diff --git a/go.mod b/go.mod index 874d068471..1f5418f9fb 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( k8s.io/klog/v2 v2.120.1 sigs.k8s.io/controller-runtime v0.18.2 sigs.k8s.io/gateway-api v1.1.0 - sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.0 + sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.1 ) require ( diff --git a/go.sum b/go.sum index 7ecb69aaf3..38d377ded8 100644 --- a/go.sum +++ b/go.sum @@ -346,8 +346,8 @@ sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.0 h1:+OhFU21hL9Gq/sHKHfYxbc7M6RWV3UqTpnk5/wF9cP4= -sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.0/go.mod h1:mfQ2enu5yAHUhpNWsce9NmkqkRQsk70zQT+7KjZ+JMo= +sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.1 h1:uhd7RobUnVmfkRb3gkYQh4tBOiBEBvdwW/nAthG95Rc= +sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.1/go.mod h1:mfQ2enu5yAHUhpNWsce9NmkqkRQsk70zQT+7KjZ+JMo= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go index 14c583ad51..d84ffae2ca 100644 --- a/pkg/controller/controller_test.go +++ b/pkg/controller/controller_test.go @@ -598,7 +598,7 @@ func fakeClaim(name, namespace, claimUID string, capacity int64, boundToVolume s case "filesystem": claim.Spec.VolumeMode = &volumeModeFileSystem default: - // leave it undefined/nil to maintaint the current defaults for test cases + // leave it undefined/nil to maintain the current defaults for test cases } return &claim } @@ -5637,7 +5637,7 @@ func generatePVCForProvisionFromPVC(srcNamespace, srcName, scName string, reques case "filesystem": provisionRequest.PVC.Spec.VolumeMode = &volumeModeFileSystem default: - // leave it undefined/nil to maintaint the current defaults for test cases + // leave it undefined/nil to maintain the current defaults for test cases } return provisionRequest @@ -5684,7 +5684,7 @@ func generatePVCForProvisionFromXnsdataSource(scName, namespace string, dataSour case "filesystem": provisionRequest.PVC.Spec.VolumeMode = &volumeModeFileSystem default: - // leave it undefined/nil to maintaint the current defaults for test cases + // leave it undefined/nil to maintain the current defaults for test cases } return provisionRequest diff --git a/release-tools/.github/dependabot.yaml b/release-tools/.github/dependabot.yaml new file mode 100644 index 0000000000..814a34493f --- /dev/null +++ b/release-tools/.github/dependabot.yaml @@ -0,0 +1,12 @@ +version: 2 +enable-beta-ecosystems: true +updates: +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + labels: + - "area/dependency" + - "release-note-none" + - "ok-to-test" + open-pull-requests-limit: 10 diff --git a/release-tools/.github/workflows/codespell.yml b/release-tools/.github/workflows/codespell.yml new file mode 100644 index 0000000000..e74edcef5e --- /dev/null +++ b/release-tools/.github/workflows/codespell.yml @@ -0,0 +1,15 @@ +# GitHub Action to automate the identification of common misspellings in text files. +# https://github.com/codespell-project/actions-codespell +# https://github.com/codespell-project/codespell +name: codespell +on: [push, pull_request] +jobs: + codespell: + name: Check for spelling errors + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: codespell-project/actions-codespell@master + with: + check_filenames: true + skip: "*.png,*.jpg,*.svg,*.sum,./.git,./.github/workflows/codespell.yml,./prow.sh" diff --git a/release-tools/.github/workflows/trivy.yaml b/release-tools/.github/workflows/trivy.yaml new file mode 100644 index 0000000000..472984780a --- /dev/null +++ b/release-tools/.github/workflows/trivy.yaml @@ -0,0 +1,29 @@ +name: Run Trivy scanner for Go version vulnerabilities +on: + push: + branches: + - master + pull_request: +jobs: + trivy: + name: Build + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get Go version + id: go-version + run: | + GO_VERSION=$(cat