Merge branch 'projectcalico:master' into master

Behnam-Shobiri · Sep 26, 2024 · 92577e8 · 92577e8
2 parents 6bcba0a + 0a15b0b
commit 92577e8
Show file tree

Hide file tree

Showing 719 changed files with 74,620 additions and 51,047 deletions.
diff --git a/.github/workflows/check_release_notes.yml b/.github/workflows/check_release_notes.yml
@@ -0,0 +1,19 @@
+# This workflow will perform the following checks:
+# 1. Check the PR for a specific label (by default 'release-note-required'); if it's not there, exit
+# 2. Check the PR body for a matching release-note code block; if missing, fail
+# 3. Check the contents of the code block to ensure it's not empty or 'TBD'; otherwise, fail
+# 4. Success!
+
+name: Validate Release Notes
+on:
+  pull_request:
+    types: [labeled, unlabeled, edited, synchronize, ready_for_review]
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Validate Release Notes
+        uses: tigera/check-release-notes@main
diff --git a/.gitignore b/.gitignore
@@ -11,14 +11,13 @@ postrelease-checks.xml
 crypto/tmp
 
 /* Produced as part of release */
-hack/release/release
+release/release
 node/windows-packaging/CalicoWindows/confd/config-bgp.ps1
 node/windows-packaging/CalicoWindows/confd/config-bgp.psm1
 node/windows-packaging/nssm.zip
 node/windows-packaging/nssm.exe
 _output
 builder.coverprofile
-hack/release/ghr
 
 /* Created by local kind cluster */
 hack/test/kind/kind

diff --git a/.semaphore/.gitattributes b/.semaphore/.gitattributes
@@ -0,0 +1,2 @@
+semaphore.yml linguist-generated=true
+semaphore-scheduled-builds.yml linguist-generated=true
diff --git a/.semaphore/cleanup.yml b/.semaphore/cleanup.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Felix
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -27,3 +27,21 @@ blocks:
       - ./.semaphore/clean-up-vms ${VM_PREFIX}
     secrets:
     - name: google-service-account-for-gce
+
+- name: Clean up windows resources
+  dependencies: []
+  task:
+    prologue:
+      commands:
+        - checkout
+        - az login --service-principal -u "${AZ_SP_ID}" -p "${AZ_SP_PASSWORD}" --tenant "${AZ_TENANT_ID}" --output none
+        - cd process/testing/util
+    jobs:
+      - name: Clean up windows felix resources
+        commands:
+          - ./delete-az-rg.sh ${USER}-capz-win-felix-${SEMAPHORE_WORKFLOW_ID:0:8}-rg
+      - name: Clean up windows cni resources
+        commands:
+          - ./delete-az-rg.sh ${USER}-capz-win-cni-${SEMAPHORE_WORKFLOW_ID:0:8}-rg
+    secrets:
+    - name: banzai-secrets
diff --git a/.semaphore/license-scanning/fossa-scan.yml b/.semaphore/license-scanning/fossa-scan.yml
@@ -3,7 +3,7 @@ name: Run Fossa Scan
 
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:

diff --git a/.semaphore/push-images/alp.yml b/.semaphore/push-images/alp.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish ALP images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/apiserver.yml b/.semaphore/push-images/apiserver.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish apiserver images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/calicoctl.yml b/.semaphore/push-images/calicoctl.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish calicoctl images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/cni-plugin.yml b/.semaphore/push-images/cni-plugin.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish cni-plugin images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/key-cert-provisioner.yml b/.semaphore/push-images/key-cert-provisioner.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish key-cert-provisioner images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/kube-controllers.yml b/.semaphore/push-images/kube-controllers.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish kube-controllers images
 agent:
   machine:
-    type: e1-standard-4
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/node.yml b/.semaphore/push-images/node.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish node images
 agent:
   machine:
-    type: e1-standard-4
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/packaging.yaml b/.semaphore/push-images/packaging.yaml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish openstack packages
 agent:
   machine:
-    type: e1-standard-4
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -46,4 +46,4 @@ blocks:
       jobs:
         - name: "packages"
           commands:
-            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C hack/release/packaging release-publish VERSION=$SEMAPHORE_GIT_BRANCH; fi
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C release/packaging release-publish VERSION=$SEMAPHORE_GIT_BRANCH; fi
diff --git a/.semaphore/push-images/pod2daemon.yml b/.semaphore/push-images/pod2daemon.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish pod2daemon images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/push-images/typha.yml b/.semaphore/push-images/typha.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish typha images
 agent:
   machine:
-    type: e1-standard-2
+    type: f1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -24,8 +24,6 @@ global_job_config:
       - sudo systemctl stop docker
       - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
       - sudo systemctl start docker
-      # Free up space on the build machine.
-      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
       # Semaphore is doing shallow clone on a commit without tags.
       # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
       - retry git fetch --unshallow

