Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 improve hack/verify-release.sh draft release note handling #381

Merged
merged 1 commit into from
Nov 21, 2023
Merged

🌱 improve hack/verify-release.sh draft release note handling #381

merged 1 commit into from
Nov 21, 2023

Conversation

tuminoid
Copy link
Member

@tuminoid tuminoid commented Nov 21, 2023
edited
Loading

Github API does not allow fetching draft release notes by tag, only by release id. Add the required code to fetch that, and also do not bail out if it fails, just skip the tests that require the data.

Fix the osv-scanner exiting the script when it finds vulnerabiltiies as well.

@metal3-io-bot metal3-io-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Nov 21, 2023
@tuminoid tuminoid force-pushed the tuomo/fix-verify-release branch from 0c079d0 to 0319fdf Compare November 21, 2023 12:24
@adilGhaffarDev
Copy link
Member

works for me, got this ouput for last draft release:

Checking required tools ...
Done

Detecting remote ...
Done

Checking input ...
Done

Checking if tag exists ...
INFO: Tag v1.5.2 exists, running post-tag checks too
Done

Checking local commit vs tag commit ...
WARNING: your local repository is dirty
Done

Downloading release information ...
Done

Verifying Git tags ...
Done

Verifying Git tag types ...
Done

Verifying release notes ...
WARNING: ':recycle:' not found in release note text, recheck content
Done

Verifying release artefacts ...
Done

Verifying container images ...
ERROR: container image tag metal3-io/ip-address-manager:v1.5.2 not found at quay.io
Done

Verify all go.mod dependencies are the same across go.mods ...
Done

Verifying go.mod bump module pairings ...
Done

Verify modules are using latest patch releases ...
Done

Verifying vulnerabilities ...

One small thing I didnt get the Done after Verifying vulnerabilities ...

Rozzii
Rozzii previously approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@Rozzii Rozzii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 21, 2023
@Rozzii
Copy link
Member

Rozzii commented Nov 21, 2023

/test-centos-e2e-integration-main
/test-ubuntu-integration-main

smoshiur1237
smoshiur1237 previously approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@smoshiur1237 smoshiur1237 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tuminoid
Copy link
Member Author

tuminoid commented Nov 21, 2023
edited
Loading

One small thing I didnt get the Done after Verifying vulnerabilities ...

/hold
Good catch, osv-scanner actually returns failure if it finds vulnerabilities, and the script exits too soon. I'll fix that too.

@metal3-io-bot metal3-io-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 21, 2023
@tuminoid
improve hack/verify-release.sh draft release note handling
c81a9a5 
Github API does not allow fetching draft release notes by tag, only
by release id. Add the required code to fetch that, and also do not
bail out if it fails, just skip the tests that require the data.

Also fix osv-scanner exiting the script before printing the
vulnerabilities. It returns failure when vulns are found.

Signed-off-by: Tuomo Tanskanen <[email protected]>
@tuminoid tuminoid dismissed stale reviews from smoshiur1237 and Rozzii via c81a9a5 November 21, 2023 12:51
@tuminoid tuminoid force-pushed the tuomo/fix-verify-release branch from 0319fdf to c81a9a5 Compare November 21, 2023 12:51
@metal3-io-bot metal3-io-bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 21, 2023
@tuminoid
Copy link
Member Author

/unhold
Fixed the osv-scanner exiting script too early as well.

@metal3-io-bot metal3-io-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 21, 2023
@adilGhaffarDev
Copy link
Member

Fixed the osv-scanner exiting script too early as well.

nice, its working now:

Checking required tools ...
Done

Detecting remote ...
Done

Checking input ...
Done

Checking if tag exists ...
INFO: Tag v1.5.2 exists, running post-tag checks too
Done

Checking local commit vs tag commit ...
WARNING: your local repository is dirty
Done

Downloading release information ...
Done

Verifying Git tags ...
ERROR: tag v1.5.2 is not found in remote upstream
Done

Verifying Git tag types ...
Done

Verifying release notes ...
WARNING: ':recycle:' not found in release note text, recheck content
Done

Verifying release artefacts ...
Done

Verifying container images ...
ERROR: container image tag metal3-io/ip-address-manager:v1.5.2 not found at quay.io
Done

