Automator: merge upstream changes to openshift-service-mesh/sail-operator@release-3.1

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "istio build-tools",
-  "image": "gcr.io/istio-testing/build-tools:release-1.26-80a1b41acf1fe5b60c2b49153f6d3f9ed3a82a0d",
+  "image": "gcr.io/istio-testing/build-tools:release-1.26-512a1e34a2bc63dd3c54ddcba27df1bcf95e7360",
   "privileged": true,
   "remoteEnv": {
     "USE_GKE_GCLOUD_AUTH_PLUGIN": "True",

Makefile.core.mk

@@ -559,7 +559,7 @@ RUNME ?= $(LOCALBIN)/runme
 
 ## Tool Versions
 OPERATOR_SDK_VERSION ?= v1.41.1
-HELM_VERSION ?= v3.19.0
+HELM_VERSION ?= v3.19.2
 CONTROLLER_TOOLS_VERSION ?= v0.19.0
 CONTROLLER_RUNTIME_BRANCH ?= release-0.22
 OPM_VERSION ?= v1.60.0

common/.commonfiles.sha

@@ -1 +1 @@
-3c071fd614ac519af1ca763cfe46521b7113b16c
+2a3998972172ea44d10217ac13cabfac18a47fff

common/scripts/setup_env.sh

@@ -75,7 +75,7 @@ fi
 TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io}
 PROJECT_ID=${PROJECT_ID:-istio-testing}
 if [[ "${IMAGE_VERSION:-}" == "" ]]; then
-  IMAGE_VERSION=release-1.26-80a1b41acf1fe5b60c2b49153f6d3f9ed3a82a0d
+  IMAGE_VERSION=release-1.26-512a1e34a2bc63dd3c54ddcba27df1bcf95e7360
 fi
 if [[ "${IMAGE_NAME:-}" == "" ]]; then
   IMAGE_NAME=build-tools

go.mod

@@ -32,7 +32,7 @@ require (
 	k8s.io/apimachinery v0.34.1
 	k8s.io/cli-runtime v0.33.3
 	k8s.io/client-go v0.34.1
-	sigs.k8s.io/controller-runtime v0.22.3
+	sigs.k8s.io/controller-runtime v0.22.4
 )
 
 require (

go.sum

@@ -501,8 +501,8 @@ oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc=
 oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 h1:Cf+ed5N8038zbsaXFO7mKQDi/+VcSRafb0jM84KX5so=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
-sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y=
-sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
+sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A=
+sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
 sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI=
 sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=

tools/update_deps.sh

@@ -16,18 +16,91 @@
 
 set -exo pipefail
 
-UPDATE_BRANCH=${UPDATE_BRANCH:-"master"}
+# Set up a cross-platform sed command.
+# On macOS, we use gsed (GNU sed) to have consistent behavior with Linux.
+# This requires gsed to be installed on macOS (e.g., via `brew install gnu-sed`).
+SED_CMD="sed"
+if [[ "$(uname)" == "Darwin" ]]; then
+  SED_CMD="gsed"
+fi
+
+UPDATE_BRANCH=${UPDATE_BRANCH:-"release-1.26"}
+# When true, only update to the latest patch version (keeps major.minor version the same)
+PIN_MINOR=${PIN_MINOR:-true}
+# When true, skip Istio module updates (istio.io/istio and istio.io/client-go), do not add new Istio versions and only update tools
+TOOLS_ONLY=${TOOLS_ONLY:-false}
 
 SCRIPTPATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 ROOTDIR=$(dirname "${SCRIPTPATH}")
 cd "${ROOTDIR}"
 
+# Extract tool versions from Makefile
+function getVersionFromMakefile() {
+  grep "^${1} ?= " "${ROOTDIR}/Makefile.core.mk" | cut -d'=' -f2 | tr -d ' '
+}
+
+# Get current versions from Makefile and set as variables
+# Only needed when PIN_MINOR is true (for patch version updates)
+if [[ "${PIN_MINOR}" == "true" ]]; then
+  OPERATOR_SDK_VERSION=$(getVersionFromMakefile "OPERATOR_SDK_VERSION")
+  # shellcheck disable=SC2034
+  HELM_VERSION=$(getVersionFromMakefile "HELM_VERSION")
+  CONTROLLER_TOOLS_VERSION=$(getVersionFromMakefile "CONTROLLER_TOOLS_VERSION")
+  CONTROLLER_RUNTIME_BRANCH=$(getVersionFromMakefile "CONTROLLER_RUNTIME_BRANCH")
+  OPM_VERSION=$(getVersionFromMakefile "OPM_VERSION")
+  OLM_VERSION=$(getVersionFromMakefile "OLM_VERSION")
+  GITLEAKS_VERSION=$(getVersionFromMakefile "GITLEAKS_VERSION")
+  RUNME_VERSION=$(getVersionFromMakefile "RUNME_VERSION")
+fi
+
+
 # getLatestVersion gets the latest released version of a github project
 # $1 = org/repo
 function getLatestVersion() {
   curl -sL "https://api.github.com/repos/${1}/releases/latest" | yq '.tag_name'
 }
 
