diff --git a/modules/ROOT/pages/getting-started.adoc b/modules/ROOT/pages/getting-started.adoc index e2cb5f304..51363e202 100644 --- a/modules/ROOT/pages/getting-started.adoc +++ b/modules/ROOT/pages/getting-started.adoc @@ -156,4 +156,4 @@ include::partial${context}-additional-getting-started.adoc[] == Getting started with the CLI -include::partial${context}-getting-started-with-the-cli.adoc[] +include::partial${context}-getting-started-with-the-cli.adoc[] \ No newline at end of file diff --git a/modules/building/pages/configuration-as-code.adoc b/modules/building/pages/configuration-as-code.adoc index 9618f234e..1913ab710 100644 --- a/modules/building/pages/configuration-as-code.adoc +++ b/modules/building/pages/configuration-as-code.adoc @@ -319,4 +319,4 @@ If you follow this method to create an `application-b` composed of `component-c` NOTE: You can also modify the project structure to fit your own needs by moving application bases and component definitions to different levels, but this configuration offers the most layered encapsulation across applications and application versions. -IMPORTANT: Managing multiple related components and applications can be challenging. Refer https://redhat-appstudio.github.io/docs.appstudio.io/Documentation/main/how-to-guides/proc_multiversion/ [Managing multiple software versions] to manage multiple related components and applications. +IMPORTANT: Managing multiple related components and applications can be challenging. Refer https://redhat-appstudio.github.io/docs.appstudio.io/Documentation/main/how-to-guides/proc_multiversion/ [Managing multiple software versions] to manage multiple related components and applications. \ No newline at end of file diff --git a/modules/building/pages/creating-secrets.adoc b/modules/building/pages/creating-secrets.adoc index 6aa663686..4a15649da 100644 --- a/modules/building/pages/creating-secrets.adoc +++ b/modules/building/pages/creating-secrets.adoc @@ -45,8 +45,8 @@ Some container builds may use parent images from registries that require authent . Obtain the username and password login credentials for the container registry. * For access to `registry.redhat.io`, you can create a registry service account at https://access.redhat.com/terms-based-registry/accounts. -. In the correct {ProductName} tenant namespace, go to **Secrets**. -. Click **Add secret**. +. In the correct {ProductName} tenant namespace, go to **Secrets**. +. Click **Add secret**. . For **Secret type**, select **Image pull secret**. . For **Authentication type**, select **Image registry credentials**. . For **Registry server address** enter the image registry (for example `registry.redhat.io`). @@ -77,11 +77,11 @@ Here is the YAML representation of the secret (for reference): ---- apiVersion: v1 data: -.dockerconfigjson: + .dockerconfigjson: kind: Secret metadata: -name: my-quay-secret -namespace: + name: my-quay-secret + namespace: type: kubernetes.io/dockerconfigjson ---- @@ -277,4 +277,4 @@ include::partial${context}-secrets-external-vault.adoc[] * For more information about GitLab access tokens, see link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html[Project access tokens]. -* To configure push secrets for your Build and Release pipelines, see link:https://github.com/konflux-ci/konflux-ci?tab=readme-ov-file#configuring-a-push-secret-for-the-build-pipeline[Configuring push secrets] in the Konflux GitHub repository. +* To configure push secrets for your Build and Release pipelines, see link:https://github.com/konflux-ci/konflux-ci?tab=readme-ov-file#configuring-a-push-secret-for-the-build-pipeline[Configuring push secrets] in the Konflux GitHub repository. \ No newline at end of file diff --git a/modules/building/pages/index.adoc b/modules/building/pages/index.adoc index 1876dc84e..3e7c5f9f7 100644 --- a/modules/building/pages/index.adoc +++ b/modules/building/pages/index.adoc @@ -2,8 +2,16 @@ When creating a component, {ProductName} will push a Tekton PipelineRun to your component's source repository. This pipeline is yours to customize as needed for building your component and Tekton Chains will record the customizations in a detailed signed in-toto provenance attestation. This provenance enables Conforma to xref:compliance:index.adoc[manage compliance] to ensure the artifact's integrity and compliance with specific policies. +== Automated Documentation Updates + +{ProductName} leverages an automated documentation update mechanism that responds to specific comments on Pull Requests. This system uses the `docs-enhancer.yml` workflow to automatically update documentation whenever a pull request comment contains `[update-docs]`. + +This automation ensures that documentation remains current with code changes, streamlining the process of maintaining accurate and comprehensive project information. + == Additional resources [[additional-resources]] * The sample pipelines that you can initially configure your components with depend on the {ProductName} deployment. This might include the pipelines provided by xref:installing:enabling-builds.adoc#available-pipelines[{ProductName}] or other additional pipelines. * If you want to change the configured pipeline for your component after it is onboarded, see xref:building:reconfiguring-build-pipeline.adoc#changing-pipelines[reconfiguring the build pipeline]. * Since the Tekton PipelineRuns use link:https://pipelinesascode.com[Pipelines as Code] to trigger the jobs on the cluster, you can also use any of the link:https://pipelinesascode.com/docs/guide/authoringprs/#default-parameters[default parameters] in the PipelineRuns in your git repositories. +* The `kube-linter.yaml`, `pr.yaml`, and `codecov-main.yaml` GitHub workflows have been removed. This means the project no longer automatically checks Kubernetes YAMLs with `kube-linter` on pull requests, performs `golangci-lint`, `gosec` security scans, or `envtest` runs on pull requests, and no longer generates `codecov` reports on pushes to the `main` branch. +* The `config/default/kustomization.yaml` has been updated to include enhanced monitoring and webhook support, with standardized labeling (`app.kubernetes.io/name`, `app.kubernetes.io/component`, `monitoring`) and enabled network policies. \ No newline at end of file diff --git a/modules/end-to-end/pages/building-tekton-tasks.adoc b/modules/end-to-end/pages/building-tekton-tasks.adoc index 4590abd64..dfaf33caa 100644 --- a/modules/end-to-end/pages/building-tekton-tasks.adoc +++ b/modules/end-to-end/pages/building-tekton-tasks.adoc @@ -260,4 +260,4 @@ spec: After completing all the steps above we should now have: * A task release as a bundle in our release repository -* An OCI artifact named *data-acceptable-bundles* in our release repository, containing a SHA reference of the latest task release as a trusted task (all the previous versions of the task will appear with the expires_on parameter) +* An OCI artifact named *data-acceptable-bundles* in our release repository, containing a SHA reference of the latest task release as a trusted task (all the previous versions of the task will appear with the expires_on parameter) \ No newline at end of file diff --git a/modules/installing/nav.adoc b/modules/installing/nav.adoc index 19c625a94..308b4a6c5 100644 --- a/modules/installing/nav.adoc +++ b/modules/installing/nav.adoc @@ -1,4 +1,6 @@ ** Installation *** xref:index.adoc[Installing {ProductName}] *** xref:enabling-builds.adoc[Enabling build pipelines] -*** xref:github-app.adoc[GitHub App] \ No newline at end of file +*** xref:github-app.adoc[GitHub App] +*** xref:docs-automation.adoc[Documentation Automation] +*** xref:kustomization-config.adoc[Kustomization Configuration] \ No newline at end of file diff --git a/modules/installing/pages/enabling-builds.adoc b/modules/installing/pages/enabling-builds.adoc index c143deb22..c3d2e8964 100644 --- a/modules/installing/pages/enabling-builds.adoc +++ b/modules/installing/pages/enabling-builds.adoc @@ -39,7 +39,7 @@ This **ConfigMap** can contain references to any Tekton pipeline bundles. Additi In order to support different use cases within {ProductName}, multiple Tekton pipeline bundles are available in the `quay.io/konflux-ci` organization. NOTE: The tasks included in the pipeline definitions can be discovered using `yq` or `jq`. For example, -```bash +---- $ tkn bundle list -o yaml quay.io/konflux-ci/tekton-catalog/pipeline-docker-build:devel pipeline docker-build 2>/dev/null | yq ".spec.tasks.[].name" init clone-repository @@ -54,7 +54,7 @@ sast-snyk-check clamav-scan apply-tags push-dockerfile -``` +---- ==== _docker-build_ [[docker-build]] diff --git a/modules/installing/pages/index.adoc b/modules/installing/pages/index.adoc index 2e4b60756..387f7e4b4 100644 --- a/modules/installing/pages/index.adoc +++ b/modules/installing/pages/index.adoc @@ -8,4 +8,16 @@ Before tapping into the vast array of benefits offered by {ProductName}, the ini . *Using Kubernetes manifests*: This option supports any image registry and involves fewer initial setup steps. -For detailed instructions, refer to the link:https://github.com/konflux-ci/konflux-ci/blob/main/README.md[installation guide]. \ No newline at end of file +For detailed instructions, refer to the link:https://github.com/konflux-ci/konflux-ci/blob/main/README.md[installation guide]. + +Additionally, {ProductName} now includes enhanced documentation automation. This feature automatically updates documentation based on code changes by commenting `[update-docs]` on a Pull Request. This ensures that the documentation always reflects the latest state of the codebase, improving accuracy and reducing manual effort. + +[[enhanced-observability]] +==== Enhanced Observability + +This update introduces enhanced monitoring, webhook support, and network policies for better observability and security within {ProductName}. + +* *Monitoring*: Enabled standardized labeling for resource identification and monitoring, ensuring that pods running in namespaces labeled `metrics: enabled` can gather metrics. +* *Webhook Server*: The webhook server is now enabled for validation and mutation purposes. CRs that require webhooks and are applied on namespaces labeled `webhooks: enabled` can communicate with the webhook server. +* *Certificate Manager*: The certificate manager is enabled for automated TLS certificate management, which is required by webhook components. +* *Network Policies*: Network policies are enabled to enhance the security posture of the deployment. \ No newline at end of file diff --git a/modules/patterns/pages/gitops-for-manual-releases.adoc b/modules/patterns/pages/gitops-for-manual-releases.adoc index f8410f2cf..818b5f2b5 100644 --- a/modules/patterns/pages/gitops-for-manual-releases.adoc +++ b/modules/patterns/pages/gitops-for-manual-releases.adoc @@ -89,7 +89,7 @@ Let's say you're preparing for an upcoming 1.3.0 release. ---- ❯ yq -i '.metadata.name = "your-project-1-3-0-rc01"' releases/1.3.0/snapshot.yaml # Confirm the name is as you expect -❯ yq .metadata.name releases/1.3.0/snapshot.yaml +❯ yq .metadata.name releases/1.3.0/snapshot.yaml your-project-1-3-0-rc01 ---- @@ -122,4 +122,4 @@ NOTE: Discuss this with your team. The decision depends on your process outside [source] ---- ❯ watch 'kubectl get releases your-project-1-3-0 -o yaml | yq .status'` ----- +---- \ No newline at end of file diff --git a/modules/patterns/pages/maintaining-references-before-release.adoc b/modules/patterns/pages/maintaining-references-before-release.adoc index 09e8ac19f..30c75455f 100644 --- a/modules/patterns/pages/maintaining-references-before-release.adoc +++ b/modules/patterns/pages/maintaining-references-before-release.adoc @@ -44,4 +44,4 @@ NOTE: Once this change is merged, the nudged component will contain invalid refe .*Verification* . Commit a change to a nudging component, triggering a push event. -. After the build is completed, a pull request should be opened against your nudged component's git repository. +. After the build is completed, a pull request should be opened against your nudged component's git repository. \ No newline at end of file diff --git a/modules/patterns/pages/testing-releasing-single-component.adoc b/modules/patterns/pages/testing-releasing-single-component.adoc index 58ec05bfd..376ba6668 100644 --- a/modules/patterns/pages/testing-releasing-single-component.adoc +++ b/modules/patterns/pages/testing-releasing-single-component.adoc @@ -107,4 +107,4 @@ reduce-snapshot [reduce] SNAPSHOT_CREATION_COMPONENT: comp2 [reduce] Single Component mode is true and Snapshot type is component [reduce] COMPONENT_COUNT: 1 --- +-- \ No newline at end of file diff --git a/modules/reference/nav.adoc b/modules/reference/nav.adoc index 8f7a2811f..15834acac 100644 --- a/modules/reference/nav.adoc +++ b/modules/reference/nav.adoc @@ -14,4 +14,4 @@ *** xref:kube-apis/mintmaker.adoc#k8s-api-github-com-konflux-ci-release-service-api-v1alpha1-dependencyupdatecheck[DependencyUpdateCheck] *** xref:kube-apis/project-controller.adoc#k8s-api-github-com-konflux-ci-project-controller-api-v1beta1-project[Project] *** xref:kube-apis/project-controller.adoc#k8s-api-github-com-konflux-ci-project-controller-api-v1beta1-projectdevelopmentstream[ProjectDevelopmentStream] -*** xref:kube-apis/project-controller.adoc#k8s-api-github-com-konflux-ci-project-controller-api-v1beta1-projectdevelopmentstreamtemplate[ProjectDevelopmentStreamTemplate] +*** xref:kube-apis/project-controller.adoc#k8s-api-github-com-konflux-ci-project-controller-api-v1beta1-projectdevelopmentstreamtemplate[ProjectDevelopmentStreamTemplate] \ No newline at end of file diff --git a/modules/reference/pages/kube-apis/release-service.adoc b/modules/reference/pages/kube-apis/release-service.adoc index d7ee73dc1..7a3f8caec 100644 --- a/modules/reference/pages/kube-apis/release-service.adoc +++ b/modules/reference/pages/kube-apis/release-service.adoc @@ -1,663 +1,1068 @@ -// Generated documentation. Please do not edit. -:anchor_prefix: k8s-api - -[id="reference"] -== Release API Reference - -.Packages -- xref:{anchor_prefix}-appstudio-redhat-com-v1alpha1[$$appstudio.redhat.com/v1alpha1$$] - - -[id="{anchor_prefix}-appstudio-redhat-com-v1alpha1"] -=== appstudio.redhat.com/v1alpha1 +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release"] +==== Release -Package v1alpha1 contains API Schema definitions for the appstudio v1alpha1 API group +Release is the Schema for the releases API -.Resource Types -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] +.Appears In: +**** - xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaselist[$$ReleaseList$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionlist[$$ReleasePlanAdmissionList$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanlist[$$ReleasePlanList$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfiglist[$$ReleaseServiceConfigList$$] +**** +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | +| *`kind`* __string__ | `Release` | | +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. +| | +| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasespec[$$ReleaseSpec$$]__ | | | +| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$]__ | | | +|=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-attributioninfo"] -==== AttributionInfo +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaselist"] +==== ReleaseList +ReleaseList contains a list of Release +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | +| *`kind`* __string__ | `ReleaseList` | | +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. +| | +| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] array__ | | | +|=== -AttributionInfo defines the observed state of the release attribution. