[CLOUDP-352579] Add evergreen function to promote and release kubectl plugin

.evergreen-functions.yml

@@ -512,7 +512,7 @@ functions:
     - command: subprocess.exec
       params:
         working_dir: src/github.com/mongodb/mongodb-kubernetes
-        binary: scripts/dev/run_python.sh scripts/release/kubectl-mongodb/python/build_kubectl_plugin.py
+        binary: scripts/dev/run_python.sh scripts/release/kubectl_mongodb/python/build_kubectl_plugin.py
 
   build_and_push_appdb_database:
     - command: subprocess.exec
@@ -888,7 +888,7 @@ functions:
   release_kubectl_mongodb_plugin:
     - command: github.generate_token
       params:
-        expansion_name: generated_token
+        expansion_name: GH_TOKEN
     - command: shell.exec
       type: setup
       params:
@@ -911,10 +911,5 @@ functions:
           GOROOT: "/opt/golang/go1.24"
           MACOS_NOTARY_KEY: ${macos_notary_keyid}
           MACOS_NOTARY_SECRET: ${macos_notary_secret}
-        # shell.exec EVG Task doesn't have add_to_path, so we need to explicitly add the path export below.
-        script: |
-          set -Eeu pipefail
-          export GORELEASER_CURRENT_TAG=${OPERATOR_VERSION|*triggered_by_git_tag}
-          export PATH=$GOROOT/bin:$PATH
-          export GITHUB_TOKEN=${generated_token}
-          ${workdir}/goreleaser release --clean
+          GH_TOKEN: ${GH_TOKEN}
+        script: scripts/dev/run_python.sh scripts/release/kubectl_mongodb/python/promote_kubectl_plugin.py

.evergreen-release.yml

@@ -121,6 +121,7 @@ tasks:
       - func: clone
       - func: install_goreleaser
       - func: install_macos_notarization_service
+      - func: python_venv
       - func: release_kubectl_mongodb_plugin
 
   - name: create_chart_release_pr

.goreleaser.yaml

@@ -19,9 +19,9 @@ builds:
     hooks:
       # This will notarize Apple binaries and replace goreleaser bins with the notarized ones
       post:
-        - cmd: ./scripts/release/kubectl-mongodb/kubectl_mac_notarize.sh
+        - cmd: ./scripts/release/kubectl_mongodb/kubectl_mac_notarize.sh
           output: true
-        - cmd: ./scripts/release/kubectl-mongodb/sign.sh {{ .Path }}
+        - cmd: ./scripts/release/kubectl_mongodb/sign.sh {{ .Path }}
           env:
             - GRS_USERNAME={{ .Env.GRS_USERNAME }}
             - GRS_PASSWORD={{ .Env.GRS_PASSWORD }}
@@ -30,7 +30,7 @@ builds:
             - SIGNING_IMAGE_URI={{ .Env.SIGNING_IMAGE_URI }}
             - ARTIFACTORY_USERNAME=mongodb-enterprise-kubernetes-operator
             - ARTIFACTORY_PASSWORD={{ .Env.ARTIFACTORY_PASSWORD }}
-        - cmd: ./scripts/release/kubectl-mongodb/verify.sh {{ .Path }} && echo "VERIFIED OK"
+        - cmd: ./scripts/release/kubectl_mongodb/verify.sh {{ .Path }} && echo "VERIFIED OK"
 
 archives:
   - format: tar.gz

scripts/release/kubectl-mongodb/kubectl_mac_notarize.sh → scripts/release/kubectl_mongodb/kubectl_mac_notarize.sh

@@ -20,16 +20,27 @@ set -Eeou pipefail
 # This depends on binaries being generated in a goreleaser manner and gon being set up.
 # goreleaser should already take care of calling this script as a hook.
 