+# getLatestVersionByPrefix gets the latest released version of a github project with a specific version prefix
+# $1 = org/repo
+# $2 = version prefix
+function getLatestVersionByPrefix() {
+  curl -sL "https://api.github.com/repos/${1}/releases?per_page=100" | \
+    yq -r '.[].tag_name' | \
+    grep -E "^v?${2}[.0-9]*$" | \
+    sort -V | \
+    tail -n 1
+}
+
+# getLatestPatchVersion gets the latest patch version for a given major.minor version
+# $1 = org/repo
+# $2 = current version (e.g., v1.2.3)
+function getLatestPatchVersion() {
+  local repo=$1
+  local current_version=$2
+
+  # Extract major.minor from current version
+  # Handle versions with or without 'v' prefix
+  local version_no_v=${current_version#v}
+  local major_minor=""
+  major_minor=$(echo "${version_no_v}" | cut -d'.' -f1,2)
+
+  getLatestVersionByPrefix "$repo" "${major_minor}"
+}
+
+# getVersionForUpdate chooses between getLatestVersion and getLatestPatchVersion based on PIN_MINOR
+# $1 = org/repo
+# $2 = current version (optional, required if PIN_MINOR=true)
+function getVersionForUpdate() {
+  local repo=$1
+  local current_version=$2
+
+  if [[ "${PIN_MINOR}" == "true" ]]; then
+    getLatestPatchVersion "${repo}" "${current_version}"
+  else
+    getLatestVersion "${repo}"
+  fi
+}
+
 function getReleaseBranch() {
   minor=$(echo "${1}" | cut -f1,2 -d'.')
   echo "release-${minor#*v}"
@@ -38,59 +111,69 @@ make update-common
 
 # update build container used in github actions
 NEW_IMAGE_MASTER=$(grep IMAGE_VERSION= < common/scripts/setup_env.sh | cut -d= -f2)
-sed -i -e "s|\(gcr.io/istio-testing/build-tools\):master.*|\1:$NEW_IMAGE_MASTER|" .github/workflows/update-deps.yaml
+"$SED_CMD" -i -e "s|\(gcr.io/istio-testing/build-tools\):master.*|\1:$NEW_IMAGE_MASTER|" .github/workflows/update-deps.yaml
 
 # Update go dependencies
 export GO111MODULE=on
-go get -u "istio.io/istio@${UPDATE_BRANCH}"
-go get -u "istio.io/client-go@${UPDATE_BRANCH}"
-go mod tidy
+if [[ "${TOOLS_ONLY}" != "true" ]]; then
+  go get -u "istio.io/istio@${UPDATE_BRANCH}"
+  go get -u "istio.io/client-go@${UPDATE_BRANCH}"
+  go mod tidy
+else
+  echo "Skipping Istio module updates (TOOLS_ONLY=true)"
+fi
 
 # Update operator-sdk
-OPERATOR_SDK_LATEST_VERSION=$(getLatestVersion operator-framework/operator-sdk)
-sed -i "s|OPERATOR_SDK_VERSION ?= .*|OPERATOR_SDK_VERSION ?= ${OPERATOR_SDK_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
-find "${ROOTDIR}/chart/templates/olm/scorecard.yaml" -type f -exec sed -i "s|quay.io/operator-framework/scorecard-test:.*|quay.io/operator-framework/scorecard-test:${OPERATOR_SDK_LATEST_VERSION}|" {} +
+OPERATOR_SDK_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-sdk "${OPERATOR_SDK_VERSION}")
+"$SED_CMD" -i "s|OPERATOR_SDK_VERSION ?= .*|OPERATOR_SDK_VERSION ?= ${OPERATOR_SDK_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+find "${ROOTDIR}/chart/templates/olm/scorecard.yaml" -type f -exec "$SED_CMD" -i "s|quay.io/operator-framework/scorecard-test:.*|quay.io/operator-framework/scorecard-test:${OPERATOR_SDK_LATEST_VERSION}|" {} +
 
 # Update helm
-HELM_LATEST_VERSION=$(getLatestVersion helm/helm | cut -d/ -f2)
-sed -i "s|HELM_VERSION ?= .*|HELM_VERSION ?= ${HELM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+HELM_LATEST_VERSION=$(getVersionForUpdate helm/helm "${HELM_VERSION}")
+"$SED_CMD" -i "s|HELM_VERSION ?= .*|HELM_VERSION ?= ${HELM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
 
 # Update controller-tools
-CONTROLLER_TOOLS_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/controller-tools)
-sed -i "s|CONTROLLER_TOOLS_VERSION ?= .*|CONTROLLER_TOOLS_VERSION ?= ${CONTROLLER_TOOLS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+CONTROLLER_TOOLS_LATEST_VERSION=$(getVersionForUpdate kubernetes-sigs/controller-tools "${CONTROLLER_TOOLS_VERSION}")
+"$SED_CMD" -i "s|CONTROLLER_TOOLS_VERSION ?= .*|CONTROLLER_TOOLS_VERSION ?= ${CONTROLLER_TOOLS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
 
