Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.25/docs back #545

Merged
merged 4 commits into from
Nov 27, 2024
Merged

0.25/docs back #545

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3e91730
changelog utility for merging stuff (#542)
nfuden Nov 22, 2024
3bad16c
changeloggnenutils: dont be so verbose (#544)
nfuden Nov 26, 2024
c05e177
changelog
nfuden Nov 27, 2024
67813ac
partial backport 94eea3772419ce5954eb454a53b097f12b82c44f
nfuden Nov 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions .github/workflows/pull_request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,12 @@ jobs:
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
name: Gcloud Login
- name: Install Trivy
- name: Install Trivy (latest)
run: |
wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
TRIVY_VERSION=$(curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
echo Using Trivy v${TRIVY_VERSION}
wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb
sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.deb
- name: Set up Go
uses: actions/setup-go@v4
with:
Expand Down
6 changes: 6 additions & 0 deletions changelog/v0.25.4/expose-morechangelogstuff.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
changelog:
- type: NON_USER_FACING
description: >
Midterm update post gloo donation.
Eventually github tests should rely on this repo and not another repo
This also forced a trivy upgrade to the same style used else where
14 changes: 7 additions & 7 deletions changeloggenutils/merged_release.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,16 +92,16 @@ func (g *MergedReleaseGenerator) GenerateJSON(ctx context.Context) (string, erro
}

func (g *MergedReleaseGenerator) GetMergedEnterpriseRelease(ctx context.Context) (*ReleaseData, error) {
ossReleases, err := NewMinorReleaseGroupedChangelogGenerator(Options{
RepoOwner: g.opts.RepoOwner,
MainRepo: g.opts.DependentRepo,
}, g.client).
GetReleaseData(ctx, g.opts.DependentRepoReleases)

enterpriseReleases, err := NewMinorReleaseGroupedChangelogGenerator(g.opts, g.client).
GetReleaseData(ctx, g.opts.MainRepoReleases)
if err != nil {
return nil, err
}
enterpriseReleases, err := NewMinorReleaseGroupedChangelogGenerator(g.opts, g.client).
GetReleaseData(ctx, g.opts.MainRepoReleases)
ossOpts := g.opts
ossOpts.MainRepo = g.opts.DependentRepo
ossReleases, err := NewMinorReleaseGroupedChangelogGenerator(ossOpts, g.client).
GetReleaseData(ctx, g.opts.DependentRepoReleases)
if err != nil {
return nil, err
}
Expand Down
46 changes: 39 additions & 7 deletions changeloggenutils/minor_release.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,23 +42,55 @@ func NewMinorReleaseGroupedChangelogGenerator(opts Options, client *github.Clien
}
}

// Entry point for generating changelog JSON
func (g *MinorReleaseGroupedChangelogGenerator) GenerateJSON(ctx context.Context) (string, error) {
type changelogOutput struct {
Opts Options
ReleaseData *ReleaseData
}

// AddReleaseData without overriding the options.
// Only adopt info that is not already present in the output.
func (c changelogOutput) AddReleaseData(donorOutput changelogOutput) error {
if donorOutput.ReleaseData == nil {
return fmt.Errorf("donorOutput ReleaseData is nil")
}
for k, v := range donorOutput.ReleaseData.Releases {
if c.ReleaseData.Releases[k] == nil {
c.ReleaseData.Releases[k] = v
}
}
return nil
}

// GenerateJSON from a changelogoutput.
// This simply marches the output to a JSON string.
func (c changelogOutput) GenerateJSON() (string, error) {
res, err := json.Marshal(c)
return string(res), err
}

func (g *MinorReleaseGroupedChangelogGenerator) AddToOutput(ctx context.Context) (changelogOutput, error) {
var out changelogOutput
var err error
releaseData, err := g.GetReleaseData(ctx, g.opts.MainRepoReleases)
if err != nil {
return "", err
}
var out struct {
Opts Options
ReleaseData *ReleaseData
return out, err
}

out.Opts = Options{
RepoOwner: g.opts.RepoOwner,
MainRepo: g.opts.MainRepo,
DependentRepo: g.opts.DependentRepo,
}
out.ReleaseData = releaseData
return out, nil
}

