Automate OKD release promotions with weekly cron schedule

sarthakpurohit · sarthakpurohit · commit 22eeafa7765d · 2025-09-27T04:09:33.000+05:30
- Add Tekton automation for release-next and release-stable pipelines
   - Schedule for Monday 10:30 AM IST (5:00 AM UTC) to avoid cleanup conflicts
diff --git a/release-promotions/apply.sh b/release-promotions/apply.sh
@@ -0,0 +1,9 @@
+oc apply -f sa.yaml
+oc apply -f cluster-role.yaml
+oc apply -f crb.yaml
+oc apply -f task.yaml
+oc apply -f pipeline.yaml
+oc apply -f trigger-template.yaml
+oc apply -f trigger-binding.yaml
+oc apply -f event-listener.yaml
+oc apply -f cronjob.yaml
diff --git a/release-promotions/cleanup.sh b/release-promotions/cleanup.sh
@@ -0,0 +1,9 @@
+oc delete -f cronjob.yaml
+oc delete -f event-listener.yaml
+oc delete -f trigger-binding.yaml
+oc delete -f trigger-template.yaml
+oc delete -f pipeline.yaml
+oc delete -f task.yaml
+oc delete -f crb.yaml
+oc delete -f cluster-role.yaml
+oc delete -f sa.yaml
diff --git a/release-promotions/cluster-role.yaml b/release-promotions/cluster-role.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tekton-pipelinerun-creator
+rules:
+- apiGroups: ["tekton.dev"]
+  resources: ["pipelineruns"]
+  verbs: ["create"]
+- apiGroups: ["triggers.tekton.dev"]
+  resources: ["eventlisteners", "triggertemplates", "triggerbindings", "triggers", "interceptors", "clusterinterceptors"]
+  verbs: ["get", "list", "watch"]
diff --git a/release-promotions/crb.yaml b/release-promotions/crb.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-oc-create-binding
+subjects:
+- kind: ServiceAccount
+  name: tekton-cluster-access
+  namespace: okd-coreos
+roleRef:
+  kind: ClusterRole
+  name: tekton-pipelinerun-creator
+  apiGroup: rbac.authorization.k8s.io
diff --git a/release-promotions/cronjob.yaml b/release-promotions/cronjob.yaml
@@ -0,0 +1,25 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cron-trigger-cluster-command
+  namespace: okd-coreos
+spec:
+  suspend: false 
+  schedule: "0 5 * * 1"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: curl-trigger
+              image: curlimages/curl:latest
+              command: ["/bin/sh"]
+              args:
+                - "-c"
+                - |
+                  echo "[INFO] Triggering EventListener..."
+                  curl -X POST \
+                  http://el-cluster-command-listener.okd-coreos.svc.cluster.local:8080 \
+                  -H 'Content-Type: application/json' \
+                  -d '{"message":"trigger"}'
diff --git a/release-promotions/event-listener.yaml b/release-promotions/event-listener.yaml
@@ -0,0 +1,13 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: cluster-command-listener
+  namespace: okd-coreos
+spec:
+  serviceAccountName: tekton-cluster-access
+  triggers:
+    - name: trigger-on-cron
+      bindings:
+        - ref: cluster-command-binding
+      template:
+        ref: cluster-command-template
diff --git a/release-promotions/pipeline.yaml b/release-promotions/pipeline.yaml
@@ -0,0 +1,10 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: cluster-command-pipeline
+  namespace: okd-coreos
+spec:
+  tasks:
+    - name: run-command
+      taskRef:
+        name: cluster-command-task
diff --git a/release-promotions/sa.yaml b/release-promotions/sa.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-cluster-access
+  namespace: okd-coreos
diff --git a/release-promotions/task.yaml b/release-promotions/task.yaml
@@ -0,0 +1,25 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: cluster-command-task
+  namespace: okd-coreos
+spec:
+  steps:
+    - name: run-cluster-command
+      image: quay.io/openshift/origin-cli:latest
+      script: |
+        #!/bin/bash
+        set -euo pipefail
+
+        echo "[INFO] Promoting OKD releases:"
+
+        echo "[INFO] Applying: okd-release-next-pipelinerun.yaml"
+        oc create -f https://raw.githubusercontent.com/okd-project/okd-release-pipeline/main/environments/moc/pipelineruns/okd-release-next-pipelinerun.yaml
+
+        echo "[INFO] Sleeping for 30 minutes to let the first pipeline complete..."
+        sleep 1800
+
+        echo "[INFO] Applying: okd-release-stable-pipelinerun.yaml"
+        oc create -f https://raw.githubusercontent.com/okd-project/okd-release-pipeline/main/environments/moc/pipelineruns/okd-release-stable-pipelinerun.yaml
+
+        echo "[INFO] OKD promotion jobs done!"
diff --git a/release-promotions/trigger-binding.yaml b/release-promotions/trigger-binding.yaml
@@ -0,0 +1,9 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerBinding
+metadata:
+  name: cluster-command-binding
+  namespace: okd-coreos  
+spec:
+  params:
+    - name: trigger-source
+      value: $(body.message)
diff --git a/release-promotions/trigger-template.yaml b/release-promotions/trigger-template.yaml
@@ -0,0 +1,17 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: cluster-command-template
+  namespace: okd-coreos
+spec:
+  params:
+  - name: trigger-source
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1beta1
+      kind: PipelineRun
+      metadata:
+        generateName: cluster-command-run-
+      spec:
+        serviceAccountName: tekton-cluster-access
+        pipelineRef:
+          name: cluster-command-pipeline
