Skip to content

[release-1.28] Add support for pinning tool versions to minor releases (#1421) #1430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
istio-testing merged 1 commit into from
Dec 10, 2025
Merged

[release-1.28] Add support for pinning tool versions to minor releases (#1421) #1430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "istio build-tools",
"image": "gcr.io/istio-testing/build-tools:master-4d8a6668b6d46b3becc35f9b24467f841bbb020a",
"image": "gcr.io/istio-testing/build-tools:release-1.28-2cff97d3b27d82d78c5d4e468a467f520cf2fbf3",
"privileged": true,
"remoteEnv": {
"USE_GKE_GCLOUD_AUTH_PLUGIN": "True",
Expand Down
4 changes: 2 additions & 2 deletions Makefile.core.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -559,12 +559,12 @@ MISSPELL ?= $(LOCALBIN)/misspell

## Tool Versions
OPERATOR_SDK_VERSION ?= v1.41.1
HELM_VERSION ?= v3.19.1
HELM_VERSION ?= v3.19.2
CONTROLLER_TOOLS_VERSION ?= v0.19.0
CONTROLLER_RUNTIME_BRANCH ?= release-0.22
OPM_VERSION ?= v1.61.0
OLM_VERSION ?= v0.38.0
GITLEAKS_VERSION ?= v8.29.0
GITLEAKS_VERSION ?= v8.29.1
ISTIOCTL_VERSION ?= 1.26.2
RUNME_VERSION ?= 3.15.4
MISSPELL_VERSION ?= v0.3.4
Expand Down
2 changes: 1 addition & 1 deletion common/.commonfiles.sha
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
9945999dd3d1f77609eef242e804b2c553158d74
b8b8db82eed504be6b80afb40907f1cbb3320583
2 changes: 1 addition & 1 deletion common/scripts/setup_env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ fi
TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io}
PROJECT_ID=${PROJECT_ID:-istio-testing}
if [[ "${IMAGE_VERSION:-}" == "" ]]; then
IMAGE_VERSION=release-1.28-4d8a6668b6d46b3becc35f9b24467f841bbb020a
IMAGE_VERSION=release-1.28-2cff97d3b27d82d78c5d4e468a467f520cf2fbf3
fi
if [[ "${IMAGE_NAME:-}" == "" ]]; then
IMAGE_NAME=build-tools
Expand Down
116 changes: 94 additions & 22 deletions tools/update_deps.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,83 @@ if [[ "$(uname)" == "Darwin" ]]; then
fi

UPDATE_BRANCH=${UPDATE_BRANCH:-"release-1.28"}
# When true, only update to the latest patch version (keeps major.minor version the same)
PIN_MINOR=${PIN_MINOR:-true}
# When true, skip Istio module updates (istio.io/istio and istio.io/client-go), do not add new Istio versions and only update tools
TOOLS_ONLY=${TOOLS_ONLY:-false}

SCRIPTPATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
ROOTDIR=$(dirname "${SCRIPTPATH}")
cd "${ROOTDIR}"

# Extract tool versions from Makefile
function getVersionFromMakefile() {
grep "^${1} ?= " "${ROOTDIR}/Makefile.core.mk" | cut -d'=' -f2 | tr -d ' '
}

# Get current versions from Makefile and set as variables
# Only needed when PIN_MINOR is true (for patch version updates)
if [[ "${PIN_MINOR}" == "true" ]]; then
OPERATOR_SDK_VERSION=$(getVersionFromMakefile "OPERATOR_SDK_VERSION")
# shellcheck disable=SC2034
HELM_VERSION=$(getVersionFromMakefile "HELM_VERSION")
CONTROLLER_TOOLS_VERSION=$(getVersionFromMakefile "CONTROLLER_TOOLS_VERSION")
CONTROLLER_RUNTIME_BRANCH=$(getVersionFromMakefile "CONTROLLER_RUNTIME_BRANCH")
OPM_VERSION=$(getVersionFromMakefile "OPM_VERSION")
OLM_VERSION=$(getVersionFromMakefile "OLM_VERSION")
GITLEAKS_VERSION=$(getVersionFromMakefile "GITLEAKS_VERSION")
RUNME_VERSION=$(getVersionFromMakefile "RUNME_VERSION")
MISSPELL_VERSION=$(getVersionFromMakefile "MISSPELL_VERSION")
fi