Verify all go.mod dependencies are the same across go.mods ...
Done

Verifying go.mod bump module pairings ...
Done

Verify modules are using latest patch releases ...
Done

Verifying vulnerabilities ...
Scanning dir .
Scanning /Users/adil/Desktop/est/metal3-ipam/ at commit 65bee123dd912848ee82d8232c044c327a7d2925
Scanned /Users/adil/Desktop/est/metal3-ipam/api/go.mod file and found 61 packages
Scanned /Users/adil/Desktop/est/metal3-ipam/go.mod file and found 76 packages
Scanned /Users/adil/Desktop/est/metal3-ipam/hack/tools/go.mod file and found 65 packages
+------------------------------+------+-----------+---------+---------+-------------------+
| OSV URL                      | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE            |
+------------------------------+------+-----------+---------+---------+-------------------+
| https://osv.dev/GO-2023-2102 |      | Go        | stdlib  | 1.21.1  | api/go.mod        |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2185 |      | Go        | stdlib  | 1.21.1  | api/go.mod        |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2186 |      | Go        | stdlib  | 1.21.1  | api/go.mod        |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2102 |      | Go        | stdlib  | 1.21.1  | go.mod            |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2185 |      | Go        | stdlib  | 1.21.1  | go.mod            |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2186 |      | Go        | stdlib  | 1.21.1  | go.mod            |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2102 |      | Go        | stdlib  | 1.21.1  | hack/tools/go.mod |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2185 |      | Go        | stdlib  | 1.21.1  | hack/tools/go.mod |
|                              |      |           |         |         |                   |
| https://osv.dev/GO-2023-2186 |      | Go        | stdlib  | 1.21.1  | hack/tools/go.mod |
|                              |      |           |         |         |                   |
+------------------------------+------+-----------+---------+---------+-------------------+
Done

@tuminoid
Copy link
Member Author

/override test-centos-e2e-integration-main
/override test-ubuntu-integration-main
Save the trees, they do not test this.

@metal3-io-bot
Copy link
Contributor

@tuminoid: Overrode contexts on behalf of tuminoid: test-centos-e2e-integration-main, test-ubuntu-integration-main

In response to this:

/override test-centos-e2e-integration-main
/override test-ubuntu-integration-main
Save the trees, they do not test this.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tuminoid
Copy link
Member Author

/cherry-pick release-1.5
/cherry-pick release-1.4

@metal3-io-bot
Copy link
Contributor

@tuminoid: once the present PR merges, I will cherry-pick it on top of release-1.5 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.5
/cherry-pick release-1.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tuminoid
Copy link
Member Author

/cherry-pick release-1.4

@metal3-io-bot
Copy link
Contributor

@tuminoid: once the present PR merges, I will cherry-pick it on top of release-1.4 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tuminoid tuminoid mentioned this pull request Nov 21, 2023
Merged
smoshiur1237
smoshiur1237 approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@smoshiur1237 smoshiur1237 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 21, 2023
@tuminoid
Copy link
Member Author

/assign @kashifest

@kashifest
Copy link
Member

/approve

@metal3-io-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kashifest, Rozzii, smoshiur1237

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 21, 2023
@metal3-io-bot metal3-io-bot merged commit f7a0f48 into metal3-io:main Nov 21, 2023
9 checks passed
@metal3-io-bot metal3-io-bot deleted the tuomo/fix-verify-release branch November 21, 2023 14:00
@metal3-io-bot
Copy link
Contributor

@tuminoid: new pull request created: #382

In response to this:

/cherry-pick release-1.5
/cherry-pick release-1.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@metal3-io-bot metal3-io-bot mentioned this pull request Nov 21, 2023
Merged
@metal3-io-bot
Copy link
Contributor

@tuminoid: new pull request created: #383

In response to this:

/cherry-pick release-1.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@metal3-io-bot metal3-io-bot mentioned this pull request Nov 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smoshiur1237 smoshiur1237 smoshiur1237 approved these changes

@Rozzii Rozzii Rozzii left review comments

Assignees

@kashifest kashifest

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@tuminoid @adilGhaffarDev @Rozzii @metal3-io-bot @kashifest @smoshiur1237