diff --git a/images/autobump/Dockerfile b/images/autobump/Dockerfile deleted file mode 100644 index 30f1b5a9c07..00000000000 --- a/images/autobump/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM golang:1.18 AS pullrequestcreator - -RUN git clone https://github.com/kubernetes/test-infra -RUN cd test-infra/robots/pr-creator && go build -v -o pr-creator ./main.go - -FROM gcr.io/k8s-testimages/gcloud-in-go:v20200205-602500d - -RUN apt-get update && apt-get install -y --no-install-recommends \ - build-essential \ - ca-certificates \ - curl \ - git \ - gnupg2 \ - rng-tools - -COPY --from=pullrequestcreator /go/test-infra/robots/pr-creator/pr-creator /pr-creator - -COPY bump.sh /bump.sh - -COPY autobump.sh /autobump.sh - -RUN chmod 755 /bump.sh - -RUN chmod 755 /autobump.sh - -ENTRYPOINT ["/autobump.sh"] diff --git a/images/autobump/Makefile b/images/autobump/Makefile deleted file mode 100644 index e80af0452da..00000000000 --- a/images/autobump/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -SHELL := /bin/bash - -IMG_SLUG := test-infra -IMG_NAME := autobump -IMG_TAG ?= latest - -ACCOUNT :=292999226676 -DOCKER_PUSH_REPOSITORY := dkr.ecr.eu-west-1.amazonaws.com - -IMAGE := "$(ACCOUNT).$(DOCKER_PUSH_REPOSITORY)/$(IMG_SLUG)/$(IMG_NAME):$(IMG_TAG)" - -build-push: build-image push-image - -build-image: - docker build -t "$(IMG_SLUG)/$(IMG_NAME)" . - -push-image: - docker tag "$(IMG_SLUG)/$(IMG_NAME)" $(IMAGE) - docker push $(IMAGE) - -local-registry: - docker tag "$(IMG_SLUG)/$(IMG_NAME)" localhost:5000/$(IMG_NAME) - docker push localhost:5000/$(IMG_NAME) \ No newline at end of file diff --git a/images/autobump/autobump.sh b/images/autobump/autobump.sh deleted file mode 100644 index 78376b7d059..00000000000 --- a/images/autobump/autobump.sh +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (C) 2021 The Falco Authors. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -# Set this to something more specific if the repo hosts multiple Prow instances. -# Must be a valid to use as part of a git branch name. (e.g. no spaces) -PROW_CONTROLLER_MANAGER_FILE="${PROW_CONTROLLER_MANAGER_FILE:-}" -PROW_INSTANCE_NAME="${PROW_INSTANCE_NAME:-prow}" - - -# Args from environment (with defaults) -GH_PROXY="${GH_PROXY:-"http://ghproxy"}" -GH_ORG="${GH_ORG:-"falcosecurity"}" -GH_REPO="${GH_REPO:-"test-infra"}" -BOT_NAME="${BOT_NAME:-"poiana"}" -BOT_MAIL="${BOT_MAIL:-"51138685+poiana@users.noreply.github.com"}" -BOT_GPG_KEY_PATH="${BOT_GPG_KEY_PATH:-"/root/gpg-signing-key/poiana.asc"}" -BOT_GPG_PUBLIC_KEY="${BOT_GPG_PUBLIC_KEY:-"EC9875C7B990D55F3B44D6E45F284448FF941C8F"}" -FORK_GH_REPO="${FORK_GH_REPO:-${GH_REPO}}" - -export GIT_COMMITTER_NAME=${BOT_NAME} -export GIT_COMMITTER_EMAIL=${BOT_MAIL} -export GIT_AUTHOR_NAME=${BOT_NAME} -export GIT_AUTHOR_EMAIL=${BOT_MAIL} - - -# TODO(fejta): rewrite this in a better language REAL SOON <-lol -main() { - if [[ $# -lt 1 ]]; then - echo "Usage: $(basename "$0") [git-name] [git-email]" >&2 - return 1 - fi - creds=$1 - shift - check-args - ensure-git-config "$@" - ensure-gpg-keys "$@" - echo "Bumping ${PROW_INSTANCE_NAME} to upstream (prow.k8s.io) version..." >&2 - /bump.sh --upstream - - cd "$(git rev-parse --show-toplevel)" - old_version=$(git show "HEAD:${PROW_CONTROLLER_MANAGER_FILE}" | extract-version) - version=$(cat "${PROW_CONTROLLER_MANAGER_FILE}" | extract-version) - - if [[ -z "${version}" ]]; then - echo "Failed to fetch version from ${PROW_CONTROLLER_MANAGER_FILE}" - exit 1 - fi - if [[ "${old_version}" == "${version}" ]]; then - echo "Bump did not change the Prow version: it's still ${version}. Aborting no-op bump." >&2 - return 0 - fi - git add -u - title="Bump ${PROW_INSTANCE_NAME} from ${old_version} to ${version}" - comparison=$(extract-commit "${old_version}")...$(extract-commit "${version}") - body="Included changes: https://github.com/kubernetes/test-infra/compare/${comparison}" - - if [[ -n "${GH_ORG}" ]]; then - create-gh-pr - fi - - echo "autobump.sh completed successfully!" >&2 -} - -user-from-token() { - user=$(curl -H "Authorization: token $(cat "${token}")" "https://api.github.com/user" 2>/dev/null | sed -n "s/\s\+\"login\": \"\(.*\)\",/\1/p") -} - -ensure-git-config() { - if [[ $# -eq 2 ]]; then - echo "git config user.name=$1 user.email=$2..." >&2 - git config --global user.name "$1" - git config --global user.email "$2" - fi - git config user.name &>/dev/null && git config user.email &>/dev/null && return 0 - echo "ERROR: git config user.name, user.email unset. No defaults provided" >&2 - return 1 -} - -ensure-gpg-keys() { - echo "gpg keys=$3" - gpg --import $3 - git config --global commit.gpgsign true - git config --global user.signingkey $4 #ascii armored public key for gpg keypair -} - -check-args() { - if [[ -z "${PROW_CONTROLLER_MANAGER_FILE}" ]]; then - echo "ERROR: $PROW_CONTROLLER_MANAGER_FILE must be specified." >&2 - return 1 - fi - if [[ -z "${GH_ORG}" || -z "${GH_REPO}" ]]; then - echo "ERROR: GH_ORG and GH_REPO must be specified to create a GitHub PR." >&2 - return 1 - fi -} - -create-gh-pr() { - git commit -s -m "${title}" - - token="${creds}" - user-from-token - - echo -e "Pushing commit to github.com/${user}/${FORK_GH_REPO}:autobump-${PROW_INSTANCE_NAME}..." >&2 - git push -f "https://${user}:$(cat "${token}")@github.com/${user}/${FORK_GH_REPO}" "HEAD:autobump-${PROW_INSTANCE_NAME}" 2>/dev/null - - echo "Creating PR to merge ${user}:autobump-${PROW_INSTANCE_NAME} into master..." >&2 - /pr-creator \ - --github-endpoint="${GH_PROXY}" \ - --github-token-path="${token}" \ - --org="${GH_ORG}" --repo="${GH_REPO}" --branch=master \ - --title="${title}" --head-branch="autobump-${PROW_INSTANCE_NAME}" \ - --body="${body}" \ - --source="${user}:autobump-${PROW_INSTANCE_NAME}" \ - --confirm -} - -# Convert image: gcr.io/k8s-prow/plank:v20181122-abcd to v20181122-abcd -extract-version() { - local v=$(grep prow-controller-manager:v "$@") - echo ${v##*prow-controller-manager:} -} -# Convert v20181111-abcd to abcd -extract-commit() { - local c=$1 - echo ${c##*-} -} - -main "$@" diff --git a/images/autobump/bump.sh b/images/autobump/bump.sh deleted file mode 100644 index a50b570aea6..00000000000 --- a/images/autobump/bump.sh +++ /dev/null @@ -1,215 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2019 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail -shopt -s dotglob -shopt -s nullglob - -# bump.sh is used to update