Skip to content

Commit

Permalink
Merge commit '9069af2771f06165fac8cc8406ac01df9062376a' into local-re…
Browse files Browse the repository at this point in the history
…lease-4.0
  • Loading branch information
hime committed Jun 13, 2024
2 parents 880de6e + 9069af2 commit 8a060ad
Show file tree
Hide file tree
Showing 9 changed files with 223 additions and 16 deletions.
12 changes: 12 additions & 0 deletions release-tools/.github/dependabot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 10
15 changes: 15 additions & 0 deletions release-tools/.github/workflows/codespell.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# GitHub Action to automate the identification of common misspellings in text files.
# https://github.com/codespell-project/actions-codespell
# https://github.com/codespell-project/codespell
name: codespell
on: [push, pull_request]
jobs:
codespell:
name: Check for spelling errors
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@master
with:
check_filenames: true
skip: "*.png,*.jpg,*.svg,*.sum,./.git,./.github/workflows/codespell.yml,./prow.sh"
29 changes: 29 additions & 0 deletions release-tools/.github/workflows/trivy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Run Trivy scanner for Go version vulnerabilities
on:
push:
branches:
- master
pull_request:
jobs:
trivy:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Get Go version
id: go-version
run: |
GO_VERSION=$(cat prow.sh | grep "configvar CSI_PROW_GO_VERSION_BUILD" | awk '{print $3}' | sed 's/"//g')
echo "version=$GO_VERSION" >> $GITHUB_OUTPUT
- name: Run Trivy scanner for Go version vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: 'golang:${{ steps.go-version.outputs.version }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
11 changes: 7 additions & 4 deletions release-tools/SIDECAR_RELEASE_PROCESS.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,12 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
## Release Process
1. Identify all issues and ongoing PRs that should go into the release, and
drive them to resolution.
1. Update dependencies for sidecars via
[go-modules-update.sh](https://github.com/kubernetes-csi/csi-driver-host-path/blob/HEAD/release-tools/go-modules-update.sh),
and get PRs approved and merged.
1. Update dependencies for sidecars
1. For new minor versions, use
[go-modules-update.sh](https://github.com/kubernetes-csi/csi-release-tools/blob/HEAD/go-modules-update.sh),
1. For CVE fixes on patch versions, use
[go-modules-targeted-update.sh](https://github.com/kubernetes-csi/csi-release-tools/blob/HEAD/go-modules-targeted-update.sh),
Read the instructions at the top of the script.
1. Check that all [canary CI
jobs](https://testgrid.k8s.io/sig-storage-csi-ci) are passing,
and that test coverage is adequate for the changes that are going into the release.
Expand Down Expand Up @@ -81,7 +84,7 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
1. Compare the generated output to the new commits for the release to check if
any notable change missed a release note.
1. Reword release notes as needed, ideally in the original PRs so that the
release notes can be regnerated. Make sure to check notes for breaking
release notes can be regenerated. Make sure to check notes for breaking
changes and deprecations.
1. If release is a new major/minor version, create a new `CHANGELOG-<major>.<minor>.md`
file.
Expand Down
7 changes: 7 additions & 0 deletions release-tools/build.make
Original file line number Diff line number Diff line change
Expand Up @@ -322,3 +322,10 @@ test-spelling:
test-boilerplate:
@ echo; echo "### $@:"
@ ./release-tools/verify-boilerplate.sh "$(pwd)"

# Test klog usage. This test is optional and must be explicitly added to `test` target in the main Makefile:
# test: test-logcheck
.PHONY: test-logcheck
test-logcheck:
@ echo; echo "### $@:"
@ ./release-tools/verify-logcheck.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,17 @@
# CSI_RELEASE_TOKEN: Github token needed for generating release notes
# GITHUB_USER: Github username to create PRs with
#
# Required tools:
# - gh
# - release-notes (https://github.com/kubernetes/release/blob/master/cmd/release-notes/README.md)
#
# Instructions:
# 1. Login with "gh auth login"
# 2. Copy this script to the kubernetes-csi directory (one directory above the
# repos)
# 3. Update the repos and versions in the $releases array
# 4. Set environment variables
# 5. Run script from the kubernetes-csi directory
# 1. Install the required tools
# 2. Login with "gh auth login"
# 3. Copy this script to the kubernetes-csi directory (one directory above the repos)
# 4. Update the repos and versions in the $releases array
# 5. Set environment variables
# 6. Run script from the kubernetes-csi directory
#
# Caveats:
# - This script doesn't handle regenerating and updating existing PRs yet.
Expand All @@ -48,7 +52,7 @@ function gen_patch_relnotes() {
rm out.md || true
rm -rf /tmp/k8s-repo || true
GITHUB_TOKEN="$CSI_RELEASE_TOKEN" \
release-notes --discover=patch-to-latest --branch="$2" \
release-notes --start-rev="$3" --end-rev="$2" --branch="$2" \
--org=kubernetes-csi --repo="$1" \
--required-author="" --markdown-links --output out.md
}
Expand All @@ -57,11 +61,14 @@ for rel in "${releases[@]}"; do
read -r repo version <<< "$rel"