prow.sh | grep "configvar CSI_PROW_GO_VERSION_BUILD" | awk '{print $3}' | sed 's/"//g') + echo "version=$GO_VERSION" >> $GITHUB_OUTPUT + + - name: Run Trivy scanner for Go version vulnerabilities + uses: aquasecurity/trivy-action@master + with: + image-ref: 'golang:${{ steps.go-version.outputs.version }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'library' + severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' diff --git a/release-tools/SIDECAR_RELEASE_PROCESS.md b/release-tools/SIDECAR_RELEASE_PROCESS.md index 647d2342ba..aab8d6e215 100644 --- a/release-tools/SIDECAR_RELEASE_PROCESS.md +++ b/release-tools/SIDECAR_RELEASE_PROCESS.md @@ -84,7 +84,7 @@ naming convention `-on-`. 1. Compare the generated output to the new commits for the release to check if any notable change missed a release note. 1. Reword release notes as needed, ideally in the original PRs so that the - release notes can be regnerated. Make sure to check notes for breaking + release notes can be regenerated. Make sure to check notes for breaking changes and deprecations. 1. If release is a new major/minor version, create a new `CHANGELOG-..md` file. diff --git a/release-tools/generate-patch-release-notes.sh b/release-tools/generate-patch-release-notes.sh index 2b9c13c387..536a149023 100755 --- a/release-tools/generate-patch-release-notes.sh +++ b/release-tools/generate-patch-release-notes.sh @@ -23,13 +23,17 @@ # CSI_RELEASE_TOKEN: Github token needed for generating release notes # GITHUB_USER: Github username to create PRs with # +# Required tools: +# - gh +# - release-notes (https://github.com/kubernetes/release/blob/master/cmd/release-notes/README.md) +# # Instructions: -# 1. Login with "gh auth login" -# 2. Copy this script to the kubernetes-csi directory (one directory above the -# repos) -# 3. Update the repos and versions in the $releases array -# 4. Set environment variables -# 5. Run script from the kubernetes-csi directory +# 1. Install the required tools +# 2. Login with "gh auth login" +# 3. Copy this script to the kubernetes-csi directory (one directory above the repos) +# 4. Update the repos and versions in the $releases array +# 5. Set environment variables +# 6. Run script from the kubernetes-csi directory # # Caveats: # - This script doesn't handle regenerating and updating existing PRs yet. diff --git a/release-tools/prow.sh b/release-tools/prow.sh index 049fb79afc..df8c61502f 100755 --- a/release-tools/prow.sh +++ b/release-tools/prow.sh @@ -86,7 +86,7 @@ configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -pp # which is disabled with GOFLAGS=-mod=vendor). configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory" -configvar CSI_PROW_GO_VERSION_BUILD "1.22.3" "Go version for building the component" # depends on component's source code +configvar CSI_PROW_GO_VERSION_BUILD "1.22.5" "Go version for building the component" # depends on component's source code configvar CSI_PROW_GO_VERSION_E2E "" "override Go version for building the Kubernetes E2E test suite" # normally doesn't need to be set, see install_e2e configvar CSI_PROW_GO_VERSION_SANITY "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building the csi-sanity test suite" # depends on CSI_PROW_SANITY settings below configvar CSI_PROW_GO_VERSION_KIND "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building 'kind'" # depends on CSI_PROW_KIND_VERSION below @@ -231,8 +231,11 @@ configvar CSI_PROW_E2E_VERSION "$(version_to_git "${CSI_PROW_KUBERNETES_VERSION} configvar CSI_PROW_E2E_REPO "https://github.com/kubernetes/kubernetes" "E2E repo" configvar CSI_PROW_E2E_IMPORT_PATH "k8s.io/kubernetes" "E2E package" -# Local path for e2e tests. Set to "none" to disable. -configvar CSI_PROW_SIDECAR_E2E_IMPORT_PATH "none" "CSI Sidecar E2E package" +# Local path & package