diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 110839131a..4668f320a4 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-4d8a6668b6d46b3becc35f9b24467f841bbb020a", + "image": "gcr.io/istio-testing/build-tools:release-1.28-2cff97d3b27d82d78c5d4e468a467f520cf2fbf3", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/Makefile.core.mk b/Makefile.core.mk index d686839008..dd70e6ccec 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -559,12 +559,12 @@ MISSPELL ?= $(LOCALBIN)/misspell ## Tool Versions OPERATOR_SDK_VERSION ?= v1.41.1 -HELM_VERSION ?= v3.19.1 +HELM_VERSION ?= v3.19.2 CONTROLLER_TOOLS_VERSION ?= v0.19.0 CONTROLLER_RUNTIME_BRANCH ?= release-0.22 OPM_VERSION ?= v1.61.0 OLM_VERSION ?= v0.38.0 -GITLEAKS_VERSION ?= v8.29.0 +GITLEAKS_VERSION ?= v8.29.1 ISTIOCTL_VERSION ?= 1.26.2 RUNME_VERSION ?= 3.15.4 MISSPELL_VERSION ?= v0.3.4 diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index 835435630a..b484d979f5 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -9945999dd3d1f77609eef242e804b2c553158d74 +b8b8db82eed504be6b80afb40907f1cbb3320583 diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 49c4c8e609..44230cae92 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -77,7 +77,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=release-1.28-4d8a6668b6d46b3becc35f9b24467f841bbb020a + IMAGE_VERSION=release-1.28-2cff97d3b27d82d78c5d4e468a467f520cf2fbf3 fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/tools/update_deps.sh b/tools/update_deps.sh index d2839e5cf6..d1addb88d0 100755 --- a/tools/update_deps.sh +++ b/tools/update_deps.sh @@ -25,17 +25,83 @@ if [[ "$(uname)" == "Darwin" ]]; then fi UPDATE_BRANCH=${UPDATE_BRANCH:-"release-1.28"} +# When true, only update to the latest patch version (keeps major.minor version the same) +PIN_MINOR=${PIN_MINOR:-true} +# When true, skip Istio module updates (istio.io/istio and istio.io/client-go), do not add new Istio versions and only update tools +TOOLS_ONLY=${TOOLS_ONLY:-false} SCRIPTPATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ROOTDIR=$(dirname "${SCRIPTPATH}") cd "${ROOTDIR}" +# Extract tool versions from Makefile +function getVersionFromMakefile() { + grep "^${1} ?= " "${ROOTDIR}/Makefile.core.mk" | cut -d'=' -f2 | tr -d ' ' +} + +# Get current versions from Makefile and set as variables +# Only needed when PIN_MINOR is true (for patch version updates) +if [[ "${PIN_MINOR}" == "true" ]]; then + OPERATOR_SDK_VERSION=$(getVersionFromMakefile "OPERATOR_SDK_VERSION") + # shellcheck disable=SC2034 + HELM_VERSION=$(getVersionFromMakefile "HELM_VERSION") + CONTROLLER_TOOLS_VERSION=$(getVersionFromMakefile "CONTROLLER_TOOLS_VERSION") + CONTROLLER_RUNTIME_BRANCH=$(getVersionFromMakefile "CONTROLLER_RUNTIME_BRANCH") + OPM_VERSION=$(getVersionFromMakefile "OPM_VERSION") + OLM_VERSION=$(getVersionFromMakefile "OLM_VERSION") + GITLEAKS_VERSION=$(getVersionFromMakefile "GITLEAKS_VERSION") + RUNME_VERSION=$(getVersionFromMakefile "RUNME_VERSION") + MISSPELL_VERSION=$(getVersionFromMakefile "MISSPELL_VERSION") +fi + + # getLatestVersion gets the latest released version of a github project # $1 = org/repo function getLatestVersion() { curl -sL "https://api.github.com/repos/${1}/releases/latest" | yq '.tag_name' } +# getLatestVersionByPrefix gets the latest released version of a github project with a specific version prefix +# $1 = org/repo +# $2 = version prefix +function getLatestVersionByPrefix() { + curl -sL "https://api.github.com/repos/${1}/releases?per_page=100" | \ + yq -r '.