From 2318c5c1f73d2cb8c8b39a7ce531c68c4b214a84 Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Tue, 14 Mar 2023 15:26:27 -0400 Subject: [PATCH 1/7] new action --- .github/workflows/release.yml | 75 +++++++++++++++++++++++++++++++++++ CHANGELOG.md | 7 ++++ 2 files changed, 82 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 CHANGELOG.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..e3718cb4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,75 @@ +name: release + +on: + push: + tags: [ v*.*.* ] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + + steps: + - + name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - + name: GPG config + run: | + mkdir -p ~/.gnupg + cat << EOF >> ~/.gnupg/options + keyserver keys.openpgp.org + keyserver-options auto-key-retrieve + EOF + + - + name: Verify tag signature + run: | + # NOTE: Solve the problem with Github action checkout + # https://github.com/actions/checkout/issues/290 + git fetch --tags --force + + version=${GITHUB_REF#refs/tags/*} + git show $version + git tag -v $version + + - + name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - + name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: 1.19 + check-latest: true + cache: true + - + name: Build release changelog + run: | + version=${GITHUB_REF#refs/tags/v*} + mkdir -p tmp + sed '/^# \['$version'\]/,/^# \[/!d;//d;/^\s*$/d' CHANGELOG.md > tmp/release_changelog.md + + - + name: Release + uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 + with: + distribution: goreleaser + version: v1.10.3 + args: release --rm-dist --release-notes=tmp/release_changelog.md + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..cd940b34 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,7 @@ +# v0.22.0 + + +* support for metadata info on sarif result +* Makefile fix for go mod tidy +* test without Kind by default +* deprecate kubernetes.io in override labels From c3c13b96a674a58f823927b11747db07f77767f2 Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Tue, 14 Mar 2023 15:39:18 -0400 Subject: [PATCH 2/7] modify goreleaser --- .goreleaser.yml | 17 +++++++++++++++++ CHANGELOG.md | 8 ++------ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 3f5df7f3..cf5fbbd0 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -5,6 +5,15 @@ release: name: kubeaudit draft: true name_template: "{{.ProjectName}}-v{{.Version}}" +dockers: +- dockerfile: goreleaser.Dockerfile + goos: linux + goarch: amd64 + goarm: '' + image_templates: + - "ghcr.io/shopify/kubeaudit:latest" + - "ghcr.io/shopify/kubeaudit:{{ .Tag }}" + - "ghcr.io/shopify/kubeaudit:v{{ .Major }}.{{ .Minor }}" builds: - goos: - linux @@ -31,3 +40,11 @@ snapshot: name_template: SNAPSHOT-{{ .Commit }} checksum: name_template: '{{ .ProjectName }}_{{ .Version }}_checksums.txt' + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" + - ^Merge diff --git a/CHANGELOG.md b/CHANGELOG.md index cd940b34..7485277b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,3 @@ -# v0.22.0 +# Unreleased - -* support for metadata info on sarif result -* Makefile fix for go mod tidy -* test without Kind by default -* deprecate kubernetes.io in override labels +* tba From 8a5e5a538a6a30b66b9fdf0abaf7e683ca9c93b6 Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Wed, 15 Mar 2023 14:48:35 -0400 Subject: [PATCH 3/7] update changelog --- CHANGELOG.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7485277b..60e8d230 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ # Unreleased -* tba +* support for metadata info on sarif result +* Makefile fix for go mod tidy +* test without Kind by default +* deprecate kubernetes.io in override labels + + +# v0.22.0 + +* support for metadata info on sarif result +* Makefile fix for go mod tidy +* test without Kind by default +* deprecate kubernetes.io in override labels From 3ac358b48288bd44a272a74e516d5786f4ad5ffb Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Wed, 15 Mar 2023 14:57:09 -0400 Subject: [PATCH 4/7] updates changelog --- .github/workflows/release.yml | 11 ----------- .goreleaser.yml | 17 +++++++++-------- CHANGELOG.md | 11 ++++++----- 3 files changed, 15 insertions(+), 24 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e3718cb4..9593c0d7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,17 +31,6 @@ jobs: keyserver-options auto-key-retrieve EOF - - - name: Verify tag signature - run: | - # NOTE: Solve the problem with Github action checkout - # https://github.com/actions/checkout/issues/290 - git fetch --tags --force - - version=${GITHUB_REF#refs/tags/*} - git show $version - git tag -v $version - - name: Log into registry ${{ env.REGISTRY }} uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a diff --git a/.goreleaser.yml b/.goreleaser.yml index cf5fbbd0..863dac5d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -26,6 +26,15 @@ builds: binary: kubeaudit ldflags: - -s -w -X github.com/Shopify/kubeaudit/cmd.Version={{.Version}} -X github.com/Shopify/kubeaudit/cmd.Commit={{.Commit}} -X github.com/Shopify/kubeaudit/cmd.BuildDate={{.Date}} + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" + - ^Merge + archives: - format: tar.gz name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{.Arm }}{{ end }}' @@ -40,11 +49,3 @@ snapshot: name_template: SNAPSHOT-{{ .Commit }} checksum: name_template: '{{ .ProjectName }}_{{ .Version }}_checksums.txt' - -changelog: - sort: asc - filters: - exclude: - - "^docs:" - - "^test:" - - ^Merge diff --git a/CHANGELOG.md b/CHANGELOG.md index 60e8d230..4f0d57fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,7 @@ # Unreleased +* tba + +# 0.22.0 * support for metadata info on sarif result * Makefile fix for go mod tidy @@ -6,9 +9,7 @@ * deprecate kubernetes.io in override labels -# v0.22.0 +# 0.21.0 +* the Seccomp auditor has been updated to flag missing Seccomp profiles in securityContext instead of deprecated seccomp annotations. Thank you @Ser87ch, for your amazing contribution! 👏 -* support for metadata info on sarif result -* Makefile fix for go mod tidy -* test without Kind by default -* deprecate kubernetes.io in override labels +* Override added for the unconfined apparmor profile! Once again, thank you @Ser87ch! 😍 From 432df8cdca789239a5e9b26cee8d942ea3c12b46 Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Mon, 27 Mar 2023 09:54:37 -0400 Subject: [PATCH 5/7] update docs --- CHANGELOG.md | 6 +++--- docs/release.md | 21 ++++++--------------- 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f0d57fe..d60cf7ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ -# Unreleased +# [Unreleased] * tba -# 0.22.0 +# [0.22.0] * support for metadata info on sarif result * Makefile fix for go mod tidy @@ -9,7 +9,7 @@ * deprecate kubernetes.io in override labels -# 0.21.0 +# [0.21.0] * the Seccomp auditor has been updated to flag missing Seccomp profiles in securityContext instead of deprecated seccomp annotations. Thank you @Ser87ch, for your amazing contribution! 👏 * Override added for the unconfined apparmor profile! Once again, thank you @Ser87ch! 😍 diff --git a/docs/release.md b/docs/release.md index 6bdb0605..4d238181 100644 --- a/docs/release.md +++ b/docs/release.md @@ -10,7 +10,9 @@ If the changes since the most recent release are bug fixes only, bump the last n 3. Update the `VERSION` file if necessary. You'll have to open / merge a PR to do this. -4. Create a tag with the new version and push it up to Github: +4. update `CHANGELOG.md` with a summary of what has changed. Add a new version header at the top of the document, just after `Unreleased` + +5. Create a tag with the new version and push it up to Github: ``` git tag -a -m "" @@ -24,26 +26,15 @@ git tag -a v0.11.6 -m "v0.11.6" git push origin v0.11.6 ``` -5. You will need a Github token in order for Goreleaser to be able to create a release in Github. If you already have one, skip to the next step. - -[Create a Github token](https://github.com/settings/tokens/new) with the `repo` scope. - -6. Run Goreleaser - -``` -GITHUB_TOKEN= goreleaser --rm-dist -``` - -7. Publish the release in Github -Goreleaser is set to draft mode which means it will create a draft release in Github, allowing you to double check the release and make changes to the Changelog. Find the [draft release](https://github.com/Shopify/kubeaudit/releases) and make sure there are no commits to main since the release. +6. Once you push the tag, the release Github action will be triggered and generate a draft release in Github, allowing you to double check it and make changes to the Changelog. Find the [draft release](https://github.com/Shopify/kubeaudit/releases) and make sure there are no commits to main since the release. > If there are commits to main since the release, this may mean you didn't make the tag on main or your main is out of date. -Click `Edit` on the right of the draft release and tidy up the Changelog if necessary. We like to add thank you's to external contributors, for example: +7. Click `Edit` on the right of the draft release and tidy up the Changelog