Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve SHA generation and enable SHA256SUMS/SHA512SUMS upload to GitHub #849

Merged
merged 6 commits into from
Aug 21, 2019

Conversation

justaugustus
Copy link
Member

@justaugustus justaugustus commented Aug 17, 2019

As a first step to looking at adding cryptographic digests to our releases, this generates SHA256 and SHA512 hashes for top-level release artifacts and adds them to SHA256SUMS/SHA512SUMS files.

Additionally:

  • Remove usage of MD5 for release artifacts
  • Default to SHA256 in common::sha and remove usage of SHA1
  • Rename release::gcs::stage_and_hash to release::gcs::prepare_tarball
  • Enable uploading shasums to GitHub

ref: #850, https://github.com/kubernetes/kubernetes/issues/70132#issuecomment-518297891

@k8s-ci-robot k8s-ci-robot added the do-not-merge/blocked-paths Indicates that a PR should not merge because it touches files in blocked paths. label Aug 17, 2019
@k8s-ci-robot
Copy link
Contributor

@justaugustus: Adding label: do-not-merge/blocked-paths because PR changes a protected file.

Reasons for blocking this PR:

[Changes to certain release tools can affect our ability to test, build, and release Kubernetes. This PR must be explicitly approved by SIG Release repo admins.]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 17, 2019
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release-eng Issues or PRs related to the Release Engineering subproject sig/release Categorizes an issue or PR as relevant to SIG Release. labels Aug 17, 2019
@justaugustus justaugustus changed the title Shas [WIP] Shas Aug 17, 2019
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 17, 2019
@justaugustus justaugustus changed the title [WIP] Shas [WIP] Improve SHA generation for release artifacts Aug 17, 2019
@justaugustus justaugustus force-pushed the shas branch 2 times, most recently from 7f38586 to 0e7e73f Compare August 18, 2019 01:02
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 18, 2019
@justaugustus justaugustus changed the title [WIP] Improve SHA generation for release artifacts Improve SHA generation and enable SHA256SUMS/SHA512SUMS upload to GitHub Aug 18, 2019
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 18, 2019
@justaugustus
Copy link
Member Author

/assign @philips @tpepper @calebamiles
/cc @kubernetes/release-engineering
/milestone v1.16
/kind feature
/priority important-soon

@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 18, 2019
@k8s-ci-robot k8s-ci-robot added this to the v1.16 milestone Aug 18, 2019
@k8s-ci-robot k8s-ci-robot added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Aug 18, 2019
@justaugustus
Copy link
Member Author

justaugustus commented Aug 18, 2019

As for testing this...

I wrote a script, err... copy/pasta-ed a bunch of stuff from this repo to emulate the relevant parts of the release: https://gist.github.com/justaugustus/74bf0480a1686fb4949d2445a7fe11ce#file-generate-shas-sh

This PR is essentially the work product from that script.

Staging

Once I felt this was in a decent place, I ran a few mock stages to test this:

RELEASE_TOOL_REPO="https://github.com/justaugustus/release.git" \
RELEASE_TOOL_BRANCH="shas" \
./gcbmgr stage master --build-at-head

Here's a successful build on GCB: https://console.cloud.google.com/cloud-build/builds/eac0b92e-3d62-4b1a-a047-feef1f1a9880?project=kubernetes-release-test

For those who don't have access to see that bucket, here's a directory listing:

$ gsutil ls gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/SHA256SUMS
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/SHA512SUMS
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-386.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-386.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-386.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-386.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-386.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-386.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-386.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-386.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-386.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-manifests.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-manifests.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-manifests.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-windows-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-windows-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-windows-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-src.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-src.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-src.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-darwin-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-darwin-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-darwin-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-portable.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-portable.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-portable.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-windows-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-windows-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-windows-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/bin/
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.271+091a5dc53b1b96/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/extra/

(This was run from commit 15e8dbf)

Releasing

Since we shouldn't just arbitrarily release Kubernetes, I used my fork.

Again, running the test script, generate-shas.sh, we able to see that both SHA256SUMS and SHA512SUMS files have been uploaded to GitHub: https://github.com/justaugustus/kubernetes/releases/tag/v1.17.0-alpha.0

@justaugustus
Copy link
Member Author

/test pull-release-unit

Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

Copy link
Contributor

@hoegaarden hoegaarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to the inline comments, see below for the shellcheck issues of the changed code (and surroundings), my editor yelled at me at.