// Entry point for generating changelog JSON
func (g *MinorReleaseGroupedChangelogGenerator) GenerateJSON(ctx context.Context) (string, error) {
out, err := g.AddToOutput(ctx)
if err != nil {
return "", err
}
res, err := json.Marshal(out)
return string(res), err
}
Expand Down
24 changes: 13 additions & 11 deletions githubutils/repo_client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,34 +145,36 @@ var _ = Describe("repo client utils", func() {
client = githubutils.NewRepoClient(githubClient, owner, "gloo")
})

It("properly finds the most recent release tag matching an SHA", func() {
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "36c4ba020048c4556ef8650d011ddb16368a4fef")
It("properly finds the most recent GA release tag matching an SHA", func() {
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "e658203d0a0b7b479cbb59cfc43832699d25fb1c")
Expect(err).To(BeNil())
Expect(tag).To(Equal("v1.15.16"))
Expect(tag).To(Equal("v1.17.8"))
})

It("properly finds the most recent beta release tag before an SHA", func() {
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "f3e76e63a1643c76cab3ad883944ae3e5182f2e7")
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "33cc7ee95c7319d33c36fb7d449a933dca95d211")
Expect(err).To(BeNil())
Expect(tag).To(Equal("v2.0.0-beta1"))
Expect(tag).To(Equal("v1.18.0-beta21"))
})

It("properly finds the most recent pre-release release tag before an SHA", func() {
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "1406a40283e691102a8133917efbe4ec97d8792b")
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "3e00d8140f91fe0111955bb46fbc29df8008bf47")
Expect(err).To(BeNil())
Expect(tag).To(Equal("v1.15.10"))
Expect(tag).To(Equal("v1.17.0-beta18"))
})

It("properly finds the most recent RC release tag before an SHA", func() {
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "8680ad631dd3ffd325bde9b40d13c0a190229f5d")
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "3067c264aa2025a31c7de82b8878b388d5bd0c4b")
Expect(err).To(BeNil())
Expect(tag).To(Equal("v1.15.0-rc3"))
Expect(tag).To(Equal("v1.17.0-rc12"))
})

// for this case, use a release that is not found on the first page of the API endpoint results here:
// https://api.github.com/repos/solo-io/gloo/releases
It("properly finds the most recent release tag before an SHA with pagination", func() {
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "4ac2822d6d762795b61da055085c77c0df53487c")
tag, err := client.FindLatestTagIncludingPrereleaseBeforeSha(ctx, "51cc97a355236c7f725fbf43fbee276a0208d12d")
Expect(err).To(BeNil())
Expect(tag).To(Equal("v1.15.9"))
Expect(tag).To(Equal("v1.18.0-beta7"))
})
})
})
71 changes: 36 additions & 35 deletions securityscanutils/securityscan_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ import (
)

const (
glooRepoName = "gloo"
repoName = "gloo"
gatewayOwnerName = "solo-io"
)

var _ = Describe("Security Scan Suite", func() {
Expand All @@ -40,20 +41,20 @@ var _ = Describe("Security Scan Suite", func() {
Context("Security Scanner", func() {

