kubernetes-sigs · kokyhm · Sep 19, 2024 · Sep 25, 2024 · Sep 29, 2024 · VannTen
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
@@ -0,0 +1,61 @@
+name: Dependency check version
+
+on:
+  schedule:
+    - cron: '0 3 * * 1'  # Every Monday at 03:00 AM UTC
+  workflow_dispatch:
+
+jobs:
+  dependency-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: '**/dependency_requirements.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r scripts/dependency_requirements.txt
+
+      - name: Run version check
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python scripts/dependency_updater.py --ci-check
+
+      - name: Trigger subsequent action for each component
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          version_diff=$(cat version_diff.json)
+          count=0  # Initialize a counter
+          for row in $(echo "${version_diff}" | jq -r 'to_entries[] | @base64'); do
+            _jq() {
+              echo ${row} | base64 --decode | jq -r ${1}
+            }
+
+            component=$(_jq '.key')
+            current_version=$(_jq '.value.current_version')
+            processed_latest_version=$(_jq '.value.processed_latest_version')
+
+            echo "Triggering update for $component from $current_version to $processed_latest_version"
+
+            gh workflow run dependency-pull-request.yml \
+              -f component=$component \
+              -f current_version=$current_version \
+              -f latest_version=$processed_latest_version \
+
+            count=$((count + 1))
+
+            # Stop after triggering 30 actions
+            if [ "$count" -ge 30 ]; then
+              echo "Reached the limit of 30 triggered actions."
+              break
+            fi
+          done
diff --git a/.github/workflows/dependency-pull-request.yml b/.github/workflows/dependency-pull-request.yml
@@ -0,0 +1,71 @@
+name: Dependency create bump PR
+run-name: Create bump PR for ${{ inputs.component }} from ${{ inputs.current_version }} to ${{ inputs.latest_version }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      component:
+        description: "Component to update"
+        required: true
+      current_version:
+        description: "Current version of the component"
+        required: true
+      latest_version:
+        description: "Latest version of the component"
+        required: true
+
+jobs:
+  create-pull-request:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: '**/dependency_requirements.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r scripts/dependency_requirements.txt
+
+      - name: Run version check to create version_diff.json
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python scripts/dependency_updater.py --ci-check --component ${{ github.event.inputs.component }}
+
+      - name: Update component versions and checksums
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python scripts/dependency_updater.py --component ${{ github.event.inputs.component }}
+
+      - name: Generate PR body
+        id: generate_pr_body
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          pr_body=$(python scripts/generate_pr_body.py --component ${{ github.event.inputs.component }})
+
+          # Escape any special characters (e.g., newlines) for the GITHUB_OUTPUT
+          echo "pr_body<<EOF" >> $GITHUB_OUTPUT
+          echo "$pr_body" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Cleanup cache and version_diff.json
+        run: rm -r cache/ version_diff.json
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          branch: "update-dependency-${{ github.event.inputs.component }}"
+          commit-message: "Bump ${{ github.event.inputs.component }} from ${{ github.event.inputs.current_version }} to ${{ github.event.inputs.latest_version }}"
+          title: "Bump ${{ github.event.inputs.component }} from ${{ github.event.inputs.current_version }} to ${{ github.event.inputs.latest_version }}"
+          body: ${{ steps.generate_pr_body.outputs.pr_body }}
+          labels: |
+            dependencies
+            release-note-none
diff --git a/scripts/dependency_config.py b/scripts/dependency_config.py
@@ -0,0 +1,221 @@
+ARCHITECTURES = ['arm', 'arm64', 'amd64', 'ppc64le']
+OSES = ['darwin', 'linux', 'windows']
+README_COMPONENTS = ['etcd', 'containerd', 'crio', 'calicoctl', 'krew', 'helm']
+SHA256REGEX = r'(\b[a-f0-9]{64})\b'
+
+PATH_DOWNLOAD = 'roles/kubespray-defaults/defaults/main/download.yml'
+PATH_CHECKSUM = 'roles/kubespray-defaults/defaults/main/checksums.yml'
