kubernetes-csi/csi-driver-nfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Squashed 'release-tools/' changes from b54c1ba4..f40f0ccd

Browse Source 
f40f0ccd Merge pull request #256 from solumath/master
cfa92106 Instruction update
379a1bb9 Merge pull request #255 from humblec/sidecar-md
a5667bbb fix typo in sidecar release process
49676850 Merge pull request #254 from bells17/add-github-actions
d9bd160c Update skip list in codespell GitHub Action
adb3af9d Merge pull request #252 from bells17/update-go-version
f5aebfc9 Add GitHub Actions workflows
b82ee388 Merge pull request #253 from bells17/fix-typo
c3174562 Fix typo
0a785056 Bump to Go 1.22.3
edd89ad5 Merge pull request #251 from jsafrane/add-logcheck
043fd099 Add test-logcheck target
d7535ae0 Merge pull request #250 from jsafrane/go-1.22
b52e7ad3 Update go to 1.22.2
14fdb6f6 Merge pull request #247 from msau42/prow
dc4d0ae2 Merge pull request #249 from jsafrane/use-go-version
e681b170 Use .go-version to get Kubernetes go version
9b4352e9 Update release playbook
c7bb972c Fix release notes script to use fixed tags
463a0e9f Add script to update specific go modules

git-subtree-dir: release-tools
git-subtree-split: f40f0ccd458f2d4555e3ca98d69b5a984bae0f14
This commit is contained in:
andyzhangx 2024-06-05 13:28:36 +00:00
parent 94797cdc34
commit 9dbb67f966
9 changed files with 232 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/dependabot.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 10

15
.github/workflows/codespell.yml vendored Normal file
View File

@ -0,0 +1,15 @@
# GitHub Action to automate the identification of common misspellings in text files.
# https://github.com/codespell-project/actions-codespell
# https://github.com/codespell-project/codespell
name: codespell
on: [push, pull_request]
jobs:
codespell:
name: Check for spelling errors
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@master
with:
check_filenames: true
skip: "*.png,*.jpg,*.svg,*.sum,./.git,./.github/workflows/codespell.yml,./prow.sh"

29
.github/workflows/trivy.yaml vendored Normal file
View File

@ -0,0 +1,29 @@
name: Run Trivy scanner for Go version vulnerabilities
on:
push:
branches:
- master
pull_request:
jobs:
trivy:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get Go version
id: go-version
run: |
GO_VERSION=$(cat prow.sh | grep "configvar CSI_PROW_GO_VERSION_BUILD" | awk '{print $3}' | sed 's/"//g')
echo "version=$GO_VERSION" >> $GITHUB_OUTPUT
- name: Run Trivy scanner for Go version vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: 'golang:${{ steps.go-version.outputs.version }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'

11
SIDECAR_RELEASE_PROCESS.md
View File

@ -46,9 +46,12 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
## Release Process ## Release Process
1. Identify all issues and ongoing PRs that should go into the release, and 1. Identify all issues and ongoing PRs that should go into the release, and
drive them to resolution. drive them to resolution.
1. Update dependencies for sidecars via 1. Update dependencies for sidecars
[go-modules-update.sh](https://github.com/kubernetes-csi/csi-driver-host-path/blob/HEAD/release-tools/go-modules-update.sh), 1. For new minor versions, use
and get PRs approved and merged. [go-modules-update.sh](https://github.com/kubernetes-csi/csi-release-tools/blob/HEAD/go-modules-update.sh),
1. For CVE fixes on patch versions, use
[go-modules-targeted-update.sh](https://github.com/kubernetes-csi/csi-release-tools/blob/HEAD/go-modules-targeted-update.sh),
Read the instructions at the top of the script.
1. Check that all [canary CI 1. Check that all [canary CI
jobs](https://testgrid.k8s.io/sig-storage-csi-ci) are passing, jobs](https://testgrid.k8s.io/sig-storage-csi-ci) are passing,
and that test coverage is adequate for the changes that are going into the release. and that test coverage is adequate for the changes that are going into the release.
@ -81,7 +84,7 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
1. Compare the generated output to the new commits for the release to check if 1. Compare the generated output to the new commits for the release to check if
any notable change missed a release note. any notable change missed a release note.
1. Reword release notes as needed, ideally in the original PRs so that the 1. Reword release notes as needed, ideally in the original PRs so that the
release notes can be regnerated. Make sure to check notes for breaking release notes can be regenerated. Make sure to check notes for breaking
changes and deprecations. changes and deprecations.
1. If release is a new major/minor version, create a new `CHANGELOG-<major>.<minor>.md` 1. If release is a new major/minor version, create a new `CHANGELOG-<major>.<minor>.md`
file. file.

