From a34787a7cf0ff33fc79cad0c476a7a8f0cb5db5b Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 31 Jan 2024 14:41:47 +0100 Subject: [PATCH 01/28] add a reusable release workflow --- .github/workflows/create-release.yml | 148 ++++++++++++--------------- 1 file changed, 65 insertions(+), 83 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index bf0b5f6f..976f451c 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,96 +1,78 @@ -name: "Create release" +name: Create release on: workflow_dispatch: + inputs: + DRY_RUN: + type: boolean + default: false + description: "Dry run: setting this to `true` will skip the final step of publishing the release, leaving it as a draft-release. This can be helpful for testing and debugging. Note that the tag and release are still getting generated and the next run of this result in incremented release version. To avoid this, do not forget to delete the resulting release and tag." jobs: - verify-release: - name: Verify release - runs-on: ubuntu-latest - outputs: - version: ${{ steps.gen-version.outputs.VERSION }} + gen-version: + name: Generate semantic version from branch and tags + uses: kyma-project/eventing-tools/.github/workflows/get-version-from-release-branch-reusable.yml@main + # outputs: VERSION - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 + bump-sec-scanners-config: + name: Bump the sec-scandners-config.yaml + needs: gen-version + uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@main + with: + VERSION: ${{ needs.gen-version.outputs.VERSION }} + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} - - name: Generate version number - id: gen-version - run: | - # get script - GET_VERSION=$(mktemp /tmp/get-version-from-branch.XXXXX) - curl -L https://raw.githubusercontent.com/kyma-project/eventing-tools/main/hack/scripts/get-version-from-branch.sh -o "${GET_VERSION}" - chmod +x "${GET_VERSION}" - # get version via script - VERSION=$("${GET_VERSION}") - # push version to output environment file - echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + run-unit-test: + name: Run Unit Tests + needs: [gen-version, bump-sec-scanners-config] + uses: kyma-project/eventing-tools/.github/workflows/unit-test-reusable.yml@main - - name: Check image Tag - env: - VERSION: ${{ steps.gen-version.outputs.VERSION }} - run: ./scripts/check_sec-scanners-config.sh $VERSION + run-golint-cli: + name: Run Golint-cli + needs: [gen-version, bump-sec-scanners-config] + uses: kyma-project/eventing-tools/.github/workflows/lint-reusable.yml@main - create-draft: - name: Create draft release - needs: verify-release - runs-on: ubuntu-latest - env: - VERSION: ${{ needs.verify-release.outputs.VERSION }} - outputs: - release_id: ${{ steps.create-draft.outputs.release_id }} + build-image: + name: Build image + needs: [gen-version, run-unit-test, run-golint-cli] + uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@main + with: + VERSION: ${{ needs.gen-version.outputs.VERSION }} + TIMEOUT: 120000 # 20 minutes + INTERVAL: 6000 # 1 minute + CONTEXT: "release-eventing-manager-build" + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 + create-draft-release: + name: Create a draft release + needs: [gen-version, run-unit-test, run-golint-cli] + uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@main + with: + VERSION: ${{ needs.gen-version.outputs.VERSION }} + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} - - name: Create changelog - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: ./scripts/create_changelog.sh $VERSION - - - name: Create draft release - id: create-draft - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_ID=$(./scripts/create_draft_release.sh $VERSION) - echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT - - - name: Create lightweight tag - run: | - git tag $VERSION - git push origin $VERSION - - - name: Verify job status - run: ./scripts/verify-status.sh ${{ github.ref_name }} 600 10 30 - - - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml - env: - PULL_BASE_REF: ${{ needs.verify-release.outputs.VERSION }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${VERSION}" - MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" - KUSTOMIZE_VERSION: "v4.5.6" - run: | - ./scripts/render_and_upload_manifests.sh + render-and-upload-manifest: + name: Render and upload the manifests + needs: [gen-version, create-draft-release] + uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusbale.yml@main + with: + VERSION: ${{ needs.gen-version.outputs.VERSION }} + CR_FILE: "somedir/cr_file.yaml" + CRD_FILE: "crd_file.yaml" + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} publish-release: - name: Publish release - needs: [verify-release, create-draft] - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Publish release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: ./scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }} + if: ${{ !inputs.DRY_RUN }} + needs: [gen-version, render-and-upload-manifest] + name: Publish the release + uses: kyma-project/eventing-tools/.github/workflows/publish-release-reusable.yml@main + with: + VERSION: ${{ needs.gen-version.outputs.VERSION }} + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} From 99654f58b76ad5f8ba017d173c242f66aebf64fd Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 14:21:37 +0100 Subject: [PATCH 02/28] add scripts --- hack/scripts/create_changelog.sh | 57 ++++++++++++++++++++++ hack/scripts/render-sec-scanners-config.sh | 42 ++++++++++++++++ hack/scripts/render_crd.sh | 10 ++++ 3 files changed, 109 insertions(+) create mode 100755 hack/scripts/create_changelog.sh create mode 100644 hack/scripts/render-sec-scanners-config.sh create mode 100644 hack/scripts/render_crd.sh diff --git a/hack/scripts/create_changelog.sh b/hack/scripts/create_changelog.sh new file mode 100755 index 00000000..74259cf1 --- /dev/null +++ b/hack/scripts/create_changelog.