# Parse minor version
minorPattern="(^[[:digit:]]+\.[[:digit:]]+)\."
[[ "$version" =~ $minorPattern ]]
minorPatchPattern="(^[[:digit:]]+\.[[:digit:]]+)\.([[:digit:]]+)"
[[ "$version" =~ $minorPatchPattern ]]
minor="${BASH_REMATCH[1]}"
patch="${BASH_REMATCH[2]}"

echo "$repo" "$version" "$minor"
echo "$repo $version $minor $patch"
prevPatch="$((patch-1))"
prevVer="v$minor.$prevPatch"

pushd "$repo/CHANGELOG"

Expand All @@ -74,7 +81,7 @@ for rel in "${releases[@]}"; do
git checkout --track "upstream/release-$minor" -b "$branch"

# Generate release notes
gen_patch_relnotes "$repo" "release-$minor"
gen_patch_relnotes "$repo" "release-$minor" "$prevVer"
cat > tmp.md <<EOF
# Release notes for v$version
Expand All @@ -84,6 +91,7 @@ EOF

cat out.md >> tmp.md
echo >> tmp.md
rm out.md

file="CHANGELOG-$minor.md"
cat "$file" >> tmp.md
Expand Down
96 changes: 96 additions & 0 deletions release-tools/go-modules-targeted-update.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
#!/bin/bash

# Copyright 2023 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# Usage: go-modules-targeted-update.sh
#
# Batch update specific dependencies for sidecars.
#
# Required environment variables
# CSI_RELEASE_TOKEN: Github token needed for generating release notes
# GITHUB_USER: Github username to create PRs with
#
# Instructions:
# 1. Login with "gh auth login"
# 2. Copy this script to the Github org directory (one directory above the
# repos)
# 3. Change $modules, $releases and $org if needed.
# 4. Set environment variables
# 5. Run script from the Github org directory
#
# Caveats:
# - This script doesn't handle interface incompatibility of updates.
# You need to resolve interface incompatibility case by case. The
# most frequent case is to update the interface(new parameters,
# name change of the method, etc.)in the sidecar repo and make sure
# the build and test pass.


set -e
set -x

org="kubernetes-csi"

modules=(
"github.com/kubernetes-csi/csi-lib-utils@v0.15.1"
)

releases=(
#"external-attacher release-4.4"
#"external-provisioner release-3.6"
#"external-resizer release-1.9"
#"external-snapshotter release-6.3"
#"node-driver-registrar release-2.9"
)

for rel in "${releases[@]}"; do

read -r repo branch <<< "$rel"
if [ "$repo" != "#" ]; then
(
cd "$repo"
git fetch upstream

if [ "$(git rev-parse --verify "module-update-$branch" 2>/dev/null)" ]; then
git checkout master && git branch -D "module-update-$branch"
fi
git checkout -B "module-update-$branch" "upstream/$branch"

for mod in "${modules[@]}"; do
go get "$mod"
done
go mod tidy
go mod vendor

git add --all
git commit -m "Update go modules"
git push origin "module-update-$branch" --force

# Create PR
prbody=$(cat <<EOF
Updated the following go modules:
${modules[@]}
\`\`\`release-note
NONE
\`\`\`
EOF
)
gh pr create --title="[$branch] Update go modules" --body "$prbody" --head "$GITHUB_USER:module-update-$branch" --base "$branch" --repo="$org/$repo"
)
fi
done
2 changes: 1 addition & 1 deletion release-tools/prow.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -pp
# which is disabled with GOFLAGS=-mod=vendor).
configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory"

configvar CSI_PROW_GO_VERSION_BUILD "1.21.5" "Go version for building the component" # depends on component's source code
configvar CSI_PROW_GO_VERSION_BUILD "1.22.3" "Go version for building the component" # depends on component's source code
configvar CSI_PROW_GO_VERSION_E2E "" "override Go version for building the Kubernetes E2E test suite" # normally doesn't need to be set, see install_e2e
configvar CSI_PROW_GO_VERSION_SANITY "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building the csi-sanity test suite" # depends on CSI_PROW_SANITY settings below
configvar CSI_PROW_GO_VERSION_KIND "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building 'kind'" # depends on CSI_PROW_KIND_VERSION below
Expand Down
37 changes: 37 additions & 0 deletions release-tools/verify-logcheck.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/usr/bin/env bash

# Copyright 2024 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This script uses the logcheck tool to analyze the source code
# for proper usage of klog contextual logging.

set -o errexit
set -o nounset
set -o pipefail

LOGCHECK_VERSION=${1:-0.8.2}

# This will canonicalize the path
CSI_LIB_UTIL_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd -P)

# Create a temporary directory for installing logcheck and
# set up a trap command to remove it when the script exits.
CSI_LIB_UTIL_TEMP=$(mktemp -d 2>/dev/null || mktemp -d -t csi-lib-utils.XXXXXX)
trap 'rm -rf "${CSI_LIB_UTIL_TEMP}"' EXIT

echo "Installing logcheck to temp dir: sigs.k8s.io/logtools/logcheck@v${LOGCHECK_VERSION}"
GOBIN="${CSI_LIB_UTIL_TEMP}" go install "sigs.k8s.io/logtools/logcheck@v${LOGCHECK_VERSION}"
echo "Verifying logcheck: ${CSI_LIB_UTIL_TEMP}/logcheck -check-contextual ${CSI_LIB_UTIL_ROOT}/..."
"${CSI_LIB_UTIL_TEMP}/logcheck" -check-contextual -check-with-helpers "${CSI_LIB_UTIL_ROOT}/..."

0 comments on commit 8a060ad

Please sign in to comment.