 # Update controller-runtime
-CONTROLLER_RUNTIME_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/controller-runtime)
+# Note: For controller-runtime, we use the branch to determine the current version
+CONTROLLER_RUNTIME_CURRENT_VERSION="v${CONTROLLER_RUNTIME_BRANCH#release-}.0"
+CONTROLLER_RUNTIME_LATEST_VERSION=$(getVersionForUpdate kubernetes-sigs/controller-runtime "${CONTROLLER_RUNTIME_CURRENT_VERSION}")
 # FIXME: Do not use `go get -u` until https://github.com/kubernetes/apimachinery/issues/190 is resolved
 # go get -u "sigs.k8s.io/controller-runtime@${CONTROLLER_RUNTIME_LATEST_VERSION}"
 go get "sigs.k8s.io/controller-runtime@${CONTROLLER_RUNTIME_LATEST_VERSION}"
 CONTROLLER_RUNTIME_BRANCH=$(getReleaseBranch "${CONTROLLER_RUNTIME_LATEST_VERSION}")
-sed -i "s|CONTROLLER_RUNTIME_BRANCH ?= .*|CONTROLLER_RUNTIME_BRANCH ?= ${CONTROLLER_RUNTIME_BRANCH}|" "${ROOTDIR}/Makefile.core.mk"
+"$SED_CMD" -i "s|CONTROLLER_RUNTIME_BRANCH ?= .*|CONTROLLER_RUNTIME_BRANCH ?= ${CONTROLLER_RUNTIME_BRANCH}|" "${ROOTDIR}/Makefile.core.mk"
 
 # Update opm
-OPM_LATEST_VERSION=$(getLatestVersion operator-framework/operator-registry)
-sed -i "s|OPM_VERSION ?= .*|OPM_VERSION ?= ${OPM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+OPM_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-registry "${OPM_VERSION}")
+"$SED_CMD" -i "s|OPM_VERSION ?= .*|OPM_VERSION ?= ${OPM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
 
 # Update olm
-OLM_LATEST_VERSION=$(getLatestVersion operator-framework/operator-lifecycle-manager)
-sed -i "s|OLM_VERSION ?= .*|OLM_VERSION ?= ${OLM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
-
-# Update kube-rbac-proxy
-RBAC_PROXY_LATEST_VERSION=$(getLatestVersion brancz/kube-rbac-proxy | cut -d/ -f1)
-# Only update it if the newer image is available in the registry
-if docker manifest inspect "gcr.io/kubebuilder/kube-rbac-proxy:${RBAC_PROXY_LATEST_VERSION}" >/dev/null 2>/dev/null; then
-  sed -i "s|gcr.io/kubebuilder/kube-rbac-proxy:.*|gcr.io/kubebuilder/kube-rbac-proxy:${RBAC_PROXY_LATEST_VERSION}|" "${ROOTDIR}/chart/values.yaml"
-fi
+OLM_LATEST_VERSION=$(getVersionForUpdate operator-framework/operator-lifecycle-manager "${OLM_VERSION}")
+"$SED_CMD" -i "s|OLM_VERSION ?= .*|OLM_VERSION ?= ${OLM_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+
+# Update gateway-api
+GW_API_LATEST_VERSION=$(getLatestVersion kubernetes-sigs/gateway-api)
+"$SED_CMD" -i "s|GW_API_VERSION=.*|GW_API_VERSION=\${GW_API_VERSION:-${GW_API_LATEST_VERSION}}|" "${ROOTDIR}/tests/e2e/setup/setup-kind.sh"
 
 # Update gitleaks
-GITLEAKS_VERSION=$(getLatestVersion gitleaks/gitleaks)
-sed -i "s|GITLEAKS_VERSION ?= .*|GITLEAKS_VERSION ?= ${GITLEAKS_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+GITLEAKS_LATEST_VERSION=$(getVersionForUpdate gitleaks/gitleaks "${GITLEAKS_VERSION}")
+"$SED_CMD" -i "s|GITLEAKS_VERSION ?= .*|GITLEAKS_VERSION ?= ${GITLEAKS_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
 
 # Update runme
-RUNME_LATEST_VERSION=$(getLatestVersion runmedev/runme)
-# Remove the leading "v" from the version string
+# Add 'v' prefix to current version for comparison if it doesn't have one
+RUNME_VERSION_WITH_V="v${RUNME_VERSION}"
+RUNME_LATEST_VERSION=$(getVersionForUpdate runmedev/runme "${RUNME_VERSION_WITH_V}")
+# Remove the leading "v" from the version string for storage in Makefile
 RUNME_LATEST_VERSION=${RUNME_LATEST_VERSION#v}
-sed -i "s|RUNME_VERSION ?= .*|RUNME_VERSION ?= ${RUNME_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
+"$SED_CMD" -i "s|RUNME_VERSION ?= .*|RUNME_VERSION ?= ${RUNME_LATEST_VERSION}|" "${ROOTDIR}/Makefile.core.mk"
 
 # Regenerate files
-make update-istio gen
+if [[ "${TOOLS_ONLY}" != "true" ]]; then
+  make update-istio gen
+else
+  echo "Skipping 'make update-istio' (TOOLS_ONLY=true), running 'make gen' only"
+  make gen
+fi