From e3a957df75003daa85da325450a3566201b61830 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Sep 2024 01:22:57 +0000 Subject: [PATCH 1/5] Bump the all group with 2 updates Bumps the all group with 2 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `k8s.io/apimachinery` from 0.31.0 to 0.31.1 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.31.0...v0.31.1) Updates `sigs.k8s.io/release-utils` from 0.8.4 to 0.8.5 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.4...v0.8.5) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 772fa1ee9f6..0acdd56ffc7 100644 --- a/go.mod +++ b/go.mod @@ -38,13 +38,13 @@ require ( golang.org/x/text v0.18.0 google.golang.org/api v0.172.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/apimachinery v0.31.0 + k8s.io/apimachinery v0.31.1 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/bom v0.6.0 sigs.k8s.io/mdtoc v1.4.0 sigs.k8s.io/promo-tools/v3 v3.6.0 sigs.k8s.io/release-sdk v0.12.1 - sigs.k8s.io/release-utils v0.8.4 + sigs.k8s.io/release-utils v0.8.5 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 860fddc6373..66ae1b657ed 100644 --- a/go.sum +++ b/go.sum @@ -1286,8 +1286,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM= k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4= k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= @@ -1317,8 +1317,8 @@ sigs.k8s.io/promo-tools/v3 v3.6.0 h1:C2L08ezrWm1aZI8Emd3iZPZQserLPRgzuqQVxvI0PUI sigs.k8s.io/promo-tools/v3 v3.6.0/go.mod h1:XJ3jy0hJYs+hWKt8XsLHFzGQV8PUtvllvbxjN/E5RXI= sigs.k8s.io/release-sdk v0.12.1 h1:/Q+yWpl33EnFx1b7xh6FnbioWSRUTrVkigL4KZVTrkU= sigs.k8s.io/release-sdk v0.12.1/go.mod h1:nnB4tt1g0VXMUCIYzDzPVqNI896OQrWipE6WbyZ6FSk= -sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= -sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0= +sigs.k8s.io/release-utils v0.8.5 h1:FUtFqEAN621gSXv0L7kHyWruBeS7TUU9aWf76olX7uQ= +sigs.k8s.io/release-utils v0.8.5/go.mod h1:qsm5bdxdgoHkD8HsXpgme2/c3mdsNaiV53Sz2HmKeJA= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= From 1aa8737af04c1d4c79633fa62d1eaff8b3f2ef0a Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Fri, 13 Sep 2024 09:47:59 +0200 Subject: [PATCH 2/5] Add `FORCE_BUILD_KREL` GCB env var to build krel from sources This allows changing something in `master` and using that krel sources without having a need for a new release. Signed-off-by: Sascha Grunert --- gcb/fast-forward/cloudbuild.yaml | 1 + gcb/obs-release/cloudbuild.yaml | 1 + gcb/obs-stage/cloudbuild.yaml | 1 + gcb/release/cloudbuild.yaml | 1 + gcb/stage/cloudbuild.yaml | 1 + hack/get-krel | 10 ++++- pkg/gcp/gcb/gcb.go | 6 ++- pkg/gcp/gcb/gcb_test.go | 64 +++++++++++++++++++------------- pkg/release/release.go | 7 ++++ 9 files changed, 63 insertions(+), 29 deletions(-) diff --git a/gcb/fast-forward/cloudbuild.yaml b/gcb/fast-forward/cloudbuild.yaml index 6cedd847b40..fd1d3cfb273 100644 --- a/gcb/fast-forward/cloudbuild.yaml +++ b/gcb/fast-forward/cloudbuild.yaml @@ -59,6 +59,7 @@ steps: - "TOOL_ORG=${_TOOL_ORG}" - "TOOL_REPO=${_TOOL_REPO}" - "TOOL_REF=${_TOOL_REF}" + - "FORCE_BUILD_KREL=${_FORCE_BUILD_KREL}" args: - ./hack/get-krel diff --git a/gcb/obs-release/cloudbuild.yaml b/gcb/obs-release/cloudbuild.yaml index 465437b558b..b6d18a182d9 100644 --- a/gcb/obs-release/cloudbuild.yaml +++ b/gcb/obs-release/cloudbuild.yaml @@ -59,6 +59,7 @@ steps: - "TOOL_ORG=${_TOOL_ORG}" - "TOOL_REPO=${_TOOL_REPO}" - "TOOL_REF=${_TOOL_REF}" + - "FORCE_BUILD_KREL=${_FORCE_BUILD_KREL}" args: - ./hack/get-krel diff --git a/gcb/obs-stage/cloudbuild.yaml b/gcb/obs-stage/cloudbuild.yaml index cfacd5c8b31..d56eb55611c 100644 --- a/gcb/obs-stage/cloudbuild.yaml +++ b/gcb/obs-stage/cloudbuild.yaml @@ -59,6 +59,7 @@ steps: - "TOOL_ORG=${_TOOL_ORG}" - "TOOL_REPO=${_TOOL_REPO}" - "TOOL_REF=${_TOOL_REF}" + - "FORCE_BUILD_KREL=${_FORCE_BUILD_KREL}" args: - ./hack/get-krel diff --git a/gcb/release/cloudbuild.yaml b/gcb/release/cloudbuild.yaml index 478e7728f06..3cf6b8510da 100644 --- a/gcb/release/cloudbuild.yaml +++ b/gcb/release/cloudbuild.yaml @@ -62,6 +62,7 @@ steps: - "TOOL_ORG=${_TOOL_ORG}" - "TOOL_REPO=${_TOOL_REPO}" - "TOOL_REF=${_TOOL_REF}" + - "FORCE_BUILD_KREL=${_FORCE_BUILD_KREL}" args: - ./hack/get-krel diff --git a/gcb/stage/cloudbuild.yaml b/gcb/stage/cloudbuild.yaml index 3e0ae7427b2..f02efc2aa02 100644 --- a/gcb/stage/cloudbuild.yaml +++ b/gcb/stage/cloudbuild.yaml @@ -63,6 +63,7 @@ steps: - "TOOL_ORG=${_TOOL_ORG}" - "TOOL_REPO=${_TOOL_REPO}" - "TOOL_REF=${_TOOL_REF}" + - "FORCE_BUILD_KREL=${_FORCE_BUILD_KREL}" args: - ./hack/get-krel diff --git a/hack/get-krel b/hack/get-krel index 5a53081a239..1a119cbe425 100755 --- a/hack/get-krel +++ b/hack/get-krel @@ -17,6 +17,7 @@ set -o errexit set -o nounset set -o pipefail +set -x curl_retry() { curl -sSfL --retry 5 --retry-delay 3 "$@" @@ -29,11 +30,18 @@ DEFAULT_TOOL_REF=master TOOL_ORG=${TOOL_ORG:-${DEFAULT_TOOL_ORG}} TOOL_REPO=${TOOL_REPO:-${DEFAULT_TOOL_REPO}} TOOL_REF=${TOOL_REF:-${DEFAULT_TOOL_REF}} + +FORCE_BUILD_KREL=${FORCE_BUILD_KREL:-false} + KREL_OUTPUT_PATH=${KREL_OUTPUT_PATH:-bin/krel} echo "Using output path: $KREL_OUTPUT_PATH" mkdir -p "$(dirname "$KREL_OUTPUT_PATH")" -if [[ "$TOOL_ORG" == "$DEFAULT_TOOL_ORG" && "$TOOL_REPO" == "$DEFAULT_TOOL_REPO" && "$TOOL_REF" == "$DEFAULT_TOOL_REF" ]]; then +if [[ "$FORCE_BUILD_KREL" == false && + "$TOOL_ORG" == "$DEFAULT_TOOL_ORG" && + "$TOOL_REPO" == "$DEFAULT_TOOL_REPO" && + "$TOOL_REF" == "$DEFAULT_TOOL_REF" ]]; then + LATEST_RELEASE=$(curl_retry https://api.github.com/repos/kubernetes/release/releases/latest | jq -r .tag_name) echo "Using krel release: $LATEST_RELEASE" diff --git a/pkg/gcp/gcb/gcb.go b/pkg/gcp/gcb/gcb.go index 243e3acc91e..a29b8abaebf 100644 --- a/pkg/gcp/gcb/gcb.go +++ b/pkg/gcp/gcb/gcb.go @@ -218,6 +218,7 @@ func (g *GCB) Submit() error { toolOrg := release.GetToolOrg() toolRepo := release.GetToolRepo() toolRef := release.GetToolRef() + forceBuildKrel := release.GetForceBuildKrel() if err := gcli.PreCheck(); err != nil { return fmt.Errorf("pre-checking for GCP package usage: %w", err) @@ -289,7 +290,7 @@ func (g *GCB) Submit() error { gcsBucket = strings.ReplaceAll(gcsBucket, release.TestBucket, release.ProductionBucket) } - gcbSubs, gcbSubsErr := g.SetGCBSubstitutions(toolOrg, toolRepo, toolRef, gcsBucket) + gcbSubs, gcbSubsErr := g.SetGCBSubstitutions(toolOrg, toolRepo, toolRef, gcsBucket, forceBuildKrel) if gcbSubs == nil || gcbSubsErr != nil { return gcbSubsErr } @@ -351,12 +352,13 @@ func (g *GCB) Submit() error { // SetGCBSubstitutions takes a set of `Options` and