From 6e74b1013f08c1e0a198e20b00fd62afc3d3d65d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20MERLE?= <95630726+smerle33@users.noreply.github.com> Date: Wed, 8 Jan 2025 18:14:12 +0100 Subject: [PATCH 1/3] chore(updatecli/ruby): add a manifest to link the docker image for ruby aligned with packer-image version (#7803) --- updatecli/updatecli.d/ruby-documentation.yaml | 114 ++++++++++++++++++ updatecli/updatecli.d/ruby.yaml | 104 +++++----------- 2 files changed, 143 insertions(+), 75 deletions(-) create mode 100644 updatecli/updatecli.d/ruby-documentation.yaml diff --git a/updatecli/updatecli.d/ruby-documentation.yaml b/updatecli/updatecli.d/ruby-documentation.yaml new file mode 100644 index 000000000000..7986d9eef9a7 --- /dev/null +++ b/updatecli/updatecli.d/ruby-documentation.yaml @@ -0,0 +1,114 @@ +--- +name: Bumps the ruby docker images versions in the documentation + +scms: + default: + kind: github + spec: + user: "{{ .github.user }}" + email: "{{ .github.email }}" + owner: "{{ .github.owner }}" + repository: "{{ .github.repository }}" + token: "{{ requiredEnv .github.token }}" + username: "{{ .github.username }}" + branch: "{{ .github.branch }}" + ruby: + kind: github + spec: + user: "{{ .github.user }}" + email: "{{ .github.email }}" + owner: "ruby" + repository: "ruby" + token: "{{ requiredEnv .github.token }}" + username: "{{ .github.username }}" + branch: "{{ .github.branch }}" + +sources: + alpineLatestVersion: + kind: githubrelease + name: "Get the latest Alpine Linux version" + spec: + owner: "alpinelinux" + repository: "aports" # Its release process follows Alpine's + token: "{{ requiredEnv .github.token }}" + username: "{{ .github.username }}" + versionfilter: + kind: semver + pattern: "~3" + transformers: + - findsubmatch: + pattern: >- + v(.*)(\.\d+) + captureindex: 1 + rubyDockerImageLatestVersion: + kind: dockerimage + name: "Get the latest Ruby version" + spec: + image: "ruby" + tagFilter: >- + \d\.\d\.\d$ + versionfilter: + kind: regex + pattern: >- + \d\.\d\.\d$ + rubyLatestVersion: + kind: gittag + name: "Get the latest Ruby version" + scmid: ruby + spec: + versionfilter: + kind: regex + pattern: >- + v3_\d+\d+$ + transformers: + - removesuffix: "v" + +conditions: + testRubyAlpineImagePublished: + name: "Test ruby:3.x.x-alpine-3.xx docker image tag" + kind: dockerimage + disablesourceinput: true + spec: + image: "ruby" + tag: '{{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}' + testRubyAlpineArg: + name: "Does the 'Hello World!' tutorial have a reference to the ruby alpine image?" + kind: file + disablesourceinput: true + spec: + file: content/doc/pipeline/tour/hello-world.adoc + matchpattern: >- + .*agent.*docker.*image.*ruby:.* + +targets: + updateHelloWorldTutorialRubyPipeline: + name: "Update the value of the ruby docker image for pipelines in the 'Hello World!' tutorial" + kind: file + sourceid: rubyLatestVersion + spec: + file: content/doc/pipeline/tour/hello-world.adoc + matchpattern: >- + (.*agent.*docker.*image.*\')ruby:(.*)(\'.*) + replacepattern: >- + ${1}ruby:{{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}${3} + scmid: default + updateHelloWorldTutorialRubyScripted: + name: "Update the value of the ruby docker image for scripts in the 'Hello World!' tutorial" + kind: file + sourceid: rubyLatestVersion + spec: + file: content/doc/pipeline/tour/hello-world.adoc + matchpattern: >- + (.*docker.*image.*\')ruby:(.*)(\'.