It("works", func() {
verConstraint, err := semver.NewConstraint("=v1.6.0 || =v1.7.0")
verConstraint, err := semver.NewConstraint("=v1.14.0 || =v1.15.1")
Expect(err).NotTo(HaveOccurred())
fmt.Println("Output dir:", outputDir)
secScanner := &SecurityScanner{
Repos: []*SecurityScanRepo{{
Repo: glooRepoName,
Owner: "solo-io",
Repo: repoName,
Owner: gatewayOwnerName,
Opts: &SecurityScanOpts{
OutputDir: outputDir,
OutputResultLocally: true,
ImagesPerVersion: map[string][]string{
"v1.6.0": {"gloo"},
"v1.14.0": {"gloo"},
// Scan should continue in the case an image cannot be found
"v1.7.0": {"thisimagecannotbefound", "gloo", "discovery"},
"v1.15.1": {"thisimagecannotbefound", "gloo", "discovery"},
},
VersionConstraint: verConstraint,
ImageRepo: "quay.io/solo-io",
Expand All @@ -71,30 +72,30 @@ var _ = Describe("Security Scan Suite", func() {
glooDir := path.Join(outputDir, "gloo")
ExpectDirToHaveFiles(glooDir, "issue_results", "markdown_results")
githubIssueDir := path.Join(glooDir, "issue_results")
ExpectDirToHaveFiles(githubIssueDir, "1.6.0.md", "1.7.0.md")
ExpectDirToHaveFiles(githubIssueDir, "1.14.0.md", "1.15.1.md")
// Have a directory for each repo we scanned
markdownDir := path.Join(outputDir, "gloo", "markdown_results")
// Have a directory for each version we scanned
ExpectDirToHaveFiles(markdownDir, "1.6.0", "1.7.0")
ExpectDirToHaveFiles(markdownDir, "1.14.0", "1.15.1")
// Expect there to be a generated docgen file for each image per version
ExpectDirToHaveFiles(path.Join(markdownDir, "1.6.0"), "gloo_cve_report.docgen")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.7.0"), "discovery_cve_report.docgen", "gloo_cve_report.docgen")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.14.0"), "gloo_cve_report.docgen")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.15.1"), "discovery_cve_report.docgen", "gloo_cve_report.docgen")
})

It("scans all images from all constraints matched", func() {
verConstraint, err := semver.NewConstraint("=v1.7.0")
verConstraint, err := semver.NewConstraint("=v1.15.0")
Expect(err).NotTo(HaveOccurred())
fmt.Println("Output dir:", outputDir)
secScanner := &SecurityScanner{
Repos: []*SecurityScanRepo{{
Repo: glooRepoName,
Owner: "solo-io",
Repo: repoName,
Owner: gatewayOwnerName,
Opts: &SecurityScanOpts{
OutputDir: outputDir,
// Specify redundant constraints
ImagesPerVersion: map[string][]string{
">v1.6.0": {"gloo", "discovery"},
">=v1.7.0": {"glooGreaterThan17"},
">v1.14.0": {"gloo", "discovery"},
">=v1.15.0": {"glooGreaterThan17"},
},
VersionConstraint: verConstraint,
ImageRepo: "quay.io/solo-io",
Expand All @@ -103,22 +104,22 @@ var _ = Describe("Security Scan Suite", func() {
}},
}

imagesToScan, err := secScanner.Repos[0].GetImagesToScan(semver.MustParse("v1.7.7"))
imagesToScan, err := secScanner.Repos[0].GetImagesToScan(semver.MustParse("v1.15.7"))
Expect(imagesToScan).To(ContainElements("gloo", "discovery", "glooGreaterThan17"))
})

It("errors if no constraint is matched", func() {
verConstraint, err := semver.NewConstraint("=v1.7.0")
verConstraint, err := semver.NewConstraint("=v1.15.0")
Expect(err).NotTo(HaveOccurred())
fmt.Println("Output dir:", outputDir)
secScanner := &SecurityScanner{
Repos: []*SecurityScanRepo{{
Repo: glooRepoName,
Owner: "solo-io",
Repo: repoName,
Owner: gatewayOwnerName,
Opts: &SecurityScanOpts{
OutputDir: outputDir,
ImagesPerVersion: map[string][]string{
"v1.6.0": {"gloo", "discovery"},
"v1.14.0": {"gloo", "discovery"},
},
VersionConstraint: verConstraint,
ImageRepo: "quay.io/solo-io",
Expand All @@ -129,23 +130,23 @@ var _ = Describe("Security Scan Suite", func() {

err = secScanner.GenerateSecurityScans(context.TODO())
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("version 1.7.0 matched no constraints and has no images to scan"))
Expect(err.Error()).To(ContainSubstring("version 1.15.0 matched no constraints and has no images to scan"))
})

