{"id":19039912,"url":"https://github.com/cert-manager/release","last_synced_at":"2025-11-01T10:07:52.564Z","repository":{"id":37899698,"uuid":"236732392","full_name":"cert-manager/release","owner":"cert-manager","description":"Releasing tooling for the cert-manager project","archived":false,"fork":false,"pushed_at":"2025-03-04T17:20:57.000Z","size":591,"stargazers_count":5,"open_issues_count":10,"forks_count":12,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-18T05:53:55.473Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cert-manager.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-01-28T12:40:36.000Z","updated_at":"2025-01-16T15:15:51.000Z","dependencies_parsed_at":"2023-12-24T09:34:31.095Z","dependency_job_id":"4c4e7641-331b-44e8-9533-64a7eb02a449","html_url":"https://github.com/cert-manager/release","commit_stats":{"total_commits":176,"total_committers":13,"mean_commits":"13.538461538461538","dds":0.6079545454545454,"last_synced_commit":"22db65f28bee44737d871bda214c57ed3414f725"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Frelease","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Frelease/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Frelease/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Frelease/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cert-manager","download_url":"https://codeload.github.com/cert-manager/release/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250404703,"owners_count":21425001,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-11-08T22:19:28.667Z","updated_at":"2025-11-01T10:07:52.536Z","avatar_url":"https://github.com/cert-manager.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png\" height=\"256\" width=\"256\" alt=\"cert-manager project logo\" /\u003e\n\u003c/p\u003e\n\n# cert-manager Release Tooling\n\nThis repository contains release tooling for the cert-manager project.\n\nNB: The most up-to-date release process is documented on the [cert-manager website](https://cert-manager.io/docs/contributing/release-process/).\nIf you're trying to do a cert-manager release, you should start on the website. The docs\nhere are mostly intended for people developing cert-manager tooling.\n\n## cmrel\n\n`cmrel` is a small tool to help with building and releasing cert-manager.\n\nThe key commands are:\n\n- `cmrel makestage` - Build and stage a cert-manager release from a given git ref\n- `cmrel publish` - Publish a previously staged release\n\n## makestage\n\n`cmrel makestage` is a totally minimal wrapper for building a full cert-manager release.\n\nThe actual commands which are run are defined entirely in a Makefile in the cert-manager repo. This command is essentially\njust glue to call that Makefile in Google Cloud Build, and then to copy the resulting files to GCS.\n\nThe only argument which would normally be required is `--git-ref` which specifies the git ref to check out for the cert-manager\nrepo. This might be a commit, a tag, or a branch. Usually for a release, a tag would be specified.\n\nAn example invocation might be:\n\n```console\n$ cmrel makestage --ref master\n... lots of output ...\n```\n\n## publish\n\n`cmrel publish` takes a staged release from Google Cloud Storage, validates it, and then\npushes it out to public facing locations including Helm repos, container registries, and GitHub\nreleases.\n\n```console\n$ cmrel publish \\\n    --release-name v0.14.0-f6da9c76877551ef32503b17189bb178501f59a7 \\\n    --nomock\n```\n\n# Legacy Docs\n\nAll below docs are legacy and are preserved only for the transition from bazel to make.\n\n## Control Flow During a Release\n\n`cmrel` is used in various places - including by itself - to carry out a release.\n\nThe process can be summarised roughly as follows:\n\n- A developer calls `cmrel stage` on their machine which triggers the \"stage\" [GCB job](./gcb/stage/cloudbuild.yaml)\n- The \"stage\" GCB job calls `cmrel gcb stage` which creates cert-manager artifacts\n- A developer calls `cmrel publish` on their machine, which triggers the \"publish\" [GCB job](./gcb/publish/cloudbuild.yaml)\n- The \"publish\" GCB job calls `cmrel gcb publish` which uploads the artifacts wherever they need to be published\n\n## cmrel\n\ncmrel is the central hub for release managers interacting with the release\nprocess.\n\nIt has 3 primary functions:\n\n* Staging new releases\n* Listing staged releases\n* Publishing a staged release\n\n### Creating an Official Release\n\n\u003e *WARNING*: following these steps exactly will push out a *public facing release*!\n\u003e Please use this as an example *only*.\n\nIn this example, we're going to build, stage and publish a full official\nrelease from source.\n\nFor example purposes, we'll:\n\n1) Use the `release-0.14` branch in cert-manager as the 'source'\n2) Create the release with version `v0.14.0`\n\n#### Step 1 - stage the release\n\n'Staging' a release is the process of:\n\n* Cloning the cert-manager repository\n* Running a 'release build'\n* Storing build release artifacts \u0026 associated metadata in Google Cloud Storage\n\nThe `cmrel` tool provides a subcommand to start this process, `cmrel stage`.\nFull usage information for `cmrel stage`:\n\n```text\nFlags:\n      --branch string                 The git branch to build the release from. If --git-ref is not specified, the HEAD of this branch will be looked up on GitHub. (default \"master\")\n      --bucket string                 The name of the GCS bucket to stage the release to. (default \"cert-manager-release\")\n      --cloudbuild string             The path to the cloudbuild.yaml file used to perform the cert-manager crossbuild. The default value assumes that this tool is run from the root of the release repository. (default \"./gcb/stage/cloudbuild.yaml\")\n      --git-ref string                The git commit ref of cert-manager that should be staged.