*) + replacepattern: >- + ${1}ruby:{{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}${3} + scmid: default + +actions: + default: + kind: github/pullrequest + scmid: default + title: '[Ruby Tutorial] Bump ruby alpine docker image version to {{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}' + spec: + labels: + - dependencies diff --git a/updatecli/updatecli.d/ruby.yaml b/updatecli/updatecli.d/ruby.yaml index 7986d9eef9a7..443c61a7c221 100644 --- a/updatecli/updatecli.d/ruby.yaml +++ b/updatecli/updatecli.d/ruby.yaml @@ -1,5 +1,5 @@ --- -name: Bumps the ruby docker images versions in the documentation +name: Bump Ruby version (docker image) to follow packer-image infra version scms: default: @@ -12,103 +12,57 @@ scms: token: "{{ requiredEnv .github.token }}" username: "{{ .github.username }}" branch: "{{ .github.branch }}" - ruby: - kind: github - spec: - user: "{{ .github.user }}" - email: "{{ .github.email }}" - owner: "ruby" - repository: "ruby" - token: "{{ requiredEnv .github.token }}" - username: "{{ .github.username }}" - branch: "{{ .github.branch }}" sources: - alpineLatestVersion: - kind: githubrelease - name: "Get the latest Alpine Linux version" + getDeployedPackerImageVersion: + kind: file + name: Retrieve the current version of the Packer images used in production spec: - owner: "alpinelinux" - repository: "aports" # Its release process follows Alpine's - token: "{{ requiredEnv .github.token }}" - username: "{{ .github.username }}" - versionfilter: - kind: semver - pattern: "~3" + file: https://raw.githubusercontent.com/jenkins-infra/kubernetes-management/refs/heads/main/config/jenkins_infra.ci.jenkins.io.yaml + matchpattern: 'galleryImageVersion:\s"(.*)"' transformers: - findsubmatch: - pattern: >- - v(.*)(\.\d+) + pattern: 'galleryImageVersion:\s"(.*)"' captureindex: 1 - rubyDockerImageLatestVersion: - kind: dockerimage - name: "Get the latest Ruby version" - spec: - image: "ruby" - tagFilter: >- - \d\.\d\.\d$ - versionfilter: - kind: regex - pattern: >- - \d\.\d\.\d$ - rubyLatestVersion: - kind: gittag - name: "Get the latest Ruby version" - scmid: ruby + getRubyVersionFromPackerImages: + kind: file + name: Get the latest Maven version set in packer-images + dependson: + - getDeployedPackerImageVersion spec: - versionfilter: - kind: regex - pattern: >- - v3_\d+\d+$ + file: https://raw.githubusercontent.com/jenkins-infra/packer-images/{{ source "getDeployedPackerImageVersion" }}/provisioning/tools-versions.yml + matchpattern: 'ruby_version:\s(.*)' transformers: - - removesuffix: "v" + - findsubmatch: + pattern: 'ruby_version:\s(.*)' + captureindex: 1 conditions: - testRubyAlpineImagePublished: - name: "Test ruby:3.x.x-alpine-3.xx docker image tag" + checkDockerImagePublished: + name: Test ruby:{{ source "getRubyVersionFromPackerImages" }} docker image tag + sourceid: getRubyVersionFromPackerImages kind: dockerimage - disablesourceinput: true spec: image: "ruby" - tag: '{{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}' - testRubyAlpineArg: - name: "Does the 'Hello World!' tutorial have a reference to the ruby alpine image?" - kind: file - disablesourceinput: true - spec: - file: content/doc/pipeline/tour/hello-world.adoc - matchpattern: >- - .*agent.*docker.*image.*ruby:.* + ## Tag from source targets: - updateHelloWorldTutorialRubyPipeline: - name: "Update the value of the ruby docker image for pipelines in the 'Hello World!' tutorial" - kind: file - sourceid: rubyLatestVersion - spec: - file: content/doc/pipeline/tour/hello-world.adoc - matchpattern: >- - (.*agent.*docker.*image.*\')ruby:(.*)(\'.*) - replacepattern: >- - ${1}ruby:{{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}${3} - scmid: default - updateHelloWorldTutorialRubyScripted: - name: "Update the value of the ruby docker image for scripts in the 'Hello World!' tutorial" + setRubyImageVersion: + name: "Bump Ruby Image version in scripts ruby" kind: file - sourceid: rubyLatestVersion + sourceid: getRubyVersionFromPackerImages spec: - file: content/doc/pipeline/tour/hello-world.adoc - matchpattern: >- - (.*docker.*image.*\')ruby:(.*)(\'.*) - replacepattern: >- - ${1}ruby:{{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}${3} + file: scripts/ruby + matchpattern: 'CONTAINER_NAME=ruby:.