references to Prow component images hosted at gcr.io/k8s-prow/* -# Specifically it does the following: -# - Optionally activate GOOGLE_APPLICATION_CREDENTIALS and configure-docker if set. -# - Select a new image version to bump to using one of the following: -# - The version currently used by prow.k8s.io: ./bump.sh --upstream -# - An explicitly specified tag: ./bump.sh v20191004-b2c87e85c -# - The latest available tag: ./bump.sh --latest -# - Update the version of all gcr.io/k8s-prow/* images in the bumpfiles identified below. -# - IMPORTANT: The bumpfile paths need to be updated to point to the config files for your Prow instance! - -# Identify which files need to be updated. This includes: -# - Prow component deployment files -# - config.yaml (to update pod utility image version in prow-controller-manager's default decoration config) -# - Any job config files that reference Prow images (e.g. branchprotector, peribolos, config-bootstrapper) -# - NOTE: This script only update gcr.io/k8s-prow/* images so it is safe to run on the entire job config. -# - NOTE: If you define all ProwJob config in config.yaml you can omit this entirely. -COMPONENT_FILE_DIR="${COMPONENT_FILE_DIR:-}" -CONFIG_PATH="${CONFIG_PATH:-}" -JOB_CONFIG_PATH="${JOB_CONFIG_PATH:-}" - -usage() { - echo "Usage: $(basename "$0") [--list || --latest || --upstream || vYYYYMMDD-deadbeef]" >&2 - return 1 -} - -main() { - check-args - check-requirements - cd "$(git rev-parse --show-toplevel)" - - # Determine the new_version to bump to based on the mode. - cmd= - if [[ $# != 0 ]]; then - cmd="$1" - fi - if [[ -z "${cmd}" || "${cmd}" == "--list" ]]; then - list - elif [[ "${cmd}" =~ v[0-9]{8}-[a-f0-9]{6,9} ]]; then - new_version="${cmd}" - elif [[ "${cmd}" == "--latest" ]]; then - new_version="$(list-options 1)" - elif [[ "${cmd}" == "--upstream" ]]; then - new_version="$(upstream-version)" - else - usage - fi - echo -e "Bumping: 'gcr.io/k8s-prow/' images to $(color-version "${new_version}") ..." >&2 - - local component_file_dir_array - IFS=, read -ra component_file_dir_array <<< "${COMPONENT_FILE_DIR}" - bumpfiles=() - for c in "${component_file_dir_array[@]}"; do - # This expands wildcards into files if they exist - bumpfiles+=(${c}/*.yaml) - done - - bumpfiles+=("${CONFIG_PATH}") - if [[ -n "${JOB_CONFIG_PATH}" ]]; then - bumpfiles+=($(grep -rl -e "gcr.io/k8s-prow/" "${JOB_CONFIG_PATH}"; true)) - fi - - echo "Attempting to bump the following files:" >&2 - for bf in "${bumpfiles[@]}"; do - echo -e "$bf" - done - local token="$(gcloud auth print-access-token)" - # Update image tags in the identified files. This supports both normal image and -arm64 images - local matcher="gcr.io\/k8s-prow\/\([[:alnum:]_-]\+\):v[a-f0-9-]\+\(-arm64\)\{0,1\}" - local replacer="s/${matcher}/gcr.io\/k8s-prow\/\1:${new_version}\2/I" - for file in "${bumpfiles[@]}"; do - ${SED} -i "${replacer}" "${file}" - local images="$(grep -o "${matcher}" "${file}")" - local arr=(${images//\\n/}) - # image is in the format of gcr.io/k8s-prow/[image_name]:[tag] - for image in ${arr[@]+"${arr[@]}"}; do - echo "Checking the existence of ${image}" - # Use the Docker Registry v2 API to query the image manifest to check if