Skip to content

Commit 58da4e4

Browse files
committed
Docs: relocate ci/docs/ to docs/
Update publish.md ai-assisted=yes [TNZ-21935]
1 parent ac8ca32 commit 58da4e4

3 files changed

Lines changed: 54 additions & 25 deletions

File tree

ci/docs/publish.md

Lines changed: 0 additions & 15 deletions
This file was deleted.

ci/docs/fips.md renamed to docs/fips.md

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,41 +5,42 @@ fips stemcells when published in the pipeline
55
will be put in a private bucket called `bosh-core-stemcells-fips`
66

77
if a working groups needs these fips stemcell the can retrieve them with the
8-
[bosh-io-stemcell](https://github.com/concourse/bosh-io-stemcell-resource) concourse resource =>1.2.1
8+
[bosh-io-stemcell](https://github.com/concourse/bosh-io-stemcell-resource) concourse resource => 1.2.1
99

1010
by setting
11-
```
11+
```yaml
1212
resources:
1313
- name: stemcell
1414
type: bosh-io-stemcell
1515
source:
1616
name: bosh-aws-xen-hvm-ubuntu-jammy-fips-go_agent
1717
auth:
18-
access_key: hmac-accesskey
19-
secret_key: hmac-secretkey
18+
access_key: hmac-access_key
19+
secret_key: hmac-secret_key
2020
```
2121
for this you need a service account setup with hmac keys
2222
https://cloud.google.com/storage/docs/authentication/hmackeys
2323
2424
## setup access
25-
to setup access permissions for the `bosh-core-stemcells-fips` bucket
25+
setup access permissions for the `bosh-core-stemcells-fips` bucket
2626

2727
### working group actions
28-
a service accunt should be setup in the working group that want to access the fips stemcells.
28+
a service account should be setup in the working group that want to access the fips stemcells.
2929
this account should then be enabled with [hmac keys](https://cloud.google.com/storage/docs/authentication/hmackeys)
3030

3131
#### bucket owner actions
3232
requirements:
3333
- [gcloud](https://cloud.google.com/sdk/docs/install)
3434
- [gsutil](https://cloud.google.com/storage/docs/gsutil_install)
3535

36-
login to the cloud-foundry-310819 project ` gcloud auth login`
36+
Login to the `cloud-foundry-310819` GCP project `gcloud auth login`
3737

3838
setup access for cross project cloud buckets. reference: https://cloud.google.com/dataprep/docs/concepts/gcs-buckets
39-
replace PLACEHOLDER with the service account that is created in the previous steps for example test-dev@myproject.iam.gserviceaccount.com
40-
```
39+
replace PLACEHOLDER with the service account that is created in the previous steps for example
40+
`test-dev@myproject.iam.gserviceaccount.com`
41+
42+
```shell
4143
gsutil defacl ch -u PLACEHOLDER gs://bosh-core-stemcells-fips
4244
gsutil acl ch -u PLACEHOLDER:READER gs://bosh-core-stemcells-fips
4345
gsutil -m acl ch -r -u PLACEHOLDER:READER gs://bosh-core-stemcells-fips
4446
```
45-

docs/publish.md

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
# Publish a stemcell.
2+
## Verify stemcell builds
3+
Whenever a USN (Ubuntu Security Notice) is published, a ticket is automatically
4+
created in the community-stemcell board
5+
(https://github.com/orgs/cloudfoundry/projects/4).
6+
There would also be a notification in the #bosh-private channel of the
7+
Cloud Foundry slack.
8+
9+
A USN triggers the stemcell build pipeline, when everything is successfully
10+
built, we can publish the new candidate stemcell version.
11+
Please check the latest build of the aggregate-candidate-stemcells job of the
12+
stemcell line you need to release (aggregate-candidate-stemcells-1.x),
13+
you should see a successful build which was triggered by the USN notice.
14+
Then, in the stemcells-publisher pipeline, check if google and aws light
15+
stemcells were successfully built as a result of the USN.
16+
17+
## Publish stemcells
18+
In order to publish new stemcells, trigger a build of the
19+
`publish-ubuntu-${short_name}-1` job:
20+
- https://bosh.ci.cloudfoundry.org/teams/stemcell/pipelines/ubuntu-jammy-publisher/jobs/publish-ubuntu-jammy-1
21+
- https://bosh.ci.cloudfoundry.org/teams/stemcell/pipelines/ubuntu-noble-publisher/jobs/publish-ubuntu-noble-1
22+
23+
This job will take around 1h to run. When this job is finished, new stemcell
24+
versions will be available on bosh.io and a GitHub draft release will have been
25+
created at
26+
- https://github.com/cloudfoundry/bosh-linux-stemcell-builder/releases.
27+
28+
Check to see if the draft release has the correct USNs and CVEs, add any extra
29+
information (see below) to the release notes, and publish the GitHub release.
30+
31+
Then [Finalize the draft release on GitHub](https://github.com/cloudfoundry/bosh-linux-stemcell-builder/releases)
32+
- Select the appropriate `Previous Tag` and click "Generate release notes" -
33+
- Do NOT leave it set to `Auto` as that will result in incorrect release notes.
34+
- Scroll to the bottom; cut-and-paste the "What's Changed" section and paste it
35+
at the top
36+
- Check the items for correctness; they may have already been published in a
37+
previous release. Branch merges can confuse GitHub's auto-generated notes.
38+
- Reword the bullet items to convey what was fixed:
39+
40+
| old (bad) | new (good) |
41+
|----------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
42+
| 🐞 Fix “Cannot connect to the monit daemon.” | Fixed issue with BOSH service-broker tasks failing under heavy usage with error "Cannot connect to the monit daemon." |
43+
| Installing ethtool in Jammy by @<someone> in | Stemcells now include the networking utility, ethtool, useful for troubleshooting & resolving networking issues. |

0 commit comments

Comments
 (0)