+PATH_MAIN = 'roles/kubespray-defaults/defaults/main/main.yml'
+PATH_README = 'README.md'
+PATH_VERSION_DIFF = 'version_diff.json'
+
+COMPONENT_INFO = {
+    'calico_crds': {
+        'owner': 'projectcalico',
+        'repo': 'calico',
+        'url_download': 'https://github.com/projectcalico/calico/archive/{version}.tar.gz',
+        'placeholder_version': ['calico_version'],
+        'placeholder_checksum' : 'calico_crds_archive_checksums',
+        'checksum_structure' : 'simple',
+        'sha_regex' : r'', # binary
+        },
+    'calicoctl': {
+        'owner': 'projectcalico',
+        'repo': 'calico',
+        'url_download': 'https://github.com/projectcalico/calico/releases/download/{version}/SHA256SUMS',
+        'placeholder_version': ['calico_version'],
+        'placeholder_checksum' : 'calicoctl_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'linux-{arch}\b',
+        },
+    'ciliumcli': {
+        'owner': 'cilium',
+        'repo': 'cilium-cli',
+        'url_download': 'https://github.com/cilium/cilium-cli/releases/download/{version}/cilium-linux-{arch}.tar.gz.sha256sum',
+        'placeholder_version': ['cilium_cli_version'],
+        'placeholder_checksum' : 'ciliumcli_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'{arch}',
+        },
+    'cni': {
+        'owner': 'containernetworking',
+        'repo': 'plugins',
+        'url_download': 'https://github.com/containernetworking/plugins/releases/download/{version}/cni-plugins-linux-{arch}-{version}.tgz.sha256',
+        'placeholder_version': ['cni_version'],
+        'placeholder_checksum' : 'cni_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'{arch}',
+        },
+    'containerd': {
+        'owner': 'containerd',
+        'repo': 'containerd',
+        'url_download': 'https://github.com/containerd/containerd/releases/download/v{version}/containerd-{version}-linux-{arch}.tar.gz.sha256sum',
+        'placeholder_version': ['containerd_version'],
+        'placeholder_checksum' : 'containerd_archive_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'{arch}',
+        },
+    'crictl': {
+        'owner': 'kubernetes-sigs',
+        'repo': 'cri-tools',
+        'url_download': 'https://github.com/kubernetes-sigs/cri-tools/releases/download/{version}/crictl-{version}-linux-{arch}.tar.gz.sha256',
+        'placeholder_version': ['crictl_supported_versions', 'kube_major_version'],
+        'placeholder_checksum' : 'crictl_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'simple', # only sha
+        },
+    'cri_dockerd': {
+        'owner': 'Mirantis',
+        'repo': 'cri-dockerd',
+        'url_download': 'https://github.com/Mirantis/cri-dockerd/releases/download/v{version}/cri-dockerd-{version}.{arch}.tgz',
+        'placeholder_version': ['cri_dockerd_version'],
+        'placeholder_checksum' : 'cri_dockerd_archive_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'crio': {
+        'owner': 'cri-o',
+        'repo': 'cri-o',
+        'url_download': 'https://storage.googleapis.com/cri-o/artifacts/cri-o.{arch}.{version}.tar.gz.sha256sum',
+        'placeholder_version': ['crio_supported_versions', 'kube_major_version'],
+        'placeholder_checksum' : 'crio_archive_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'{arch}',
+        },
+    'crun': {
+        'owner': 'containers',
+        'repo': 'crun',
+        'url_download': 'https://github.com/containers/crun/releases/download/{version}/crun-{version}-linux-{arch}',
+        'placeholder_version': ['crun_version'],
+        'placeholder_checksum' : 'crun_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'etcd': {
+        'owner': 'etcd-io',
+        'repo': 'etcd',
+        'url_download': 'https://github.com/etcd-io/etcd/releases/download/{version}/SHA256SUMS',
+        'placeholder_version': ['etcd_supported_versions', 'kube_major_version'],
+        'placeholder_checksum' : 'etcd_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'linux-{arch}\.',
+        },
+    'gvisor_containerd_shim': {
+        'owner': 'google',
+        'repo': 'gvisor',
+        'url_download': 'https://storage.googleapis.com/gvisor/releases/release/{version}/{arch}/containerd-shim-runsc-v1',
+        'placeholder_version': ['gvisor_version'],
+        'placeholder_checksum' : 'gvisor_containerd_shim_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'gvisor_runsc': {
+        'owner': 'google',
+        'repo': 'gvisor',