the given image tag exists or not. - # The manifest_url is in the format of https://gcr.io/v2/k8s-prow/[image_name]/manifests/[tag] - # Check more details from https://stackoverflow.com/a/55344819/13578870 - local manifest_url=$(echo "$image" | ${SED} "s/:/\/manifests\//" | ${SED} "s/gcr.io/https:\/\/gcr.io\/v2/") - if ! curl --fail -L -H "Authorization: Bearer $token" -o /dev/null -s "${manifest_url}"; then - echo "The image ${image} does not exist, please double check." >&2 - # Revert the changes for this file. - git checkout -- "${file}" - return 1 - fi - done - done - - echo "bump.sh completed successfully!" >&2 -} - -check-args() { - if [[ -z "${COMPONENT_FILE_DIR}" ]]; then - echo "ERROR: COMPONENT_FILE_DIR must be specified as an env var." >&2 - return 1 - fi - if [[ -z "${CONFIG_PATH}" ]]; then - echo "ERROR: CONFIG_PATH must be specified as an env var." >&2 - return 1 - fi -} - -check-requirements() { - if command -v gsed &>/dev/null; then - SED="gsed" - else - SED="sed" - fi - - if ! (${SED} --version 2>&1 | grep -q GNU); then - # darwin is great (not) - echo "!!! GNU sed is required. If on OS X, use 'brew install gnu-sed'." >&2 - return 1 - fi - - TAC=tac - - if command -v gtac &>/dev/null; then - TAC=gtac - fi - - if ! command -v "${TAC}" &>/dev/null; then - echo "tac (reverse cat) required. If on OS X then 'brew install coreutils'." >&2 - return 1 - fi - - if [[ -n "${GOOGLE_APPLICATION_CREDENTIALS:-}" ]]; then - echo "Detected GOOGLE_APPLICATION_CREDENTIALS, activating..." >&2 - gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}" - gcloud auth configure-docker - fi -} - -# List the $1 most recently pushed prow versions -list-options() { - local count="$1" - gcloud container images list-tags gcr.io/k8s-prow/prow-controller-manager --limit="${count}" --format='value(tags)' \ - | grep -o -E 'v[^,]+' | "${TAC}" -} - -upstream-version() { - local branch="https://raw.githubusercontent.com/kubernetes/test-infra/master" - local file="config/prow/cluster/deck_deployment.yaml" - - curl "$branch/$file" | grep image: | grep -o -E 'v[-0-9a-f]+' -} - -# Print 10 most recent prow versions, ask user to select one, which becomes new_version -list() { - echo "Listing recent versions..." >&2 - echo "Recent versions of prow:" >&2 - mapfile -t options < <(list-options 10) - if [[ -z "${options[*]}" ]]; then - echo "No versions found" >&2 - return 1 - fi - local def_opt=$(upstream-version) - new_version= - for o in "${options[@]}"; do - if [[ "$o" == "$def_opt" ]]; then - echo -e " $(color-image "$o" '*' prow.k8s.io)" - else - echo -e " $(color-version "${o}")" - fi - done - read -rp "Select version [$(color-image "${def_opt}")]: " new_version - if [[ -z "${new_version:-}" ]]; then - new_version="${def_opt}" - else - local found= - for o in "${options[@]}"; do - if [[ "${o}" == "${new_version}" ]]; then - found=yes - break - fi - done - if [[ -z "${found}" ]]; then - echo "Invalid version: ${new_version}" >&2 - return 1 - fi - fi -} - -# See https://misc.flogisoft.com/bash/tip_colors_and_formatting -color-image() { # Bold magenta - echo -e "\x1B[1;35m${*}\x1B[0m" -} -color-version() { # Bold blue - echo -e "\x1B[1;34m${*}\x1B[0m" -} - -main "$@"