# getLatestVersion gets the latest released version of a github project
# $1 = org/repo
function getLatestVersion() {
curl -sL "https://api.github.com/repos/${1}/releases/latest" | yq '.tag_name'
}

# getLatestVersionByPrefix gets the latest released version of a github project with a specific version prefix
# $1 = org/repo
# $2 = version prefix
function getLatestVersionByPrefix() {
curl -sL "https://api.github.com/repos/${1}/releases?per_page=100" | \
yq -r '.[].tag_name' | \
grep -E "^v?${2}[.0-9]*$" | \
sort -V | \
tail -n 1
}

# getLatestPatchVersion gets the latest patch version for a given major.minor version
# $1 = org/repo
# $2 = current version (e.g., v1.2.3)
function getLatestPatchVersion() {
local repo=$1
local current_version=$2

# Extract major.minor from current version
# Handle versions with or without 'v' prefix
local version_no_v=${current_version#v}
local major_minor=""
major_minor=$(echo "${version_no_v}" | cut -d'.' -f1,2)

getLatestVersionByPrefix "$repo" "${major_minor}"
}

# getVersionForUpdate chooses between getLatestVersion and getLatestPatchVersion based on PIN_MINOR
# $1 = org/repo
# $2 = current version (optional, required if PIN_MINOR=true)
function getVersionForUpdate() {
local repo=$1
local current_version=$2

if [[ "${PIN_MINOR}" == "true" ]]; then
getLatestPatchVersion "${repo}" "${current_version}"
else
getLatestVersion "${repo}"
fi
}

function getReleaseBranch() {
minor=$(echo "${1}" | cut -f1,2 -d'.')
echo "release-${minor#*v}"
Expand All @@ -55,58 +121,59 @@ NEW_IMAGE_MASTER=$(grep IMAGE_VERSION= < common/scripts/setup_env.sh | cut -d= -

# Update go dependencies
export GO111MODULE=on
go get -u "istio.io/istio@${UPDATE_BRANCH}"
go get -u "istio.io/client-go@${UPDATE_BRANCH}"
go mod tidy
if [[ "${TOOLS_ONLY}" != "true" ]]; then
go get -u "istio.io/istio@${UPDATE_BRANCH}"
go get -u "istio.io/client-go@${UPDATE_BRANCH}"
go mod tidy
else
echo "Skipping Istio module updates (TOOLS_ONLY=true)"
fi

# Update operator-sdk
OPERATOR_SDK_LATEST_VERSION=$(getLatestVersion operator-framework/operator-sdk)
OPERATOR_SDK_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-sdk "${OPERATOR_SDK_VERSION}")
"$SED_CMD" -i "s|OPERATOR_SDK_VERSION ?= .*|OPERATOR_SDK_VERSION ?= ${OPERATOR_SDK_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
find "${ROOTDIR}/chart/templates/olm/scorecard.yaml" -type f -exec "$SED_CMD" -i "s|quay.io/operator-framework/scorecard-test:.*|quay.io/operator-framework/scorecard-test:${OPERATOR_SDK_LATEST_VERSION}|" {} +

# Update helm
HELM_LATEST_VERSION=$(getLatestVersion helm/helm | cut -d/ -f2)
HELM_LATEST_VERSION=$(getVersionForUpdate helm/helm "${HELM_VERSION}")
"$SED_CMD" -i "s|HELM_VERSION ?= .*|HELM_VERSION ?= ${HELM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update controller-tools
CONTROLLER_TOOLS_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/controller-tools)
CONTROLLER_TOOLS_LATEST_VERSION=$(getVersionForUpdate kubernetes-sigs/controller-tools "${CONTROLLER_TOOLS_VERSION}")
"$SED_CMD" -i "s|CONTROLLER_TOOLS_VERSION ?= .*|CONTROLLER_TOOLS_VERSION ?= ${CONTROLLER_TOOLS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update controller-runtime
CONTROLLER_RUNTIME_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/controller-runtime)
# Note: For controller-runtime, we use the branch to determine the current version
CONTROLLER_RUNTIME_CURRENT_VERSION="v${CONTROLLER_RUNTIME_BRANCH#release-}.0"
CONTROLLER_RUNTIME_LATEST_VERSION=$(getVersionForUpdate kubernetes-sigs/controller-runtime "${CONTROLLER_RUNTIME_CURRENT_VERSION}")
# FIXME: Do not use `go get -u` until https://github.com/kubernetes/apimachinery/issues/190 is resolved
# go get -u "sigs.k8s.io/controller-runtime@${CONTROLLER_RUNTIME_LATEST_VERSION}"
go get "sigs.k8s.io/controller-runtime@${CONTROLLER_RUNTIME_LATEST_VERSION}"
CONTROLLER_RUNTIME_BRANCH=$(getReleaseBranch "${CONTROLLER_RUNTIME_LATEST_VERSION}")
"$SED_CMD" -i "s|CONTROLLER_RUNTIME_BRANCH ?= .*|CONTROLLER_RUNTIME_BRANCH ?= ${CONTROLLER_RUNTIME_BRANCH}|" "${ROOTDIR}/Makefile.core.mk"