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +# Error handling. +set -o nounset # treat unset variables as an error and exit immediately. +set -o errexit # exit immediately when a command fails. +set -E # needs to be set if we want the ERR trap +set -o pipefail # prevents errors in a pipeline from being masked + +RELEASE_TAG=$1 + +REPOSITORY=${REPOSITORY:-kyma-project/eventing-manager} +GITHUB_URL=https://api.github.com/repos/${REPOSITORY} +GITHUB_AUTH_HEADER="Authorization: token ${GH_TOKEN}" +CHANGELOG_FILE="CHANGELOG.md" + +# The git describe --tag --abbrev=0 command is used to find the most recent tag that is reachable from a commit. +# The --tag option tells git describe to consider any tag found in the refs/tags namespace, enabling matching a lightweight (non-annotated) tag. +PREVIOUS_RELEASE=$(git describe --tags --abbrev=0) + +# Generate the changelog in the CHANGELOG.md. +echo "## What has changed" >>${CHANGELOG_FILE} + +# Iterate over all commits since the previous release. +git log "${PREVIOUS_RELEASE}"..HEAD --pretty=tformat:"%h" --reverse | while read -r commit; do + # If the author of the commit is not kyma-bot, show append the commit message to the changelog. + COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login') + if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then + git show -s "${commit}" --format="* %s by @${COMMIT_AUTHOR}" >>${CHANGELOG_FILE} + fi +done + +# Create a new file (with a unique name based on the process ID of the current shell). +NEW_CONTRIB=$$.new + +# Find unique authors that contribute since the last release, but not before it, and to the NEW_CONTRIB file. +join -v2 \ + <(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \ + <(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB} + +# Add new contributors to the 'new contributors' section of the changelog. +if [ -s ${NEW_CONTRIB} ]; then + echo -e "\n## New contributors" >>${CHANGELOG_FILE} + while read -r user; do + REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true) + if [ -n "${REF_PR}" ]; then #reference found + REF_PR=" in ${REF_PR}" + fi + echo "* @${user} made first contribution${REF_PR}" >>${CHANGELOG_FILE} + done <${NEW_CONTRIB} +fi + +# Append link to the full-changelog this changelog. +echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >>${CHANGELOG_FILE} + +# Cleanup the NEW_CONTRIB file. +rm ${NEW_CONTRIB} || echo "cleaned up" + diff --git a/hack/scripts/render-sec-scanners-config.sh b/hack/scripts/render-sec-scanners-config.sh new file mode 100644 index 00000000..eb35da8c --- /dev/null +++ b/hack/scripts/render-sec-scanners-config.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +set -e + +# This scrpit generates the sec-scanners-config by fetching all relevant images. + +TAG=$1 +OUTPUT_FILE=${2:-"sec-scanners-config.yaml"} +WEBHOOK_FILE=${3-"config/webhook/kustomization.yaml"} +PUBLISHER_FILE=${4-"config/manager/manager.yaml"} + +# Fetch Webhook Image. +echo "fetching webhook image from ${WEBHOOK_FILE}" +WEBHOOK_IMAGE=$(yq eval '.images[0].newName' <"$WEBHOOK_FILE") +WEBHOOK_TAG=$(yq eval '.images[0].newTag' <"$WEBHOOK_FILE") +echo -e "webhook image is ${WEBHOOK_IMAGE}:${WEBHOOK_TAG} \n" + +# Fetch Publisher Image. +echo "fetching publisher image from ${PUBLISHER_FILE}" +PUBLISHER_IMAGE=$(yq eval '.spec.template.spec.containers[0].env[] | select(.name == "PUBLISHER_IMAGE") | .value' <"${PUBLISHER_FILE}") +echo -e "publisher image is ${PUBLISHER_IMAGE} \n" + +# Generating File. +echo -e "generating to ${OUTPUT_FILE} \n" +cat < Date: Thu, 1 Feb 2024 14:21:48 +0100 Subject: [PATCH 03/28] remove old script --- scripts/create_changelog.sh | 56 ------------------------------------- 1 file changed, 56 deletions(-) delete mode 100755 scripts/create_changelog.sh diff --git a/scripts/create_changelog.sh b/scripts/create_changelog.sh deleted file mode 100755 index 3a063adc..00000000 --- a/scripts/create_changelog.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/env bash - -PREVIOUS_RELEASE=$2 # for testability - -# standard bash error handling -set -o nounset # treat unset variables as an error and exit immediately. -set -o errexit # exit immediately when a command fails. -set -E # needs to be set if we want the ERR trap -set -o pipefail # prevents errors in a pipeline from being masked - -RELEASE_TAG=$1 - -REPOSITORY=${REPOSITORY:-kyma-project/eventing-manager} -GITHUB_URL=https://api.github.com/repos/${REPOSITORY} -GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" -CHANGELOG_FILE="CHANGELOG.md" - -if [ "${PREVIOUS_RELEASE}" == "" ] -then - PREVIOUS_RELEASE=$(git describe --tags --abbrev=0) -fi - -echo "## What has changed" >> ${CHANGELOG_FILE} - -git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit -do - COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login') - if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then - git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >> ${CHANGELOG_FILE} - fi -done - -NEW_CONTRIB=$$.new - -join -v2 \ -<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \ -<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB} - -if [ -s ${NEW_CONTRIB} ] -then - echo -e "\n## New contributors" >> ${CHANGELOG_FILE} - while read -r user - do - REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true) - if [ -n "${REF_PR}" ] #reference found - then - REF_PR=" in ${REF_PR}" - fi - echo "* @${user} made first contribution${REF_PR}" >> ${CHANGELOG_FILE} - done <${NEW_CONTRIB} -fi - -echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >> ${CHANGELOG_FILE} - -# cleanup -rm ${NEW_CONTRIB} || echo "cleaned up" \ No newline at end of file From deb19cb9e22cb42772c24b1d58382d547827f272 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 14:22:22 +0100 Subject: [PATCH 04/28] add new needs --- .github/workflows/create-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 976f451c..260d295a 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -48,7 +48,7 @@ jobs: create-draft-release: name: Create a draft release - needs: [gen-version, run-unit-test, run-golint-cli] + needs: [gen-version, run-unit-test, run-golint-cli, build-image] uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@main with: VERSION: ${{ needs.gen-version.outputs.VERSION }} @@ -58,7 +58,7 @@ jobs: render-and-upload-manifest: name: Render and upload the manifests - needs: [gen-version, create-draft-release] + needs: [gen-version, create-draft-release, build-image] uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusbale.yml@main with: VERSION: ${{ needs.gen-version.outputs.VERSION }} @@ -69,7 +69,7 @@ jobs: publish-release: if: ${{ !inputs.DRY_RUN }} - needs: [gen-version, render-and-upload-manifest] + needs: [gen-version, render-and-upload-manifest, build-image] name: Publish the release uses: kyma-project/eventing-tools/.github/workflows/publish-release-reusable.yml@main with: From 655263b32d7e632800aadd43dace9e5454248fd9 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 14:25:08 +0100 Subject: [PATCH 05/28] remove obsolete scripts --- scripts/check_release_tag.sh | 14 ----- scripts/check_sec-scanners-config.sh | 34 ------------ scripts/create_draft_release.sh | 37 ------------- scripts/publish_release.sh | 23 -------- scripts/render_and_upload_manifests.sh | 64 ---------------------- scripts/verify-status.sh | 75 -------------------------- 6 files changed, 247 deletions(-) delete mode 100755 scripts/check_release_tag.sh delete mode 100755 scripts/check_sec-scanners-config.sh delete mode 100755 scripts/create_draft_release.sh delete mode 100755 scripts/publish_release.sh delete mode 100755 scripts/render_and_upload_manifests.sh delete mode 100755 scripts/verify-status.sh diff --git a/scripts/check_release_tag.sh b/scripts/check_release_tag.sh deleted file mode 100755 index 8c3c2f4a..00000000 --- a/scripts/check_release_tag.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -set -ue - -DESIRED_TAG=$1 - -source .version - -if [[ "$DESIRED_TAG" != "$MODULE_VERSION" ]]; then - echo "Tags mismatch: expected ${MODULE_VERSION}, got $DESIRED_TAG" - exit 1 -fi -echo "Tags are correct" -exit 0 \ No newline at end of file diff --git a/scripts/check_sec-scanners-config.sh b/scripts/check_sec-scanners-config.sh deleted file mode 100755 index 40497b80..00000000 --- a/scripts/check_sec-scanners-config.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -# This script checks thate the RC-Tag and the eventing-manager image have the tag of the corresponding release. - -# Error handling: -set -o nounset # treat unset variables as an error and exit immediately. -set -o errexit # exit immediately when a command fails. -set -E # needs to be set if we want the ERR trap -set -o pipefail # prevents errors in a pipeline from being masked - -# Get release version -DESIRED_TAG="${1:-"main"}" - -# Get eventing-manager tag from sec-scanners-config.yaml -SEC_SCAN_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/eventing-manager}" -IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${SEC_SCAN_TO_CHECK}" | cut -d : -f 2) - -# Get rc-tag -RC_TAG_TO_CHECK="${3:-rc-tag}" -RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2 | xargs) - -# Check IMAGE_TAG and required image tag -if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then - # ERROR: Tag issue - echo "Tags are not correct: - - wanted: $DESIRED_TAG - - security-scanner image tag: $IMAGE_TAG - - rc-tag: $RC_TAG" - exit 1 -fi - -# OK: Everything is fine -echo "Tags are correct" -exit 0 diff --git a/scripts/create_draft_release.sh b/scripts/create_draft_release.sh deleted file mode 100755 index 738d83f0..00000000 --- a/scripts/create_draft_release.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash - -# This script returns the id of the draft release - -# standard bash error handling -set -o nounset # treat unset variables as an error and exit immediately. -set -o errexit # exit immediately when a command fails. -set -E # needs to be set if we want the ERR trap -set -o pipefail # prevents errors in a pipeline from being masked - -RELEASE_TAG=$1 - -REPOSITORY=${REPOSITORY:-kyma-project/eventing-manager} -GITHUB_URL=https://api.github.com/repos/${REPOSITORY} -GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}" -CHANGELOG_FILE=$(cat CHANGELOG.md) - -JSON_PAYLOAD=$(jq -n \ - --arg tag_name "$RELEASE_TAG" \ - --arg name "$RELEASE_TAG" \ - --arg body "$CHANGELOG_FILE" \ - '{ - "tag_name": $tag_name, - "name": $name, - "body": $body, - "draft": true - }') - -CURL_RESPONSE=$(curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "${GITHUB_AUTH_HEADER}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - ${GITHUB_URL}/releases \ - -d "$JSON_PAYLOAD") - -echo "$(echo $CURL_RESPONSE | jq -r ".id")" \ No newline at end of file diff --git a/scripts/publish_release.sh b/scripts/publish_release.sh deleted file mode 100755 index 681fc54b..00000000 --- a/scripts/publish_release.