returns a map of GCB // substitutions. -func (g *GCB) SetGCBSubstitutions(toolOrg, toolRepo, toolRef, gcsBucket string) (map[string]string, error) { +func (g *GCB) SetGCBSubstitutions(toolOrg, toolRepo, toolRef, gcsBucket, forceBuildKrel string) (map[string]string, error) { gcbSubs := map[string]string{} gcbSubs["TOOL_ORG"] = toolOrg gcbSubs["TOOL_REPO"] = toolRepo gcbSubs["TOOL_REF"] = toolRef + gcbSubs["FORCE_BUILD_KREL"] = forceBuildKrel gcbSubs["K8S_ORG"] = release.GetK8sOrg() if g.options.CustomK8sOrg != "" { diff --git a/pkg/gcp/gcb/gcb_test.go b/pkg/gcp/gcb/gcb_test.go index 56c184ebd4c..43dc5d82e46 100644 --- a/pkg/gcp/gcb/gcb_test.go +++ b/pkg/gcp/gcb/gcb_test.go @@ -157,15 +157,16 @@ func TestSubmitGcbFailure(t *testing.T) { func TestSetGCBSubstitutionsSuccess(t *testing.T) { testcases := []struct { - name string - gcbOpts *gcb.Options - toolOrg string - toolRepo string - toolRef string - expected map[string]string - repoMock gcb.Repository - versionMock gcb.Version - releaseMock gcb.Release + name string + gcbOpts *gcb.Options + toolOrg string + toolRepo string + toolRef string + forceBuildKrel string + expected map[string]string + repoMock gcb.Repository + versionMock gcb.Version + releaseMock gcb.Release }{ { name: "main branch alpha - stage", @@ -183,6 +184,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { "TOOL_ORG": "", "TOOL_REPO": "", "TOOL_REF": "", + "FORCE_BUILD_KREL": "", "TYPE": release.ReleaseTypeAlpha, "TYPE_TAG": release.ReleaseTypeAlpha, "MAJOR_VERSION_TAG": "1", @@ -211,6 +213,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { "TOOL_ORG": "", "TOOL_REPO": "", "TOOL_REF": "", + "FORCE_BUILD_KREL": "", "TYPE": release.ReleaseTypeBeta, "TYPE_TAG": release.ReleaseTypeBeta, "MAJOR_VERSION_TAG": "1", @@ -239,6 +242,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { "TOOL_ORG": "", "TOOL_REPO": "", "TOOL_REF": "", + "FORCE_BUILD_KREL": "", "TYPE": release.ReleaseTypeRC, "TYPE_TAG": release.ReleaseTypeRC, "MAJOR_VERSION_TAG": "1", @@ -266,6 +270,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { "TOOL_ORG": "", "TOOL_REPO": "", "TOOL_REF": "", + "FORCE_BUILD_KREL": "", "TYPE": release.ReleaseTypeOfficial, "TYPE_TAG": release.ReleaseTypeOfficial, "MAJOR_VERSION_TAG": "1", @@ -285,12 +290,13 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { ReleaseType: release.ReleaseTypeOfficial, GcpUser: "test-user", }, - repoMock: mockRepo(), - versionMock: mockVersion("v1.16.0"), - releaseMock: mockRelease("v1.16.0"), - toolOrg: "honk", - toolRepo: "best-tools", - toolRef: "tool-branch", + repoMock: mockRepo(), + versionMock: mockVersion("v1.16.0"), + releaseMock: mockRelease("v1.16.0"), + toolOrg: "honk", + toolRepo: "best-tools", + toolRef: "tool-branch", + forceBuildKrel: "true", expected: map[string]string{ "RELEASE_BRANCH": "release-1.16", "TOOL_ORG": "honk", @@ -298,6 +304,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { "TOOL_REF": "tool-branch", "TYPE": release.ReleaseTypeOfficial, "TYPE_TAG": release.ReleaseTypeOfficial, + "FORCE_BUILD_KREL": "true", "MAJOR_VERSION_TAG": "1", "MINOR_VERSION_TAG": "16", "PATCH_VERSION_TAG": "0", @@ -315,17 +322,19 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { ReleaseType: release.ReleaseTypeBeta, GcpUser: "test-user", }, - repoMock: mockRepo(), - versionMock: mockVersion("v1.19.0-alpha.2.763+2da917d3701904"), - releaseMock: mockRelease("1.19.0-beta.0"), - toolOrg: "honk", - toolRepo: "best-tools", - toolRef: "tool-branch", + repoMock: mockRepo(), + versionMock: mockVersion("v1.19.0-alpha.2.763+2da917d3701904"), + releaseMock: mockRelease("1.19.0-beta.0"), + toolOrg: "honk", + toolRepo: "best-tools", + toolRef: "tool-branch", + forceBuildKrel: "true", expected: map[string]string{ "RELEASE_BRANCH": "release-1.19", "TOOL_ORG": "honk", "TOOL_REPO": "best-tools", "TOOL_REF": "tool-branch", + "FORCE_BUILD_KREL": "true", "TYPE": release.ReleaseTypeBeta, "TYPE_TAG": release.ReleaseTypeBeta, "MAJOR_VERSION_TAG": "1", @@ -345,14 +354,16 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { ReleaseType: release.ReleaseTypeRC, GcpUser: "test-user", }, - repoMock: mockRepo(), - versionMock: mockVersion("v1.18.6-rc.0.15+e38139724f8f00"), - releaseMock: mockRelease("1.18.6-rc.1"), + repoMock: mockRepo(), + versionMock: mockVersion("v1.18.6-rc.0.15+e38139724f8f00"), + releaseMock: mockRelease("1.18.6-rc.1"), + forceBuildKrel: "false", expected: map[string]string{ "RELEASE_BRANCH": "release-1.18", "TOOL_ORG": "", "TOOL_REPO": "", "TOOL_REF": "", + "FORCE_BUILD_KREL": "false", "TYPE": release.ReleaseTypeRC, "TYPE_TAG": release.ReleaseTypeRC, "MAJOR_VERSION_TAG": "1", @@ -380,6 +391,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { "TOOL_ORG": "", "TOOL_REPO": "", "TOOL_REF": "", + "FORCE_BUILD_KREL": "", "TYPE": release.ReleaseTypeRC, "TYPE_TAG": release.ReleaseTypeRC, "MAJOR_VERSION_TAG": "1", @@ -402,7 +414,7 @@ func TestSetGCBSubstitutionsSuccess(t *testing.T) { sut.SetReleaseClient(tc.releaseMock) subs, err := sut.SetGCBSubstitutions( - tc.toolOrg, tc.toolRepo, tc.toolRef, "gs://test-bucket", + tc.toolOrg, tc.toolRepo, tc.toolRef, "gs://test-bucket", tc.forceBuildKrel, ) require.Nil(t, err) @@ -449,7 +461,7 @@ func TestSetGCBSubstitutionsFailure(t *testing.T) { sut := gcb.New(tc.gcbOpts) sut.SetRepoClient(tc.repoMock) sut.SetVersionClient(tc.versionMock) - _, err := sut.SetGCBSubstitutions("", "", "", "") + _, err := sut.SetGCBSubstitutions("", "", "", "", "") require.Error(t, err) } } diff --git a/pkg/release/release.go b/pkg/release/release.go index 71e8a5cfc2e..cb36d3f64e1 100644 --- a/pkg/release/release.go +++ b/pkg/release/release.go @@ -159,6 +159,13 @@ func GetToolRef() string { return env.Default("TOOL_REF", DefaultToolRef) } +// GetForceBuildKrel checks if the 'FORCE_BUILD_KREL' environment variable is +// set. If 'FORCE_BUILD_KREL' is non-empty, it returns the value. Otherwise, +// it returns "false". +func GetForceBuildKrel() string { + return env.Default("FORCE_BUILD_KREL", "false") +} + // GetK8sOrg checks if the 'K8S_ORG' environment variable is set. // If 'K8S_ORG' is non-empty, it returns the value. Otherwise, it returns DefaultK8sOrg. func GetK8sOrg() string { From f49f759aefcdfd12b74e216b2f7b3631a5dcd779 Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Fri, 13 Sep 2024 10:01:43 +0200 Subject: [PATCH 3/5] schedule-builder: don't mention release name for upcoming Those releases usually have no single name referring to them, so we just use the date. Signed-off-by: Sascha Grunert --- cmd/schedule-builder/cmd/markdown.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/schedule-builder/cmd/markdown.go b/cmd/schedule-builder/cmd/markdown.go index ad7a55a998c..50d354c4dd5 100644 --- a/cmd/schedule-builder/cmd/markdown.go +++ b/cmd/schedule-builder/cmd/markdown.go @@ -285,7 +285,7 @@ func updatePatchSchedule(refTime time.Time, schedule PatchSchedule, eolBranches } if refTime.After(upcomingTargetDate) { - logrus.Infof("Skipping outdated upcoming release for %s (%s)", upcomingRelease.Release, upcomingRelease.TargetDate) + logrus.Infof("Skipping outdated upcoming release for %s", upcomingRelease.TargetDate) continue } From 1939ee0a5b6a1dad68a59bbb9134d24ef51f8b1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 01:06:25 +0000 Subject: [PATCH 4/5] Bump github/codeql-action from 3.26.6 to 3.26.7 in the actions group Bumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.6 to 3.26.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...8214744c546c1e5c8f03dde8fab3a7353211988d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5a42b467f78..107718b1bf1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -64,12 +64,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -83,4 +83,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 3a0cf7ea982..d6710fde055 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -63,6 +63,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From bf797dd45509951dfe829f663bdb7f8a78eca34e Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Mon, 16 Sep 2024 14:04:26 +0200 Subject: [PATCH 5/5] Fix marker publish verification when bucket is private We need to use the private link for verification otherwise it will simply not work. This patch also adds more verbosity around the update process to enhance debugging. Related to https://github.com/kubernetes/kubernetes/issues/127350 Signed-off-by: Sascha Grunert --- pkg/release/publish.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/release/publish.go b/pkg/release/publish.go index 1ae552ebbd6..5b707303b7c 100644 --- a/pkg/release/publish.go +++ b/pkg/release/publish.go @@ -360,6 +360,7 @@ func (p *Publisher) PublishToGcs( return fmt.Errorf("write latest version file: %w", err) } + logrus.Infof("Running `gsutil cp` from %s to: %s", latestFile, publishFileDst) if err := p.client.GSUtil( "-m", "-h", "Content-Type:text/plain", @@ -374,20 +375,22 @@ func (p *Publisher) PublishToGcs( var content string if !privateBucket { // If public, validate public link + logrus.Infof("Validating uploaded version file using HTTP at %s", publicLink) response, err := p.client.GetURLResponse(publicLink) if err != nil { return fmt.Errorf("get content of %s: %w", publicLink, err) } content = response } else { - response, err := p.client.GSUtilOutput("cat", publicLink) + // Use the private location + logrus.Infof("Validating uploaded version file using `gsutil cat` at %s", publishFileDst) + response, err := p.client.GSUtilOutput("cat", publishFileDst) if err != nil { - return fmt.Errorf("get content of %s: %w", publicLink, err) + return fmt.Errorf("get content of %s: %w", publishFileDst, err) } content = response } - logrus.Infof("Validating uploaded version file at %s", publicLink) if version != content { return fmt.Errorf( "version %s it not equal response %s",