From 7a605f5084c19b2b2742bc2bc1440ee7d1bfb5d3 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Wed, 17 Jul 2024 01:07:30 +0000 Subject: [PATCH 1/3] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 18 ++++++------- make/_shared/tools/00_mod.mk | 51 ++++++++++-------------------------- 2 files changed, 23 insertions(+), 46 deletions(-) diff --git a/klone.yaml b/klone.yaml index ad4e05f..554e914 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,45 +10,45 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/boilerplate - folder_name: cert-manager repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/cert-manager - folder_name: executable repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/executable - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 39d76d5..8d5ad2c 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -42,7 +42,13 @@ for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))), # variables: https://stackoverflow.com/questions/54726457 export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) -CTR=docker +CTR ?= docker +.PHONY: __require-ctr +ifneq ($(shell command -v $(CTR) >/dev/null || echo notfound),) +__require-ctr: + @:$(error "$(CTR) (or set CTR to a docker-compatible tool)") +endif +NEEDS_CTR = __require-ctr tools := # https://github.com/helm/helm/releases @@ -241,8 +247,13 @@ detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_ export VENDOR_GO ?= $(detected_vendoring) ifeq ($(VENDOR_GO),) +.PHONY: __require-go +ifneq ($(shell command -v go >/dev/null || echo notfound),) +__require-go: + @:$(error "$(GO) (or run 'make vendor-go')") +endif GO := go -NEEDS_GO := # +NEEDS_GO = __require-go else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) @@ -604,10 +615,7 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOW missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ - && (command -v rsync >/dev/null || echo rsync) \ - && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ - || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ - && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) + && (command -v rsync >/dev/null || echo rsync)) ifneq ($(missing),) $(error Missing required tools: $(missing)) endif @@ -616,34 +624,3 @@ endif ## Download and setup all tools ## @category [shared] Tools tools: $(tools_paths) - -self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk - -# see https://stackoverflow.com/a/53408233 -sed_inplace := sed -i'' -ifeq ($(HOST_OS),darwin) - sed_inplace := sed -i '' -endif - -# This target is used to learn the sha256sum of the tools. It is used only -# in the makefile-modules repo, and should not be used in any other repo. -.PHONY: tools-learn-sha -tools-learn-sha: | $(bin_dir) - rm -rf ./$(bin_dir)/ - mkdir -p ./$(bin_dir)/scratch/ - $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_tools_file) - echo -n "" > "$(LEARN_FILE)" - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go - - while read p; do \ - $(sed_inplace) "$$p" $(self_file); \ - done <"$(LEARN_FILE)" From 116b735682d4ced642330bd8fad78032cedd0504 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 17 Jul 2024 13:18:04 +0200 Subject: [PATCH 2/3] run 'make upgrade-klone' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- klone.yaml | 18 +++++++++--------- .../go/base/.github/workflows/govulncheck.yaml | 7 +++++-- make/_shared/help/help.sh | 8 ++++---- .../.github/workflows/make-self-upgrade.yaml | 17 +++++++++++++---- 4 files changed, 31 insertions(+), 19 deletions(-) diff --git a/klone.yaml b/klone.yaml index 554e914..9618e4f 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,45 +10,45 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/boilerplate - folder_name: cert-manager repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/cert-manager - folder_name: executable repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/executable - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/tools diff --git a/make/_shared/go/base/.github/workflows/govulncheck.yaml b/make/_shared/go/base/.github/workflows/govulncheck.yaml index 405e8de..bba5726 100644 --- a/make/_shared/go/base/.github/workflows/govulncheck.yaml +++ b/make/_shared/go/base/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh index d9c831f..400aab3 100755 --- a/make/_shared/help/help.sh +++ b/make/_shared/help/help.sh @@ -71,10 +71,10 @@ done <<< "$raw_expansions" ## 3. Sort and print the extracted line items -RULE_COLOR="$(tput setaf 6)" -CATEGORY_COLOR="$(tput setaf 3)" -CLEAR_STYLE="$(tput sgr0)" -PURPLE=$(tput setaf 125) +RULE_COLOR="$(TERM=xterm tput setaf 6)" +CATEGORY_COLOR="$(TERM=xterm tput setaf 3)" +CLEAR_STYLE="$(TERM=xterm tput sgr0)" +PURPLE=$(TERM=xterm tput setaf 125) extracted_lines=$(echo -e "$extracted_lines" | LC_ALL=C sort -r) current_category="" diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index 93beedf..2c6feca 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); } From c8321355fb4b6444c4d1e8d93d6d6d918efe763a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 17 Jul 2024 13:19:26 +0200 Subject: [PATCH 3/3] run 'make generate' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/workflows/govulncheck.yaml | 7 +++++-- .github/workflows/make-self-upgrade.yaml | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 405e8de..bba5726 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index 93beedf..2c6feca 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); }