[].tag_name' | \ + grep -E "^v?${2}[.0-9]*$" | \ + sort -V | \ + tail -n 1 +} + +# getLatestPatchVersion gets the latest patch version for a given major.minor version +# $1 = org/repo +# $2 = current version (e.g., v1.2.3) +function getLatestPatchVersion() { + local repo=$1 + local current_version=$2 + + # Extract major.minor from current version + # Handle versions with or without 'v' prefix + local version_no_v=${current_version#v} + local major_minor="" + major_minor=$(echo "${version_no_v}" | cut -d'.' -f1,2) + + getLatestVersionByPrefix "$repo" "${major_minor}" +} + +# getVersionForUpdate chooses between getLatestVersion and getLatestPatchVersion based on PIN_MINOR +# $1 = org/repo +# $2 = current version (optional, required if PIN_MINOR=true) +function getVersionForUpdate() { + local repo=$1 + local current_version=$2 + + if [[ "${PIN_MINOR}" == "true" ]]; then + getLatestPatchVersion "${repo}" "${current_version}" + else + getLatestVersion "${repo}" + fi +} + function getReleaseBranch() { minor=$(echo "${1}" | cut -f1,2 -d'.') echo "release-${minor#*v}" @@ -55,25 +121,31 @@ NEW_IMAGE_MASTER=$(grep IMAGE_VERSION= < common/scripts/setup_env.sh | cut -d= - # Update go dependencies export GO111MODULE=on -go get -u "istio.io/istio@${UPDATE_BRANCH}" -go get -u "istio.io/client-go@${UPDATE_BRANCH}" -go mod tidy +if [[ "${TOOLS_ONLY}" != "true" ]]; then + go get -u "istio.io/istio@${UPDATE_BRANCH}" + go get -u "istio.io/client-go@${UPDATE_BRANCH}" + go mod tidy +else + echo "Skipping Istio module updates (TOOLS_ONLY=true)" +fi # Update operator-sdk -OPERATOR_SDK_LATEST_VERSION=$(getLatestVersion operator-framework/operator-sdk) +OPERATOR_SDK_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-sdk "${OPERATOR_SDK_VERSION}") "$SED_CMD" -i "s|OPERATOR_SDK_VERSION ?= .*|OPERATOR_SDK_VERSION ?= ${OPERATOR_SDK_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" find "${ROOTDIR}/chart/templates/olm/scorecard.yaml" -type f -exec "$SED_CMD" -i "s|quay.io/operator-framework/scorecard-test:.*|quay.io/operator-framework/scorecard-test:${OPERATOR_SDK_LATEST_VERSION}|" {} + # Update helm -HELM_LATEST_VERSION=$(getLatestVersion helm/helm | cut -d/ -f2) +HELM_LATEST_VERSION=$(getVersionForUpdate helm/helm "${HELM_VERSION}") "$SED_CMD" -i "s|HELM_VERSION ?= .*|HELM_VERSION ?= ${HELM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" # Update controller-tools -CONTROLLER_TOOLS_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/controller-tools) +CONTROLLER_TOOLS_LATEST_VERSION=$(getVersionForUpdate kubernetes-sigs/controller-tools "${CONTROLLER_TOOLS_VERSION}") "$SED_CMD" -i "s|CONTROLLER_TOOLS_VERSION ?= .*|CONTROLLER_TOOLS_VERSION ?