7
build.make
View File

@ -322,3 +322,10 @@ test-spelling:
test-boilerplate: test-boilerplate:
@ echo; echo "### $@:" @ echo; echo "### $@:"
@ ./release-tools/verify-boilerplate.sh "$(pwd)" @ ./release-tools/verify-boilerplate.sh "$(pwd)"
# Test klog usage. This test is optional and must be explicitly added to `test` target in the main Makefile:
# test: test-logcheck
.PHONY: test-logcheck
test-logcheck:
@ echo; echo "### $@:"
@ ./release-tools/verify-logcheck.sh

30
generate_patch_release_notes.sh → generate-patch-release-notes.sh
View File

@ -23,13 +23,17 @@
# CSI_RELEASE_TOKEN: Github token needed for generating release notes # CSI_RELEASE_TOKEN: Github token needed for generating release notes
# GITHUB_USER: Github username to create PRs with # GITHUB_USER: Github username to create PRs with
# #
# Required tools:
# - gh
# - release-notes (https://github.com/kubernetes/release/blob/master/cmd/release-notes/README.md)
#
# Instructions: # Instructions:
# 1. Login with "gh auth login" # 1. Install the required tools
# 2. Copy this script to the kubernetes-csi directory (one directory above the # 2. Login with "gh auth login"
# repos) # 3. Copy this script to the kubernetes-csi directory (one directory above the repos)
# 3. Update the repos and versions in the $releases array # 4. Update the repos and versions in the $releases array
# 4. Set environment variables # 5. Set environment variables
# 5. Run script from the kubernetes-csi directory # 6. Run script from the kubernetes-csi directory
# #
# Caveats: # Caveats:
# - This script doesn't handle regenerating and updating existing PRs yet. # - This script doesn't handle regenerating and updating existing PRs yet.
@ -48,7 +52,7 @@ function gen_patch_relnotes() {
rm out.md || true rm out.md || true
rm -rf /tmp/k8s-repo || true rm -rf /tmp/k8s-repo || true
GITHUB_TOKEN="$CSI_RELEASE_TOKEN" \ GITHUB_TOKEN="$CSI_RELEASE_TOKEN" \
release-notes --discover=patch-to-latest --branch="$2" \ release-notes --start-rev="$3" --end-rev="$2" --branch="$2" \
--org=kubernetes-csi --repo="$1" \ --org=kubernetes-csi --repo="$1" \
--required-author="" --markdown-links --output out.md --required-author="" --markdown-links --output out.md
} }
@ -57,11 +61,14 @@ for rel in "${releases[@]}"; do
read -r repo version <<< "$rel" read -r repo version <<< "$rel"
# Parse minor version # Parse minor version
minorPattern="(^[[:digit:]]+\.[[:digit:]]+)\." minorPatchPattern="(^[[:digit:]]+\.[[:digit:]]+)\.([[:digit:]]+)"
[[ "$version" =~ $minorPattern ]] [[ "$version" =~ $minorPatchPattern ]]
minor="${BASH_REMATCH[1]}" minor="${BASH_REMATCH[1]}"
patch="${BASH_REMATCH[2]}"
echo "$repo" "$version" "$minor" echo "$repo $version $minor $patch"
prevPatch="$((patch-1))"
prevVer="v$minor.$prevPatch"
pushd "$repo/CHANGELOG" pushd "$repo/CHANGELOG"
@ -74,7 +81,7 @@ for rel in "${releases[@]}"; do
git checkout --track "upstream/release-$minor" -b "$branch" git checkout --track "upstream/release-$minor" -b "$branch"
# Generate release notes # Generate release notes
gen_patch_relnotes "$repo" "release-$minor" gen_patch_relnotes "$repo" "release-$minor" "$prevVer"
cat > tmp.md <<EOF cat > tmp.md <<EOF
# Release notes for v$version # Release notes for v$version
@ -84,6 +91,7 @@ EOF
cat out.md >> tmp.md cat out.md >> tmp.md
echo >> tmp.md echo >> tmp.md
rm out.md
file="CHANGELOG-$minor.md" file="CHANGELOG-$minor.md"
cat "$file" >> tmp.md cat "$file" >> tmp.md