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -# This script publishes a draft release - -# standard bash error handling -set -o nounset # treat unset variables as an error and exit immediately. -set -o errexit # exit immediately when a command fails. -set -E # needs to be set if we want the ERR trap -set -o pipefail # prevents errors in a pipeline from being masked - -RELEASE_ID=$1 - -REPOSITORY=${REPOSITORY:-kyma-project/eventing-manager} -GITHUB_URL=https://api.github.com/repos/${REPOSITORY} -GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}" - -CURL_RESPONSE=$(curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "${GITHUB_AUTH_HEADER}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - ${GITHUB_URL}/releases/${RELEASE_ID} \ - -d '{"draft":false}') \ No newline at end of file diff --git a/scripts/render_and_upload_manifests.sh b/scripts/render_and_upload_manifests.sh deleted file mode 100755 index c9e8e604..00000000 --- a/scripts/render_and_upload_manifests.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash - -# standard bash error handling -set -o nounset # treat unset variables as an error and exit immediately. -set -o errexit # exit immediately when a command fails. -set -E # needs to be set if we want the ERR trap -set -o pipefail # prevents errors in a pipeline from being masked - -# Expected variables: -# PULL_BASE_REF - name of the tag -# GITHUB_TOKEN - github token used to upload the template yaml - -uploadFile() { - filePath=${1} - ghAsset=${2} - - echo "Uploading ${filePath} as ${ghAsset}" - response=$(curl -s -o output.txt -w "%{http_code}" \ - --request POST --data-binary @"$filePath" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -H "Content-Type: text/yaml" \ - $ghAsset) - if [[ "$response" != "201" ]]; then - echo "Unable to upload the asset ($filePath): " - echo "HTTP Status: $response" - cat output.txt - exit 1 - else - echo "$filePath uploaded" - fi -} - -echo "PULL_BASE_REF ${PULL_BASE_REF}" - -MODULE_VERSION=${PULL_BASE_REF} make render-manifest - -echo "Generated eventing-manager.yaml:" -cat eventing-manager.yaml - -echo "Updating github release with eventing-manager.yaml" - -echo "Finding release id for: ${PULL_BASE_REF}" -CURL_RESPONSE=$(curl -w "%{http_code}" -sL \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ - https://api.github.com/repos/kyma-project/eventing-manager/releases) -JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}") -HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}") -if [[ "${HTTP_CODE}" != "200" ]]; then - echo "${JSON_RESPONSE}" && exit 1 -fi - -echo "Finding release id for: ${PULL_BASE_REF}" -RELEASE_ID=$(jq <<<${JSON_RESPONSE} --arg tag "${PULL_BASE_REF}" '.[] | select(.tag_name == $ARGS.named.tag) | .id') - -if [ -z "${RELEASE_ID}" ]; then - echo "No release with tag = ${PULL_BASE_REF}" - exit 1 -fi - -UPLOAD_URL="https://uploads.github.com/repos/kyma-project/eventing-manager/releases/${RELEASE_ID}/assets" - -uploadFile "eventing-manager.yaml" "${UPLOAD_URL}?name=eventing-manager.yaml" -uploadFile "config/samples/default.yaml" "${UPLOAD_URL}?name=eventing-default-cr.yaml" diff --git a/scripts/verify-status.sh b/scripts/verify-status.sh deleted file mode 100755 index 21fd686a..00000000 --- a/scripts/verify-status.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env bash - -echo "Checking status of POST Jobs for Eventing-Manager" - -REF_NAME="${1:-"main"}" -TIMEOUT_TIME="${2:-600}" -INTERVAL_TIME="${3:-3}" -INITIAL_WAIT_TIME="${4:-30}" - -# Generate job Status URL -STATUS_URL="https://api.github.com/repos/kyma-project/eventing-manager/commits/${REF_NAME}/status" - -# Dates -START_TIME=$(date +%s) -TODAY_DATE=$(date '+%Y-%m-%d') - -# Retry function -function retry { - - # Get status result - local statusresult=$(curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL}) - - # Get overall state - fullstatus=$(echo $statusresult | jq '.state' | tr -d '"') - - # Collect latest run related data - local latestrun=$(echo $statusresult | jq '.statuses[-1]') - local latestrun_state=$(echo $latestrun | jq '.state' | tr -d '"') - local latestrun_createdat=$(echo $latestrun | jq '.created_at' | tr -d '"') - local latestrun_targeturl=$(echo $latestrun | jq '.target_url' | tr -d '"') - - # Check Today's run data - if [[ $latestrun_createdat == *"$TODAY_DATE"* ]]; then - echo $latestrun_createdat - echo $latestrun_state - echo $latestrun_targeturl - fi - - # Show all execution for Today - echo $statusresult | jq --arg t $TODAY_DATE '.statuses[]|select(.created_at | contains($t))' - - # Date time for time-out - local CURRENT_TIME=$(date +%s) - local elapsed_time=$((CURRENT_TIME - START_TIME)) - - # Check time-out - if [ $elapsed_time -ge $TIMEOUT_TIME ]; then - echo "Timeout reached. Exiting." - exit 1 - fi - - if [ "$fullstatus" == "success" ]; then - echo "Success!" - elif [ "$fullstatus" == "failed" ]; then - # Show overall state to user - echo "$statusresult" - echo "Failure! Exiting with an error." - exit 1 - elif [ "$fullstatus" == "pending" ]; then - echo "Status is '$fullstatus'. Retrying in $INTERVAL_TIME seconds..." - sleep $INTERVAL_TIME - else - echo "Invalid result: $result" - exit 1 - fi - -} - -# Initial wait -sleep $INITIAL_WAIT_TIME -# Call retry function -retry -while [ "$fullstatus" == "pending" ]; do - retry -done From 7dd2facb2ae190bec790fb2c2e287285f520698a Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 14:57:21 +0100 Subject: [PATCH 06/28] fix spelling --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 260d295a..7a090bf1 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -59,7 +59,7 @@ jobs: render-and-upload-manifest: name: Render and upload the manifests needs: [gen-version, create-draft-release, build-image] - uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusbale.yml@main + uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusable.yml@main with: VERSION: ${{ needs.gen-version.outputs.VERSION }} CR_FILE: "somedir/cr_file.yaml" From cd49f777fd357cf39eb8ca14dc1918a72e18daba Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 20:46:31 +0100 Subject: [PATCH 07/28] pin workflows to commit sha --- .github/workflows/create-release.