Also, can we maybe get some tests in place? E.g. when we introduce new files, I'd expect a test to check if a file was created on disk or a test that check if (a mock) curl has been called for those files.
Pretty please?


diff --git a/anago b/anago
index 5811feb..2763929 100755
--- a/anago
+++ b/anago
@@ -1079,12 +1079,15 @@ update_github_release () {
   local release_verb="Posting"
   local prerelease="true"
   local draft="true"
-  local staging_dir="$TREE_ROOT/_output-$RELEASE_VERSION_PRIME/gcs-stage/$RELEASE_VERSION_PRIME"
-  local tarball="$staging_dir/kubernetes.tar.gz"
-  local sha256_hash=$(common::sha $tarball 256)
-  local sha512_hash=$(common::sha $tarball 512)
-  local sha256sums_file="$staging_dir/SHA256SUMS"
-  local sha512sums_file="$staging_dir/SHA512SUMS"
+  local staging_dir="${TREE_ROOT}/_output-${RELEASE_VERSION_PRIME}/gcs-stage/${RELEASE_VERSION_PRIME}"
+  local tarball="${staging_dir}/kubernetes.tar.gz"
+  local sha256_hash
+  local sha512_hash
+  local sha256sums_file="${staging_dir}/SHA256SUMS"
+  local sha512sums_file="${staging_dir}/SHA512SUMS"
+
+  sha256_hash=$(common::sha "$tarball" 256)
+  sha512_hash=$(common::sha "$tarball" 512)
 
   ((FLAGS_official)) && prerelease="false"
   if ((FLAGS_nomock)); then
@@ -1135,7 +1138,7 @@ update_github_release () {
     "tag_name": "'$RELEASE_VERSION_PRIME'",
     "target_commitish": "'$RELEASE_BRANCH'",
     "name": "'$RELEASE_VERSION_PRIME'",
-    "body": "See [kubernetes-announce@](https://groups.google.com/forum/#!forum/kubernetes-announce) and ['$CHANGELOG_FILE']('$changelog_url'#'${RELEASE_VERSION_PRIME//\./}') for details.\n\nSHA256 for `kubernetes.tar.gz`: `'$sha256_hash'`\n\nSHA512 for `kubernetes.tar.gz`: `'$sha512_hash'`\n\nAdditional binary downloads are linked in the ['$CHANGELOG_FILE']('$changelog_url'#downloads-for-'${RELEASE_VERSION_PRIME//\./}').",
+    "body": "See [kubernetes-announce@](https://groups.google.com/forum/#!forum/kubernetes-announce) and ['$CHANGELOG_FILE']('$changelog_url'#'${RELEASE_VERSION_PRIME//\./}') for details.\n\nSHA256 for `kubernetes.tar.gz`: `'${sha256_hash}'`\n\nSHA512 for `kubernetes.tar.gz`: `'${sha512_hash}'`\n\nAdditional binary downloads are linked in the ['$CHANGELOG_FILE']('$changelog_url'#downloads-for-'${RELEASE_VERSION_PRIME//\./}').",
     "draft": '$draft',
     "prerelease": '$prerelease'
     }' |jq -r '.id')
@@ -1147,28 +1150,31 @@ update_github_release () {
     return 1
   fi
 
+  local assetsUploadURL="${K8S_GITHUB_API/api\./uploads\.}/releases/$release_id/assets"
+
   # publish binary
   logecho -n "Uploading binary to github: "
   if $GHCURL -H "Content-Type:application/x-compressed" \
-   --data-binary @$tarball \
-   "${K8S_GITHUB_API/api\./uploads\.}/releases/$release_id/assets?name=${tarball##*/}"; then
-    logecho $OK
+   --data-binary "@${tarball}" \
+   "${assetsUploadURL}?name=${tarball##*/}"; then
+    logecho "$OK"
   else
-    logecho $FAILED
+    logecho "$FAILED"
   fi
 
