kyma-project · kyma-bot · Apr 30, 2024 · Apr 19, 2024 · Apr 29, 2024
@@ -0,0 +1,28 @@
+name: 'Setup libgit2'
+description: 'Action for the libgit2 setup'
+
+inputs:
+  version:
+    description: 'libgit2 version to checkout'
+    required: true
+    default: 'v1.5.2'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install libssh2
+      run: |
+        sudo apt update 
+        sudo apt install libssh2-1-dev -y
+      shell: bash
+
+    - name: Install libgit2
+      run: |
+        git clone https://github.com/libgit2/libgit2.git
+        cd libgit2 
+        git checkout ${{ inputs.version }}
+        cmake . -DBUILD_TESTS=OFF -DBUILD_CLI=OFF -DUSE_SSH=ON
+        sudo make install
+        sudo ldconfig
+      shell: bash
+
@@ -0,0 +1,38 @@
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    labels:
+      - "area/dependency"
+      - "kind/chore"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "gomod"
+      include: "scope"
+    ignore:
+      # ignore minor k8s updates, e.g. 1.27.x -> 1.28.x
+      - dependency-name: "k8s.io/*"
+        update-types: ["version-update:semver-minor"]
+      - dependency-name: "sigs.k8s.io/*"
+        update-types: ["version-update:semver-minor"]
+      - dependency-name: "helm.sh/helm/v3"
+        update-types: ["version-update:semver-minor"]
+    groups:
+      k8s-io:
+        patterns:
+          - "k8s.io/*"
+
+  - package-ecosystem: "docker"
+    directory: "/components/operator"
+    labels:
+      - "area/dependency"
+      - "kind/chore"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "operator"
+      include: "scope"
+
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+PREVIOUS_RELEASE=$2 # for testability
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+RELEASE_TAG=$1
+
+REPOSITORY=${REPOSITORY:-kyma-project/docker-registry}
+GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
+GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}"
+CHANGELOG_FILE="CHANGELOG.md"
+
+if [ "${PREVIOUS_RELEASE}"  == "" ]
+then
+  PREVIOUS_RELEASE=$(git describe --tags --abbrev=0)
+fi
+
+echo "## What has changed" >> ${CHANGELOG_FILE}
+
+git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit
+do
+    COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login')
+    if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then
+      git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >> ${CHANGELOG_FILE}
+    fi
+done
+
+NEW_CONTRIB=$$.new
+
+join -v2 \
+<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \
+<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB}
+
+if [ -s ${NEW_CONTRIB} ]
+then
+  echo -e "\n## New contributors" >> ${CHANGELOG_FILE}
+  while read -r user
+  do
+    REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true)
+    if [ -n "${REF_PR}" ] #reference found
+    then
+      REF_PR=" in ${REF_PR}"
+    fi
+    echo "* @${user} made first contribution${REF_PR}" >> ${CHANGELOG_FILE}
+  done <${NEW_CONTRIB}
+fi
+
+echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >> ${CHANGELOG_FILE}
+
+# cleanup
+rm ${NEW_CONTRIB} || echo "cleaned up"
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# This script returns the id of the draft release
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+RELEASE_TAG=$1
+
+REPOSITORY=${REPOSITORY:-kyma-project/docker-registry}
+GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
+GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
+CHANGELOG_FILE=$(cat CHANGELOG.md)
+
+JSON_PAYLOAD=$(jq -n \
+  --arg tag_name "$RELEASE_TAG" \
+  --arg name "$RELEASE_TAG" \
+  --arg body "$CHANGELOG_FILE" \
+  '{
+    "tag_name": $tag_name,
+    "name": $name,
+    "body": $body,
+    "draft": true
+  }')
+
+CURL_RESPONSE=$(curl -L \
+  -X POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "${GITHUB_AUTH_HEADER}" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  ${GITHUB_URL}/releases \
+  -d "$JSON_PAYLOAD")
+
+echo "$(echo $CURL_RESPONSE | jq -r ".id")"
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# This script publishes a draft release
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+RELEASE_ID=$1
+IS_LATEST_RELEASE=$2
+
+REPOSITORY=${REPOSITORY:-kyma-project/docker-registry}
+GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
+GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
+
+CURL_RESPONSE=$(curl -L \
+  -X POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "${GITHUB_AUTH_HEADER}" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  ${GITHUB_URL}/releases/${RELEASE_ID} \
+  -d '{"draft": false, "make_latest": '"$IS_LATEST_RELEASE"'}')
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+# Expected variables:
+IMG=${IMG?"Define IMG env"} # operator image
+PULL_BASE_REF=${PULL_BASE_REF?"Define PULL_BASE_REF env"} # name of the tag
+GITHUB_TOKEN=${GITHUB_TOKEN?"Define GITHUB_TOKEN env"} # github token used to upload the template yaml
+
+uploadFile() {
+  filePath=${1}
+  ghAsset=${2}
+
+  echo "Uploading ${filePath} as ${ghAsset}"
+  response=$(curl -s -o output.txt -w "%{http_code}" \
+                  --request POST --data-binary @"$filePath" \
+                  -H "Authorization: token $GITHUB_TOKEN" \
+                  -H "Content-Type: text/yaml" \
+                   $ghAsset)