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 7a090bf1..f7664232 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -11,13 +11,13 @@ on: jobs: gen-version: name: Generate semantic version from branch and tags - uses: kyma-project/eventing-tools/.github/workflows/get-version-from-release-branch-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/get-version-from-release-branch-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb # outputs: VERSION bump-sec-scanners-config: name: Bump the sec-scandners-config.yaml needs: gen-version - uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: @@ -26,17 +26,17 @@ jobs: run-unit-test: name: Run Unit Tests needs: [gen-version, bump-sec-scanners-config] - uses: kyma-project/eventing-tools/.github/workflows/unit-test-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/unit-test-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb run-golint-cli: name: Run Golint-cli needs: [gen-version, bump-sec-scanners-config] - uses: kyma-project/eventing-tools/.github/workflows/lint-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/lint-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb build-image: name: Build image needs: [gen-version, run-unit-test, run-golint-cli] - uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: VERSION: ${{ needs.gen-version.outputs.VERSION }} TIMEOUT: 120000 # 20 minutes @@ -49,7 +49,7 @@ jobs: create-draft-release: name: Create a draft release needs: [gen-version, run-unit-test, run-golint-cli, build-image] - uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: @@ -59,7 +59,7 @@ jobs: render-and-upload-manifest: name: Render and upload the manifests needs: [gen-version, create-draft-release, build-image] - uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: VERSION: ${{ needs.gen-version.outputs.VERSION }} CR_FILE: "somedir/cr_file.yaml" @@ -71,7 +71,7 @@ jobs: if: ${{ !inputs.DRY_RUN }} needs: [gen-version, render-and-upload-manifest, build-image] name: Publish the release - uses: kyma-project/eventing-tools/.github/workflows/publish-release-reusable.yml@main + uses: kyma-project/eventing-tools/.github/workflows/publish-release-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: From a78a69bd425ea26d17091feb45e9ecf3e9a9a2e6 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 20:47:43 +0100 Subject: [PATCH 08/28] fix typo --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index f7664232..94b8fe63 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -15,7 +15,7 @@ jobs: # outputs: VERSION bump-sec-scanners-config: - name: Bump the sec-scandners-config.yaml + name: Bump the sec-scanners-config.yaml needs: gen-version uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: From 7c15fade7ec6ba06a96b63e021689a57b9d6c146 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 1 Feb 2024 21:26:42 +0100 Subject: [PATCH 09/28] rename manifest files --- .github/workflows/create-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 94b8fe63..d982917d 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -62,8 +62,8 @@ jobs: uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb with: VERSION: ${{ needs.gen-version.outputs.VERSION }} - CR_FILE: "somedir/cr_file.yaml" - CRD_FILE: "crd_file.yaml" + CR_FILE: eventing-default-cr.yaml + CRD_FILE: eventing-manager.yaml secrets: BOT_PAT: ${{ secrets.BOT_PAT }} From 29df00a48aa0d0f3a9ac718ef0cda4c3d0a69592 Mon Sep 17 00:00:00 2001 From: Friedrich Date: Thu, 1 Feb 2024 21:32:16 +0100 Subject: [PATCH 10/28] Update hack/scripts/create_changelog.sh Co-authored-by: Marco Bebway --- hack/scripts/create_changelog.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/scripts/create_changelog.sh b/hack/scripts/create_changelog.sh index 74259cf1..3f05dcc2 100755 --- a/hack/scripts/create_changelog.sh +++ b/hack/scripts/create_changelog.sh @@ -22,7 +22,7 @@ echo "## What has changed" >>${CHANGELOG_FILE} # Iterate over all commits since the previous release. git log "${PREVIOUS_RELEASE}"..HEAD --pretty=tformat:"%h" --reverse | while read -r commit; do - # If the author of the commit is not kyma-bot, show append the commit message to the changelog. + # If the author of the commit is not kyma-bot, append the commit message to the changelog. COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login') if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then git show -s "${commit}" --format="* %s by @${COMMIT_AUTHOR}" >>${CHANGELOG_FILE} From 2698b0db7ba869c5c0ba5e3c7af8d88cbd5c90f2 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Fri, 2 Feb 2024 08:32:17 +0100 Subject: [PATCH 11/28] fix typos in create-changelog --- hack/scripts/create_changelog.