diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 1560f0c4..7083553d 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -30,10 +30,12 @@ jobs: service_account_key: ${{ secrets.GCP_SA_KEY }} export_default_credentials: true name: Gcloud Login - - name: Install Trivy + - name: Install Trivy (latest) run: | - wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb - sudo dpkg -i trivy_0.18.3_Linux-64bit.deb + TRIVY_VERSION=$(curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') + echo Using Trivy v${TRIVY_VERSION} + wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb + sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.deb - name: Set up Go uses: actions/setup-go@v4 with: diff --git a/changelog/v0.25.4/expose-morechangelogstuff.yaml b/changelog/v0.25.4/expose-morechangelogstuff.yaml new file mode 100644 index 00000000..55871a66 --- /dev/null +++ b/changelog/v0.25.4/expose-morechangelogstuff.yaml @@ -0,0 +1,6 @@ +changelog: + - type: NON_USER_FACING + description: > + Midterm update post gloo donation. + Eventually github tests should rely on this repo and not another repo + This also forced a trivy upgrade to the same style used else where \ No newline at end of file diff --git a/changeloggenutils/merged_release.go b/changeloggenutils/merged_release.go index 7f95d09e..c8a40299 100644 --- a/changeloggenutils/merged_release.go +++ b/changeloggenutils/merged_release.go @@ -92,16 +92,16 @@ func (g *MergedReleaseGenerator) GenerateJSON(ctx context.Context) (string, erro } func (g *MergedReleaseGenerator) GetMergedEnterpriseRelease(ctx context.Context) (*ReleaseData, error) { - ossReleases, err := NewMinorReleaseGroupedChangelogGenerator(Options{ - RepoOwner: g.opts.RepoOwner, - MainRepo: g.opts.DependentRepo, - }, g.client). - GetReleaseData(ctx, g.opts.DependentRepoReleases) + + enterpriseReleases, err := NewMinorReleaseGroupedChangelogGenerator(g.opts, g.client). + GetReleaseData(ctx, g.opts.MainRepoReleases) if err != nil { return nil, err } - enterpriseReleases, err := NewMinorReleaseGroupedChangelogGenerator(g.opts, g.client). - GetReleaseData(ctx, g.opts.MainRepoReleases) + ossOpts := g.opts + ossOpts.MainRepo = g.opts.DependentRepo + ossReleases, err := NewMinorReleaseGroupedChangelogGenerator(ossOpts, g.client). + GetReleaseData(ctx, g.opts.DependentRepoReleases) if err != nil { return nil, err } diff --git a/changeloggenutils/minor_release.go b/changeloggenutils/minor_release.go index 19367e6d..623b19ad 100644 --- a/changeloggenutils/minor_release.go +++ b/changeloggenutils/minor_release.go @@ -42,23 +42,55 @@ func NewMinorReleaseGroupedChangelogGenerator(opts Options, client *github.Clien } } -// Entry point for generating changelog JSON -func (g *MinorReleaseGroupedChangelogGenerator) GenerateJSON(ctx context.Context) (string, error) { +type changelogOutput struct { + Opts Options + ReleaseData *ReleaseData +} + +// AddReleaseData without overriding the options. +// Only adopt info that is not already present in the output. +func (c changelogOutput) AddReleaseData(donorOutput changelogOutput) error { + if donorOutput.ReleaseData == nil { + return fmt.Errorf("donorOutput ReleaseData is nil") + } + for k, v := range donorOutput.ReleaseData.Releases { + if c.ReleaseData.Releases[k] == nil { + c.ReleaseData.Releases[k] = v + } + } + return nil +} + +// GenerateJSON from a changelogoutput. +// This simply marches the output to a JSON string. +func (c changelogOutput) GenerateJSON() (string, error) { + res, err := json.Marshal(c) + return