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan"] +==== ReleasePlan +ReleasePlan is the Schema for the ReleasePlans API. This resource defines release configurations for applications. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanlist[$$ReleasePlanList$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`author`* __string__ | Author is the username that the release is attributed to + | | -| *`standingAuthorization`* __boolean__ | StandingAuthorization indicates whether the release is attributed through a ReleasePlan + | | +| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | +| *`kind`* __string__ | `ReleasePlan` | | +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. +| | +| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$]__ | | | +| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanstatus[$$ReleasePlanStatus$$]__ | | | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoritem"] -==== CollectorItem - - - -CollectorItem represents all the information about an specific collector which will be executed in the -CollectorsPipeline. - +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission"] +==== ReleasePlanAdmission +ReleasePlanAdmission is the Schema for the ReleasePlanAdmissions API. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors[$$Collectors$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionlist[$$ReleasePlanAdmissionList$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`name`* __string__ | Name of the collector + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`timeout`* __integer__ | Timeout in seconds for the collector to execute + | | -| *`type`* __string__ | Type is the type of collector to be used + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param[$$Param$$] array__ | Params is a slice of parameters for a given collector + | | +| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | +| *`kind`* __string__ | `ReleasePlanAdmission` | | +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. +| | +| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec[$$ReleasePlanAdmissionSpec$$]__ | | | +| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionstatus[$$ReleasePlanAdmissionStatus$$]__ | | | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors"] -==== Collectors +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionlist"] +==== ReleasePlanAdmissionList +ReleasePlanAdmissionList contains a list of ReleasePlanAdmission. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | +| *`kind`* __string__ | `ReleasePlanAdmissionList` | | +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. +| | +| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] array__ | | | +|=== -Collectors holds the list of collectors to be executed as part of the release workflow along with the -ServiceAccount to be used in the PipelineRun. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec"] +==== ReleasePlanAdmissionSpec +ReleasePlanAdmissionSpec defines the desired state of ReleasePlanAdmission. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec[$$ReleasePlanAdmissionSpec$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoritem[$$CollectorItem$$] array__ | Items is the list of Collectors to be executed as part of the release workflow + | | -| *`serviceAccountName`* __string__ | ServiceAccountName is the ServiceAccount to use during the execution of the Collectors Pipeline + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - +| *`applications`* __string array__ | Applications is a list of references to applications to be released in the managed namespace + +| | +| *`autoRelease`* __boolean__ | AutoRelease indicates whether the Release should be created automatically + +| `false` | +| *`collectors`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissioncollectors[$$ReleasePlanAdmissionCollectors$$]__ | Collectors contains all the information of the collectors to be executed as part of the release workflow + +| | +| *`data`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Data is an unstructured key used for providing data for the managed Release Pipeline + +| | +| *`environment`* __string__ | Environment defines which Environment will be used to release the Application + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`origin`* __string__ | Origin references where the release requests should come from + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`pipeline`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionpipeline[$$ReleasePlanAdmissionPipeline$$]__ | Pipeline contains all the information about the managed Pipeline + +| | +| *`policy`* __string__ | Policy to validate before releasing an.artifact + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsinfo"] -==== CollectorsInfo - - - -CollectorsInfo defines the observed state of the release collectors. - +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionstatus"] +==== ReleasePlanAdmissionStatus +ReleasePlanAdmissionStatus defines the observed state of ReleasePlanAdmission. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`managedCollectorsProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineinfo[$$PipelineInfo$$]__ | ManagedCollectorsProcessing contains information about the release managed collectors processing + | | -| *`tenantCollectorsProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineinfo[$$PipelineInfo$$]__ | TenantCollectorsProcessing contains information about the release tenant collectors processing + | | +| *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#condition-v1-meta[$$Condition$$] array__ | Conditions represent the latest available observations for the releasePlanAdmission + +| | +| *`releasePlans`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplan[$$MatchedReleasePlan$$] array__ | ReleasePlan is a list of releasePlans matched to the ReleasePlanAdmission + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-emptydiroverrides"] -==== EmptyDirOverrides - - - -EmptyDirOverrides defines the values usually set in a PipelineRef using a git resolver. - +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissioncollectors"] +==== ReleasePlanAdmissionCollectors +Collectors contains all the information of the collectors to be executed as part of the release workflow .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec[$$ReleaseServiceConfigSpec$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec[$$ReleasePlanAdmissionSpec$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`url`* __string__ | Url is the url to the git repo + | | -| *`revision`* __string__ | Revision is the git revision where the Pipeline definition can be found + | | -| *`pathInRepo`* __string__ | PathInRepo is the path within the git repository where the Pipeline definition can be found + | | +| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoritem[$$CollectorItem$$] array__ | Items is the list of Collectors to be executed as part of the release workflow + +| | +| *`serviceAccountName`* __string__ | ServiceAccountName is the ServiceAccount to use during the execution of the Collectors Pipeline + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplan"] -==== MatchedReleasePlan +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoritem"] +==== CollectorItem +CollectorItem represents all the information about an specific collector which will be executed in the +CollectorsPipeline. +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissioncollectors[$$ReleasePlanAdmissionCollectors$$] +**** + +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`name`* __string__ | Name of the collector + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param[$$Param$$] array__ | Params is a slice of parameters for a given collector + +| | +| *`timeout`* __integer__ | Timeout in seconds for the collector to execute + +| | +| *`type`* __string__ | Type is the type of collector to be used + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +|=== -MatchedReleasePlan defines the relevant information for a matched ReleasePlan. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param"] +==== Param +Param represents a parameter for a collector .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionstatus[$$ReleasePlanAdmissionStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoritem[$$CollectorItem$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefintenantpipeline[$$PipelineRefInTenantPipeline$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-paramindefiningpipelineref[$$ParamInDefiningPipelineRef$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-tenantpipeline[$$TenantPipeline$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoriteminreleaseplan[$$CollectorItemInReleasePlan$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`name`* __string__ | Name contains the namespaced name of the ReleasePlan + | | Pattern: `^[a-z0-9]([-a-z0-9]\*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`active`* __boolean__ | Active indicates whether the ReleasePlan is set to auto-release or not + | | +| *`name`* __string__ | Name is the name of the parameter + +| | +| *`value`* __string__ | Value is the value of the parameter + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplanadmission"] -==== MatchedReleasePlanAdmission +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionpipeline"] +==== ReleasePlanAdmissionPipeline + +Pipeline contains all the information about the managed Pipeline +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec[$$ReleasePlanAdmissionSpec$$] +**** +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`pipelineRef`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefinreleaseplanadmissionpipeline[$$PipelineRefInReleasePlanAdmissionPipeline$$]__ | PipelineRef is the reference to the Pipeline + +| | +| *`serviceAccountName`* __string__ | ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`timeouts`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-timeouts[$$Timeouts$$]__ | Timeouts defines the different Timeouts to use in the PipelineRun execution + +| | +|=== -MatchedReleasePlanAdmission defines the relevant information for a matched ReleasePlanAdmission. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefinreleaseplanadmissionpipeline"] +==== PipelineRefInReleasePlanAdmissionPipeline +PipelineRef is the reference to the Pipeline .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanstatus[$$ReleasePlanStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionpipeline[$$ReleasePlanAdmissionPipeline$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`name`* __string__ | Name contains the namespaced name of the releasePlanAdmission + | | -| *`active`* __boolean__ | Active indicates whether the ReleasePlanAdmission is set to block-releases or not + | | +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-paramindefiningpipelineref[$$ParamInDefiningPipelineRef$$] array__ | Params is a slice of parameters for a given resolver + +| | +| *`resolver`* __string__ | Resolver is the name of a Tekton resolver to be used (e.g. git) + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param"] -==== Param +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-paramindefiningpipelineref"] +==== ParamInDefiningPipelineRef +Param defines the parameters for a given resolver in PipelineRef +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefinreleaseplanadmissionpipeline[$$PipelineRefInReleasePlanAdmissionPipeline$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefinfinalpipeline[$$PipelineRefInFinalPipeline$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefintenantpipeline[$$PipelineRefInTenantPipeline$$] +**** -Param represents a parameter for a collector +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`name`* __string__ | Name is the name of the parameter + +| | +| *`value`* __string__ | Value is the value of the parameter + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-timeouts"] +==== Timeouts + +Timeouts defines the different Timeouts to use in the PipelineRun execution .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoritem[$$CollectorItem$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionpipeline[$$ReleasePlanAdmissionPipeline$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-finalpipeline[$$FinalPipeline$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-tenantpipeline[$$TenantPipeline$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`name`* __string__ | Name is the name of the parameter + | | -| *`value`* __string__ | Value is the value of the parameter + | | +| *`finally`* __string__ | Finally sets the maximum allowed duration of this pipeline's finally + +| | +| *`pipeline`* __string__ | Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. + +| | +| *`tasks`* __string__ | Tasks sets the maximum allowed duration of this pipeline's tasks + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineinfo"] -==== PipelineInfo +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanlist"] +==== ReleasePlanList +ReleasePlanList contains a list of ReleasePlan. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | +| *`kind`* __string__ | `ReleasePlanList` | | +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. +| | +| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] array__ | | | +|=== -PipelineInfo defines the observed state of a release pipeline processing. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec"] +==== ReleasePlanSpec +ReleasePlanSpec defines the desired state of ReleasePlan. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsinfo[$$CollectorsInfo$$] -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release processing was completed + | | -| *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release + | | Pattern: `^[a-z0-9]([-a-z0-9]\*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`roleBinding`* __string__ | RoleBinding contains the namespaced name of the roleBinding created for the managed Release PipelineRun + -executed as part of this release + | | Pattern: `^[a-z0-9]([-a-z0-9]\*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release processing started + | | +| *`application`* __string__ | Application is a reference to the application component to be released in the managed namespace + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`collectors`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors[$$Collectors$$]__ | Collectors contains all the information of the collectors to be executed as part of the release workflow + +| | +| *`data`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Data is an unstructured key used for providing data for the managed Release Pipeline + +| | +| *`finalPipeline`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-finalpipeline[$$FinalPipeline$$]__ | FinalPipeline contains all the information about the final Pipeline + +| | +| *`releaseGracePeriodDays`* __integer__ | ReleaseGracePeriodDays is the number of days a Release should be kept + +This value is used to define the Release ExpirationTime + +| `7` | +| *`target`* __string__ | Target references where to send the release requests + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`tenantPipeline`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-tenantpipeline[$$TenantPipeline$$]__ | TenantPipeline contains all the information about the tenant Pipeline + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release"] -==== Release +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanstatus"] +==== ReleasePlanStatus +ReleasePlanStatus defines the observed state of ReleasePlan. +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] +**** -Release is the Schema for the releases API +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#condition-v1-meta[$$Condition$$] array__ | Conditions represent the latest available observations for the releasePlan + +| | +| *`releasePlanAdmission`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplanadmission[$$MatchedReleasePlanAdmission$$]__ | ReleasePlanAdmission contains the information of the releasePlanAdmission this ReleasePlan is matched to + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig"] +==== ReleaseServiceConfig + +ReleaseServiceConfig is the Schema for the releaseserviceconfigs API. This resource manages global configuration settings for the release service. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaselist[$$ReleaseList$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfiglist[$$ReleaseServiceConfigList$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation | *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `Release` | | +| *`kind`* __string__ | `ReleaseServiceConfig` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasespec[$$ReleaseSpec$$]__ | | | -| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$]__ | | | +| | +| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec[$$ReleaseServiceConfigSpec$$]__ | | | +| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigstatus[$$ReleaseServiceConfigStatus$$]__ | | | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaselist"] -==== ReleaseList - - - -ReleaseList contains a list of Release - - - +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfiglist"] +==== ReleaseServiceConfigList +ReleaseServiceConfigList contains a list of ReleaseServiceConfig [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation | *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleaseList` | | +| *`kind`* __string__ | `ReleaseServiceConfigList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] array__ | | | +| | +| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan"] -==== ReleasePlan - - - -ReleasePlan is the Schema for the ReleasePlans API. - +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec"] +==== ReleaseServiceConfigSpec +ReleaseServiceConfigSpec defines the desired state of ReleaseServiceConfig. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanlist[$$ReleasePlanList$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleasePlan` | | -| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$]__ | | | -| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanstatus[$$ReleasePlanStatus$$]__ | | | +| *`advisoryRepo`* __string__ | AdvisoryRepo is the repo to create advisories in during the managed release PipelineRun + +| | +| *`debug`* __boolean__ | Debug is the boolean that specifies whether or not the Release Service should run + +in debug mode + +| | +| *`defaultTimeouts`* __xref:{anchor_prefix}-github-com-tektoncd-pipeline-pkg-apis-pipeline-v1-timeoutfields[$$TimeoutFields$$]__ | DefaultTimeouts contain the default Tekton timeouts to be used in case they are + +not specified in the ReleasePlanAdmission resource. + +| | +| *`logLevel`* __string__ | LogLevel defines the logging verbosity level for the release service + +| | +| *`notificationSettings`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-notificationsettings[$$NotificationSettings$$]__ | NotificationSettings configure how release notifications are sent to different stakeholders during the release process + +| | +| *`resourceLimits`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-resourcelimits[$$ResourceLimits$$]__ | ResourceLimits define constraints on resource usage during release operations to prevent excessive consumption of cluster resources + +| | +| *`retryAttempts`* __integer__ | RetryAttempts specifies the maximum number of retry attempts for failed pipeline runs + +| `0` | Minimum: 0, Maximum: 10 +| *`securityPolicies`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-securitypolicies[$$SecurityPolicies$$]__ | SecurityPolicies define security requirements and constraints that must be enforced during the release process + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission"] -==== ReleasePlanAdmission +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigstatus"] +==== ReleaseServiceConfigStatus +ReleaseServiceConfigStatus defines the observed state of ReleaseServiceConfig. +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] +**** -ReleasePlanAdmission is the Schema for the ReleasePlanAdmissions API. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasespec"] +==== ReleaseSpec +ReleaseSpec defines the desired state of Release. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionlist[$$ReleasePlanAdmissionList$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleasePlanAdmission` | | -| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec[$$ReleasePlanAdmissionSpec$$]__ | | | -| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionstatus[$$ReleasePlanAdmissionStatus$$]__ | | | +| *`data`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Data is an unstructured key used for providing data for the managed Release Pipeline + +| | +| *`gracePeriodDays`* __integer__ | GracePeriodDays is the number of days a Release should be kept after completion + +This value is used to define the Release ExpirationTime for cleanup purposes + +| | +| *`releasePlan`* __string__ | ReleasePlan to use for this particular Release + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`snapshot`* __string__ | Snapshot to be released + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionlist"] -==== ReleasePlanAdmissionList +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus"] +==== ReleaseStatus +ReleaseStatus defines the observed state of Release. +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] +**** -ReleasePlanAdmissionList contains a list of ReleasePlanAdmission. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`artifacts`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Artifacts is an unstructured key used for storing all the artifacts generated by the managed Release Pipeline + +| | +| *`attribution`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-attribution[$$Attribution$$]__ | Attribution contains information about the entity authorizing the release + +| | +| *`audit`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-audit[$$Audit$$]__ | Audit contains information about the Release audit + +| | +| *`automated`* __boolean__ | Automated indicates whether the Release was created as part of an automated workflow process or manually by an end-user + +| | +| *`collectors`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Collectors is an unstructured key used for storing all the collectors results generated by the Collectors Pipeline + +| | +| *`collectorsProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatuscollectorsprocessing[$$ReleaseStatusCollectorsProcessing$$]__ | CollectorsProcessing contains information about the release collectors processing + +| | +| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when a Release was completed + +| | +| *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#condition-v1-meta[$$Condition$$] array__ | Conditions represent the latest available observations for the release + +| | +| *`expirationTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | ExpirationTime is the time when a Release can be purged + +| | +| *`finalProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusfinalprocessing[$$ReleaseStatusFinalProcessing$$]__ | FinalProcessing contains information about the release final processing + +| | +| *`managedProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusmanagedprocessing[$$ReleaseStatusManagedProcessing$$]__ | ManagedProcessing contains information about the release managed processing + +| | +| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when a Release was started + +| | +| *`target`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-target[$$Target$$]__ | Target references where this relesae is intended to be released to + +| | +| *`tenantProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatustenantprocessing[$$ReleaseStatusTenantProcessing$$]__ | TenantProcessing contains information about the release tenant processing + +| | +| *`validation`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusvalidation[$$ReleaseStatusValidation$$]__ | Validation contains information about the release validation + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatuscollectorsprocessing"] +==== ReleaseStatusCollectorsProcessing +CollectorsProcessing contains information about the release collectors processing +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +**** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleasePlanAdmissionList` | | -| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] array__ | | | +| *`managedCollectorsProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsprocessingstatus[$$CollectorsProcessingStatus$$]__ | ManagedCollectorsProcessing contains information about the release managed collectors processing + +| | +| *`tenantCollectorsProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsprocessingstatus[$$CollectorsProcessingStatus$$]__ | TenantCollectorsProcessing contains information about the release tenant collectors processing + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionspec"] -==== ReleasePlanAdmissionSpec - - - -ReleasePlanAdmissionSpec defines the desired state of ReleasePlanAdmission. - +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsprocessingstatus"] +==== CollectorsProcessingStatus +CollectorsProcessingStatus defines the observed status of the Release processing .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatuscollectorsprocessing[$$ReleaseStatusCollectorsProcessing$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`applications`* __string array__ | Applications is a list of references to applications to be released in the managed namespace + | | -| *`collectors`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors[$$Collectors$$]__ | Collectors contains all the information of the collectors to be executed as part of the release workflow + | | -| *`data`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Data is an unstructured key used for providing data for the managed Release Pipeline + | | -| *`environment`* __string__ | Environment defines which Environment will be used to release the Application + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`origin`* __string__ | Origin references where the release requests should come from + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`pipeline`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-tekton-utils-pipeline[$$Pipeline$$]__ | Pipeline contains all the information about the managed Pipeline + | | -| *`policy`* __string__ | Policy to validate before releasing an artifact + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - +| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release processing was completed + +| | +| *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`roleBindings`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaserolebindings[$$ReleaseRoleBindings$$]__ | RoleBindings defines the roleBindings for accessing resources during the Release + +PipelineRun executed as part of this release. + +| | +| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release processing started + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmissionstatus"] -==== ReleasePlanAdmissionStatus +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaserolebindings"] +==== ReleaseRoleBindings +RoleBindings defines the roleBindings for accessing resources during the Release +PipelineRun executed as part of this release. +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsprocessingstatus[$$CollectorsProcessingStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusfinalprocessing[$$ReleaseStatusFinalProcessing$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusmanagedprocessing[$$ReleaseStatusManagedProcessing$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatustenantprocessing[$$ReleaseStatusTenantProcessing$$] +**** + +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`managedRoleBinding`* __string__ | ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`secretRoleBinding`* __string__ | SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`tenantRoleBinding`* __string__ | TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +|=== -ReleasePlanAdmissionStatus defines the observed state of ReleasePlanAdmission. +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusfinalprocessing"] +==== ReleaseStatusFinalProcessing +FinalProcessing contains information about the release final processing .