diff --git a/.semaphore/release/hashrelease.yml b/.semaphore/release/hashrelease.yml
@@ -0,0 +1,54 @@
+version: v1.0
+name: Publish hashrelease
+agent:
+  machine:
+    type: f1-standard-2
+    os_image: ubuntu2004
+execution_time_limit:
+  hours: 4
+
+global_job_config:
+  secrets:
+    # Github SSH secret for pulling private repositories.
+    - name: private-repo
+    # Secret for GitHub API access.
+    - name: marvin-github-token
+    # Secret for pushing to the docs box.
+    - name: docs-ssh
+    # Secret for pulling images from GCR.
+    - name: gcloud-registry-access
+    # Secret for the docker auth
+    - name: hashrelease-docker-auth
+    # Secret for Image Scanning Service
+    - name: iss-image-scanning
+    # Secrets for Slack notifications
+    - name: releasebot-slack
+  prologue:
+    commands:
+      - chmod 0600 ~/.keys/*
+      - ssh-add ~/.keys/*
+      - export GOOGLE_APPLICATION_CREDENTIALS=${HOME}/keys/.registry-viewer-serviceaccount.json
+      - gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
+      - docker login
+      - checkout
+      # Unshallow the git repository to get latest tags
+      - retry git fetch --quiet --unshallow
+
+blocks:
+  - name: Publish hashrelease
+    task:
+      jobs:
+        - name: Build and publish hashrelease
+          commands:
+            - ./bin/release hashrelease build
+            - ./bin/release hashrelease publish
+      prologue:
+        commands:
+          - export GITHUB_TOKEN=${MARVIN_GITHUB_TOKEN}
+          - cd release
+          - make build
+      env_vars:
+        - name: OPERATOR_BRANCH
+          value: master
+        - name: IS_HASHRELEASE
+          value: "true"
diff --git a/.semaphore/release/release.yml b/.semaphore/release/release.yml
@@ -2,7 +2,7 @@ version: v1.0
 name: Publish official release
 agent:
   machine:
-    type: e1-standard-8
+    type: f1-standard-4
     os_image: ubuntu2004
 
 execution_time_limit:
@@ -46,8 +46,6 @@ blocks:
         - sudo systemctl stop docker
         - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
         - sudo systemctl start docker
-        # Free up space on the build machine.
-        - sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
         # Log in to container registries needed for release.
         - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
         - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
@@ -87,8 +85,6 @@ blocks:
         - ssh-add /home/semaphore/.keys/git_ssh_rsa
         # Checkout the code and unshallow it.
         - checkout
-        # Free up space on the build machine.
-        - sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
         # Install more tools
         - sudo apt update
         - sudo apt install -y moreutils patchelf
@@ -108,5 +104,5 @@ blocks:
       epilogue:
         always:
           commands:
-          - test -d hack/release/packaging/output  && mv -v hack/release/packaging/output hack/release/packaging/openstack
-          - artifact push workflow hack/release/packaging/openstack
+          - test -d release/packaging/output  && mv -v release/packaging/output release/packaging/openstack
+          - artifact push workflow release/packaging/openstack
diff --git a/.semaphore/rerun_failed_jobs.yml b/.semaphore/rerun_failed_jobs.yml
@@ -0,0 +1,24 @@
+version: v1.0
+name: Rerun failed jobs
+agent:
+  machine:
+    type: f1-standard-2
+    os_image: ubuntu2204
+
+execution_time_limit:
+  minutes: 10
+
+blocks:
+  - name: Rerun failed jobs
+    dependencies: []
+    task:
+      secrets:
+        - name: semaphore-api
+      jobs:
+        - name: Rerun failed jobs
+          commands:
+            - curl https://storage.googleapis.com/sem-cli-releases/get.sh | bash
+            - export CONNECT_URL=${SEMAPHORE_ORGANIZATION_URL#"https://"}
+            - /usr/local/bin/sem connect $CONNECT_URL $SEMAPHORE_API_TOKEN
+            - export PIPELINE=$(/usr/local/bin/sem get workflows $SEMAPHORE_WORKFLOW_ID -i $SEMAPHORE_PROJECT_ID | tail -n 1 | awk '{print $1}')
+            - /usr/local/bin/sem rebuild pipeline $PIPELINE
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		semaphore.yml linguist-generated=true
		semaphore-scheduled-builds.yml linguist-generated=true