   # Upload SHA sums to GitHub
+  local file
   logecho -n "Uploading SHA sums to github: "
   for file in "$sha256sums_file" "$sha512sums_file"; do
     if [[ ! -f $file ]]; then
       logecho -n "Unable to find $file. Skipping..."
     else
       if $GHCURL -H "Content-Type:application/octet-stream" \
-      --data-binary @$file \
-      "${K8S_GITHUB_API/api\./uploads\.}/releases/$release_id/assets?name=${file##*/}"; then
-        logecho $OK
+      --data-binary "@${file}" \
+      "${assetsUploadURL}?name=${file##*/}"; then
+        logecho "$OK"
       else
-        logecho $FAILED
+        logecho "$FAILED"
       fi
     fi
   done
diff --git a/lib/common.sh b/lib/common.sh
index 684f739..03634fc 100755
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -650,12 +650,14 @@ common::sha () {
   local file=$1
   local algo=${2:-256}
   local output_type=${3:-hash}
-  local shasum_cmd=$(which shasum >/dev/null 2>&1 && LANG=C shasum -a$algo $file)
+  local shasum
+
+  shasum="$(command -v shasum >/dev/null 2>&1 && LANG=C shasum "-a${algo}" "$file")"
 
   if [[ "$output_type" != "full" ]]; then
-    echo "$shasum_cmd" | awk '{print $1}'
+    echo "$shasum" | awk '{print $1}'
   else
-    echo "$shasum_cmd" | sed 's/  .*\//  /'
+    echo "$shasum" | sed 's/  .*\//  /'
   fi
 }
 
diff --git a/lib/releaselib.sh b/lib/releaselib.sh
index 27a7046..4403608 100644
--- a/lib/releaselib.sh
+++ b/lib/releaselib.sh
@@ -680,17 +680,17 @@ release::gcs::locally_stage_release_artifacts() {
 
   logecho "- Hashing files in ${gcs_stage##$build_output/}..."
   find $gcs_stage -type f | while read path; do
-    common::sha $path 256 "full" > "$path.sha256" || return 1
-    common::sha $path 512 "full" > "$path.sha512" || return 1
+    common::sha "$path" 256 "full" > "$path.sha256" || return 1
+    common::sha "$path" 512 "full" > "$path.sha512" || return 1
   done
 
   logecho "- Writing artifact hashes to SHA256SUMS/SHA512SUMS files..."
   for sha_file in "$gcs_stage"/*.sha256; do
-    cat "$sha_file" >> "$gcs_stage/SHA256SUMS"
+    cat "$sha_file" >> "${gcs_stage}/SHA256SUMS"
   done
 
   for sha_file in "$gcs_stage"/*.sha512; do
-    cat "$sha_file" >> "$gcs_stage/SHA512SUMS"
+    cat "$sha_file" >> "${gcs_stage}/SHA512SUMS"
   done
 }
 

anago Outdated
@@ -1132,7 +1135,7 @@ update_github_release () {
"tag_name": "'$RELEASE_VERSION_PRIME'",
"target_commitish": "'$RELEASE_BRANCH'",
"name": "'$RELEASE_VERSION_PRIME'",
"body": "See [kubernetes-announce@](https://groups.google.com/forum/#!forum/kubernetes-announce) and ['$CHANGELOG_FILE']('$changelog_url'#'${RELEASE_VERSION_PRIME//\./}') for details.\n\nSHA512 for `kubernetes.tar.gz`: `'$sha_hash'`\n\nAdditional binary downloads are linked in the ['$CHANGELOG_FILE']('$changelog_url'#downloads-for-'${RELEASE_VERSION_PRIME//\./}').",
"body": "See [kubernetes-announce@](https://groups.google.com/forum/#!forum/kubernetes-announce) and ['$CHANGELOG_FILE']('$changelog_url'#'${RELEASE_VERSION_PRIME//\./}') for details.\n\nSHA256 for `kubernetes.tar.gz`: `'$sha256_hash'`\n\nSHA512 for `kubernetes.tar.gz`: `'$sha512_hash'`\n\nAdditional binary downloads are linked in the ['$CHANGELOG_FILE']('$changelog_url'#downloads-for-'${RELEASE_VERSION_PRIME//\./}').",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am aware that you are just extending this, but I feel very nervous here about mixing ", ', `, having the shell just interpolating stuff into the json blob, ... so I happy to address that in a follow up.

I think we should build all our payload with jq -n or such, e.g. like here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opened a follow-up issue here: #853

lib/common.sh Outdated Show resolved Hide resolved
lib/releaselib.sh Show resolved Hide resolved
@justaugustus
Copy link
Member Author

Also, can we maybe get some tests in place? E.g. when we introduce new files, I'd expect a test to check if a file was created on disk or a test that check if (a mock) curl has been called for those files.