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanadmission[$$ReleasePlanAdmission$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#condition-v1-meta[$$Condition$$] array__ | Conditions represent the latest available observations for the releasePlanAdmission + | | -| *`releasePlans`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplan[$$MatchedReleasePlan$$] array__ | ReleasePlan is a list of releasePlans matched to the ReleasePlanAdmission + | | +| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release processing was completed + +| | +| *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`roleBindings`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaserolebindings[$$ReleaseRoleBindings$$]__ | RoleBindings defines the roleBindings for accessing resources during the Release + +PipelineRun executed as part of this release. + +| | +| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release processing started + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanlist"] -==== ReleasePlanList +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusmanagedprocessing"] +==== ReleaseStatusManagedProcessing +ManagedProcessing contains information about the release managed processing +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +**** -ReleasePlanList contains a list of ReleasePlan. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release processing was completed + +| | +| *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`roleBindings`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaserolebindings[$$ReleaseRoleBindings$$]__ | RoleBindings defines the roleBindings for accessing resources during the Release + +PipelineRun executed as part of this release. + +| | +| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release processing started + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatustenantprocessing"] +==== ReleaseStatusTenantProcessing +TenantProcessing contains information about the release tenant processing +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +**** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleasePlanList` | | -| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] array__ | | | +| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release processing was completed + +| | +| *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`roleBindings`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaserolebindings[$$ReleaseRoleBindings$$]__ | RoleBindings defines the roleBindings for accessing resources during the Release + +PipelineRun executed as part of this release. + +| | +| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release processing started + +| | |=== -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec"] -==== ReleasePlanSpec +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-target"] +==== Target +Target references where this relesae is intended to be released to +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +**** -ReleasePlanSpec defines the desired state of ReleasePlan. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`namespace`* __string__ | Namespace references a namespace within the cluster + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`workspace`* __string__ | Workspace references a KCP workspace within the cluster + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])(:[a-z0-9]([-a-z0-9]*[a-z0-9]))*$` + +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-notificationsettings"] +==== NotificationSettings +NotificationSettings configure how release notifications are sent to different stakeholders during the release process .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec[$$ReleaseServiceConfigSpec$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`application`* __string__ | Application is a reference to the application to be released in the managed namespace + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`collectors`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors[$$Collectors$$]__ | Collectors contains all the information of the collectors to be executed as part of the release workflow + | | -| *`data`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Data is an unstructured key used for providing data for the managed Release Pipeline + | | -| *`tenantPipeline`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-tekton-utils-parameterizedpipeline[$$ParameterizedPipeline$$]__ | TenantPipeline contains all the information about the tenant Pipeline + | | -| *`finalPipeline`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-tekton-utils-parameterizedpipeline[$$ParameterizedPipeline$$]__ | FinalPipeline contains all the information about the final Pipeline + | | -| *`releaseGracePeriodDays`* __integer__ | ReleaseGracePeriodDays is the number of days a Release should be kept + -This value is used to define the Release ExpirationTime + | 7 | -| *`target`* __string__ | Target references where to send the release requests + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - +| *`email`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-emailnotificationsettings[$$EmailNotificationSettings$$]__ | Email notification configuration + +| | +| *`slack`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-slacknotificationsettings[$$SlackNotificationSettings$$]__ | Slack notification configuration + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-emailnotificationsettings"] +==== EmailNotificationSettings -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanstatus"] -==== ReleasePlanStatus - +Email notification configuration +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-notificationsettings[$$NotificationSettings$$] +**** -ReleasePlanStatus defines the observed state of ReleasePlan. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`enabled`* __boolean__ | Enabled determines if email notifications are active + +| | +| *`onFailure`* __boolean__ | OnFailure sends notifications when releases fail + +| | +| *`onSuccess`* __boolean__ | OnSuccess sends notifications when releases succeed + +| | +| *`recipients`* __string array__ | Recipients is a list of email addresses to notify + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-slacknotificationsettings"] +==== SlackNotificationSettings +Slack notification configuration .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplan[$$ReleasePlan$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-notificationsettings[$$NotificationSettings$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#condition-v1-meta[$$Condition$$] array__ | Conditions represent the latest available observations for the releasePlan + | | -| *`releasePlanAdmission`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplanadmission[$$MatchedReleasePlanAdmission$$]__ | ReleasePlanAdmission contains the information of the releasePlanAdmission this ReleasePlan is + -matched to + | | +| *`channel`* __string__ | Channel specifies the Slack channel to notify + +| | +| *`enabled`* __boolean__ | Enabled determines if Slack notifications are active + +| | +| *`webhookURL`* __string__ | WebhookURL is the Slack webhook URL for notifications + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-securitypolicies"] +==== SecurityPolicies -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig"] -==== ReleaseServiceConfig - +SecurityPolicies define security requirements and constraints that must be enforced during the release process +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec[$$ReleaseServiceConfigSpec$$] +**** -ReleaseServiceConfig is the Schema for the releaseserviceconfigs API +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`allowedRegistries`* __string array__ | AllowedRegistries is a list of container registries that releases can target + +| | +| *`requireCodeSigning`* __boolean__ | RequireCodeSigning enforces that all artifacts must be digitally signed + +| | +| *`vulnerabilityScanning`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-vulnerabilityscanning[$$VulnerabilityScanning$$]__ | VulnerabilityScanning configuration for security checks + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-vulnerabilityscanning"] +==== VulnerabilityScanning +VulnerabilityScanning configuration for security checks .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfiglist[$$ReleaseServiceConfigList$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-securitypolicies[$$SecurityPolicies$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleaseServiceConfig` | | -| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`spec`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec[$$ReleaseServiceConfigSpec$$]__ | | | -| *`status`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigstatus[$$ReleaseServiceConfigStatus$$]__ | | | +| *`enabled`* __boolean__ | Enabled determines if vulnerability scanning is required + +| | +| *`maxCriticalVulnerabilities`* __integer__ | MaxCriticalVulnerabilities sets the maximum allowed critical CVEs + +| | +| *`maxHighVulnerabilities`* __integer__ | MaxHighVulnerabilities sets the maximum allowed high-severity CVEs + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-resourcelimits"] +==== ResourceLimits -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfiglist"] -==== ReleaseServiceConfigList - - +ResourceLimits define constraints on resource usage during release operations to prevent excessive consumption of cluster resources -ReleaseServiceConfigList contains a list of ReleaseServiceConfig +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec[$$ReleaseServiceConfigSpec$$] +**** +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`maxConcurrentReleases`* __integer__ | MaxConcurrentReleases limits how many releases can run simultaneously + +| | +| *`pipelineResourceLimits`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineresourcelimits[$$PipelineResourceLimits$$]__ | PipelineResourceLimits set CPU and memory constraints for release pipelines + +| | +| *`timeoutGracePeriod`* __string__ | TimeoutGracePeriod defines how long to wait before forcefully terminating stuck releases + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineresourcelimits"] +==== PipelineResourceLimits +PipelineResourceLimits set CPU and memory constraints for release pipelines +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-resourcelimits[$$ResourceLimits$$] +**** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiVersion`* __string__ | `appstudio.redhat.com/v1alpha1` | | -| *`kind`* __string__ | `ReleaseServiceConfigList` | | -| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. - | | -| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] array__ | | | +| *`cpu`* __string__ | CPU limit for release pipeline execution + +| | +| *`memory`* __string__ | Memory limit for release pipeline execution + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-attribution"] +==== Attribution -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigspec"] -==== ReleaseServiceConfigSpec - +Attribution contains information about the entity authorizing the release +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +**** -ReleaseServiceConfigSpec defines the desired state of ReleaseServiceConfig. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`author`* __string__ | Author of the release (e.g. user ID or automated system) + +| | +| *`organization`* __string__ | Organization initiating the release (e.g. a team or department) + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-audit"] +==== Audit +Audit contains information about the Release audit .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`debug`* __boolean__ | Debug is the boolean that specifies whether or not the Release Service should run + -in debug mode + | | -| *`defaultTimeouts`* __xref:{anchor_prefix}-github-com-tektoncd-pipeline-pkg-apis-pipeline-v1-timeoutfields[$$TimeoutFields$$]__ | DefaultTimeouts contain the default Tekton timeouts to be used in case they are + -not specified in the ReleasePlanAdmission resource. + | | -| *`EmptyDirOverrides`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-emptydiroverrides[$$EmptyDirOverrides$$] array__ | VolumeOverrides is a map containing the volume type for specific Pipeline git refs + | | +| *`reviewUrl`* __string__ | ReviewUrl points to the review link in a system (e.g. Jira, GitHub, Gitlab) + +| | +| *`signatories`* __string array__ | Signatories are the entities that have reviewed and signed off on the Release + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatusvalidation"] +==== ReleaseStatusValidation -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfigstatus"] -==== ReleaseServiceConfigStatus - +Validation contains information about the release validation +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +**** -ReleaseServiceConfigStatus defines the observed state of ReleaseServiceConfig. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release validation was completed + +| | +| *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the Release validation PipelineRun executed as part of this release + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release validation started + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-tekton-utils-pipelineref"] +==== PipelineRef +PipelineRef is the reference to the Pipeline .