= ${CONTROLLER_TOOLS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" # Update controller-runtime -CONTROLLER_RUNTIME_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/controller-runtime) +# Note: For controller-runtime, we use the branch to determine the current version +CONTROLLER_RUNTIME_CURRENT_VERSION="v${CONTROLLER_RUNTIME_BRANCH#release-}.0" +CONTROLLER_RUNTIME_LATEST_VERSION=$(getVersionForUpdate kubernetes-sigs/controller-runtime "${CONTROLLER_RUNTIME_CURRENT_VERSION}") # FIXME: Do not use `go get -u` until https://github.com/kubernetes/apimachinery/issues/190 is resolved # go get -u "sigs.k8s.io/controller-runtime@${CONTROLLER_RUNTIME_LATEST_VERSION}" go get "sigs.k8s.io/controller-runtime@${CONTROLLER_RUNTIME_LATEST_VERSION}" @@ -81,32 +153,27 @@ CONTROLLER_RUNTIME_BRANCH=$(getReleaseBranch "${CONTROLLER_RUNTIME_LATEST_VERSIO "$SED_CMD" -i "s|CONTROLLER_RUNTIME_BRANCH ?= .*|CONTROLLER_RUNTIME_BRANCH ?= ${CONTROLLER_RUNTIME_BRANCH}|" "${ROOTDIR}/Makefile.core.mk" # Update opm -OPM_LATEST_VERSION=$(getLatestVersion operator-framework/operator-registry) +OPM_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-registry "${OPM_VERSION}") "$SED_CMD" -i "s|OPM_VERSION ?= .*|OPM_VERSION ?= ${OPM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" # Update olm -OLM_LATEST_VERSION=$(getLatestVersion operator-framework/operator-lifecycle-manager) +OLM_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-lifecycle-manager "${OLM_VERSION}") "$SED_CMD" -i "s|OLM_VERSION ?= .*|OLM_VERSION ?= ${OLM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" -# Update kube-rbac-proxy -RBAC_PROXY_LATEST_VERSION=$(getLatestVersion brancz/kube-rbac-proxy | cut -d/ -f1) -# Only update it if the newer image is available in the registry -if docker manifest inspect "gcr.io/kubebuilder/kube-rbac-proxy:${RBAC_PROXY_LATEST_VERSION}" >/dev/null 2>/dev/null; then - "$SED_CMD" -i "s|gcr.io/kubebuilder/kube-rbac-proxy:.*|gcr.io/kubebuilder/kube-rbac-proxy:${RBAC_PROXY_LATEST_VERSION}|" "${ROOTDIR}/chart/values.yaml" -fi - # Update gitleaks -GITLEAKS_VERSION=$(getLatestVersion gitleaks/gitleaks) -"$SED_CMD" -i "s|GITLEAKS_VERSION ?= .*|GITLEAKS_VERSION ?= ${GITLEAKS_VERSION}|" "${ROOTDIR}/Makefile.core.mk" +GITLEAKS_LATEST_VERSION=$(getVersionForUpdate gitleaks/gitleaks "${GITLEAKS_VERSION}") +"$SED_CMD" -i "s|GITLEAKS_VERSION ?= .*|GITLEAKS_VERSION ?= ${GITLEAKS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" # Update runme -RUNME_LATEST_VERSION=$(getLatestVersion runmedev/runme) -# Remove the leading "v" from the version string +# Add 'v' prefix to current version for comparison if it doesn't have one +RUNME_VERSION_WITH_V="v${RUNME_VERSION}" +RUNME_LATEST_VERSION=$(getVersionForUpdate runmedev/runme "${RUNME_VERSION_WITH_V}") +# Remove the leading "v" from the version string for storage in Makefile RUNME_LATEST_VERSION=${RUNME_LATEST_VERSION#v} "$SED_CMD" -i "s|RUNME_VERSION ?= .*|RUNME_VERSION ?= ${RUNME_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" # Update misspell -MISSPELL_LATEST_VERSION=$(getLatestVersion client9/misspell) +MISSPELL_LATEST_VERSION=$(getVersionForUpdate client9/misspell "${MISSPELL_VERSION}") "$SED_CMD" -i "s|MISSPELL_VERSION ?= .*|MISSPELL_VERSION ?= ${MISSPELL_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk" # Update KIND_IMAGE. Look for KIND_IMAGE := docker.io in the make file and look on docker.io/kindest/node for the latest version. @@ -119,4 +186,9 @@ fi # Regenerate files -make update-istio gen +if [[ "${TOOLS_ONLY}" != "true" ]]; then + make update-istio gen +else + echo "Skipping 'make update-istio' (TOOLS_ONLY=true), running 'make gen' only" + make gen +fi