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hack/scripts/create_changelog.sh b/hack/scripts/create_changelog.sh index 3f05dcc2..49225cb8 100755 --- a/hack/scripts/create_changelog.sh +++ b/hack/scripts/create_changelog.sh @@ -29,10 +29,10 @@ git log "${PREVIOUS_RELEASE}"..HEAD --pretty=tformat:"%h" --reverse | while read fi done -# Create a new file (with a unique name based on the process ID of the current shell). +# Create a new contibutors file (with a unique name based on the process ID of the current shell). NEW_CONTRIB=$$.new -# Find unique authors that contribute since the last release, but not before it, and to the NEW_CONTRIB file. +# Find unique authors who contributed since the last release, but not before it, and add them to the NEW_CONTRIB file. join -v2 \ <(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \ <(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB} @@ -54,4 +54,3 @@ echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS # Cleanup the NEW_CONTRIB file. rm ${NEW_CONTRIB} || echo "cleaned up" - From 01c07429f7d5f0807d63b1de57af07c5ecede0d3 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Fri, 2 Feb 2024 08:32:35 +0100 Subject: [PATCH 12/28] simplify variables --- hack/scripts/render-sec-scanners-config.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hack/scripts/render-sec-scanners-config.sh b/hack/scripts/render-sec-scanners-config.sh index eb35da8c..e8fe7df2 100644 --- a/hack/scripts/render-sec-scanners-config.sh +++ b/hack/scripts/render-sec-scanners-config.sh @@ -13,7 +13,8 @@ PUBLISHER_FILE=${4-"config/manager/manager.yaml"} echo "fetching webhook image from ${WEBHOOK_FILE}" WEBHOOK_IMAGE=$(yq eval '.images[0].newName' <"$WEBHOOK_FILE") WEBHOOK_TAG=$(yq eval '.images[0].newTag' <"$WEBHOOK_FILE") -echo -e "webhook image is ${WEBHOOK_IMAGE}:${WEBHOOK_TAG} \n" +WEBHOOK_IMAGE="${WEBHOOK_IMAGE}:$WEBHOOK_TAG" +echo -e "webhook image is ${WEBHOOK_IMAGE} \n" # Fetch Publisher Image. echo "fetching publisher image from ${PUBLISHER_FILE}" @@ -31,7 +32,7 @@ rc-tag: ${TAG} protecode: - europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${TAG} - ${PUBLISHER_IMAGE} - - ${WEBHOOK_IMAGE}:${WEBHOOK_TAG} + - ${WEBHOOK_IMAGE} whitesource: language: golang-mod subprojects: false From 336e3c7ddf1ba8dfe896bcceb941c519ea8d9107 Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 2 Feb 2024 08:34:07 +0100 Subject: [PATCH 13/28] Update hack/scripts/render-sec-scanners-config.sh Co-authored-by: Marco Bebway --- hack/scripts/render-sec-scanners-config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hack/scripts/render-sec-scanners-config.sh b/hack/scripts/render-sec-scanners-config.sh index e8fe7df2..23af7d89 100644 --- a/hack/scripts/render-sec-scanners-config.sh +++ b/hack/scripts/render-sec-scanners-config.sh @@ -25,8 +25,8 @@ echo -e "publisher image is ${PUBLISHER_IMAGE} \n" echo -e "generating to ${OUTPUT_FILE} \n" cat < Date: Fri, 2 Feb 2024 08:38:04 +0100 Subject: [PATCH 14/28] new to authors --- hack/scripts/create_changelog.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/scripts/create_changelog.sh b/hack/scripts/create_changelog.sh index 49225cb8..58d374e0 100755 --- a/hack/scripts/create_changelog.sh +++ b/hack/scripts/create_changelog.sh @@ -30,7 +30,7 @@ git log "${PREVIOUS_RELEASE}"..HEAD --pretty=tformat:"%h" --reverse | while read done # Create a new contibutors file (with a unique name based on the process ID of the current shell). -NEW_CONTRIB=$$.new +NEW_CONTRIB=$$.authors # Find unique authors who contributed since the last release, but not before it, and add them to the NEW_CONTRIB file. join -v2 \ From 5eb07cb684316c6008fce4c35a7880fdfb4b052d Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Fri, 2 Feb 2024 15:28:26 +0100 Subject: [PATCH 15/28] remove removal of temp files --- hack/scripts/create_changelog.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/hack/scripts/create_changelog.sh b/hack/scripts/create_changelog.sh index 58d374e0..7955691e 100755 --- a/hack/scripts/create_changelog.sh +++ b/hack/scripts/create_changelog.sh @@ -51,6 +51,3 @@ fi # Append link to the full-changelog this changelog. echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >>${CHANGELOG_FILE} - -# Cleanup the NEW_CONTRIB file. -rm ${NEW_CONTRIB} || echo "cleaned up" From f5c245a2aa12fccccef4ea1193ed449dfb84a2c0 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 09:28:11 +0100 Subject: [PATCH 16/28] update bump-sec-scanners-config sha now useschanges from https://github.com/kyma-project/eventing-tools/pull/68 --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index d982917d..6fba7e98 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -17,7 +17,7 @@ jobs: bump-sec-scanners-config: name: Bump the sec-scanners-config.yaml needs: gen-version - uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb + uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@e8d1cd652dd636ad14b420da984f0bd4bf84ee0a with: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: From 78e1ae7a7b910e691cae5bec757ab5276d186a55 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 09:32:55 +0100 Subject: [PATCH 17/28] add persmissions to scripts --- hack/scripts/render-sec-scanners-config.sh | 0 hack/scripts/render_crd.