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseserviceconfig[$$ReleaseServiceConfig$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$] **** +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param[$$Param$$] array__ | Params is a slice of parameters for a given resolver + +| | +| *`resolver`* __string__ | Resolver is the name of a Tekton resolver to be used (e.g. git) + +| | +| *`timeout`* __string__ | Timeout is value to use to override the tekton default Pipelinerun timeout + +| "0" | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors"] +==== Collectors -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasespec"] -==== ReleaseSpec - +Collectors contains all the information of the collectors to be executed as part of the release workflow +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$] +**** -ReleaseSpec defines the desired state of Release. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`items`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoriteminreleaseplan[$$CollectorItemInReleasePlan$$] array__ | Items is the list of Collectors to be executed as part of the release workflow + +| | +| *`secrets`* __string array__ | Secrets is the list of secrets to be used in the Collector's Pipeline + +| | +| *`serviceAccountName`* __string__ | ServiceAccountName is the ServiceAccount to use during the execution of the Collectors Pipeline + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectoriteminreleaseplan"] +==== CollectorItemInReleasePlan +CollectorItem represents all the information about an specific collector which will be executed in the +CollectorsPipeline. .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectors[$$Collectors$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`snapshot`* __string__ | Snapshot to be released + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`releasePlan`* __string__ | ReleasePlan to use for this particular Release + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`data`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Data is an unstructured key used for providing data for the managed Release Pipeline + | | -| *`gracePeriodDays`* __integer__ | GracePeriodDays is the number of days a Release should be kept + -This value is used to define the Release ExpirationTime + | | +| *`name`* __string__ | Name of the collector + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param[$$Param$$] array__ | Params is a slice of parameters for a given collector + +| | +| *`timeout`* __integer__ | Timeout in seconds for the collector to execute + +| | +| *`type`* __string__ | Type is the type of collector to be used + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-finalpipeline"] +==== FinalPipeline -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus"] -==== ReleaseStatus - +FinalPipeline contains all the information about the final Pipeline +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$] +**** -ReleaseStatus defines the observed state of Release. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`pipelineRef`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefinfinalpipeline[$$PipelineRefInFinalPipeline$$]__ | PipelineRef is the reference to the Pipeline + +| | +| *`serviceAccountName`* __string__ | ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`taskRunSpecs`* __link:https://tekton.dev/docs/pipelines/pipelineruns/#configuring-pipelinetask-runtime-details[$$PipelineTaskRunSpec$$] array__ | TaskRunSpecs is the PipelineTaskRunSpec to be used in the PipelineRun execution + +| | +| *`timeouts`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-timeouts[$$Timeouts$$]__ | Timeouts defines the different Timeouts to use in the PipelineRun execution + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefinfinalpipeline"] +==== PipelineRefInFinalPipeline +PipelineRef is the reference to the Pipeline .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-release[$$Release$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-finalpipeline[$$FinalPipeline$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`artifacts`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Artifacts is an unstructured key used for storing all the artifacts generated by the managed Release Pipeline + | | -| *`attribution`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-attributioninfo[$$AttributionInfo$$]__ | Attribution contains information about the entity authorizing the release + | | -| *`collectors`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#rawextension-runtime-pkg[$$RawExtension$$]__ | Collectors is an unstructured key used for storing all the collectors results generated by the Collectors Pipeline + | | -| *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#condition-v1-meta[$$Condition$$] array__ | Conditions represent the latest available observations for the release + | | -| *`collectorsProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsinfo[$$CollectorsInfo$$]__ | CollectorsProcessing contains information about the release collectors processing + | | -| *`finalProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineinfo[$$PipelineInfo$$]__ | FinalProcessing contains information about the release final processing + | | -| *`managedProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineinfo[$$PipelineInfo$$]__ | ManagedProcessing contains information about the release managed processing + | | -| *`tenantProcessing`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelineinfo[$$PipelineInfo$$]__ | TenantProcessing contains information about the release tenant processing + | | -| *`validation`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-validationinfo[$$ValidationInfo$$]__ | Validation contains information about the release validation + | | -| *`target`* __string__ | Target references where this release is intended to be released to + | | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + - -| *`automated`* __boolean__ | Automated indicates whether the Release was created as part of an automated process or manually by an end-user + | | -| *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when a Release was completed + | | -| *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when a Release started + | | -| *`expirationTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | ExpirationTime is the time when a Release can be purged + | | +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-paramindefiningpipelineref[$$ParamInDefiningPipelineRef$$] array__ | Params is a slice of parameters for a given resolver + +| | +| *`resolver`* __string__ | Resolver is the name of a Tekton resolver to be used (e.g. git) + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-tenantpipeline"] +==== TenantPipeline -[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-validationinfo"] -==== ValidationInfo - +TenantPipeline contains all the information about the tenant Pipeline +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanspec[$$ReleasePlanSpec$$] +**** -ValidationInfo defines the observed state of the release validation. +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-param[$$Param$$] array__ | Params is a slice of parameters for a given resolver + +| | +| *`pipelineRef`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefintenantpipeline[$$PipelineRefInTenantPipeline$$]__ | PipelineRef is the reference to the Pipeline + +| | +| *`serviceAccountName`* __string__ | ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline + +| | Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + +| *`taskRunSpecs`* __link:https://tekton.dev/docs/pipelines/pipelineruns/#configuring-pipelinetask-runtime-details[$$PipelineTaskRunSpec$$] array__ | TaskRunSpecs is the PipelineTaskRunSpec to be used in the PipelineRun execution + +| | +| *`timeouts`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-timeouts[$$Timeouts$$]__ | Timeouts defines the different Timeouts to use in the PipelineRun execution + +| | +|=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-pipelinerefintenantpipeline"] +==== PipelineRefInTenantPipeline +PipelineRef is the reference to the Pipeline .Appears In: **** -- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-tenantpipeline[$$TenantPipeline$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`failedPostValidation`* __boolean__ | FailedPostValidation indicates whether the Release was marked as invalid after being initially marked as valid + | | -| *`time`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | Time is the time when the Release was validated or when the validation state changed + | | +| *`params`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-paramindefiningpipelineref[$$ParamInDefiningPipelineRef$$] array__ | Params is a slice of parameters for a given resolver + +| | +| *`resolver`* __string__ | Resolver is the name of a Tekton resolver to be used (e.g. git) + +| | |=== +[id="{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-matchedreleaseplanadmission"] +==== MatchedReleasePlanAdmission +ReleasePlanAdmission contains the information of the releasePlanAdmission this ReleasePlan is +matched to + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releaseplanstatus[$$ReleasePlanStatus$$] +**** + +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`active`* __boolean__ | Active indicates whether the ReleasePlanAdmission is active + +| | +| *`name`* __string__ | Name contains the namespaced name of the releasePlanAdmission + +| | +|=== \ No newline at end of file diff --git a/modules/releasing/nav.adoc b/modules/releasing/nav.adoc index 3f8f27bcd..a70b14247 100644 --- a/modules/releasing/nav.adoc +++ b/modules/releasing/nav.adoc @@ -4,4 +4,12 @@ *** xref:create-release.adoc[Creating a release] *** xref:tenant-release-pipelines.adoc[Tenant Release Pipelines] *** xref:adjusting-timeouts-resources.adoc[Adjusting timeouts and resources] -*** xref:using-collectors.adoc[Using collectors] +*** xref:notification-configuration.adoc[Configuring release notifications] +*** xref:security-policy-enforcement.adoc[Enforcing security policies] +*** xref:resource-limitations.adoc[Setting resource limitations] +*** xref:release-rollback.adoc[Rolling back a release] +*** xref:automatic-releases.adoc[Enabling automatic releases] +*** xref:release-artifact-collection.adoc[Collecting release artifacts] +*** xref:release-expiration.adoc[Configuring release expiration] +*** xref:release-collectors.adoc[Configuring release collectors] +*** xref:ci-cd-pipelines.adoc[Managing CI/CD Pipelines] \ No newline at end of file diff --git a/modules/releasing/pages/adjusting-timeouts-resources.adoc b/modules/releasing/pages/adjusting-timeouts-resources.adoc index 488c9d4a7..6f19954a9 100644 --- a/modules/releasing/pages/adjusting-timeouts-resources.adoc +++ b/modules/releasing/pages/adjusting-timeouts-resources.adoc @@ -6,31 +6,48 @@ To overcome this, there are two strategies {ProductName} users can follow. == Adjust timeouts -Whenever a pipeline is defined through the tenantPipeline/finalPipeline fields in the ReleasePlan or the pipeline field in the ReleasePlanAdmission, users can specify a `timeouts` field in the following way: +Whenever a pipeline is defined through the xref:release-service-reference.adoc#releaseplan_spec[pipelineRef field in the ReleasePlan] or the xref:release-service-reference.adoc#releaseplanadmission_spec[pipelineRef field in the ReleasePlanAdmission], users can specify a `timeout` field in the following way: [source,yaml] ---- -pipeline: - pipelineRef: - resolver: git - params: - - name: url - value: ".git" - - name: revision - value: main - - name: pathInRepo - value: "" - timeouts: - pipeline: "2h0m0s" <.> - tasks: "1h0m0s" <.> - finally: "1h0m0s" <.> +pipelineRef: + resolver: git + params: + - name: url + value: ".git" + - name: revision + value: main + - name: pathInRepo + value: "" + timeout: "2h0m0s" <.> ---- -<.> specifies the timeout for the entire PipelineRun. Defaults to the global configurable default timeout of 60 minutes. -<.> specifies the timeout for the cumulative time taken by non-finally Tasks specified in the Pipeline. -<.> timeout for the cumulative time taken by finally Tasks. +<.> Specifies the timeout for the entire PipelineRun. Defaults to the global configurable default timeout of 60 minutes. -IMPORTANT: Tekton enforces a restriction on the pipeline timeout—it must be greater than or equal to the sum of the timeouts for tasks and finally. +With the new API, the `timeout` field in `ReleasePlanAdmission` has been moved and expanded into `pipeline.timeouts` to allow for more granular control over task and finally timeouts. + +[source,yaml] +---- +spec: + pipeline: + pipelineRef: + params: + - name: url + value: ".git" + - name: revision + value: main + - name: pathInRepo + value: "" + resolver: git + serviceAccountName: release-service-account + timeouts: + finally: "15m0s" <.> + pipeline: "2h0m0s" <.> + tasks: "1h30m0s" <.> +---- +<.> Specifies the maximum allowed duration for the `finally` section of the pipeline. +<.> Specifies the maximum allowed duration for the execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. +<.> Specifies the maximum allowed duration for the pipeline's tasks. == Adjust resources @@ -50,11 +67,9 @@ metadata: spec: applications: - demo-app - data: origin: pipeline: pipelineRef: - resolver: git params: - name: url value: ".git" @@ -62,18 +77,20 @@ spec: value: main - name: pathInRepo value: "" - serviceAccountName: release-service-account + resolver: git + serviceAccountName: release-service-account <.> taskRunSpecs: - - pipelineTaskName: verify-enterprise-contract <.> - computeResources: <.> - limits: - cpu: "600m" - memory: "540Mi" + - pipelineTaskName: verify-enterprise-contract + computeResources: requests: - cpu: "250m" - memory: "256Mi" + cpu: 500m + memory: 1Gi + limits: + cpu: 1 + memory: 2Gi + timeouts: + pipeline: "2h0m0s" policy: ---- -<.> Name of the Task we want to modify. -<.> Compute resources we want to assign to the task. +<.