kudo icon indicating copy to clipboard operation
kudo copied to clipboard
verified publisher icon kudobuilder

Predictable and Immutable Release process on CI

Open kensipe opened this issue 5 years ago • 2 comments

It was identified that our release process which uses goreleaser does not define the version. Historically it has been "latest". Additionally historically the release build has been on a developers dev box. This additionally challenges the repeatability of the release (indeterministic version of build tools). While the raised issue is the "version" of goreleaser, the real issue to me seems like a repeatable release build chain which includes version of Go, version of goreleaser, version of docker, etc.

Based on that justification, it seems best to build out the release process to be handled through our CI system which will likely require scripts and a build image which will be self-documenting or traceable. We should document anything that falls outside that assumption.

kensipe avatar Jul 17 '20 13:07 kensipe

👍 Good points. In the same vein, if it's possible it would be great if we could get reproducible builds

ANeumann82 avatar Jul 17 '20 13:07 ANeumann82

yep.. I thought that was what was communicated... but yeah!

kensipe avatar Jul 17 '20 14:07 kensipe