When("scan has unrecoverable error", func() {
It("short-circuits", func() {
verConstraint, err := semver.NewConstraint("=v1.6.0 || =v1.7.0")
verConstraint, err := semver.NewConstraint("=v1.13.0 || =v1.14.0")
Expect(err).NotTo(HaveOccurred())
fmt.Println("Output dir:", outputDir)
secScanner := &SecurityScanner{
Repos: []*SecurityScanRepo{{
Repo: glooRepoName,
Owner: "solo-io",
Repo: repoName,
Owner: gatewayOwnerName,
Opts: &SecurityScanOpts{
OutputDir: outputDir,
OutputResultLocally: true,
ImagesPerVersion: map[string][]string{
"v1.7.0": {"gloo; $(poorly formatted image name to force UnrecoverableError)"},
"v1.14.0": {"gloo; $(poorly formatted image name to force UnrecoverableError)"},
},
VersionConstraint: verConstraint,
ImageRepo: "quay.io/solo-io",
Expand All @@ -167,25 +168,25 @@ var _ = Describe("Security Scan Suite", func() {
// Have a directory for each repo we scanned
markdownDir := path.Join(outputDir, "gloo", "markdown_results")
// Have a directory for each version we scanned
ExpectDirToHaveFiles(markdownDir, "1.7.0")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.7.0"))
ExpectDirToHaveFiles(markdownDir, "1.14.0")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.14.0"))
})
})

When("scan has recoverable error", func() {
It("contains error in generated file", func() {
verConstraint, err := semver.NewConstraint("=v1.7.0")
verConstraint, err := semver.NewConstraint("=v1.15.0")
Expect(err).NotTo(HaveOccurred())
fmt.Println("Output dir:", outputDir)
secScanner := &SecurityScanner{
Repos: []*SecurityScanRepo{{
Repo: glooRepoName,
Owner: "solo-io",
Repo: repoName,
Owner: gatewayOwnerName,
Opts: &SecurityScanOpts{
OutputDir: outputDir,
OutputResultLocally: true,
ImagesPerVersion: map[string][]string{
"v1.7.0": {"thisimagedoesnotexist"},
"v1.15.0": {"thisimagedoesnotexist"},
},
VersionConstraint: verConstraint,
ImageRepo: "quay.io/solo-io",
Expand All @@ -203,15 +204,15 @@ var _ = Describe("Security Scan Suite", func() {
glooDir := path.Join(outputDir, "gloo")
ExpectDirToHaveFiles(glooDir, "issue_results", "markdown_results")
localIssueDir := path.Join(glooDir, "issue_results")
ExpectDirToHaveFiles(localIssueDir, "1.7.0.md")
contents, err := fileutils.ReadFileString(path.Join(localIssueDir, "1.7.0.md"))
ExpectDirToHaveFiles(localIssueDir, "1.15.0.md")
contents, err := fileutils.ReadFileString(path.Join(localIssueDir, "1.15.0.md"))
Expect(err).NotTo(HaveOccurred())
Expect(contents).To(ContainSubstring(ImageNotFoundError.Error()))
// Have a directory for each repo we scanned
markdownDir := path.Join(outputDir, "gloo", "markdown_results")
// Have a directory for each version we scanned
ExpectDirToHaveFiles(markdownDir, "1.7.0")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.7.0"))
ExpectDirToHaveFiles(markdownDir, "1.15.0")
ExpectDirToHaveFiles(path.Join(markdownDir, "1.15.0"))
})
})
})
Expand Down