> Name of the service account to use in the Release PipelineRun to gain elevated privileges. This field has been moved from the top-level `spec` to `spec.pipeline`. \ No newline at end of file diff --git a/modules/releasing/pages/create-release-plan-admission.adoc b/modules/releasing/pages/create-release-plan-admission.adoc index 7ce76729b..aaa29e18c 100644 --- a/modules/releasing/pages/create-release-plan-admission.adoc +++ b/modules/releasing/pages/create-release-plan-admission.adoc @@ -2,7 +2,7 @@ A ReleasePlanAdmission (RPA) CR exists within a managed tenant namespace. It defines the specific pipeline to run and a given xref:compliance:index.adoc[Conforma] Policy which needs to pass for the Snapshot before that pipeline can proceed. -When an application is ready for release, the Development team contacts the owners of the managed tenant namespace (for example, their organization's SRE team) and requests access to the managed tenant namespace. A RPA object is then created in the managed tenant namespace to specify the configuration. +When an application is ready for release, the Development team contacts the owners of the managed tenant namespace (for example, their organization's SRE team) and requests access to the managed tenant namespace. A RPA object is then created in the managed tenant namespace to specify the configuration. == Creating a `ReleasePlanAdmission` object @@ -25,36 +25,62 @@ When an application is ready for release, the Development team contacts the owne apiVersion: appstudio.redhat.com/v1alpha1 kind: ReleasePlanAdmission metadata: - labels: - release.appstudio.openshift.io/block-releases: 'false' <.> - name: sre-production <.> - namespace: managed-tenant-namespace <.> + creationTimestamp: "2024-01-26T14:30:00Z" <.> spec: - applications: + applications: - demo-app <.> - data: <.> - environment: <.> - origin: <.> - pipelineRef: <.> - policy: <.> - serviceAccount: <.> - + collectors: <.> + items: <.> + - name: <.> + params: <.> + - name: <.> + value: <.> + type: <.> + timeout: <.> + serviceAccountName: <.> + data: {} <.> + environment: <.> + origin: <.> + pipeline: <.> + pipelineRef: <.> + params: <.> + resolver: <.> + serviceAccountName: <.> + timeouts: <.> + finally: <.> + pipeline: <.> + tasks: <.> + policy: <.> ---- + -<.> Optional: Control whether or not this ReleasePlanAdmission is entirely disabled. If set to true, attempted releases will fail with a validation error. Defaults to false. -<.> The name of the release plan admission. -<.> The Managed environment team's tenant namespace. +<.> Specifies the timestamp when the object was created. <.> A list of applications that you want to enable to be deployed in the managed tenant namespace. -<.> Optional: An unstructured key used for providing data for the managed Pipeline. -<.> Optional: The environment from which the application updates are allowed to be received in the Managed tenant namespace. This environment is created by the Development team. +<.> Contains all the information of the collectors to be executed as part of the release workflow. +<.> The list of collectors to be executed as part of the release workflow. +<.> The name of the collector. +<.> A slice of parameters for a given collector. +<.> The name of the parameter. +<.> The value of the parameter. +<.> The type of collector to be used. +<.> Timeout in seconds for the collector to execute. +<.> The service account to use during the execution of the Collectors Pipeline. +<.> Optional: Unstructured key for providing data for the managed Release Pipeline. +<.> The environment from which the application updates are allowed to be received in the Managed tenant namespace. This environment is created by the Development team. <.> The development team tenant namespace where the application is defined. -<.> Reference to the Pipeline to be executed by the release service. +<.> Contains all the information about the managed Pipeline. +<.> The reference to the Pipeline. +<.> Parameters for the referenced pipeline. +<.> Name of a Tekton resolver to be used (for example, `git`). +<.> The service account to use during the execution of the Pipeline. +<.> Defines the different timeouts to use in the PipelineRun execution. +<.> Sets the maximum allowed duration of this pipeline's `finally` tasks. +<.> Sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. +<.> Sets the maximum allowed duration of this pipeline's tasks. <.> The enterprise contract policy against which the system validates an application before releasing it to production. -<.> Optional: The name of the service account to use in the Pipeline to gain elevated privileges. It's used only if you have defined the `pipelineRef` value. + -NOTE: The ReleasePlanAdmission.yaml represents the reciprocal link to the ReleasePlan.yaml objects created by the development team. +NOTE: The ReleasePlanAdmission.yaml represents the reciprocal link to the ReleasePlan.yaml objects created by the development team. . In the Managed tenant namespace, apply the `ReleasePlanAdmission.yaml` file and add the resource to your cluster by running the following command: @@ -68,4 +94,4 @@ kubectl apply -f ReleasePlanAdmission.yaml -n managed . In the {ProductName} UI, select the *Release services* > *Release plan admission* tab. . Review the RPA object that you just added. Using the Release plan admission tab, you can update or delete the selected Release plan admission object. -. When a ReleasePlanAdmission is correctly configured to be paired with a ReleasePlan, its *Status* will display as being `Matched`. +. When a ReleasePlanAdmission is correctly configured to be paired with a ReleasePlan, its *Status* will display as being `Active`. \ No newline at end of file diff --git a/modules/releasing/pages/create-release-plan.adoc b/modules/releasing/pages/create-release-plan.adoc index 66e2f66de..de44f1f68 100644 --- a/modules/releasing/pages/create-release-plan.adoc +++ b/modules/releasing/pages/create-release-plan.adoc @@ -1,24 +1,20 @@ = Creating a release plan -A ReleasePlan (RP) CR is created for a specific Application. It defines the the process to release a specific Application Snapshot in a target tenant namespace, whether automatic releases are enabled, as well as additional data to pass to a corresponding RPA. +A ReleasePlan (RP) CR is created for a specific Application. It defines the the process to release a specific Application Snapshot in a target tenant namespace, as well as additional data to pass to a corresponding RPA. == Creating a `ReleasePlan` object -The development team creates a `ReleasePlan` object in the developer tenant namespace. The `ReleasePlan` object includes a reference to the application that the development team wants to release, along with tenant namespace where the application is supposed to be released. - -.*Prerequisites* +The development team creates a `ReleasePlan` object in the developer tenant namespace. The `ReleasePlan` object includes a reference to the application component that the development team wants to release, along with tenant namespace where the application is supposed to be released. +.Prerequisites * You have an existing Development tenant namespace. * You have completed the steps listed in the xref:ROOT:getting-started.adoc#getting-started-with-the-cli[Getting started in the CLI] page. -.*Procedures* +.Procedures . Create a `ReleasePlan.yaml` object locally. -+ -*Example `ReleasePlan.yaml` object* - -+ +.Example `ReleasePlan.yaml` object [source,yaml] ---- apiVersion: appstudio.redhat.com/v1alpha1 @@ -28,39 +24,48 @@ metadata: release.appstudio.openshift.io/auto-release: 'true' <.> release.appstudio.openshift.io/standing-attribution: 'true' release.appstudio.openshift.io/releasePlanAdmission: 'rpa-name' <.> + app.kubernetes.io/name: build-service <.> + app.kubernetes.io/component: controller <.> + monitoring: enabled <.> name: sre-production <.> namespace: dev-tenant-namespace <.> spec: application: <.> - data: <.> - pipelineRef: <.> - serviceAccount: <.> - releaseGracePeriodDays: <.> - target: managed-tenant-namespace <.> + collectors: {} <.> + data: {} <.> + finalPipeline: {} <.> + releaseGracePeriodDays: 7 <.> + target: + namespace: managed-tenant-namespace <.> + workspace: <.> + tenantPipeline: {} <.> ---- -+ <.> Optional: Control if Releases should be created automatically for this ReleasePlan when tests pass. Defaults to true. <.> Optional: The name of the RPA to use if more than one RPA references the specified application. +<.> Standardized label for resource identification. +<.> Standardized label for identifying the component within the application. +<.> Label to enable monitoring for the resource. <.> The name of the release plan. <.> The development team's tenant namespace. -<.> The name of the application that you want to deploy to the managed tenant namespace. -<.> Optional: An unstructured key used for providing data for the managed Pipeline. -<.> Optional: Reference to the Pipeline to be executed by the release service. -<.> Optional: The name of the service account to use in the Pipeline to gain elevated privileges. It's used only if you have defined the `pipelineRef` value. -<.> Optional: The number of days a Release should be kept before being garbage collected. (default is 7 days) -<.> The tenant namespace to which the system deploys the application. This tenant namespace is created by the Managed environment team (for example, your organization's SRE team) +<.> The name of the application component that you want to deploy to the managed tenant namespace. +<.> Optional: `Collectors` contains all the information of the collectors to be executed as part of the release workflow. +<.> Optional: Unstructured key used for providing data for the managed Release Pipeline. +<.> Optional: `finalPipeline` contains all the information about the final Pipeline. +<.> `ReleaseGracePeriodDays` is the number of days a Release should be kept. This value is used to define the Release `ExpirationTime`. +<.> The tenant namespace to which the system deploys the application. This tenant namespace is created by the Managed environment team (for example, your organization's SRE team). +<.> Optional: The KCP workspace to which the system deplys the application. This workspace is created by the Managed environment team (for example, your organization's SRE team). +<.> Optional: `tenantPipeline` contains all the information about the tenant Pipeline. . In the development tenant namespace, apply the `ReleasePlan.yaml` file and add the resource to your cluster by running the following command: -+ [source,shell] ---- $ kubectl apply -f ReleasePlan.yaml -n dev ---- -.*Verification* +.Verification . In the {ProductName} UI, select the *Release services* > *Release plan* tab. . Review the Release plan object that you just added. Using the Release plan tab, you can update or delete the selected Release plan object. -. When a ReleasePlan is correctly configured to be paired with a ReleasePlanAdmission, its *Status* will display as being `Matched`. +. When a ReleasePlan is correctly configured to be paired with a ReleasePlanAdmission, its Status will display as being `Matched`. \ No newline at end of file diff --git a/modules/releasing/pages/create-release.adoc b/modules/releasing/pages/create-release.adoc index 83fd9ccb5..4420d07e5 100644 --- a/modules/releasing/pages/create-release.adoc +++ b/modules/releasing/pages/create-release.adoc @@ -6,15 +6,17 @@ with its associated xref:create-release-plan.adoc[ReleasePlan]. == Creating a `Release` object -The development team creates a `Release` object in the developer tenant namespace. The `Release` object includes a reference to the application snapshot that the development team wants to release, along with release plan that will be used to release the application. +The development team creates a `Release` object in the developer tenant namespace. The `Release` object includes a reference to the application component snapshot that the development team wants to release, along with release plan that will be used to release the application. -.*Prerequisites* +. The `Release` object can also contain additional data or specify a custom timeout for the release pipeline. + +*Prerequisites* * You have an existing Development tenant namespace. * You have completed the steps listed in the xref:ROOT:getting-started.adoc#getting-started-with-the-cli[Getting started in the CLI] page. * You have completed the steps for creating a ReleasePlanAdmission and a matching ReleasePlan. -.*Procedures* +*Procedures* . Create a `Release.yaml` object locally. @@ -28,41 +30,6 @@ include::releasing:partial$example-manual-release.adoc[] $ kubectl create -f Release.yaml ---- -.*Verification* - -. In the {ProductName} UI, select the *Applications* tab -. Click on the application that is being released -. Click on the *Releases* tab -. See the recent releases that have been created for the application. -. You can find a link to the release pipeline run by clicking on the name of the release that you created. - -== "Re-triggering" a `Release` - -`Release` objects create workloads with a finite lifecycle. Once created, a `Release` object's `spec` field cannot be modified. -To "re-trigger" a release, create a new instance of the desired `Release` object using the same values in the `spec` field. - - -WARNING: Creating multiple `Release` objects for the same snapshot can result in duplicate actions taken during the release process. -Consult with the team managing the release pipeline before creating a new `Release` object for a given snapshot. - -.*Procedures* - -. Create a new `Release.yaml` object locally, using similar values to the original `Release` object. - -.. Use `kubectl` to obtain the data of an existing `Release` object: -+ -[source,shell] ----- -$ kubectl get release -n -o yaml > Release.yaml ----- - -.. Alternatively, use https://github.com/itaysk/kubectl-neat[kubectl-neat] to remove unnecessary fields from the `Release` object: -+ -[source,shell] ----- -$ kubectl neat get release -n -o yaml > Release.yaml ----- - . Remove the following fields from the `Release.yaml` object: .. `metadata` fields: ... `annotations` @@ -86,11 +53,8 @@ include::releasing:partial$example-manual-release.adoc[] $ kubectl create -f Release.yaml ---- -.