+        'url_download': 'https://storage.googleapis.com/gvisor/releases/release/{version}/{arch}/runsc',
+        'placeholder_version': ['gvisor_version'],
+        'placeholder_checksum' : 'gvisor_runsc_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'helm': {
+        'owner': 'helm',
+        'repo': 'helm',
+        'url_download': 'https://get.helm.sh/helm-{version}-linux-{arch}.tar.gz.sha256sum',
+        'placeholder_version': ['helm_version'],
+        'placeholder_checksum' : 'helm_archive_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'{arch}',
+        },
+
+    'kata_containers': {
+        'owner': 'kata-containers',
+        'repo': 'kata-containers',
+        'url_download': 'https://github.com/kata-containers/kata-containers/releases/download/{version}/kata-static-{version}-{arch}.tar.xz',
+        'placeholder_version': ['kata_containers_version'],
+        'placeholder_checksum' : 'kata_containers_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'krew': {
+        'owner': 'kubernetes-sigs',
+        'repo': 'krew',
+        'url_download': 'https://github.com/kubernetes-sigs/krew/releases/download/{version}/krew-{os_name}_{arch}.tar.gz.sha256',
+        'placeholder_version': ['krew_version'],
+        'placeholder_checksum' : 'krew_archive_checksums',
+        'checksum_structure' : 'os_arch',
+        'sha_regex' : r'simple', # only sha
+        },
+    'kubeadm': {
+        'owner': 'kubernetes',
+        'repo': 'kubernetes',
+        'url_download': 'https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubeadm.sha256',
+        'placeholder_version': ['kube_version'],
+        'placeholder_checksum' : 'kubeadm_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'simple', # only sha
+        },
+    'kubectl': {
+        'owner': 'kubernetes',
+        'repo': 'kubernetes',
+        'url_download': 'https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubectl.sha256',
+        'placeholder_version': ['kube_version'],
+        'placeholder_checksum' : 'kubectl_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'simple', # only sha
+        },
+    'kubelet': {
+        'owner': 'kubernetes',
+        'repo': 'kubernetes',
+        'url_download': 'https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubelet.sha256',
+        'placeholder_version': ['kube_version'],
+        'placeholder_checksum' : 'kubelet_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'simple', # only sha
+        },
+    'nerdctl': {
+        'owner': 'containerd',
+        'repo': 'nerdctl',
+        'url_download': 'https://github.com/containerd/nerdctl/releases/download/v{version}/SHA256SUMS',
+        'placeholder_version': ['nerdctl_version'],
+        'placeholder_checksum' : 'nerdctl_archive_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'nerdctl-(?!full)[\w.-]+-linux-{arch}\.tar\.gz',
+        },
+    'runc': {
+        'owner': 'opencontainers',
+        'repo': 'runc',
+        'url_download': 'https://github.com/opencontainers/runc/releases/download/{version}/runc.sha256sum',
+        'placeholder_version': ['runc_version'],
+        'placeholder_checksum' : 'runc_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'\.{arch}\b',
+        },
+    'skopeo': {
+        'owner': 'containers',
+        'repo': 'skopeo',
+        'url_download': 'https://github.com/lework/skopeo-binary/releases/download/{version}/skopeo-linux-{arch}',
+        'placeholder_version': ['skopeo_version'],
+        'placeholder_checksum' : 'skopeo_binary_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'youki': {
+        'owner': 'containers',
+        'repo': 'youki',
+        'url_download': 'https://github.com/containers/youki/releases/download/v{version}/youki-{version}-{arch}.tar.gz',
+        'placeholder_version': ['youki_version'],
+        'placeholder_checksum' : 'youki_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'', # binary
+        },
+    'yq': {
+        'owner': 'mikefarah',
+        'repo': 'yq',
+        'url_download': 'https://github.com/mikefarah/yq/releases/download/{version}/checksums-bsd',
+        'placeholder_version': ['yq_version'],
+        'placeholder_checksum' : 'yq_checksums',
+        'checksum_structure' : 'arch',
+        'sha_regex' : r'SHA256 \([^)]+linux_{arch}\)',
+        },
+}
diff --git a/scripts/dependency_requirements.txt b/scripts/dependency_requirements.txt
@@ -0,0 +1,7 @@
+certifi==2024.8.30
+charset-normalizer==3.3.2
+idna==3.9
+requests==2.32.3
+ruamel.yaml==0.18.6
+ruamel.yaml.clib==0.2.8
+urllib3==2.2.3