@hoegaarden -- Anything for you! :)
Here's a successful run:

PASSED: Validated sha256 hash for TEST_generate_sha.HooXuY/shafile1.txt
PASSED: Validated sha512 hash for TEST_generate_sha.HooXuY/shafile1.txt
PASSED: Validated sha256 hash for TEST_generate_sha.HooXuY/shafile2.txt
PASSED: Validated sha512 hash for TEST_generate_sha.HooXuY/shafile2.txt
PASSED: Validated SHA256SUMS
PASSED: Validated SHA512SUMS

@justaugustus
Copy link
Member Author

I've kicked off another mock stage with this branch:

RELEASE_TOOL_REPO="https://github.com/justaugustus/release.git" \
RELEASE_TOOL_BRANCH="shas" \
./gcbmgr stage master --build-at-head

@justaugustus
Copy link
Member Author

This is ready for review again.
Would love opinions from @kubernetes/bash-firefighters, if any of y'all have time. :)

@justaugustus
Copy link
Member Author

justaugustus commented Aug 20, 2019

The stage using this was a success:

$ gsutil ls gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/SHA256SUMS
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/SHA512SUMS
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-386.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-386.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-386.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-386.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-386.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-386.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-386.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-386.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-386.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-client-windows-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-manifests.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-manifests.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-manifests.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-windows-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-windows-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-node-windows-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-server-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-src.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-src.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-src.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-darwin-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-darwin-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-darwin-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-arm64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-ppc64le.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-ppc64le.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-ppc64le.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-s390x.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-s390x.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-linux-s390x.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-portable.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-portable.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-portable.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-windows-amd64.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-windows-amd64.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test-windows-amd64.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes-test.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes.tar.gz
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes.tar.gz.sha256
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/kubernetes.tar.gz.sha512
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/bin/
gs://kubernetes-release-gcb/stage/v1.17.0-alpha.0.336+f17b608157ae94/v1.17.0-alpha.1/gcs-stage/v1.17.0-alpha.1/extra/

@spiffxp spiffxp removed their request for review August 20, 2019 21:48
@cblecker
Copy link
Member

/cc

@k8s-ci-robot k8s-ci-robot requested a review from cblecker August 21, 2019 04:09
Copy link
Contributor

@hoegaarden hoegaarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who / what depends on the *.md5 files we removed now? Nothing? Did we even upload them to the bucket? I think we should check on that (but not sure how).

Other then that just good to go, just some nits inline. But will try to address them via follow up issues / PRs. Let's move this forward! Thanks!

test_scaffold() {
func_name="${FUNCNAME[1]}"
tmp_dir="$(mktemp -d "${func_name}.XXXXXX")"
trap 'rm -rf -- "$tmp_dir"' EXIT
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:
I am not sure if we want to do that: When I have a trap already set up, and "blindly" use that function it would override (= remove) my trap.
I think, the least we should do is document that behaviour.
I guess, we could also return the tmp_dir and leave it to the caller to do whatever with that?
We could also have test_main setup a tmp_dir for each test case it runs and export that as TMPDIR or pass in to the TEST_... function? test_main could just set a exit trap to remove the dir in the subshell it runs the test in ...
I don't know ... 🤷‍♂

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opened #855 for someone to work on that separately.

anago Outdated
@@ -1144,16 +1150,36 @@ update_github_release () {
return 1
fi

local assets_upload_url="${K8S_GITHUB_API/api\./uploads\.}/releases/$release_id/assets"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
local assets_upload_url="${K8S_GITHUB_API/api\./uploads\.}/releases/$release_id/assets"
local assets_upload_url="${K8S_GITHUB_API/api\./uploads\.}/releases/${release_id}/assets"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in recent push.

local output_type=${3:-hash}
local shasum_output

which shasum >/dev/null 2>&1 || return 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:
shellcheck suggests command -v instead of which: https://github.com/koalaman/shellcheck/wiki/SC2230

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there are several places in k8s where we ignore this shellcheck, because command -v may not be the right approach.
@kubernetes/bash-firefighters -- can you advise?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

short version: command -v is not equivilant, when you want a binary use which

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

long version: command -v will consider functions in the shell, the reason this could be bad to use over which is if you are checking that a binary is installed for some other layer to invoke. command -v will return true if a function matches even if there is not a matching binary. which only inspects files in PATH.