path for e2e tests. Set to "none" to disable. +# When using versioned go modules, the import path is the module path whereas the path +# should not contain the version and be the directory where the module is checked out. +configvar CSI_PROW_SIDECAR_E2E_IMPORT_PATH "none" "CSI Sidecar E2E package (go import path)" +configvar CSI_PROW_SIDECAR_E2E_PATH "${CSI_PROW_SIDECAR_E2E_IMPORT_PATH}" "CSI Sidecar E2E path (directory)" # csi-sanity testing from the csi-test repo can be run against the installed # CSI driver. For this to work, deploying the driver must expose the Unix domain @@ -1035,7 +1038,7 @@ run_e2e () ( trap move_junit EXIT if [ "${name}" == "local" ]; then - cd "${GOPATH}/src/${CSI_PROW_SIDECAR_E2E_IMPORT_PATH}" && + cd "${GOPATH}/src/${CSI_PROW_SIDECAR_E2E_PATH}" && run_with_loggers env KUBECONFIG="$KUBECONFIG" KUBE_TEST_REPO_LIST="$(if [ -e "${CSI_PROW_WORK}/e2e-repo-list" ]; then echo "${CSI_PROW_WORK}/e2e-repo-list"; fi)" ginkgo --timeout="${CSI_PROW_GINKGO_TIMEOUT}" -v "$@" "${CSI_PROW_WORK}/e2e-local.test" -- -report-dir "${ARTIFACTS}" -report-prefix local else cd "${GOPATH}/src/${CSI_PROW_E2E_IMPORT_PATH}" && diff --git a/vendor/modules.txt b/vendor/modules.txt index 51e1023e44..b6f76ad2e4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1495,7 +1495,7 @@ sigs.k8s.io/gateway-api/pkg/client/listers/apis/v1beta1 ## explicit; go 1.18 sigs.k8s.io/json sigs.k8s.io/json/internal/golang/encoding/json -# sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.0 +# sigs.k8s.io/sig-storage-lib-external-provisioner/v10 v10.0.1 ## explicit; go 1.22.0 sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller/metrics diff --git a/vendor/sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller/controller.go b/vendor/sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller/controller.go index 194f6dae74..0b33f66181 100644 --- a/vendor/sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller/controller.go +++ b/vendor/sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller/controller.go @@ -54,7 +54,7 @@ import ( "k8s.io/client-go/tools/record" ref "k8s.io/client-go/tools/reference" "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" + klog "k8s.io/klog/v2" "sigs.k8s.io/sig-storage-lib-external-provisioner/v10/controller/metrics" "sigs.k8s.io/sig-storage-lib-external-provisioner/v10/util" ) @@ -1589,7 +1589,6 @@ func (ctrl *ProvisionController) deleteVolumeOperation(ctx context.Context, volu return fmt.Errorf("expected volume but got %+v", volumeObj) } finalizers, modified := removeFinalizer(newVolume.ObjectMeta.Finalizers, finalizerPV) - // Only update the finalizers if we actually removed something if modified { if _, err = ctrl.patchPersistentVolumeWithFinalizers(ctx, newVolume, finalizers); err != nil { @@ -1608,23 +1607,21 @@ func (ctrl *ProvisionController) deleteVolumeOperation(ctx context.Context, volu return nil } -// removeFinalizer removes finalizer from slice, returns slice and whether modified. +// removeFinalizer removes finalizer from slice, returns the new slice and whether modified. +// It does not modify the original slice. func removeFinalizer(finalizers []string, finalizerToRemove string) ([]string, bool) { - for i, finalizer := range finalizers { - if finalizer == finalizerToRemove { - finalizers = append(finalizers[:i], finalizers[i+1:]...) - if len(finalizers) == 0 { - finalizers = nil - } - return finalizers, true + ret := make([]string, 0, len(finalizers)) + for _, finalizer := range finalizers { + if finalizer != finalizerToRemove { + ret = append(ret, finalizer) } } - if len(finalizers) == 0 { - finalizers = nil + if len(ret) == 0 { + ret = nil } - return finalizers, false + return ret, len(ret) != len(finalizers) } // addFinalizer adds finalizer to slice, returns slice and whether modified.