if necessary. We like to add thank you's to external contributors, for example: ``` 202e355 Fixed code quality issues using DeepSource (#315) - Thank you @withshubh for the contribution! ``` -Click on `Publish release` at the bottom. +8. Click on `Publish release` at the bottom. From c55fb499e337b42e6e1bd0ee3f502d5f3a88ae24 Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Tue, 28 Mar 2023 16:49:43 -0400 Subject: [PATCH 6/7] removes manual changelog --- .github/workflows/release.yml | 17 +---------------- CHANGELOG.md | 15 --------------- docs/release.md | 4 +--- 3 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9593c0d7..16ac7a1b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,15 +22,6 @@ jobs: with: fetch-depth: 0 - - - name: GPG config - run: | - mkdir -p ~/.gnupg - cat << EOF >> ~/.gnupg/options - keyserver keys.openpgp.org - keyserver-options auto-key-retrieve - EOF - - name: Log into registry ${{ env.REGISTRY }} uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a @@ -46,12 +37,6 @@ jobs: go-version: 1.19 check-latest: true cache: true - - - name: Build release changelog - run: | - version=${GITHUB_REF#refs/tags/v*} - mkdir -p tmp - sed '/^# \['$version'\]/,/^# \[/!d;//d;/^\s*$/d' CHANGELOG.md > tmp/release_changelog.md - name: Release @@ -59,6 +44,6 @@ jobs: with: distribution: goreleaser version: v1.10.3 - args: release --rm-dist --release-notes=tmp/release_changelog.md + args: release --rm-dist env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index d60cf7ad..00000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,15 +0,0 @@ -# [Unreleased] -* tba - -# [0.22.0] - -* support for metadata info on sarif result -* Makefile fix for go mod tidy -* test without Kind by default -* deprecate kubernetes.io in override labels - - -# [0.21.0] -* the Seccomp auditor has been updated to flag missing Seccomp profiles in securityContext instead of deprecated seccomp annotations. Thank you @Ser87ch, for your amazing contribution! 👏 - -* Override added for the unconfined apparmor profile! Once again, thank you @Ser87ch! 😍 diff --git a/docs/release.md b/docs/release.md index 4d238181..d82a2759 100644 --- a/docs/release.md +++ b/docs/release.md @@ -10,9 +10,7 @@ If the changes since the most recent release are bug fixes only, bump the last n 3. Update the `VERSION` file if necessary. You'll have to open / merge a PR to do this. -4. update `CHANGELOG.md` with a summary of what has changed. Add a new version header at the top of the document, just after `Unreleased` - -5. Create a tag with the new version and push it up to Github: +4. Create a tag with the new version and push it up to Github: ``` git tag -a -m "" From 3ad866e410680bae0a72456f74242fbe76fac5a5 Mon Sep 17 00:00:00 2001 From: Daniele Santos Date: Tue, 28 Mar 2023 17:32:32 -0400 Subject: [PATCH 7/7] mention button in the instructions --- docs/release.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/release.md b/docs/release.md index d82a2759..323f6f20 100644 --- a/docs/release.md +++ b/docs/release.md @@ -25,14 +25,16 @@ git push origin v0.11.6 ``` -6. Once you push the tag, the release Github action will be triggered and generate a draft release in Github, allowing you to double check it and make changes to the Changelog. Find the [draft release](https://github.com/Shopify/kubeaudit/releases) and make sure there are no commits to main since the release. +5. Once you push the tag, the release Github action will be triggered and generate a draft release in Github, allowing you to double check it and make changes to the Changelog. Find the [draft release](https://github.com/Shopify/kubeaudit/releases) and make sure there are no commits to main since the release. > If there are commits to main since the release, this may mean you didn't make the tag on main or your main is out of date. -7. Click `Edit` on the right of the draft release and tidy up the Changelog if necessary. We like to add thank you's to external contributors, for example: +6. Click `Edit` on the right of the draft release and tidy up the Changelog if necessary. We like to add thank you's to external contributors, for example: ``` 202e355 Fixed code quality issues using DeepSource (#315) - Thank you @withshubh for the contribution! ``` -8. Click on `Publish release` at the bottom. +Optionally, you can click on "Generate release notes", which adds Markdown for all the merged pull requests from the diff and contributors of the release. + +7. Click on `Publish release` at the bottom.