96
go-modules-targeted-update.sh Executable file
View File

@ -0,0 +1,96 @@
#!/bin/bash
# Copyright 2023 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Usage: go-modules-targeted-update.sh
#
# Batch update specific dependencies for sidecars.
#
# Required environment variables
# CSI_RELEASE_TOKEN: Github token needed for generating release notes
# GITHUB_USER: Github username to create PRs with
#
# Instructions:
# 1. Login with "gh auth login"
# 2. Copy this script to the Github org directory (one directory above the
# repos)
# 3. Change $modules, $releases and $org if needed.
# 4. Set environment variables
# 5. Run script from the Github org directory
#
# Caveats:
# - This script doesn't handle interface incompatibility of updates.
# You need to resolve interface incompatibility case by case. The
# most frequent case is to update the interface(new parameters,
# name change of the method, etc.)in the sidecar repo and make sure
# the build and test pass.
set -e
set -x
org="kubernetes-csi"
modules=(
"github.com/kubernetes-csi/csi-lib-utils@v0.15.1"
)
releases=(
#"external-attacher release-4.4"
#"external-provisioner release-3.6"
#"external-resizer release-1.9"
#"external-snapshotter release-6.3"
#"node-driver-registrar release-2.9"
)
for rel in "${releases[@]}"; do
read -r repo branch <<< "$rel"
if [ "$repo" != "#" ]; then
(
cd "$repo"
git fetch upstream
if [ "$(git rev-parse --verify "module-update-$branch" 2>/dev/null)" ]; then
git checkout master && git branch -D "module-update-$branch"
fi
git checkout -B "module-update-$branch" "upstream/$branch"
for mod in "${modules[@]}"; do
go get "$mod"
done
go mod tidy
go mod vendor
git add --all
git commit -m "Update go modules"
git push origin "module-update-$branch" --force
# Create PR
prbody=$(cat <<EOF
Updated the following go modules:
${modules[@]}
\`\`\`release-note
NONE
\`\`\`
EOF
)
gh pr create --title="[$branch] Update go modules" --body "$prbody" --head "$GITHUB_USER:module-update-$branch" --base "$branch" --repo="$org/$repo"
)
fi
done

12
prow.sh
View File

@ -86,7 +86,7 @@ configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -pp
# which is disabled with GOFLAGS=-mod=vendor). # which is disabled with GOFLAGS=-mod=vendor).
configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory" configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory"
configvar CSI_PROW_GO_VERSION_BUILD "1.21.5" "Go version for building the component" # depends on component's source code configvar CSI_PROW_GO_VERSION_BUILD "1.22.3" "Go version for building the component" # depends on component's source code
configvar CSI_PROW_GO_VERSION_E2E "" "override Go version for building the Kubernetes E2E test suite" # normally doesn't need to be set, see install_e2e configvar CSI_PROW_GO_VERSION_E2E "" "override Go version for building the Kubernetes E2E test suite" # normally doesn't need to be set, see install_e2e
configvar CSI_PROW_GO_VERSION_SANITY "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building the csi-sanity test suite" # depends on CSI_PROW_SANITY settings below configvar CSI_PROW_GO_VERSION_SANITY "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building the csi-sanity test suite" # depends on CSI_PROW_SANITY settings below
configvar CSI_PROW_GO_VERSION_KIND "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building 'kind'" # depends on CSI_PROW_KIND_VERSION below configvar CSI_PROW_GO_VERSION_KIND "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building 'kind'" # depends on CSI_PROW_KIND_VERSION below
@ -564,7 +564,15 @@ go_version_for_kubernetes () (
local version="$2" local version="$2"
local go_version local go_version
# We use the minimal Go version specified for each K8S release (= minimum_go_version in hack/lib/golang.sh). # Try to get the version for .go-version
go_version="$( cat "$path/.go-version" )"
if [ "$go_version" ]; then
echo "$go_version"
return
fi
# Fall back to hack/lib/golang.sh parsing.
# This is necessary in v1.26.0 and older Kubernetes releases that do not have .go-version.
# More recent versions might also work, but we don't want to count on that. # More recent versions might also work, but we don't want to count on that.
go_version="$(grep minimum_go_version= "$path/hack/lib/golang.sh" | sed -e 's/.*=go//')" go_version="$(grep minimum_go_version= "$path/hack/lib/golang.sh" | sed -e 's/.*=go//')"
if ! [ "$go_version" ]; then if ! [ "$go_version" ]; then

37
verify-logcheck.sh Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
# Copyright 2024 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script uses the logcheck tool to analyze the source code
# for proper usage of klog contextual logging.
set -o errexit
set -o nounset
set -o pipefail
LOGCHECK_VERSION=${1:-0.8.2}
# This will canonicalize the path
CSI_LIB_UTIL_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd -P)
# Create a temporary directory for installing logcheck and
# set up a trap command to remove it when the script exits.
CSI_LIB_UTIL_TEMP=$(mktemp -d 2>/dev/null || mktemp -d -t csi-lib-utils.XXXXXX)
trap 'rm -rf "${CSI_LIB_UTIL_TEMP}"' EXIT
echo "Installing logcheck to temp dir: sigs.k8s.io/logtools/logcheck@v${LOGCHECK_VERSION}"
GOBIN="${CSI_LIB_UTIL_TEMP}" go install "sigs.k8s.io/logtools/logcheck@v${LOGCHECK_VERSION}"
echo "Verifying logcheck: ${CSI_LIB_UTIL_TEMP}/logcheck -check-contextual ${CSI_LIB_UTIL_ROOT}/..."
"${CSI_LIB_UTIL_TEMP}/logcheck" -check-contextual -check-with-helpers "${CSI_LIB_UTIL_ROOT}/..."