-if [[ -f "./dist/kubectl-mongodb_darwin_amd64_v1/kubectl-mongodb" && -f "./dist/kubectl-mongodb_darwin_arm64/kubectl-mongodb" && ! -f "./dist/kubectl-mongodb_macos_signed.zip" ]]; then
+if [ -z "${1-}" ]; then
+  echo "Error: Missing required argument <version> as first positional parameter to script"
+  echo "Usage: ./kubectl_mac_notarize.sh <version>"
+  exit 1
+fi
+
+version=$1
+
+darwin_amd64_dir="./artifacts/kubectl-mongodb_${version}_darwin_amd64"
+darwin_arm64_dir="./artifacts/kubectl-mongodb_${version}_darwin_arm64"
+
+if [[ -f "${darwin_amd64_dir}/kubectl-mongodb" && -f "${darwin_arm64_dir}/kubectl-mongodb" && ! -f "./artifacts/kubectl-mongodb_macos_signed.zip" ]]; then
 	echo "notarizing macOs binaries"
-	zip -r ./dist/kubectl-mongodb_amd64_arm64_bin.zip ./dist/kubectl-mongodb_darwin_amd64_v1/kubectl-mongodb ./dist/kubectl-mongodb_darwin_arm64/kubectl-mongodb # The Notarization Service takes an archive as input
+	zip -r ./artifacts/kubectl-mongodb_amd64_arm64_bin.zip "${darwin_amd64_dir}/kubectl-mongodb" "${darwin_arm64_dir}/kubectl-mongodb" # The Notarization Service takes an archive as input
 	"${workdir:-.}"/linux_amd64/macnotary \
-		-f ./dist/kubectl-mongodb_amd64_arm64_bin.zip \
+		-f ./artifacts/kubectl-mongodb_amd64_arm64_bin.zip \
 		-m notarizeAndSign -u https://dev.macos-notary.build.10gen.cc/api \
 		-b com.mongodb.mongodb-kubectl-mongodb \
-		-o ./dist/kubectl-mongodb_macos_signed.zip
+		-o ./artifacts/kubectl-mongodb_macos_signed.zip
 
 	echo "replacing original files"
-	unzip -oj ./dist/kubectl-mongodb_macos_signed.zip dist/kubectl-mongodb_darwin_amd64_v1/kubectl-mongodb -d ./dist/kubectl-mongodb_darwin_amd64_v1/
-	unzip -oj ./dist/kubectl-mongodb_macos_signed.zip dist/kubectl-mongodb_darwin_arm64/kubectl-mongodb -d ./dist/kubectl-mongodb_darwin_arm64/
+	unzip -oj ./artifacts/kubectl-mongodb_macos_signed.zip "artifacts/kubectl-mongodb_${version}_darwin_amd64/kubectl-mongodb" -d "${darwin_amd64_dir}/"
+	unzip -oj ./artifacts/kubectl-mongodb_macos_signed.zip "artifacts/kubectl-mongodb_${version}_darwin_arm64/kubectl-mongodb" -d "${darwin_arm64_dir}/"
 fi

scripts/release/kubectl-mongodb/python/build_kubectl_plugin.py → scripts/release/kubectl_mongodb/python/build_kubectl_plugin.py

@@ -9,13 +9,10 @@
 from scripts.release.build.build_info import (
     load_build_info,
 )
+from scripts.release.kubectl_mongodb.python.consts import *
 
-AWS_REGION = "eu-north-1"
-KUBECTL_PLUGIN_BINARY_NAME = "kubectl-mongodb"
 S3_BUCKET_KUBECTL_PLUGIN_SUBPATH = KUBECTL_PLUGIN_BINARY_NAME
 
-GORELEASER_DIST_DIR = "dist"
-
 
 def run_goreleaser():
     try:

scripts/release/kubectl_mongodb/python/consts.py

@@ -0,0 +1,12 @@
+AWS_REGION = "eu-north-1"
+KUBECTL_PLUGIN_BINARY_NAME = "kubectl-mongodb"
+
+GITHUB_REPO = "mongodb/mongodb-kubernetes"
+
+LOCAL_ARTIFACTS_DIR = "artifacts"
+CHECKSUMS_PATH = f"{LOCAL_ARTIFACTS_DIR}/checksums.txt"
+
+GORELEASER_DIST_DIR = "dist"
+
+BUILD_SCENARIO_RELEASE = "release"
+BUILD_SCENARIO_STAGING = "staging"