the client.
+    - name: DOCKER_TLS_CERTDIR
+      value: /certs
+    volumeMounts:
+    - mountPath: /certs/client
+      name: dind-certs
+    # Wait for the dind daemon to generate the certs it will share with the
+    # client.
+    readinessProbe:
+      periodSeconds: 1
+      exec:
+        command: ['ls', '/certs/client/ca.pem']
+  workspaces:
+    - description: The workspace containing the Go source code which needs to be released.
+      mountPath: /workspace/src/$(params.package)
+      name: source
+  volumes:
+    - name: dind-certs
+      emptyDir: {}

.github/tekton/release-bot.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ks-release-bot
+secrets:
+  # For uploading assets to a release
+  - name: bot-token-github
+  # For pushing docker image to docker.io
+  - name: docker-id
+  # For pushing docker image to ghcr.io
+  - name: ghcr-id

.github/tekton/release-trigger-template.yaml

@@ -0,0 +1,27 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: ks-release
+spec:
+  params:
+    - name: revision
+    - name: clone-url
+    - name: tag-name
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1beta1
+      kind: PipelineRun
+      metadata:
+        generateName: ks-release-$(tt.params.tag-name)-
+      spec:
+        serviceAccountName: ks-release-bot
+        pipelineRef:
+          name: ks-release
+        params:
+          - name: clone-url
+            value: $(tt.params.clone-url)
+          - name: revision
+            value: $(tt.params.revision)
+        workspaces:
+          - name: repo
+            persistentVolumeClaim:
+              claimName: shared-ks-storage

.github/tekton/release-trigger.yaml

@@ -0,0 +1,42 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: Trigger
+metadata:
+  name: ks-release-trigger
+spec:
+  interceptors:
+    - ref:
+        name: github
+      params:
+        - name: secretRef
+          value:
+            secretName: webhook-secret
+            secretKey: secret
+        - name: eventTypes
+          value:
+            - push
+    - ref:
+        name: cel
+      params:
+        - name: filter
+          value: "body.ref.startsWith('refs/tags/')"
+    - ref:
+        name: cel
+      params:
+        - name: filter
+          value: "body.repository.full_name == 'kubesphere-sigs/ks'"
+    - ref:
+        name: cel
+      params:
+        - name: overlays
+          value:
+            - key: tag-name
+              expression: "body.ref.replace('refs/tags/', '')"
+  bindings:
+    - name: clone-url
+      value: $(body.repository.clone_url)
+    - name: revision
+      value: $(extensions.tag-name)
+    - name: tag-name
+      value: $(extensions.tag-name)
+  template:
+    ref: ks-release

.github/tekton/releaser-pipeline.yaml

@@ -0,0 +1,41 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: ks-release
+spec:
+  workspaces:
+    - name: repo
+  params:
+    # - name: repo-full-name
+    #   description: "Repository full name. like: kubesphere-sigs/ks"
+    - name: clone-url
+      description: Git repository clone URL.
+    - name: revision
+      description: Git repository revision to checkout.
+    # - name: dashboard-url
+    #   description: Tekton dashboard access URL, like http://demo:31962/#/namespaces/ks/pipelineruns.
+  tasks:
+    - name: checkout
+      taskRef:
+        name: git-clone
+      params:
+        - name: url
+          value: $(params.clone-url)
+        - name: revision
+          value: $(params.revision)
+      workspaces:
+        - name: output
+          workspace: repo
+    - name: release
+      runAfter:
+        - checkout
+      taskRef:
+        name: goreleaser-release
+      params:
+        - name: package
+          value: github.com/kubesphere-sigs/ks
+        - name: flags
+          value: --rm-dist --debug
+      workspaces:
+        - name: source
+          workspace: repo

.goreleaser.yml

@@ -108,3 +108,9 @@ dockers:
       - "surenpi/ks:{{.Tag}}"
       - "ghcr.io/linuxsuren/ks/ks:latest"
       - "ghcr.io/linuxsuren/ks/ks:{{.Tag}}"
+  - goos: linux
+    goarch: amd64
+    dockerfile: build/Dockerfile
+    image_templates:
+      - "surenpi/ks-tool:v1.17.0-{{.Tag}}"
+      - "surenpi/ks-tool:latest"