https://github.com/kubernetes/kubernetes/blob/master/hack/verify-shellcheck.sh#L39
koalaman/shellcheck#1162


logecho "- Writing artifact hashes to SHA256SUMS/SHA512SUMS files..."
for bits in "256" "512"; do
for sha_file in "${gcs_stage}"/*.sha"${bits}"; do
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:
Not sure why we want to run that loop twice and not do all the things in the inner loop of find "$gcs_stage" -type f | while read -r path; do above. But I might miss something and it's not a biggy anyway ...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a biggie if we end up missing stuff!
In this case, I only wanted the SHAs for the tarballs that are in the top-level e.g., the ones that we mention in the announcement emails to be included in the SHA256SUMS/SHA512SUMS file.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not include the shasums for everything we publish?


assert_equal_content \
<( common::run_stateful --strip-args 'printf %s\n%s arg1 arg2' ) \
<( echo -e "\n\nprintf\n\n\narg1\narg2" ) \
"passing command and arguments"
}

TEST_generate_sha() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No sure if I understand the test:

  • it seems to test common::sha
  • we have the 2 test files as fixtures in $TESTDATA but still generate them on the fly
  • kinda reimplement parts of common::sha in the test and the assert on that implementation
  • we don't have any test in place which actually tests if the shasum files would be uploaded when they exist, which I believe is the interesting bit

I don't want to block on all that, esp. because I believe testing update_github_release will be a bit painful. But I guess it will force us to refactor that func into something that is easier to test and easier to reason about.

In general, we (esp. myself) could do a better job on documenting the test cases by at least stating what we are intending to test and why.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch, @hoegaarden! Some of that test was detritus from copy/pasting the other one.

  • it seems to test common::sha

Fixed up in recent commit to actually test common::sha

  • we have the 2 test files as fixtures in $TESTDATA but still generate them on the fly

We're actually generating stuff in the tmp_dir and checking it against TESTDATA/common/shas.

Fixed in recent commit.

  • we don't have any test in place which actually tests if the shasum files would be uploaded when they exist, which I believe is the interesting bit
    I don't want to block on all that, esp. because I believe testing update_github_release will be a bit painful. But I guess it will force us to refactor that func into something that is easier to test and easier to reason about.

Agreed. Let's not block on that. I explicitly didn't try to take it on here, because it felt hairy and deserving of its' own PR.
I've opened #855 for someone to work on that separately.

…tarball

This function neither stages, nor hashes any artifacts.
It is responsible for creating tarballs based on a staging directory
and a set of source and destination artifacts.

Signed-off-by: Stephen Augustus <[email protected]>
@justaugustus
Copy link
Member Author

justaugustus commented Aug 21, 2019

Who / what depends on the *.md5 files we removed now? Nothing? Did we even upload them to the bucket? I think we should check on that (but not sure how).

@hoegaarden -- I looked around in Hound (https://cs.k8s.io) before removing that and couldn't find anything relevant. I think this is one of those instances where I'd be okay temporarily breaking something to identify it, as we shouldn't be using MD5/SHA1 anywhere (if possible).

@hoegaarden hoegaarden self-requested a review August 21, 2019 19:03
@hoegaarden
Copy link
Contributor

@hoegaarden -- I looked around in Hound (https://cs.k8s.io) before removing that and couldn't find anything relevant. I think this is one of those instances where I'd be okay temporarily breaking something to identify it, as we shouldn't be using MD5/SHA1 anywhere (if possible).

👍

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 21, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, hoegaarden, justaugustus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [hoegaarden,justaugustus]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@justaugustus justaugustus removed the do-not-merge/blocked-paths Indicates that a PR should not merge because it touches files in blocked paths. label Aug 21, 2019
@k8s-ci-robot k8s-ci-robot merged commit f7a62b0 into kubernetes:master Aug 21, 2019
@BenTheElder
Copy link
Member

Who / what depends on the *.md5 files we removed now? Nothing? Did we even upload them to the bucket? I think we should check on that (but not sure how).

we should not remove release artifacts without going through a deprecation period.
see also: https://github.com/kubernetes/enhancements/blob/master/keps/sig-testing/20190118-breaking-apart-the-kubernetes-test-tarball.md

IIRC @LiGgit had thoughts on this last time with the test tarball KEP and we settled on following something related to https://kubernetes.io/docs/reference/using-api/deprecation-policy/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release-eng Issues or PRs related to the Release Engineering subproject cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/release Categorizes an issue or PR as relevant to SIG Release. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants