The dev + qe flow for plugin promotion to production should be documented

See this slack thread for details on the m2 promotion flow

Rough steps I noted from this current release:

• After final RC is validated, devs will have to rebuild the plugins without RC in the name, which changes integrity so plugins will have to be sanity tested to extend the are properly installed via backstage
  • Example plugs internal release with package and integraty sha is here
• Devs will open ticket to push final images (without rc) to Red Hat NPM stage (ie https://issues.redhat.com/browse/SPMM-17676)
• QE will validate the stage images can be loaded (They can take a few minutes to populate) - The below nmrc secret can be set to retrieve images from Red Hat npm stage registry (restart backstage pods manually)

cat <<EOF | oc apply -f -
apiVersion: v1
data:
  .npmrc: cmVnaXN0cnk9aHR0cHM6Ly9ucG0uc3RhZ2UucmVnaXN0cnkucmVkaGF0LmNvbQo=
kind: Secret
metadata:
  name: dynamic-plugins-npmrc
  namespace: rhdh-operator
EOF

• • Also QE can use the following command to confirm the latest image has been published (for each image)
  • npm view @redhat/backstage-plugin-orchestrator-backend-dynamic --registry=https://npm.registry.redhat.com dist-tags.latest
• Devs will provide QE the package names + integrity shas for the images to test with, which can be updated in dynamic plugin configmap
• Once validated, Devs will open a new ticket to push those images to prod (ie https://issues.redhat.com/browse/SPMM-17682)
• QE will sign off in the prod ticket and add the package/shas (integrity) that they tested and approved as a comment to the ticket - This will initiate the push to prod
• QE can spot check the images work in prod by updating npmrc configmap from stage to prod, ie (restart backstage pod manually)

cat <<EOF | oc apply -f -
apiVersion: v1
data:
  .npmrc: cmVnaXN0cnk9aHR0cHM6Ly9ucG0ucmVnaXN0cnkucmVkaGF0LmNvbQo=
kind: Secret
metadata:
  name: dynamic-plugins-npmrc
  namespace: rhdh-operator
EOF

• Devs create PR in orchestrator-helm-operator repo to that will update plugin package and integrity values (ie https://github.com/parodos-dev/orchestrator-helm-operator/pull/226)
• QE ack PR and dev merge
• Devs create PR in orchestrator-helm-operator repo which will use the content from the orchestrator-helm-operator PR and push upstream (or stage? stage takes 1 hr so need to discuss)
• Upstream (or stage) operator images built
• QE performs sanity with upstream/stage operator images
• QE final ack for prod
• Devs do konflux magic and release to prod
• QE final sanity against prod image

Note: NPM registry updates can take time to propagate across the world 

Note 2: Need to make sure orchestrator helm version matches the operator version so there is no confusing mismatch, such as

# oc get csv
NAME                                  DISPLAY                               VERSION                REPLACES                      PHASE
orchestrator-operator.v1.2.0          Orchestrator Operator                 1.2.0                                                Succeeded

# helm list 
NAME            NAMESPACE               REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
orchestrator    orchestrator            1               2024-10-01 12:34:09.552138113 +0000 UTC deployed        orchestrator-1.2.0-rc23 0.0.1 

(At least while helm based operator is in use)