# Update opm
OPM_LATEST_VERSION=$(getLatestVersion operator-framework/operator-registry)
OPM_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-registry "${OPM_VERSION}")
"$SED_CMD" -i "s|OPM_VERSION ?= .*|OPM_VERSION ?= ${OPM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update olm
OLM_LATEST_VERSION=$(getLatestVersion operator-framework/operator-lifecycle-manager)
OLM_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-lifecycle-manager "${OLM_VERSION}")
"$SED_CMD" -i "s|OLM_VERSION ?= .*|OLM_VERSION ?= ${OLM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update kube-rbac-proxy
RBAC_PROXY_LATEST_VERSION=$(getLatestVersion brancz/kube-rbac-proxy | cut -d/ -f1)
# Only update it if the newer image is available in the registry
if docker manifest inspect "gcr.io/kubebuilder/kube-rbac-proxy:${RBAC_PROXY_LATEST_VERSION}" >/dev/null 2>/dev/null; then
"$SED_CMD" -i "s|gcr.io/kubebuilder/kube-rbac-proxy:.*|gcr.io/kubebuilder/kube-rbac-proxy:${RBAC_PROXY_LATEST_VERSION}|" "${ROOTDIR}/chart/values.yaml"
fi

# Update gitleaks
GITLEAKS_VERSION=$(getLatestVersion gitleaks/gitleaks)
"$SED_CMD" -i "s|GITLEAKS_VERSION ?= .*|GITLEAKS_VERSION ?= ${GITLEAKS_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
GITLEAKS_LATEST_VERSION=$(getVersionForUpdate gitleaks/gitleaks "${GITLEAKS_VERSION}")
"$SED_CMD" -i "s|GITLEAKS_VERSION ?= .*|GITLEAKS_VERSION ?= ${GITLEAKS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update runme
RUNME_LATEST_VERSION=$(getLatestVersion runmedev/runme)
# Remove the leading "v" from the version string
# Add 'v' prefix to current version for comparison if it doesn't have one
RUNME_VERSION_WITH_V="v${RUNME_VERSION}"
RUNME_LATEST_VERSION=$(getVersionForUpdate runmedev/runme "${RUNME_VERSION_WITH_V}")
# Remove the leading "v" from the version string for storage in Makefile
RUNME_LATEST_VERSION=${RUNME_LATEST_VERSION#v}
"$SED_CMD" -i "s|RUNME_VERSION ?= .*|RUNME_VERSION ?= ${RUNME_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update misspell
MISSPELL_LATEST_VERSION=$(getLatestVersion client9/misspell)
MISSPELL_LATEST_VERSION=$(getVersionForUpdate client9/misspell "${MISSPELL_VERSION}")
"$SED_CMD" -i "s|MISSPELL_VERSION ?= .*|MISSPELL_VERSION ?= ${MISSPELL_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"

# Update KIND_IMAGE. Look for KIND_IMAGE := docker.io in the make file and look on docker.io/kindest/node for the latest version.
Expand All @@ -119,4 +186,9 @@ fi


# Regenerate files
make update-istio gen
if [[ "${TOOLS_ONLY}" != "true" ]]; then
make update-istio gen
else
echo "Skipping 'make update-istio' (TOOLS_ONLY=true), running 'make gen' only"
make gen
fi
Loading