*' + replacepattern: 'CONTAINER_NAME=ruby:{{ source "getRubyVersionFromPackerImages" }}' scmid: default actions: default: kind: github/pullrequest scmid: default - title: '[Ruby Tutorial] Bump ruby alpine docker image version to {{ source "rubyDockerImageLatestVersion" }}-alpine{{ source "alpineLatestVersion" }}' + title: Bump Ruby Image version in scripts/ruby to {{ source "getRubyVersionFromPackerImages" }} the same as the packer-image in production spec: labels: - dependencies + - ruby From 10a2a45ce0d547ffc636a8aa2e009855227a9738 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 19:11:06 +0100 Subject: [PATCH 2/3] [Tutorials and Agents Docs] Bump node LTS alpine docker image version to 22.13.0-alpine3.21 (#7804) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: Update the value of the node docker image in the 'Defining exe... ... cution environments' documentation Made with ❤️️ by updatecli * chore: Update the value of the node docker image in the 'Using Docker... ... with Pipeline' documentation Made with ❤️️ by updatecli * chore: Update the value of the node docker image in the 'Jenkins Docu... ... mentation Style Guide' documentation Made with ❤️️ by updatecli * chore: Update the value of the node docker image in the 'Using Docker... ... with Pipeline' documentation Made with ❤️️ by updatecli * chore: Update the value of the node docker image for scripts in the '... ... Hello World!' tutorial Made with ❤️️ by updatecli --------- Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> --- STYLEGUIDE.adoc | 2 +- content/doc/book/pipeline/docker.adoc | 10 +++++----- content/doc/pipeline/tour/agents.adoc | 4 ++-- content/doc/pipeline/tour/hello-world.adoc | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/STYLEGUIDE.adoc b/STYLEGUIDE.adoc index 0b85e482e1fd..3836fbc13735 100644 --- a/STYLEGUIDE.adoc +++ b/STYLEGUIDE.adoc @@ -115,7 +115,7 @@ node { // Declarative // pipeline { - agent { docker { image 'node:22.12.0-alpine3.21' } } + agent { docker { image 'node:22.13.0-alpine3.21' } } stages { stage('Build') { sh 'npm install' diff --git a/content/doc/book/pipeline/docker.adoc b/content/doc/book/pipeline/docker.adoc index 237a1fa24cbb..8a6d86e6b32f 100644 --- a/content/doc/book/pipeline/docker.adoc +++ b/content/doc/book/pipeline/docker.adoc @@ -32,7 +32,7 @@ Any tool that can be link:https://hub.docker.com[packaged in a Docker container] // Declarative // pipeline { agent { - docker { image 'node:22.12.0-alpine3.21' } + docker { image 'node:22.13.0-alpine3.21' } } stages { stage('Test') { @@ -45,7 +45,7 @@ pipeline { // Script // node { /* Requires the Docker Pipeline plugin to be installed */ - docker.image('node:22.12.0-alpine3.21').inside { + docker.image('node:22.13.0-alpine3.21').inside { stage('Test') { sh 'node --eval "console.log(process.platform,process.env.CI)"' } @@ -177,7 +177,7 @@ pipeline { } stage('Front-end') { agent { - docker { image 'node:22.12.0-alpine3.21' } + docker { image 'node:22.13.0-alpine3.21' } } steps { sh 'node --version' @@ -196,7 +196,7 @@ node { } stage('Front-end') { - docker.image('node:22.12.0-alpine3.21').inside { + docker.image('node:22.13.0-alpine3.21').inside { sh 'node --version' } } @@ -214,7 +214,7 @@ Reusing an example from above, with a more custom `Dockerfile`: .Dockerfile [source] ---- -FROM node:22.12.0-alpine3.21 +FROM node:22.13.0-alpine3.21 RUN apk add -U subversion ---- diff --git a/content/doc/pipeline/tour/agents.adoc b/content/doc/pipeline/tour/agents.adoc index 3b89c0457d88..ffb21bdce3ce 100644 --- a/content/doc/pipeline/tour/agents.adoc +++ b/content/doc/pipeline/tour/agents.adoc @@ -48,7 +48,7 @@ link:/doc/book/pipeline/syntax#agent[syntax reference]. // Declarative // pipeline { agent { - docker { image 'node:22.12.0-alpine3.21' } + docker { image 'node:22.13.0-alpine3.21' } } stages { stage('Test') { @@ -61,7 +61,7 @@ pipeline { // Script // node { /* Requires the Docker Pipeline plugin to be installed */ - docker.image('node:22.12.0-alpine3.21').inside { + docker.image('node:22.13.0-alpine3.21').inside { stage('Test') { sh 'node --eval "console.log(process.arch,process.platform)"' } diff --git a/content/doc/pipeline/tour/hello-world.adoc b/content/doc/pipeline/tour/hello-world.adoc index bd3eca84c367..fb2358c12432 100644 --- a/content/doc/pipeline/tour/hello-world.adoc +++ b/content/doc/pipeline/tour/hello-world.adoc @@ -83,7 +83,7 @@ node { // Declarative // /* Requires the Docker Pipeline plugin */ pipeline { - agent { docker { image 'node:22.12.0-alpine3.21' } } + agent { docker { image 'node:22.13.0-alpine3.21' } } stages { stage('build') { steps { @@ -96,7 +96,7 @@ pipeline { /* Requires the Docker Pipeline plugin */ node { stage('Build') { - docker.image('node:22.12.0-alpine3.21').inside { + docker.image('node:22.13.0-alpine3.21').inside { sh 'node --version' } } From 9d0f12b034b563fe62f4bea1de030825bf94684e Mon Sep 17 00:00:00 2001 From: Bruno Verachten Date: Wed, 8 Jan 2025 21:30:45 +0100 Subject: [PATCH 3/3] chore(updatecli): Update the expiration date in security.txt when approaching it. (#7793) * chore(updatecli): Update the expiration date in security.txt when approaching it. * WiP * fix(updatecli): Uses the right regexp. --- updatecli/scripts/update-security-txt.sh | 22 ++++++++++ .../updatecli.d/update-security-txt.yaml | 42 +++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 updatecli/scripts/update-security-txt.sh create mode 100644 updatecli/updatecli.d/update-security-txt.yaml diff --git a/updatecli/scripts/update-security-txt.sh b/updatecli/scripts/update-security-txt.sh new file mode 100644 index 000000000000..6b3e307ed0d3 --- /dev/null +++ b/updatecli/scripts/update-security-txt.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Read the date after "Expires:" +expires_date=$(grep -oP 'Expires: \K.*' content/.well-known/security.txt) + +# Convert the expires date to seconds since epoch +expires_epoch=$(date -d "$expires_date" +%s) + +# Get the current date in seconds since epoch +current_epoch=$(date +%s) + +# Calculate the difference in seconds (30 days * 24 hours * 60 minutes * 60 seconds) +one_month_seconds=$((30 * 24 * 60 * 60)) + +# Check if the current date is less than one month close to the expires date +if (( current_epoch + one_month_seconds >= expires_epoch )); then + # Add one year to the expires date + new_expires_date=$(date -u -d "$expires_date + 1 year" +%Y-%m-%dT%H:%M:%S.000Z) + echo "$new_expires_date" +else + echo "$expires_date" +fi diff --git a/updatecli/updatecli.d/update-security-txt.yaml b/updatecli/updatecli.d/update-security-txt.yaml new file mode 100644 index 000000000000..629a265003fc --- /dev/null +++ b/updatecli/updatecli.d/update-security-txt.yaml @@ -0,0 +1,42 @@ +--- +name: Bump the expiration date in content/.well-known/security.txt when approaching the expiry date + +scms: + default: + kind: github + spec: + user: "{{ .github.user }}" + email: "{{ .github.email }}" + owner: "{{ .github.owner }}" + repository: "{{ .github.repository }}" + token: "{{ requiredEnv .github.token }}" + username: "{{ .github.username }}" + branch: "{{ .github.branch }}" + +sources: + expirationDate: + kind: shell + name: "Get Expiration date from security.txt" + spec: + command: bash ./updatecli/scripts/update-security-txt.sh + +targets: + updateExpiresDate: + kind: file + name: "Update Expires date in security.txt" + spec: + file: content/.well-known/security.txt + matchpattern: >- + Expires: .* + replacepattern: >- + Expires: {{ source "expirationDate" }} + scmid: default + +actions: + default: + kind: github/pullrequest + scmid: default + title: "Update Expiration date in security.txt" + spec: + labels: + - chore