\n  -h, --help                          help for stage\n      --org string                    Name of the GitHub org to fetch cert-manager sources from. (default \"cert-manager\")\n      --project string                The GCP project to run the GCB build jobs in. (default \"cert-manager-release\")\n      --published-image-repo string   The docker image repository set when building the release. (default \"quay.io/jetstack\")\n      --release-version string        Optional release version override used to force the version strings used during the release to a specific value.\n      --repo string                   Name of the GitHub repo to fetch cert-manager sources from. (default \"cert-manager\")\n```\n\nThe default values here are optimised for pushing an official release. If you\nare intending to publish this release to your own project/namespace, you should\nbe sure to change the `--published-image-repo` flag accordingly.\n\nIf you are not a 'cert-manager release manager', you will also need to use an\nalternative `--project` and `--bucket` flag that you have sufficient permission\nto publish to.\n\nWe'll run `cmrel stage` below to start a GCB job to stage the release:\n\n```console\n$ cmrel stage \\\n    --branch release-0.14 \\\n    --release-version v0.14.0\n```\n\nThis will trigger a job to run on GCB which will build and push the release\nartifacts to the staging bucket.\n\nAfter executing, you should see a message indicating where you can visit to\nfollow along and view logs to track the build progress.\n\nOnce complete, `cmrel stage` should exit successfully.\n\n#### Step 2 - Listing Staged Builds\n\nAfter a build has been staged, it's important that you verify the release has\nbeen published to the bucket as expected.\n\nThe `cmrel staged` command will print a simple list of releases that have been\nstaged to the release bucket.\n\nFull usage information for `cmrel staged`:\n\n```text\nFlags:\n      --bucket string            The name of the GCS bucket containing the staged releases. (default \"cert-manager-release\")\n      --git-ref string           Optional specific git reference to list staged releases for - if specified, --release-version must also be specified.\n  -h, --help                     help for staged\n      --release-type string      The type of release to list - usually one of 'release' or 'devel' (default \"release\")\n      --release-version string   Optional release version override used to force the version strings used during the release to a specific value.\n```\n\nRunning it will print a list of staged releases:\n\n```console\n$ cmrel staged\n...\nNAME                                             VERSION DATE\nv0.14.0-f6da9c76877551ef32503b17189bb178501f59a7 v0.14.0 UNKNOWN\n```\n\nHere we can see a single release in the bucket, version `v0.14.0`.\nThe git commit ref is also included as part of the name, so you can be sure\nthat the correct revision of cert-manager has in fact been built.\n\nOnce you have found the release you wish to stage in this list, make a note of\nthe release's `name` and proceed to step 3!\n\n#### Step 3 - Publishing a Staged Release\n\nOnce a release has been staged into the release bucket and we've verified it\nhas been built from the correct revision of cert-manager, we are now ready to\ntrigger the publishing stage of the release.\n\nIn this step, the staged release is fetched from Google Cloud Storage,\nvalidated, and then pushed out to public facing locations.\n\n```console\n$ cmrel publish \\\n    --release-name v0.14.0-f6da9c76877551ef32503b17189bb178501f59a7 \\\n    --nomock\n```\n\nIf you do not specify the `--nomock` flag, `cmrel` will *not* push any\nartifacts and will only fetch and validate the release before exiting.\n\nThe final stage of this step is to create a GitHub release in the cert-manager\nrepository, as well as uploading 'static manifests' to the release.\nTo allow you to update the release with proper release notes\n*before publishing*, `cmrel` will mark the created release as a **DRAFT**.\nYou must then edit the release to include the appropriate release notes, and\nthen hit 'Publish'!\n\nIf you are intending to publish to your own, private release buckets (i.e. to\ntest this whole workflow, or for creating internal releases) you should be sure\nto set the following flags when calling `cmrel publish`:\n\n```text\n    --published-image-repo='quay.io/mycompany' # prefix for images, e.g. 'quay.io/mycompany'\n    --published-helm-chart-bucket='mycompany-helm-charts' # name of the GCS bucket where the built Helm chart should be stored\n    --published-github-org='mycompany' # name of the GitHub org containing the repo that will be tagged at the end\n```\n\n### Development\n\n#### Creating Development Builds\n\nBy default the artifacts created during a release process are pushed to `cert-manager-release` bucket at `/stage/gcb/release` path.\nIt is also possible to create a 'development' build by skipping the `--release-version` flag on `cmrel stage` command. This will result in the build artifacts being pushed to `cert-manager-release` bucket at `/stage/gcb/devel` path.\n\nIf you have made some local changes to this tool and want to create a 'devel' build to test them, be mindful that the Google Cloud Build triggered by running `cmrel stage` clones this repository from GitHub and runs its own `cmrel` commands. You can modify the [Cloud Build config](https://github.com/cert-manager/release/blob/master/gcb/stage/cloudbuild.yaml) to configure a different GitHub repository/branch.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Frelease","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcert-manager%2Frelease","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Frelease/lists"}