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 hack/scripts/render-sec-scanners-config.sh mode change 100644 => 100755 hack/scripts/render_crd.sh diff --git a/hack/scripts/render-sec-scanners-config.sh b/hack/scripts/render-sec-scanners-config.sh old mode 100644 new mode 100755 diff --git a/hack/scripts/render_crd.sh b/hack/scripts/render_crd.sh old mode 100644 new mode 100755 From 98b0ee26e813eb7f04f4fa8cc90e2756e79c26ef Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 10:31:45 +0100 Subject: [PATCH 18/28] update sha for trigger-prow-build-job https://github.com/kyma-project/eventing-tools/commit/7113a71873561bf9387f647ae39d275eab5dbd7a --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 6fba7e98..3adbeddd 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -36,7 +36,7 @@ jobs: build-image: name: Build image needs: [gen-version, run-unit-test, run-golint-cli] - uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb + uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@7113a71873561bf9387f647ae39d275eab5dbd7a with: VERSION: ${{ needs.gen-version.outputs.VERSION }} TIMEOUT: 120000 # 20 minutes From 5738fa5a1d393d243d7bb3eb8534c9939424d69c Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 10:49:56 +0100 Subject: [PATCH 19/28] bump trigger-prow-build-job --- .github/workflows/create-release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 3adbeddd..71430ce5 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -36,12 +36,13 @@ jobs: build-image: name: Build image needs: [gen-version, run-unit-test, run-golint-cli] - uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@7113a71873561bf9387f647ae39d275eab5dbd7a + uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@b434a1f4e7d803f7e852858ab07c06d2932c4aed with: VERSION: ${{ needs.gen-version.outputs.VERSION }} TIMEOUT: 120000 # 20 minutes INTERVAL: 6000 # 1 minute CONTEXT: "release-eventing-manager-build" + COMMIT_REF: ${{ github.ref_name }} secrets: BOT_PAT: ${{ secrets.BOT_PAT }} GH_TOKEN: ${{ secrets.GH_TOKEN }} From 3f88f1e0ba1655deb6be59d9fceec6f166127d4b Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 11:06:45 +0100 Subject: [PATCH 20/28] change gh token --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 71430ce5..8bd5d9ed 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -55,7 +55,7 @@ jobs: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: BOT_PAT: ${{ secrets.BOT_PAT }} - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} render-and-upload-manifest: name: Render and upload the manifests From 440aafa7c0bd91291a7024afc2de6ea45679a17e Mon Sep 17 00:00:00 2001 From: Kyma Eventing Bot <127955107+kyma-eventing-bot@users.noreply.github.com> Date: Wed, 7 Feb 2024 11:10:27 +0100 Subject: [PATCH 21/28] auto-bump sec-scanners-config: 2024-02-07-10-07-42 (#464) Co-authored-by: kyma-eventing-bot --- sec-scanners-config.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 956c4175..c2d77bc2 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -1,6 +1,10 @@ +# Dont edit this file; it is autogenerated by github action 'Create release'. +# The value for the publisher image is extracted from config/manager/manager.yaml. +# The value for the webhook image is extracted from config/webhook/kustomization.yaml. module-name: eventing +rc-tag: 0.7.0 protecode: - - europe-docker.pkg.dev/kyma-project/prod/eventing-manager:main + - europe-docker.pkg.dev/kyma-project/prod/eventing-manager:0.7.0 - europe-docker.pkg.dev/kyma-project/prod/eventing-publisher-proxy:1.0.1 - europe-docker.pkg.dev/kyma-project/prod/eventing-webhook-certificates:1.7.0 whitesource: From 51d7832dc2096ec6b692c890ba71d89880e2fd24 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 12:21:55 +0100 Subject: [PATCH 22/28] change token --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 8bd5d9ed..71430ce5 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -55,7 +55,7 @@ jobs: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: BOT_PAT: ${{ secrets.BOT_PAT }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} render-and-upload-manifest: name: Render and upload the manifests From 9235769ae4bfee9dd03b5cd4553ca2f5a970414f Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 14:07:13 +0100 Subject: [PATCH 23/28] inherit secrets to trigger-prow=build-job-reusable --- .github/workflows/create-release.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 71430ce5..7ac759f2 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -36,16 +36,14 @@ jobs: build-image: name: Build image needs: [gen-version, run-unit-test, run-golint-cli] - uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@b434a1f4e7d803f7e852858ab07c06d2932c4aed + uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@f509756e135aa2255cfd9e96c833fe5c6e511b3b with: VERSION: ${{ needs.gen-version.outputs.VERSION }} TIMEOUT: 120000 # 20 minutes INTERVAL: 6000 # 1 minute CONTEXT: "release-eventing-manager-build" COMMIT_REF: ${{ github.ref_name }} - secrets: - BOT_PAT: ${{ secrets.BOT_PAT }} - GH_TOKEN: ${{ secrets.GH_TOKEN }} + secrets: inherit create-draft-release: name: Create a draft release From 6c27b432542c62f8a1f60efa3b675698531f5b79 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 15:05:25 +0100 Subject: [PATCH 24/28] bump create-draft-release --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 7ac759f2..ad58f12d 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -48,7 +48,7 @@ jobs: create-draft-release: name: Create a draft release needs: [gen-version, run-unit-test, run-golint-cli, build-image] - uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb + uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@d5c713986ad2249557ad12481a3608480f548975c with: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: From fe5e1bcf8436d7845192b1c04e413002b09478fb Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 15:08:31 +0100 Subject: [PATCH 25/28] bump sha for create draft release --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index ad58f12d..a9a079d8 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -48,7 +48,7 @@ jobs: create-draft-release: name: Create a draft release needs: [gen-version, run-unit-test, run-golint-cli, build-image] - uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@d5c713986ad2249557ad12481a3608480f548975c + uses: kyma-project/eventing-tools/.github/workflows/create-draft-release-reusable.yml@5c713986ad2249557ad12481a3608480f548975c with: VERSION: ${{ needs.gen-version.outputs.VERSION }} secrets: From 302370e81a0a20b2cd4eb648aa34c940d9708863 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Wed, 7 Feb 2024 15:46:46 +0100 Subject: [PATCH 26/28] bump redener manifests --- .github/workflows/create-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index a9a079d8..64f9b42e 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -39,8 +39,8 @@ jobs: uses: kyma-project/eventing-tools/.github/workflows/trigger-prow-build-job-reusable.yml@f509756e135aa2255cfd9e96c833fe5c6e511b3b with: VERSION: ${{ needs.gen-version.outputs.VERSION }} - TIMEOUT: 120000 # 20 minutes - INTERVAL: 6000 # 1 minute + TIMEOUT: 1200000 # 20 minutes + INTERVAL: 60000 # 1 minute CONTEXT: "release-eventing-manager-build" COMMIT_REF: ${{ github.ref_name }} secrets: inherit @@ -58,7 +58,7 @@ jobs: render-and-upload-manifest: name: Render and upload the manifests needs: [gen-version, create-draft-release, build-image] - uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusable.yml@d491378dbbeef63bf8616f1a1b2b1a49ea5f9eeb + uses: kyma-project/eventing-tools/.github/workflows/render-and-upload-manifests-reusable.yml@5c713986ad2249557ad12481a3608480f548975c with: VERSION: ${{ needs.gen-version.outputs.VERSION }} CR_FILE: eventing-default-cr.yaml From 3720d1f50f746115b6ae2ad17b42f3427a1ec804 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 8 Feb 2024 10:49:06 +0100 Subject: [PATCH 27/28] use old create_changelog.sh --- hack/scripts/create_changelog.sh | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/hack/scripts/create_changelog.sh b/hack/scripts/create_changelog.sh index 7955691e..25f9792f 100755 --- a/hack/scripts/create_changelog.sh +++ b/hack/scripts/create_changelog.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash -# Error handling. +PREVIOUS_RELEASE=$2 # for testability + +# standard bash error handling set -o nounset # treat unset variables as an error and exit immediately. set -o errexit # exit immediately when a command fails. set -E # needs to be set if we want the ERR trap @@ -10,34 +12,28 @@ RELEASE_TAG=$1 REPOSITORY=${REPOSITORY:-kyma-project/eventing-manager} GITHUB_URL=https://api.github.com/repos/${REPOSITORY} -GITHUB_AUTH_HEADER="Authorization: token ${GH_TOKEN}" +GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" CHANGELOG_FILE="CHANGELOG.md" -# The git describe --tag --abbrev=0 command is used to find the most recent tag that is reachable from a commit. -# The --tag option tells git describe to consider any tag found in the refs/tags namespace, enabling matching a lightweight (non-annotated) tag. -PREVIOUS_RELEASE=$(git describe --tags --abbrev=0) +if [ "${PREVIOUS_RELEASE}" == "" ]; then + PREVIOUS_RELEASE=$(git describe --tags --abbrev=0) +fi -# Generate the changelog in the CHANGELOG.md. echo "## What has changed" >>${CHANGELOG_FILE} -# Iterate over all commits since the previous release. -git log "${PREVIOUS_RELEASE}"..HEAD --pretty=tformat:"%h" --reverse | while read -r commit; do - # If the author of the commit is not kyma-bot, append the commit message to the changelog. +git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit; do COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login') if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then - git show -s "${commit}" --format="* %s by @${COMMIT_AUTHOR}" >>${CHANGELOG_FILE} + git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >>${CHANGELOG_FILE} fi done -# Create a new contibutors file (with a unique name based on the process ID of the current shell). -NEW_CONTRIB=$$.authors +NEW_CONTRIB=$$.new -# Find unique authors who contributed since the last release, but not before it, and add them to the NEW_CONTRIB file. join -v2 \ <(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \ <(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB} -# Add new contributors to the 'new contributors' section of the changelog. if [ -s ${NEW_CONTRIB} ]; then echo -e "\n## New contributors" >>${CHANGELOG_FILE} while read -r user; do @@ -49,5 +45,7 @@ if [ -s ${NEW_CONTRIB} ]; then done <${NEW_CONTRIB} fi -# Append link to the full-changelog this changelog. echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >>${CHANGELOG_FILE} + +# cleanup +rm ${NEW_CONTRIB} || echo "cleaned up" From 0b0d1e1e97eb94321accf42dc20c46979852d92b Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Thu, 8 Feb 2024 14:28:47 +0100 Subject: [PATCH 28/28] add step to update kusomization --- hack/scripts/render-sec-scanners-config.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hack/scripts/render-sec-scanners-config.sh b/hack/scripts/render-sec-scanners-config.sh index 23af7d89..c2b3ecad 100755 --- a/hack/scripts/render-sec-scanners-config.sh +++ b/hack/scripts/render-sec-scanners-config.sh @@ -8,7 +8,7 @@ TAG=$1 OUTPUT_FILE=${2:-"sec-scanners-config.yaml"} WEBHOOK_FILE=${3-"config/webhook/kustomization.yaml"} PUBLISHER_FILE=${4-"config/manager/manager.yaml"} - +KUSTOMIZATION_FILE=${5-"config/manager/kustomization.yaml"} # Fetch Webhook Image. echo "fetching webhook image from ${WEBHOOK_FILE}" WEBHOOK_IMAGE=$(yq eval '.images[0].newName' <"$WEBHOOK_FILE") @@ -41,3 +41,7 @@ whitesource: - "**/*_test.go" - "/hack/**" EOF + +# Bump kustomization file +sed -i "/images.newTag/c\images.newTag: ${VERSION}" "${KUSTOMIZATION_FILE}" +awk -v ntv="$VERSION" '/newTag:/ {print $1 ":" " " ntv} !/newTag:/' "$KUSTOMIZATION_FILE" >tmp_file && mv tmp_file "$KUSTOMIZATION_FILE"