From 527e1859da736a2338a94c136a26cfe210b8cd0c Mon Sep 17 00:00:00 2001
From: sigalsax <ssax18@gmail.com>
Date: Thu, 24 Sep 2020 14:40:22 +0300
Subject: [PATCH] Add release automation

- Package helm chart on every release
- Add ability to push an edge tag on every master build
- Update tag and release process in docs
---
 CHANGELOG.md     |  2 ++
 CONTRIBUTING.md  | 15 +++++++-------
 Jenkinsfile      | 51 ++++++++++++++++++++++++++++++++----------------
 README.md        |  8 ++++++++
 bin/publish      |  4 ++++
 ci/jenkins_build | 11 +++++++++++
 6 files changed, 67 insertions(+), 24 deletions(-)
 create mode 100755 ci/jenkins_build

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 504d850c5..a7056bc0a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Push an 'edge' release tag for every successful master build and automate the packaging of Secrets Provider Helm Chart as part of the pipeline ([cyberark/secrets-provider-for-k8s#234](https://github.com/cyberark/secrets-provider-for-k8s/pull/234))
 
 ## [1.1.0] - 2020-09-15
 ### Added
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3acb8714f..00e2c1bce 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -186,13 +186,6 @@ follow the instructions in this section.
     1. [Version file](pkg/secrets/version.go)
     1. [Chart version](helm/secrets-provider/Chart.yaml)
     1. [Default deployed version](helm/secrets-provider/values.yaml)
-    
-1. Create a Helm package by running the following command from the repo root: `helm package helm/secrets-provider`.
-   The Helm package will be saved to the current folder and will resemble `secrets-provider-<version>.tgz`.
-1. Clone the repo [helm-charts](https://github.com/cyberark/helm-charts) and do the following:
-    1. Move the Helm package file created in the previous step to the *docs* folder in the `helm-charts` repo.
-    1. Go to the `helm-charts` repo root folder and execute the `reindex.sh` script file located there.
-    1. Create a PR with those changes.
 1. Review the git log and ensure the [changelog](CHANGELOG.md) contains all
    relevant recent changes with references to GitHub issues or PRs, if possible.
 1. Review the changes since the last tag, and if the dependencies have changed
@@ -210,6 +203,14 @@ follow the instructions in this section.
 1. Push the tag: `git push vx.y.z` (or `git push origin vx.y.z` if you are working
    from your local machine).
 
+### Push Helm package
+1. The tagged build will package the Secrets Provider Helm chart for us. The package will appear under the 'Artifacts' tab of the Jenkins build and will resemble `secrets-provider-<version>.tgz`. 
+Save this file because you will need it for the next step.
+1. Clone the repo [helm-charts](https://github.com/cyberark/helm-charts) and do the following:
+    1. Move the Helm package file created in the previous step to the *docs* folder in the `helm-charts` repo.
+    1. Go to the `helm-charts` repo root folder and execute the `reindex.sh` script file located there.
+    1. Create a PR with those changes.
+    
 ### Publish the git release
 1. In the GitHub UI, create a release from the new tag and copy the change log
 for the new version into the GitHub release description. The Jenkins pipeline 
diff --git a/Jenkinsfile b/Jenkinsfile
index 07cee42c2..3bca08ac5 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -79,23 +79,40 @@ pipeline {
       }
     }
 
-    stage('Publish client Docker image') {
-      steps {
-        withCredentials(
-          [
-            usernamePassword(
-              credentialsId: 'conjur-jenkins-api',
-              usernameVariable: 'GIT_USER',
-              passwordVariable: 'GIT_PASSWORD'
-            )
-          ]
-        ) {
-            sh '''
-                git config --local credential.helper '! echo username=${GIT_USER}; echo password=${GIT_PASSWORD}; echo > /dev/null'
-                git fetch --tags
-                export GIT_DESCRIPTION=$(git describe --tags)
-                summon ./bin/publish
-            '''
+    stage('Release') {
+      parallel {
+        stage('Push Images') {
+          steps {
+            script {
+              BRANCH_NAME=env.BRANCH_NAME
+            }
+            withCredentials(
+              [
+                usernamePassword(
+                  credentialsId: 'conjur-jenkins-api',
+                  usernameVariable: 'GIT_USER',
+                  passwordVariable: 'GIT_PASSWORD'
+                )
+              ]
+            ) {
+                sh '''
+                    git config --local credential.helper '! echo username=${GIT_USER}; echo password=${GIT_PASSWORD}; echo > /dev/null'
+                    git fetch --tags
+                    export GIT_DESCRIPTION=$(git describe --tags)
+                    export BRANCH_NAME=${BRANCH_NAME}
+                    summon ./bin/publish
+                '''
+              }
+          }
+        }
+        stage('Package artifacts') {
+          when { tag "v*" }
+
+          steps {
+            sh 'ci/jenkins_build'
+
+            archiveArtifacts artifacts: "helm-artifacts/", fingerprint: false, allowEmptyArchive: true
+          }
         }
       }
     }
diff --git a/README.md b/README.md
index 06771212c..f9044ff37 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,14 @@ When we release a version, we push the following images to Dockerhub:
 
 We also push the Major.Minor.Build image to our [Red Hat registry](https://catalog.redhat.com/software/containers/cyberark/secrets-provider-for-k8s/5ee814f0ac3db90370949cf0).
 
+# Builds
+
+We push the following tags to Dockerhub:
+
+Edge - on every successful master build an edge tag is pushed (_cyberark/secrets-provider-for-k8s:edge_).
+Latest - on every release the latest tag will be updated (_cyberark/secrets-provider-for-k8s:latest_). This tag means the Secrets Provider for Kubernetes meets the stability criteria detailed in the following section. 
+Semver - on every release a Semver tag will be pushed (_cyberark/secrets-provider-for-k8s:1.1.0_). This tag means the Secrets Provider for Kubernetes meets the stability criteria detailed in the following section.
+
 ## Stable release definition
 
 The CyberArk Secrets Provider for Kubernetes is considered stable when it meets the core acceptance criteria:
diff --git a/bin/publish b/bin/publish
index 173a85e95..a7fb5985b 100755
--- a/bin/publish
+++ b/bin/publish
@@ -43,4 +43,8 @@ if [ "$GIT_DESCRIPTION" = "v${VERSION}" ]; then
     echo 'Failed to log in to scan.connect.redhat.com'
     exit 1
   fi
+elif [ "$BRANCH_NAME" = "master" ]; then
+  echo "Successful Master build. Tagging and pushing $REGISTRY/$IMAGE_NAME:edge"
+  docker tag "$IMAGE_NAME:$FULL_VERSION_TAG" "$REGISTRY/$IMAGE_NAME:edge"
+  docker push "$REGISTRY/$IMAGE_NAME:edge"
 fi
diff --git a/ci/jenkins_build b/ci/jenkins_build
new file mode 100755
index 000000000..cb035f32d
--- /dev/null
+++ b/ci/jenkins_build
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -euo pipefail
+
+source bin/build_utils
+helm_version=3.3.0
+
+docker run --rm \
+  -v $PWD/helm/secrets-provider:/root/helm/secrets-provider \
+  -v $PWD/helm-artifacts/:/root/helm-artifacts \
+  --workdir /root/helm-artifacts \
+   alpine/helm:${helm_version} package ../helm/secrets-provider