string(res), err +} + +func (g *MinorReleaseGroupedChangelogGenerator) AddToOutput(ctx context.Context) (changelogOutput, error) { + var out changelogOutput var err error releaseData, err := g.GetReleaseData(ctx, g.opts.MainRepoReleases) if err != nil { - return "", err - } - var out struct { - Opts Options - ReleaseData *ReleaseData + return out, err } + out.Opts = Options{ RepoOwner: g.opts.RepoOwner, MainRepo: g.opts.MainRepo, DependentRepo: g.opts.DependentRepo, } out.ReleaseData = releaseData + return out, nil +} + +// Entry point for generating changelog JSON +func (g *MinorReleaseGroupedChangelogGenerator) GenerateJSON(ctx context.Context) (string, error) { + out, err := g.AddToOutput(ctx) + if err != nil { + return "", err + } res, err := json.Marshal(out) return string(res), err } diff --git a/githubutils/repo_client_test.go b/githubutils/repo_client_test.go index 8c8e86b1..fac5f2da 100644 --- a/githubutils/repo_client_test.go +++ b/githubutils/repo_client_test.go @@ -145,34 +145,36 @@ var _ = Describe("repo client utils", func() { client = githubutils.NewRepoClient(githubClient, owner, "gloo") }) - It("properly finds the most recent release tag matching an SHA", func() { - tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "36c4ba020048c4556ef8650d011ddb16368a4fef") + It("properly finds the most recent GA release tag matching an SHA", func() { + tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "e658203d0a0b7b479cbb59cfc43832699d25fb1c") Expect(err).To(BeNil()) - Expect(tag).To(Equal("v1.15.16")) + Expect(tag).To(Equal("v1.17.8")) }) It("properly finds the most recent beta release tag before an SHA", func() { - tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "f3e76e63a1643c76cab3ad883944ae3e5182f2e7") + tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "33cc7ee95c7319d33c36fb7d449a933dca95d211") Expect(err).To(BeNil()) - Expect(tag).To(Equal("v2.0.0-beta1")) + Expect(tag).To(Equal("v1.18.0-beta21")) }) It("properly finds the most recent pre-release release tag before an SHA", func() { - tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "1406a40283e691102a8133917efbe4ec97d8792b") + tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "3e00d8140f91fe0111955bb46fbc29df8008bf47") Expect(err).To(BeNil()) - Expect(tag).To(Equal("v1.15.10")) + Expect(tag).To(Equal("v1.17.0-beta18")) }) It("properly finds the most recent RC release tag before an SHA", func() { - tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "8680ad631dd3ffd325bde9b40d13c0a190229f5d") + tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "3067c264aa2025a31c7de82b8878b388d5bd0c4b") Expect(err).To(BeNil()) - Expect(tag).To(Equal("v1.15.0-rc3")) + Expect(tag).To(Equal("v1.17.0-rc12")) }) + // for this case, use a release that is not found on the first page of the API endpoint results here: + // https://api.github.com/repos/solo-io/gloo/releases It("properly finds the most recent release tag before an SHA with pagination", func() { - tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "4ac2822d6d762795b61da055085c77c0df53487c") + tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "51cc97a355236c7f725fbf43fbee276a0208d12d") Expect(err).To(BeNil()) - Expect(tag).To(Equal("v1.15.9")) + Expect(tag).To(Equal("v1.18.0-beta7")) }) }) }) diff --git a/securityscanutils/securityscan_test.go b/securityscanutils/securityscan_test.go index d0dfa3dd..4cc5a01a 100644 --- a/securityscanutils/securityscan_test.go +++ b/securityscanutils/securityscan_test.go @@ -17,7 +17,8 @@ import ( ) const ( - glooRepoName = "gloo" + repoName = "gloo" + gatewayOwnerName = "solo-io" ) var _ = Describe("Security Scan Suite", func() { @@ -40,20 +41,20 @@ var _ = Describe("Security Scan Suite", func() { Context("Security Scanner", func() { It("works", func() { - verConstraint, err := semver.NewConstraint("=v1.6.0 || =v1.7.0") + verConstraint, err := semver.NewConstraint("=v1.14.0 || =v1.15.1") Expect(err).NotTo(HaveOccurred()) fmt.Println("Output dir:", outputDir) secScanner := &SecurityScanner{ Repos: []*SecurityScanRepo{{ - Repo: glooRepoName, - Owner: "solo-io", + Repo: repoName, + Owner: gatewayOwnerName, Opts: &SecurityScanOpts{ OutputDir: outputDir, OutputResultLocally: true, ImagesPerVersion: map[string][]string{ - "v1.6.0": {"gloo"}, + "v1.14.0": {"gloo"}, // Scan should continue in the case an image cannot be found - "v1.7.0": {"thisimagecannotbefound", "gloo", "discovery"}, + "v1.15.1": {"thisimagecannotbefound", "gloo", "discovery"}, }, VersionConstraint: verConstraint, ImageRepo: "quay.io/solo-io", @@ -71,30 +72,30 @@ var _ = Describe("Security Scan Suite", func() { glooDir := path.Join(outputDir, "gloo") ExpectDirToHaveFiles(glooDir, "issue_results", "markdown_results") githubIssueDir := path.Join(glooDir, "issue_results") - ExpectDirToHaveFiles(githubIssueDir, "1.6.0.md", "1.7.0.md") + ExpectDirToHaveFiles(githubIssueDir, "1.14.0.md", "1.15.1.md") // Have a directory for each repo we scanned markdownDir := path.Join(outputDir, "gloo", "markdown_results") // Have a directory for each version we scanned - ExpectDirToHaveFiles(markdownDir, "1.6.0", "1.7.0") + ExpectDirToHaveFiles(markdownDir, "1.14.0", "1.15.1") // Expect there to be a generated docgen file for each image per version - ExpectDirToHaveFiles(path.Join(markdownDir, "1.6.0"), "gloo_cve_report.docgen") - ExpectDirToHaveFiles(path.Join(markdownDir, "1.7.0"), "discovery_cve_report.docgen", "gloo_cve_report.docgen") + ExpectDirToHaveFiles(path.Join(markdownDir, "1.14.0"), "gloo_cve_report.docgen") + ExpectDirToHaveFiles(path.Join(markdownDir, "1.15.1"), "discovery_cve_report.docgen", "gloo_cve_report.docgen") }) It("scans all images from all constraints matched", func() { - verConstraint, err := semver.NewConstraint("=v1.7.0") + verConstraint, err := semver.NewConstraint("=v1.15.0") Expect(err).NotTo(HaveOccurred()) fmt.Println("Output dir:", outputDir) secScanner := &SecurityScanner{ Repos: []*SecurityScanRepo{{ - Repo: glooRepoName, - Owner: "solo-io", + Repo: repoName, + Owner: gatewayOwnerName, Opts: &SecurityScanOpts{ OutputDir: outputDir, // Specify redundant constraints ImagesPerVersion: map[string][]string{ - ">v1.6.0": {"gloo", "discovery"}, - ">=v1.7.0": {"glooGreaterThan17"}, + ">v1.14.0": {"gloo", "discovery"}, + ">=v1.15.0": {"glooGreaterThan17"}, }, VersionConstraint: verConstraint, ImageRepo: "quay.io/solo-io", @@ -103,22 +104,22 @@ var _ = Describe("Security Scan Suite", func() { }}, } - imagesToScan, err := secScanner.Repos[0].GetImagesToScan(semver.MustParse("v1.7.7")) + imagesToScan, err := secScanner.Repos[0].GetImagesToScan(semver.MustParse("v1.15.7")) Expect(imagesToScan).To(ContainElements("gloo", "discovery", "glooGreaterThan17")) }) It("errors if no constraint is matched", func() { - verConstraint, err := semver.NewConstraint("=v1.7.0") + verConstraint, err := semver.NewConstraint("=v1.15.0") Expect(err).NotTo(HaveOccurred()) fmt.Println("Output dir:", outputDir) secScanner := &SecurityScanner{ Repos: []*SecurityScanRepo{{ - Repo: glooRepoName, - Owner: "solo-io", + Repo: repoName, + Owner: gatewayOwnerName, Opts: &SecurityScanOpts{ OutputDir: outputDir, ImagesPerVersion: map[string][]string{ - "v1.6.0": {"gloo", "discovery"}, + "v1.14.0": {"gloo", "discovery"}, }, VersionConstraint: verConstraint, ImageRepo: "quay.io/solo-io", @@ -129,23 +130,23 @@ var _ = Describe("Security Scan Suite", func() { err = secScanner.GenerateSecurityScans(context.TODO()) Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("version 1.7.0 matched no constraints and has no images to scan")) + Expect(err.Error()).To(ContainSubstring("version 1.15.0 matched no constraints and has no images to scan")) }) When("scan has unrecoverable error", func() { It("short-circuits", func() { - verConstraint, err := semver.NewConstraint("=v1.6.0 || =v1.7.0") + verConstraint, err := semver.NewConstraint("=v1.13.0 || =v1.14.0") Expect(err).NotTo(HaveOccurred()) fmt.Println("Output dir:", outputDir) secScanner := &SecurityScanner{ Repos: []*SecurityScanRepo{{ - Repo: glooRepoName, - Owner: "solo-io", + Repo: repoName, + Owner: gatewayOwnerName, Opts: &SecurityScanOpts{ OutputDir: outputDir, OutputResultLocally: true, ImagesPerVersion: map[string][]string{ - "v1.7.0": {"gloo; $(poorly formatted image name to force UnrecoverableError)"}, + "v1.14.0": {"gloo; $(poorly formatted image name to force UnrecoverableError)"}, }, VersionConstraint: verConstraint, ImageRepo: "quay.io/solo-io", @@ -167,25 +168,25 @@ var _ = Describe("Security Scan Suite", func() { // Have a directory for each repo we scanned markdownDir := path.Join(outputDir, "gloo", "markdown_results") // Have a directory for each version we scanned - ExpectDirToHaveFiles(markdownDir, "1.7.0") - ExpectDirToHaveFiles(path.Join(markdownDir, "1.7.0")) + ExpectDirToHaveFiles(markdownDir, "1.14.0") + ExpectDirToHaveFiles(path.Join(markdownDir, "1.14.0")) }) }) When("scan has recoverable error", func() { It("contains error in generated file", func() { - verConstraint, err := semver.NewConstraint("=v1.7.0") + verConstraint, err := semver.NewConstraint("=v1.15.0") Expect(err).NotTo(HaveOccurred()) fmt.Println("Output dir:", outputDir) secScanner := &SecurityScanner{ Repos: []*SecurityScanRepo{{ - Repo: glooRepoName, - Owner: "solo-io", + Repo: repoName, + Owner: gatewayOwnerName, Opts: &SecurityScanOpts{ OutputDir: outputDir, OutputResultLocally: true, ImagesPerVersion: map[string][]string{ - "v1.7.0": {"thisimagedoesnotexist"}, + "v1.15.0": {"thisimagedoesnotexist"}, }, VersionConstraint: verConstraint, ImageRepo: "quay.io/solo-io", @@ -203,15 +204,15 @@ var _ = Describe("Security Scan Suite", func() { glooDir := path.Join(outputDir, "gloo") ExpectDirToHaveFiles(glooDir, "issue_results", "markdown_results") localIssueDir := path.Join(glooDir, "issue_results") - ExpectDirToHaveFiles(localIssueDir, "1.7.0.md") - contents, err := fileutils.ReadFileString(path.Join(localIssueDir, "1.7.0.md")) + ExpectDirToHaveFiles(localIssueDir, "1.15.0.md") + contents, err := fileutils.ReadFileString(path.Join(localIssueDir, "1.15.0.md")) Expect(err).NotTo(HaveOccurred()) Expect(contents).To(ContainSubstring(ImageNotFoundError.Error())) // Have a directory for each repo we scanned markdownDir := path.Join(outputDir, "gloo", "markdown_results") // Have a directory for each version we scanned - ExpectDirToHaveFiles(markdownDir, "1.7.0") - ExpectDirToHaveFiles(path.Join(markdownDir, "1.7.0")) + ExpectDirToHaveFiles(markdownDir, "1.15.0") + ExpectDirToHaveFiles(path.Join(markdownDir, "1.15.0")) }) }) })