*Verification* +*Verification* . In the {ProductName} UI, select the *Applications* tab -. Click the released application -. Click the *Releases* tab -. View the recent releases created for the application -. Click the name of the release to view the results of its release pipeline +IMPORTANT: The `Release` object now includes an optional `data` field to provide unstructured data for the release pipeline and a `gracePeriodDays` field to define the release expiration time. The `spec.environment` field has been removed. The `status` field has also been significantly updated to include detailed information about `artifacts`, `collectors`, `collectorsProcessing`, `expirationTime`, `finalProcessing`, `managedProcessing`, and `tenantProcessing`, replacing the simpler `phase` and `deployment` fields. \ No newline at end of file diff --git a/modules/releasing/pages/index.adoc b/modules/releasing/pages/index.adoc index bb8a2b937..d7b14fbf2 100644 --- a/modules/releasing/pages/index.adoc +++ b/modules/releasing/pages/index.adoc @@ -13,7 +13,7 @@ Two teams work together to release an application: .Procedure -. When an application is ready for release, the Development team contacts the Managed Environment team (for example, their organization's SRE team) requesting access to the managed environment for the first production release. +. When an application is ready for release, the Development team contacts the Managed Environment team (for example, their organization's SRE team) requesting access to the managed environment for the first production release. . The development and managed environment teams will work together to create a ReleasePlanAdmission (RPA) in the managed environment to specify the release pipeline to run containing the appropriate tasks to release the application. @@ -21,8 +21,12 @@ Two teams work together to release an application: .Next steps -* *Create a `releasePlan` object:* The development team creates a ReleasePlan object in the developer tenant namespace. The ReleasePlan object includes a reference to the application that the development team wants to release, along with tenant namespace where the application is supposed to be released. +* *Create a `ReleasePlan` object:* The development team creates a xref:creating-releaseplan.adoc[`ReleasePlan`] object in the developer tenant namespace. The ReleasePlan object includes a reference to the application component that the development team wants to release, along with tenant namespace where the application is supposed to be released. The `ReleasePlan` object now supports defining a `collectors` section to specify data collection during the release workflow, including parameters, secrets, and timeouts for each collector. It also supports defining a `finalPipeline` section for the managed pipeline, which includes the `pipelineRef`, `serviceAccountName`, `timeouts` for different stages, and `taskRunSpecs` to configure specific task run settings. Additionally, a `tenantPipeline` section is available for the tenant pipeline, which includes `pipelineRef`, `serviceAccountName`, `timeouts`, and `taskRunSpecs`. A new `releaseGracePeriodDays` field defines the release expiration time. -* *Create a `releasePlanAdmission` object:* The Managed Environment team creates or updates the ReleasePlanAdmission object in response to the ReleasePlan object created by the development team. It indicates that the Managed Environment team has approved the application specified in the ReleasePlan object. +* *Create a `ReleasePlanAdmission` object:* The Managed Environment team creates or updates the xref:creating-releaseplanadmission.adoc[`ReleasePlanAdmission`] object in response to the ReleasePlan object created by the development team. It indicates that the Managed Environment team has approved the application specified in the ReleasePlan object. The `ReleasePlanAdmission` object now supports defining a `collectors` section to specify data collection during the release workflow, including parameters and timeouts for each collector. It also supports defining a `pipeline` section for the managed pipeline, which includes the `pipelineRef`, `serviceAccountName`, and `timeouts` for different stages. -* *Create a `release` object:* The development team creates a Release object to reference a specific Snapshot and ReleasePlan. It indicates the users' intent to operate on the Snapshot with the matched ReleasePlanAdmission. +* *Create a `Release` object:* The development team creates a xref:creating-release.adoc[`Release`] object to reference a specific Snapshot and ReleasePlan. It indicates the users' intent to operate on the Snapshot with the matched ReleasePlanAdmission. The `Release` object also has a short name `rel`. It now includes support for a `gracePeriodDays` field to define the release expiration time, and its status includes `artifacts` for generated artifacts, `collectors` for collector results, `collectorsProcessing` for information about collectors execution, `managedProcessing` and `tenantProcessing` for detailed pipeline execution information, and `finalProcessing` for information about the release final processing. + +* *Configure `ReleaseServiceConfig`:* The Managed Environment team can configure a xref:configuring-releaseserviceconfig.adoc[`ReleaseServiceConfig`] to define logging, retry attempts, and default timeouts for release operations. + +* *Automate Documentation:* A new GitHub Actions workflow, `docs-enhancer.yml`, has been added to automatically update documentation. This workflow is triggered by `issue_comment` events containing `[update-docs]` and uses the `csoceanu/code-to-docs` action to generate and update documentation based on code changes. This streamlines the process of keeping documentation synchronized with the codebase. \ No newline at end of file diff --git a/modules/releasing/pages/tenant-release-pipelines.adoc b/modules/releasing/pages/tenant-release-pipelines.adoc index 00d458f06..4a7c649ff 100644 --- a/modules/releasing/pages/tenant-release-pipelines.adoc +++ b/modules/releasing/pages/tenant-release-pipelines.adoc @@ -3,7 +3,7 @@ The usual release process in {ProductName} involves two different teams: a *Development team* and a *Managed environment team* as described in xref:releasing:index.adoc[Releasing an application]. The development team is usually the one who develops and support the application while the managed team will control the process and the secrets. Although this is a powerful workflow, in some cases it might feel very limiting. For example, sometimes the Development team wants to release their software to some destination that is directly under their control, using their own secrets, without depending on a Managed environment team. Another example would be performing actions before running the managed pipeline such as cleaning up old images or notifying about an ongoing release. The way {ProductName} supports these scenarios is by using something we call a *tenant release pipeline*. It's a release pipeline that runs in the tenant namespace of the Development team, rather than in that of the Managed environment team. -The gist here is that this workflow doesn't require a managed pipeline. You can omit the `target` and just specify the `tenant pipeline` you want to run. But, if both tenant and managed pipelines are provided, the tenant pipeline needs to succeed before continuing with the release of the application. +The gist here is that this workflow doesn't require a managed pipeline. You can omit the `target` and just specify the `pipelineRef` you want to run. But, if both tenant and managed pipelines are provided, the tenant pipeline needs to succeed before continuing with the release of the application. == Using a tenant pipeline == @@ -17,12 +17,11 @@ Before starting to use a tenant pipeline there are some prerequisites you will h To use a tenant pipeline: . Follow the regular instruction to xref:releasing:create-release-plan.adoc[create a ReleasePlan] YAML file locally. -. Specify the details about the tenant pipeline to run using the `tenantPipeline` field. +. Specify the details about the tenant pipeline to run using the `pipelineRef` field and `serviceAccount` field. + *Example `ReleasePlan.yaml` object* -+ [source,yaml] ---- apiVersion: appstudio.redhat.com/v1alpha1 @@ -41,15 +40,12 @@ spec: - name: demo-component-1 repository: registry/destination-image-repository-1 tags: [latest] - - name: demo-component-2 - repository: registry/destination-image-repository-2 - tags: [latest] target: managed-tenant-namespace - tenantPipeline: - params: <.> - - name: paramForPipeline - value: foo + pipeline: <.> pipelineRef: <.> + params: <.> + - name: paramForPipeline + value: foo resolver: git params: - name: url @@ -61,19 +57,18 @@ spec: serviceAccountName: build-pipeline-$COMPONENT_NAME <.> ---- -+ <.> Optional: Control if Releases should be created automatically for this ReleasePlan when tests pass. Defaults to true. <.> The development team's tenant namespace. <.> The name of the application that you want to release via a pipeline in the development tenant namespace. <.> A list containing the destination repository for each component -<.> The parameters to pass to your pipeline. Note: the release-operator will automatically pass parameters `taskGitRevision` and `taskGitUrl` with the same values as the `pipelineRef` `revision` and `pipelineRef` `url` parameters respectively. So, you should not pass your own values for these two parameters in this section. If you do, tekton validation webhooks will block the pipelineRun creation. +<.> Defines the managed pipeline and its execution details. <.> Reference to the tenant pipeline to be executed in the development tenant namespace. +<.> The parameters to pass to your pipeline. Note: the release-operator will automatically pass parameters `taskGitRevision` and `taskGitUrl` with the same values as the `pipelineRef` `revision` and `pipelineRef` `url` parameters respectively. So, you should not pass your own values for these two parameters in this section. If you do, tekton validation webhooks will block the pipelineRun creation. <.> The name of the service account used to execute the tenant pipeline. . In case you want to avoid the execution of a managed pipeline, remove the `target` field from your `ReleasePlan.yaml` file. . In the Development tenant namespace, apply the `ReleasePlan.yaml` file and add the resource to your cluster by running the following command: -+ [source,shell] ---- kubectl apply -f ReleasePlan.yaml -n dev @@ -85,7 +80,6 @@ kubectl apply -f ReleasePlan.yaml -n dev + *Example `rbac.yaml` object* -+ [source,yaml] ---- apiVersion: rbac.authorization.k8s.io/v1 @@ -120,7 +114,6 @@ subjects: namespace: dev-tenant-namespace <.> ---- -+ <.> The name of the Role. <.> The development team's tenant namespace. <.> The name of the RoleBinding. @@ -131,7 +124,6 @@ subjects: . In the Development tenant namespace, apply the `rbac.yaml` file and add the resources to your cluster by running the following command: -+ [source,shell] ---- kubectl apply -f rbac.yaml -n dev-tenant-namespace @@ -175,7 +167,7 @@ spec: If you write a good reusable release pipeline, please submit it to our link:https://github.com/konflux-ci/community-catalog[community catalog], so others can use it. -== Final pipeline +== Final pipeline == Another type of tenant pipeline runs at the end of the release workflow. This is known as the final pipeline, and it allows you to execute a pipeline after the tenant or managed pipeline has completed. @@ -192,8 +184,16 @@ kind: ReleasePlan ... spec: ... - finalPipeline: + pipeline: + ... + timeouts: <.> + pipeline: 1h0m0s + ... + finalPipeline: <.> pipelineRef: <.> + params: <.> + - name: paramForPipeline + value: foo resolver: git params: - name: url @@ -204,11 +204,56 @@ spec: value: "" serviceAccountName: build-pipeline-$COMPONENT_NAME <.> ---- -<.> Reference to the tenant pipeline to be executed in the development tenant namespace. +<.> Defines timeouts for the different stages of the Release PipelineRun execution. +<.> Defines the final pipeline and its execution details. +<.> Reference to the final pipeline to be executed in the development tenant namespace. +<.> The parameters to pass to your pipeline. Note: the release-operator will automatically pass parameters `taskGitRevision` and `taskGitUrl` with the same values as the `pipelineRef` `revision` and `pipelineRef` `url` parameters respectively. So, you should not pass your own values for these two parameters in this section. If you do, tekton validation webhooks will block the pipelineRun creation. <.> The name of the service account used to execute the tenant pipeline. Both tenant and final pipelines receive the same parameters (i.e. release, releasePlan, and snapshot), allowing them to be used interchangeably. The key difference is that the final pipeline runs at the end of the release workflow, meaning the release status will contain the final outcome and all generated artifacts. +== Kustomization updates == + +The `config/default/kustomization.yaml` file has been updated to include standardized labels, and enable webhook, cert-manager, and network policy configurations. + +. *Labels*: Adds `app.kubernetes.io/name: build-service`, `app.kubernetes.io/component: controller`, and `monitoring: enabled` to all resources and selectors for better resource identification and monitoring. +. *Webhook*: Enables the webhook server for validation and mutation. +. *Cert-manager*: Enables cert-manager for automated TLS certificate management. +. *Network policy*: Enables network policies for enhanced security posture. + +== Release object `spec` fields == + +The Release object's `spec` fields have been updated to reflect the new `data` field and `gracePeriodDays` field, while removing `environment` and `rollbackEnabled`. + +. The `data` field is an unstructured key used for providing data for the managed Release Pipeline. +. The `gracePeriodDays` field is the number of days a Release should be kept after completion. This value is used to define the Release ExpirationTime for cleanup purposes. + +== Release object `status` fields == + +The Release object's `status` fields have been updated with `artifacts`, `collectors`, `collectorsProcessing`, `expirationTime`, `finalProcessing`, `managedProcessing`, and `tenantProcessing` fields, while removing `deployment`, `phase`, `postActionsExecution`, and `processing`. + +. The `artifacts` field is an unstructured key used for storing all the artifacts generated by the managed Release Pipeline. +. The `collectors` field is an unstructured key used for storing all the collectors results generated by the Collectors Pipeline. +. The `collectorsProcessing` field contains information about the release collectors processing. +. The `expirationTime` field is the time when a Release can be purged. +. The `finalProcessing` field contains information about the release final processing. +. The `managedProcessing` field contains information about the release managed processing. +. The `tenantProcessing` field contains information about the release tenant processing. +. The `target` field is a string that references where the Release is targeted to. + +== ReleasePlan `spec` fields == +The ReleasePlan object's `spec` fields have been updated to include the `collectors` field and to change `pipelineRef` to `pipeline`. + +. The `collectors` field contains all the information of the collectors to be executed as part of the release workflow. +. The `pipeline` field contains all the information about the managed pipeline, including its `pipelineRef`, `serviceAccountName`, `timeouts`, and `taskRunSpecs`. + +== ReleasePlanAdmission `spec` fields == +The ReleasePlanAdmission object's `spec` fields have been updated to include the `collectors` field and to change `pipelineRef` to `pipeline`, while removing `approvalMode`, `autoRelease`, and `notificationConfig`. + +. The `collectors` field contains all the information of the collectors to be executed as part of the release workflow. +. The `pipeline` field contains all the information about the managed pipeline, including its `pipelineRef`, `serviceAccountName`, and `timeouts`. +. The `metadata.creationTimestamp` field is a standard Kubernetes field indicating the time when the ReleasePlanAdmission object was created. It is used to display the 'Age' of the resource. + == Next steps == -Now that the ReleasePlan is defined, the development team can create a Release object to reference a specific Snapshot and the new ReleasePlan. It indicates the users' intent to release that Snapshot via the tenant release pipeline defined in the ReleasePlan. +Now that the ReleasePlan is defined, the development team can create a Release object to reference a specific Snapshot and the new ReleasePlan. It indicates the users' intent to release that Snapshot via the tenant release pipeline defined in the ReleasePlan. \ No newline at end of file diff --git a/modules/releasing/pages/using-collectors.adoc b/modules/releasing/pages/using-collectors.adoc index 36ddfde74..eee630e78 100644 --- a/modules/releasing/pages/using-collectors.adoc +++ b/modules/releasing/pages/using-collectors.adoc @@ -1,66 +1,56 @@ -= Collectors += Release Pipelines The release process with {ProductName} is well-structured, and the documentation provides clear examples of how to supply data to the `Release`, `ReleasePlan`, or `ReleasePlanAdmission` resources for use within the release workflow. -Despite this, a limitation remains that prevents full workflow automation. In scenarios where a data field in one of the release resources needs to be populated with dynamic information retrieved from an external service _before_ initiating the release, relying on manual steps or custom scripts introduces inefficiency and potential for error. +To address a previous limitation where data fields needed to be populated with dynamic information, {ProductName} now supports release pipelines. Release pipelines are responsible for running the tasks required to validate, collect, and release information. These pipelines are integrated into the release workflow and run at the very beginning, immediately after the validation step. As a result, the collected data becomes available to both the _tenant_ and _managed_ pipelines. -To address this limitation, {ProductName} includes a feature called *collectors*. +== Using release pipelines in a {ProductName} release -A _collector_ is essentially a Python script executed as part of the _tenant_ and _managed collectors pipelines_. It generates information that is embedded into the `Release` status. These pipelines are integrated into the release workflow and run at the very beginning, immediately after the validation step. As a result, the collected data becomes available to both the _tenant_ and _managed_ pipelines. +To use a release pipeline, the first step is to select one from the available options in https://github.com/konflux-ci/release-service-catalog/tree/main/pipelines[the official repository]. The structure of this repository may evolve over time, but the https://github.com/konflux-ci/release-service-catalog/blob/main/pipelines/README.md[README.md] file provides useful details about the available pipelines and the data they produce. The key piece of information needed is the pipeline's name, which will be referenced in one of the release resources. -== Using a collector in a {ProductName} release +Release pipelines can be defined in the following resources: -To use a collector, the first step is to select one from the available options in https://github.com/konflux-ci/release-service-collectors[the official repository]. The structure of this repository may evolve over time, but the https://github.com/konflux-ci/release-service-collectors/blob/main/README.md[README.md] file provides useful details about the available collectors and the data they produce. The key piece of information needed is the collector's name, which will be referenced in one of the release resources. +* *ReleasePlan:* Pipelines defined here are executed by the _tenant pipeline_, which runs in the tenant namespace. +* *ReleasePlanAdmission:* Pipelines defined here are executed by the _managed pipeline_, which runs in the managed namespace. -Collectors can be defined in the following resources: - -* *ReleasePlan:* Collectors defined here are executed by the _tenant collectors pipeline_, which runs in the tenant namespace. -* *ReleasePlanAdmission:* Collectors defined here are executed by the _managed collectors pipeline_, which runs in the managed namespace. - -For example, to run the `jira` collector—which retrieves a list of Jira issues when provided with a server and a query—the following configuration should be added to the _ReleasePlan_: +For example, to run the `release` pipeline—which retrieves a list of Jira issues when provided with a server and a query—the following configuration should be added to the _ReleasePlan_: [source,yaml] ---- apiVersion: appstudio.redhat.com/v1alpha1 -kind: ReleasePlan +kind: ReleasePlanAdmission metadata: labels: - release.appstudio.openshift.io/auto-release: 'true' <.> + release.appstudio.openshift.io/auto-release: 'true' <1> release.appstudio.openshift.io/standing-attribution: 'true' name: collectors-rp - namespace: dev-tenant-namespace <.> + namespace: dev-tenant-namespace <2> spec: - application: <.> - collectors: - serviceAccountName: <.> - items: <.> - - name: project-issues - params: - - name: url - value: https://issues.redhat.com - - name: query - value: 'project = "My Project" AND summary ~ "test issue"' - - name: secretName - value: "jira-collectors-secret" - timeout: 60 - type: jira <.> - secrets: <.> - - jira-collectors-secret - data: <.> - target: managed-tenant-namespace + applications: <3> + origin: managed-tenant-namespace + policy: + pipeline: <4> + pipelineRef: + params: + - name: collector-param-name + value: collector-param-value + resolver: git + serviceAccountName: release-service-account <5> + timeouts: + pipeline: 1h0m0s + tasks: 30m0s + finally: 5m0s ---- -<.> Optional: Control if Releases should be created automatically for this ReleasePlan when tests pass. Defaults to true. -<.> The development team's tenant namespace. The collector pipeline will be executed in this namespace. -<.> The name of the application that you want to release via a pipeline in the development tenant namespace. -<.> The ServiceAccount that the pipeline will use. -<.> List of parameters to be passed to the collector. -<.> The collector type as seen in the official collectors repository. -<.> Secrets to be provided to the collectors. -<.> Optional: An unstructured key used for providing data for the managed Pipeline. +<1> Optional: Control if Releases should be created automatically for this ReleasePlan when tests pass. Defaults to true. +<2> The development team's tenant namespace. The collector pipeline will be executed in this namespace. +<3> The name of the application *component* that you want to release via a pipeline in the development tenant namespace. +<4> The pipelineRef field replaces the previous collectors field and points to the pipeline to be executed to collect data. +<5> Specifies the ServiceAccount to use during the execution of the Pipeline. +<6> The release strategy to be applied, e.g., `rolling`, `blue-green`, `canary`, or `immediate`. -== Retrieving collectors data +== Retrieving Release Pipeline data -After the collectors pipelines complete execution, the output from each collector is added to the `Release` resource under the `status.collectors` field. Below is an example showing the result of a collector defined in the previously mentioned _ReleasePlan_: +After the release pipelines complete execution, the output from each pipeline is added to the `Release` resource under the `status.release` field. Below is an example showing the result of a pipeline defined in the previously mentioned _ReleasePlan_: [source,yaml] ---- @@ -68,7 +58,7 @@ apiVersion: appstudio.redhat.com/v1alpha1 kind: Release ... status: - collectors: + release: tenant: - project-issues: releaseNotes: @@ -77,9 +67,9 @@ status: source: "issues.redhat.com" ---- -In this case, the `project-issues` collector generated a list of issues, which is included under `status.collectors.tenant`. Since this collector was defined in the `ReleasePlan`, its output is categorized under the `tenant` section. Collectors defined in a `ReleasePlanAdmission` will have their results stored under the `managed` key instead. +In this case, the `project-issues` pipeline generated a list of issues, which is included under `status.release.tenant`. Since this pipeline was defined in the `ReleasePlan`, its output is categorized under the `tenant` section. Pipelines defined in a `ReleasePlanAdmission` will have their results stored under the `managed` key instead. -The following example shows a `Release` status containing results from multiple collectors, both _tenant_ and _managed_: +The following example shows a `Release` status containing results from multiple pipelines, both _tenant_ and _managed_: [source,yaml] ---- @@ -87,7 +77,7 @@ apiVersion: appstudio.redhat.com/v1alpha1 kind: Release ... status: - collectors: + release: managed: - foo: releaseNotes: @@ -105,18 +95,18 @@ status: source: "issues.redhat.com" ---- -## Collectors in the managed pipeline +## Release data in the managed pipeline -Releases can reference _managed pipelines_, which—as described in other sections—rely on the `data` field to retrieve user-provided information. To ensure that data generated by _collectors_ is also considered, the contents of `status.collectors` are merged with the data fields from the `Release`, `ReleasePlan`, and `ReleasePlanAdmission` resources. +Releases can reference _managed pipelines_, which—as described in other sections—rely on the `data` field to retrieve user-provided information. To ensure that data generated by _pipelines_ is also considered, the contents of `status.release` are merged with the data fields from the `Release`, `ReleasePlan`, and `ReleasePlanAdmission` resources. -The order of precedence follows the same hierarchy previously described, with `status.collectors` having the *lowest priority*. This means that if both the collector output and any data field define the same key, the value from the `data` field will take precedence. +The order of precedence follows the same hierarchy previously described, with `status.release` having the *lowest priority*. This means that if both the pipeline output and any data field define the same key, the value from the `data` field will take precedence. -For example, if a collector like `jira` produces the following output: +For example, if a pipeline like `jira` produces the following output: [source,yaml] ---- status: - collectors: + release: tenant: - project-issues: releaseNotes: @@ -140,7 +130,7 @@ data: fixed: [] ---- -Then the empty `issues.fixed` array from the `data` field will override the collector’s output. +Then the empty `issues.fixed` array from the `data` field will override the pipeline’s output. In contrast, if the `data` field contains unrelated content: @@ -163,4 +153,4 @@ data: source: "issues.redhat.com" ---- -This _merging strategy_ ensures flexibility while allowing user-defined data to take precedence when needed. +This _merging strategy_ ensures flexibility while allowing user-defined data to take precedence when needed. \ No newline at end of file diff --git a/modules/testing/pages/integration/snapshots/index.adoc b/modules/testing/pages/integration/snapshots/index.adoc index 911ace615..ea8d6985d 100644 --- a/modules/testing/pages/integration/snapshots/index.adoc +++ b/modules/testing/pages/integration/snapshots/index.adoc @@ -20,6 +20,7 @@ kind: Snapshot metadata: name: snapshot-sample <.> namespace: ws-sample-tenant <.> + creationTimestamp: "2024-01-25T15:10:00Z" spec: application: application-sample <.> components: @@ -131,4 +132,4 @@ A common point of confusion occurs when a Snapshot contains fewer components tha * To learn how to reset the latest component references for future Snapshots, see xref:testing:integration/snapshots/override-snapshots.adoc[Creating an override snapshot]. * To learn more about group Snapshots, see xref:testing:integration/snapshots/group-snapshots.adoc[Creating a group snapshot]. * To learn how to release a Snapshot, see xref:releasing:create-release.adoc[Creating a release]. -* For details on the Snapshot API resource, refer to the xref:reference:kube-apis/application-api.adoc#k8s-api-github-com-konflux-ci-application-api-api-v1alpha1-snapshot[Snapshot API Reference]. +* For details on the Snapshot API resource, refer to the xref:reference:kube-apis/application-api.adoc#k8s-api-github-com-konflux-ci-application-api-api-v1alpha1-snapshot[Snapshot API Reference]. \ No newline at end of file