+  if [[ "$response" != "201" ]]; then
+    echo "Unable to upload the asset ($filePath): "
+    echo "HTTP Status: $response"
+    cat output.txt
+    exit 1
+  else
+    echo "$filePath uploaded"
+  fi
+}
+
+echo "IMG: ${IMG}"
+IMG=${IMG} make -C components/operator/ render-manifest
+
+echo "Generated dockerregistry-operator.yaml:"
+cat dockerregistry-operator.yaml
+
+echo "Fetching releases"
+CURL_RESPONSE=$(curl -w "%{http_code}" -sL \
+                -H "Accept: application/vnd.github+json" \
+                -H "Authorization: Bearer $GITHUB_TOKEN"\
+                https://api.github.com/repos/kyma-project/docker-registry/releases)
+JSON_RESPONSE=$(sed '$ d' <<< "${CURL_RESPONSE}")
+HTTP_CODE=$(tail -n1 <<< "${CURL_RESPONSE}")
+if [[ "${HTTP_CODE}" != "200" ]]; then
+  echo "${CURL_RESPONSE}"
+  exit 1
+fi
+
+echo "Finding release id for: ${PULL_BASE_REF}"
+RELEASE_ID=$(jq <<< ${JSON_RESPONSE} --arg tag "${PULL_BASE_REF}" '.[] | select(.tag_name == $ARGS.named.tag) | .id')
+
+echo "Got '${RELEASE_ID}' release id"
+if [ -z "${RELEASE_ID}" ]
+then
+  echo "No release with tag = ${PULL_BASE_REF}"
+  exit 1
+fi
+
+echo "Updating github release with assets"
+UPLOAD_URL="https://uploads.github.com/repos/kyma-project/docker-registry/releases/${RELEASE_ID}/assets"
+
+uploadFile "dockerregistry-operator.yaml" "${UPLOAD_URL}?name=dockerregistry-operator.yaml"
+uploadFile "config/samples/default-dockerregistry-cr.yaml" "${UPLOAD_URL}?name=default-dockerregistry-cr.yaml"
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+IMG_VERSION=${IMG_VERSION?"Define IMG_VERSION env"}
+
+yq eval-all --inplace '
+    select(fileIndex == 0).protecode=[
+        select(fileIndex == 1)
+        | .global.containerRegistry.path as $registryPath
+        | (
+            {
+                "dockerregistry_operator" : {
+                    "name" : "dockerregistry-operator",
+                    "directory" : "prod",
+                    "version" : env(IMG_VERSION)
+                }
+            }
+            + .global.images
+          )[]
+        | $registryPath + "/" + .directory + "/" + .name + ":" + .version
+    ]
+    | select(fileIndex == 0)
+    ' sec-scanners-config.yaml config/docker-registry/values.yaml
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+echo "Checking status of github actions for docker-registry"
+
+REF_NAME="${1:-"main"}"
+RAW_EXPECTED_SHA=$(git log "${REF_NAME}" --max-count 1 --format=format:%H)
+REPOSITORY_ID="563346860"
+
+STATUS_URL="https://api.github.com/repositories/${REPOSITORY_ID}/actions/workflows/gardener-integration.yaml/runs?head_sha=${RAW_EXPECTED_SHA}"
+GET_STATUS_JQ_QUERY=".workflow_runs[0] | \"\(.status)-\(.conclusion)\""
+GET_COUNT_JQ_QUERY=".total_count"
+
+response=`curl -s ${STATUS_URL}`
+
+count=`echo $response | jq -r "${GET_COUNT_JQ_QUERY}"`
+if [[ "$count" == "0" ]]; then
+  echo "No actions to verify"
+else
+  fullstatus=`echo $response |  jq -r "${GET_STATUS_JQ_QUERY}"`
+  if [[ "$fullstatus" == "completed-success" ]]; then
+    echo "All actions succeeded"
+  else
+    echo "Actions failed or pending - Check github actions status"
+    exit 1
+  fi
+fi
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+### Verify post-submit prow jobs status
+#
+# Optional input args:
+#   - REF_NAME - branch/tag/commit
+# Return status:
+#   - return 0 - if status is "success"
+#   - return 1 - if status is "failure" or after timeout (~25min)
+
+# wait until Prow trigger pipelines
+sleep 10
+
+echo "Checking status of POST Jobs for docker-registry"
+
+REF_NAME="${1:-"main"}"
+STATUS_URL="https://api.github.com/repos/kyma-project/docker-registry/commits/${REF_NAME}/status"
+
+function verify_github_jobs_status () {
+	local number=1
+	while [[ $number -le 100 ]] ; do
+		echo ">--> checking docker-registry job status #$number"
+		local STATUS=`curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL} | jq -r .state `
+		echo "jobs status: ${STATUS:='UNKNOWN'}"
+		[[ "$STATUS" == "success" ]] && return 0
+		[[ "$STATUS" == "failure" ]] && return 1
+		sleep 15
+        	((number = number + 1))
+	done
+
+	exit 1
+}
+
+verify_github_jobs_status
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+MAIN_IMAGES=(${MAIN_IMAGES?"Define MAIN_IMAGES env"})
+PR_NOT_MAIN_IMAGES=(${PR_NOT_MAIN_IMAGES?"Define PR_NOT_MAIN_IMAGES env"})
+
+FAIL=false
+for main_image in "${MAIN_IMAGES[@]}"; do
+    echo "${main_image} checking..."
+
+    for pr_image in "${PR_NOT_MAIN_IMAGES[@]}"; do
+        if [ "${main_image}" == "${pr_image}" ]; then
+            echo "  warning: ${pr_image} tag/version seems to be modified (should be main)!"
+            FAIL=true
+        fi
+    done
+done
+
+if $FAIL; then
+    exit 1
+fi
@@ -0,0 +1,19 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Label to use when marking an issue as stale
+staleLabel: lifecycle/stale
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - lifecycle/frozen
+  - lifecycle/active
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: |
+  This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
+  Thank you for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: |
+  This issue has been automatically closed due to the lack of recent activity.
+  /lifecycle rotten
+