diff --git a/.github/workflows/apidiff.yaml b/.github/workflows/apidiff.yaml index ebabbd36..474248c4 100644 --- a/.github/workflows/apidiff.yaml +++ b/.github/workflows/apidiff.yaml @@ -5,10 +5,11 @@ jobs: go-apidiff: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@v5 with: go-version: 1.20.x - - uses: joelanford/go-apidiff@main + - name: Generate API diff + run: make apidiff diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 6292781d..9ad19c53 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -9,9 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.20.x - uses: actions/cache@v3.3.1 diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index be78bc61..0cbdc633 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Export tag @@ -58,7 +58,7 @@ jobs: COMMITDATE=${{ steps.export_tag.outputs.commit_date }} COMMIT=${{ github.sha }} - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.20.x - uses: actions/cache@v3.3.1 @@ -69,10 +69,10 @@ jobs: key: ${{ runner.os }}-test-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-test-go-${{ hashFiles('**/go.sum') }} - - uses: engineerd/setup-kind@v0.5.0 + - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - version: "v0.16.0" - skipClusterCreation: "true" + version: v0.23.0 + install_only: true - name: Create kind cluster run: make setup-kind - name: E2E tests diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 7a8d54ea..1044bc19 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -11,13 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.20.x - name: Analysis - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: args: -v - skip-pkg-cache: true diff --git a/.github/workflows/nightly-publish.yaml b/.github/workflows/nightly-publish.yaml index a2ddedfa..487d3a2d 100644 --- a/.github/workflows/nightly-publish.yaml +++ b/.github/workflows/nightly-publish.yaml @@ -13,7 +13,7 @@ jobs: BUILD_DATE: ${{ steps.setoutputs.outputs.builddate}} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set current date as env variable @@ -49,7 +49,7 @@ jobs: needs: nightly_image steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Helm diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 82266cbc..952ec7d6 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Docker Buildx diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml index 6a40cd3d..d9ba223e 100644 --- a/.github/workflows/unit.yaml +++ b/.github/workflows/unit.yaml @@ -8,9 +8,9 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.20.x - uses: actions/cache@v3.3.1 diff --git a/.github/workflows/update-rancher-charts.yaml b/.github/workflows/update-rancher-charts.yaml index cc85ed06..0fd95013 100644 --- a/.github/workflows/update-rancher-charts.yaml +++ b/.github/workflows/update-rancher-charts.yaml @@ -5,13 +5,13 @@ on: ref: description: "Branch to use for GitHub action workflow" required: true - default: "master" + default: "release-v2.7" charts_ref: description: "Submit PR against the following rancher/charts branch (e.g. dev-v2.7)" required: true default: "dev-v2.7" prev_aks_operator: - description: "Previous AKS operator version (e.g. 1.1.0-rc2)" + description: "Previous AKS operator version (e.g. 1.2.0-rc.1)" required: true default: "" new_aks_operator: @@ -35,32 +35,42 @@ jobs: create-rancher-charts-pr: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.inputs.ref}} path: aks-operator + persist-credentials: false - name: Checkout rancher/charts - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 repository: rancher/charts ref: ${{github.event.inputs.charts_ref}} path: charts - - name: Run release script + persist-credentials: false + - name: Run release script # release script is responsible for git add/commit run: ./aks-operator/.github/scripts/update-rancher-charts.sh ${{github.event.inputs.prev_aks_operator}} ${{github.event.inputs.new_aks_operator}} ${{github.event.inputs.prev_chart}} ${{github.event.inputs.new_chart}} ${{github.event.inputs.should_replace}} - - name: Create Pull Request - uses: peter-evans/create-pull-request@v5 + - name: Set timestamp + run: echo "TIMESTAMP=$(date +'%s')" >> "$GITHUB_ENV" + - name: Push changes + env: + USERNAME: highlander-ci-bot + TOKEN: ${{ secrets.CI_BOT_TOKEN }} + run: | + git remote add bot-fork https://${USERNAME}:${TOKEN}@github.com/highlander-ci-bot/charts.git + git push bot-fork HEAD:${{github.event.inputs.new_aks_operator}}-${{env.TIMESTAMP}} + - name: Create PR + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - token: ${{secrets.CI_BOT_TOKEN}} - push-to-fork: highlander-ci-bot/charts - title: 'Update AKS operator to v${{github.event.inputs.new_aks_operator}}' - body: | - Update AKS operator to v${{github.event.inputs.new_aks_operator}} + github-token: ${{ secrets.CI_BOT_TOKEN }} + script: | + github.pulls.create({ + owner: 'rancher', + repo: 'charts', + head: 'highlander-ci-bot:${{github.event.inputs.new_aks_operator}}-${{env.TIMESTAMP}}', + base: ${{github.event.inputs.charts_ref}}, + title: 'Update AKS operator to v${{github.event.inputs.new_aks_operator}}', + body: 'Update AKS operator to v${{github.event.inputs.new_aks_operator}}\n\nChangelog: https://github.com/rancher/aks-operator/releases/tag/v${{github.event.inputs.new_aks_operator}}\n\ncc @rancher/highlander' + }) - Changelog: https://github.com/rancher/aks-operator/releases/tag/v${{github.event.inputs.new_aks_operator}} - - cc @rancher/highlander - branch-suffix: timestamp - base: ${{github.event.inputs.charts_ref}} - path: ./charts/ diff --git a/.github/workflows/update-rancher-dep.yaml b/.github/workflows/update-rancher-dep.yaml index 3a43a945..f8cdafff 100644 --- a/.github/workflows/update-rancher-dep.yaml +++ b/.github/workflows/update-rancher-dep.yaml @@ -11,7 +11,7 @@ on: required: true default: "release/v2.7" new_aks: - description: "New AKS operator version (e.g. 1.1.0-rc2), don't include the 'v'" + description: "New AKS operator version (e.g. 1.2.0-rc.1), don't include the 'v'" required: true default: "" @@ -24,35 +24,44 @@ jobs: create-rancher-pr: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.inputs.ref}} path: aks-operator + persist-credentials: false - name: Checkout rancher/rancher - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 repository: rancher/rancher ref: ${{github.event.inputs.rancher_ref}} path: rancher - - uses: actions/setup-go@v4 + persist-credentials: false + - uses: actions/setup-go@v5 with: go-version: ${{ env.SETUP_GO_VERSION }} - - name: Run release script + - name: Run release script # release script is responsible for git add/commit run: ./aks-operator/.github/scripts/update-rancher-dep.sh ${{github.event.inputs.new_aks}} - - name: Create Pull Request - uses: peter-evans/create-pull-request@v5 + - name: Set timestamp + run: echo "TIMESTAMP=$(date +'%s')" >> "$GITHUB_ENV" + - name: Push changes + env: + USERNAME: highlander-ci-bot + TOKEN: ${{ secrets.CI_BOT_TOKEN }} + run: | + git remote add bot-fork https://${USERNAME}:${TOKEN}@github.com/highlander-ci-bot/rancher.git + git push bot-fork HEAD:${{github.event.inputs.new_aks}}-${{env.TIMESTAMP}} + - name: Create PR + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - token: ${{secrets.CI_BOT_TOKEN}} - push-to-fork: highlander-ci-bot/rancher - title: ' Update AKS operator to v${{github.event.inputs.new_aks}}' - body: | - Update AKS operator to v${{github.event.inputs.new_aks}} - - Changelog: https://github.com/rancher/aks-operator/releases/tag/v${{github.event.inputs.new_aks}} - - cc @rancher/highlander - branch-suffix: timestamp - base: ${{github.event.inputs.rancher_ref}} - path: ./rancher/ + github-token: ${{secrets.CI_BOT_TOKEN}} + script: | + github.pulls.create({ + owner: 'rancher', + repo: 'rancher', + head: 'highlander-ci-bot:${{github.event.inputs.new_aks}}-${{env.TIMESTAMP}}', + base: ${{github.event.inputs.rancher_ref}}, + title: 'Update AKS operator to v${{github.event.inputs.new_aks}}', + body: 'Update AKS operator to v${{github.event.inputs.new_aks}}\n\nChangelog: https://github.com/rancher/aks-operator/releases/tag/v${{github.event.inputs.new_aks}}\n\ncc @rancher/highlander' + }) diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml index 311486db..56b810af 100644 --- a/.github/workflows/verify.yaml +++ b/.github/workflows/verify.yaml @@ -8,9 +8,9 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.20.x - uses: actions/cache@v3.3.1 diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..cb588100 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,2 @@ +# Requires upgrading to Go 1.21 but we can't do this before Rancher v2.7 gets updated +CVE-2023-45288 \ No newline at end of file diff --git a/Makefile b/Makefile index a3073509..751a1600 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,10 @@ GINKGO_VER := v2.17.1 GINKGO_BIN := ginkgo GINKGO := $(BIN_DIR)/$(GINKGO_BIN)-$(GINKGO_VER) +GO_APIDIFF_VER := v0.8.2 +GO_APIDIFF_BIN := go-apidiff +GO_APIDIFF := $(BIN_DIR)/$(GO_APIDIFF_BIN)-$(GO_APIDIFF_VER) + SETUP_ENVTEST_VER := v0.0.0-20211110210527-619e6b92dab9 SETUP_ENVTEST_BIN := setup-envtest SETUP_ENVTEST := $(BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER) @@ -172,3 +176,9 @@ docker-build-e2e: .PHOHY: delete-local-kind-cluster delete-local-kind-cluster: ## Delete the local kind cluster kind delete cluster --name=$(CLUSTER_NAME) + +APIDIFF_OLD_COMMIT ?= $(shell git rev-parse origin/release-v2.7) + +.PHONY: apidiff +apidiff: $(GO_APIDIFF) ## Check for API differences + $(GO_APIDIFF) $(APIDIFF_OLD_COMMIT) --print-compatible \ No newline at end of file