wiki:how-to/puppet/sign-release

Version 2 (modified by https://id.mayfirst.org/dkg, 5 years ago) (diff)

--

Sign a Puppet Release

MF/PL's servers are configured centrally using a git repository with puppet configuration files.

Each server, on an hourly cron job that runs on the top of the hour, pulls in the latest version of the git repository, checks for a tag signed by a member of the support team, and if it finds one, it pulls in the changes.

To sign a tag, run the following command locally:

git tag

To see what the last tag was.

git tag -s mfpl-puppet-x.xx

To sign the next tag. In the commit message, I simply put the tag that I've created.

Ensure your tag is pushed:

git push --tags origin master

Wait for the top of the hour.