diff --git a/.github/workflows/_Test-OCI-Factory.yaml b/.github/workflows/_Test-OCI-Factory.yaml index 001e5a5c..a54122c8 100644 --- a/.github/workflows/_Test-OCI-Factory.yaml +++ b/.github/workflows/_Test-OCI-Factory.yaml @@ -117,7 +117,6 @@ jobs: # test-oci-compliance: true # test-vulnerabilities: true - # # Test workflow used in continuous testing # test-vulnerability-scan: # name: Test vulnerability scan workflow diff --git a/oci/grafana-agent/.trivyignore b/oci/grafana-agent/.trivyignore index 2b2f25ec..39ac9e17 100644 --- a/oci/grafana-agent/.trivyignore +++ b/oci/grafana-agent/.trivyignore @@ -16,3 +16,5 @@ CVE-2023-49568 GHSA-9763-4f94-gfch # github.com/opencontainers/runc - runc: file descriptor leak CVE-2024-21626 +# golang.org/x/crypto - Applications and libraries which misuse the ServerConfig.PublicKeyCall ... +CVE-2024-45337 diff --git a/oci/grafana-agent/_releases.json b/oci/grafana-agent/_releases.json index 8dc6804d..115c9126 100644 --- a/oci/grafana-agent/_releases.json +++ b/oci/grafana-agent/_releases.json @@ -268,5 +268,50 @@ "edge": { "target": "0.40.3-22.04_beta" } + }, + "0-24.04": { + "end-of-life": "2025-03-12T00:00:00Z", + "stable": { + "target": "79" + }, + "candidate": { + "target": "0-24.04_stable" + }, + "beta": { + "target": "0-24.04_candidate" + }, + "edge": { + "target": "0-24.04_beta" + } + }, + "0.43-24.04": { + "end-of-life": "2025-03-12T00:00:00Z", + "stable": { + "target": "79" + }, + "candidate": { + "target": "0.43-24.04_stable" + }, + "beta": { + "target": "0.43-24.04_candidate" + }, + "edge": { + "target": "0.43-24.04_beta" + } + }, + "0.43.4-24.04": { + "end-of-life": "2025-03-12T00:00:00Z", + "stable": { + "target": "79" + }, + "candidate": { + "target": "0.43.4-24.04_stable" + }, + "beta": { + "target": "0.43.4-24.04_candidate" + }, + "edge": { + "target": "0.43.4-24.04_beta" + } } } \ No newline at end of file diff --git a/oci/grafana-agent/image.yaml b/oci/grafana-agent/image.yaml index a6f13c4f..6215c6bb 100644 --- a/oci/grafana-agent/image.yaml +++ b/oci/grafana-agent/image.yaml @@ -1,34 +1,18 @@ version: 1 upload: - source: canonical/grafana-agent-rock - commit: 8fdc452a8c36d7f8916821b8b4a7a4e88136eff6 - directory: 0.40.5 + commit: d3c1eaec89c38897141ff2b5b2e549664dea3992 + directory: 0.43.4 release: - 0.40.5-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 0-24.04: + end-of-life: '2025-03-12T00:00:00Z' risks: - stable - 0.40-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 0.43-24.04: + end-of-life: '2025-03-12T00:00:00Z' risks: - stable - 0-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - - source: canonical/grafana-agent-rock - commit: 8fdc452a8c36d7f8916821b8b4a7a4e88136eff6 - directory: 0.40.4 - release: - 0.40.4-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - - source: canonical/grafana-agent-rock - commit: 8fdc452a8c36d7f8916821b8b4a7a4e88136eff6 - directory: 0.40.3 - release: - 0.40.3-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 0.43.4-24.04: + end-of-life: '2025-03-12T00:00:00Z' risks: - stable diff --git a/oci/grafana/.trivyignore b/oci/grafana/.trivyignore index 064923cf..d459cc14 100644 --- a/oci/grafana/.trivyignore +++ b/oci/grafana/.trivyignore @@ -16,3 +16,5 @@ CVE-2023-49568 CVE-2023-49569 # github.com/cloudflare/circl - CIRCL's Kyber: timing side-channel (kyberslash2) GHSA-9763-4f94-gfch +# golang.org/x/crypto - Applications and libraries which misuse the ServerConfig.PublicKeyCall ... +CVE-2024-45337 diff --git a/oci/grafana/image.yaml b/oci/grafana/image.yaml index 2d3bec97..bf94b67f 100644 --- a/oci/grafana/image.yaml +++ b/oci/grafana/image.yaml @@ -1,34 +1,18 @@ version: 1 upload: - source: canonical/grafana-rock - commit: 76e6113b71255cd3d83df9b6f01b0ab2b783920d - directory: 10.4.2 + commit: a2d8bea8db1fc640cbe465429a70e79fcfbb83bb + directory: 11.4.0 release: - 10.4.2-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 11-24.04: + end-of-life: '2025-03-13T00:00:00Z' risks: - stable - 10.4-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 11.4-24.04: + end-of-life: '2025-03-13T00:00:00Z' risks: - stable - 10-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - - source: canonical/grafana-rock - commit: 76e6113b71255cd3d83df9b6f01b0ab2b783920d - directory: 11.0.0 - release: - 11.0.0-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - 11.0-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - 11-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 11.4.0-24.04: + end-of-life: '2025-03-13T00:00:00Z' risks: - stable diff --git a/oci/identity-platform-admin-ui/_releases.json b/oci/identity-platform-admin-ui/_releases.json index aed77df3..5465781d 100644 --- a/oci/identity-platform-admin-ui/_releases.json +++ b/oci/identity-platform-admin-ui/_releases.json @@ -15,9 +15,9 @@ } }, "1-22.04": { - "end-of-life": "2025-05-12T00:00:00Z", + "end-of-life": "2025-06-12T00:00:00Z", "stable": { - "target": "4" + "target": "9" }, "candidate": { "target": "1-22.04_stable" @@ -40,5 +40,17 @@ "edge": { "target": "6" } + }, + "1.22-22.04": { + "end-of-life": "2024-12-26T00:00:00Z", + "candidate": { + "target": "10" + }, + "edge": { + "target": "10" + }, + "beta": { + "target": "1.22-22.04_candidate" + } } } \ No newline at end of file diff --git a/oci/identity-platform-login-ui/_releases.json b/oci/identity-platform-login-ui/_releases.json index e5865966..1afb4dae 100644 --- a/oci/identity-platform-login-ui/_releases.json +++ b/oci/identity-platform-login-ui/_releases.json @@ -13,5 +13,17 @@ "edge": { "target": "0-22.04_beta" } + }, + "0.18-22.04": { + "end-of-life": "2024-12-19T00:00:00Z", + "candidate": { + "target": "9" + }, + "edge": { + "target": "9" + }, + "beta": { + "target": "0.18-22.04_candidate" + } } } \ No newline at end of file diff --git a/oci/kratos/_releases.json b/oci/kratos/_releases.json index b58b306d..b00455b0 100644 --- a/oci/kratos/_releases.json +++ b/oci/kratos/_releases.json @@ -15,9 +15,9 @@ } }, "1-22.04": { - "end-of-life": "2025-02-13T00:00:00Z", + "end-of-life": "2025-03-03T00:00:00Z", "stable": { - "target": "3" + "target": "10" }, "candidate": { "target": "1-22.04_stable" diff --git a/oci/metrics-proxy/_releases.json b/oci/metrics-proxy/_releases.json new file mode 100644 index 00000000..78c03c24 --- /dev/null +++ b/oci/metrics-proxy/_releases.json @@ -0,0 +1,92 @@ +{ + "0.1.1-22.04": { + "end-of-life": "2025-11-27T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "0.1.1-22.04_stable" + }, + "beta": { + "target": "0.1.1-22.04_candidate" + }, + "edge": { + "target": "0.1.1-22.04_beta" + } + }, + "0.1-22.04": { + "end-of-life": "2025-11-27T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "0.1-22.04_stable" + }, + "beta": { + "target": "0.1-22.04_candidate" + }, + "edge": { + "target": "0.1-22.04_beta" + } + }, + "0-22.04": { + "end-of-life": "2025-11-27T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "0-22.04_stable" + }, + "beta": { + "target": "0-22.04_candidate" + }, + "edge": { + "target": "0-22.04_beta" + } + }, + "0-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "2" + }, + "candidate": { + "target": "0-24.04_stable" + }, + "beta": { + "target": "0-24.04_candidate" + }, + "edge": { + "target": "0-24.04_beta" + } + }, + "0.1-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "2" + }, + "candidate": { + "target": "0.1-24.04_stable" + }, + "beta": { + "target": "0.1-24.04_candidate" + }, + "edge": { + "target": "0.1-24.04_beta" + } + }, + "0.1.1-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "2" + }, + "candidate": { + "target": "0.1.1-24.04_stable" + }, + "beta": { + "target": "0.1.1-24.04_candidate" + }, + "edge": { + "target": "0.1.1-24.04_beta" + } + } +} \ No newline at end of file diff --git a/oci/metrics-proxy/contacts.yaml b/oci/metrics-proxy/contacts.yaml new file mode 100644 index 00000000..437db0b4 --- /dev/null +++ b/oci/metrics-proxy/contacts.yaml @@ -0,0 +1,5 @@ +notify: + emails: + - observability@lists.launchpad.net + mattermost-channels: + - 1ayd5kim67bbing34i3h1x9uac \ No newline at end of file diff --git a/oci/metrics-proxy/documentation.yaml b/oci/metrics-proxy/documentation.yaml new file mode 100644 index 00000000..544a09e3 --- /dev/null +++ b/oci/metrics-proxy/documentation.yaml @@ -0,0 +1,43 @@ +version: 1 +# --- OVERVIEW INFORMATION --- +application: metrics-proxy +description: > + Metrics Proxy is a lightweight proxy designed to expose a unified metrics endpoint for multiple Kubernetes pods. + The proxy watches for pods in a Kubernetes cluster and listens on a configurable port, + where it exposes aggregated metrics on a configurable endpoint. + Read more on the [project repo](https://github.com/canonical/metrics-k8s-proxy). +# --- USAGE INFORMATION --- +docker: + parameters: + - -p 15090:15090 + access: Access aggregated metrics at `http://localhost:15090`. + +parameters: + - type: -e + value: 'TZ=UTC' + description: Timezone setting for the container. + - type: -p + value: '15090:15090' + description: Port mapping for accessing the metrics-proxy aggregated metrics endpoint. + - type: -e + value: 'POD_LABEL_SELECTOR="foo=bar"' + description: Specify labels to filter Kubernetes pods for metrics aggregation. + - type: -e + value: 'PORT="15090"' + description: The port on which the metrics-proxy listens for scrape requests. + - type: -e + value: 'SCRAPE_TIMEOUT="9s"' + description: Configures the timeout duration for scraping metrics from the pods. + +debug: + text: | + ### Debugging + + To debug the container: + ```bash + docker exec -it metrics-proxy-container pebble logs -f metrics-proxy + ``` + To get an interactive shell: + ```bash + docker exec -it metrics-proxy-container /bin/bash + ``` \ No newline at end of file diff --git a/oci/metrics-proxy/image.yaml b/oci/metrics-proxy/image.yaml new file mode 100644 index 00000000..1071fa61 --- /dev/null +++ b/oci/metrics-proxy/image.yaml @@ -0,0 +1,18 @@ +version: 1 +upload: + - source: canonical/metrics-proxy-rock + commit: 78ab3165104b87d648d077a1c3f80c308a10b6af + directory: 0.1.1 + release: + 0-24.04: + end-of-life: '2025-03-14T00:00:00Z' + risks: + - stable + 0.1-24.04: + end-of-life: '2025-03-14T00:00:00Z' + risks: + - stable + 0.1.1-24.04: + end-of-life: '2025-03-14T00:00:00Z' + risks: + - stable diff --git a/oci/mimir/.trivyignore b/oci/mimir/.trivyignore index 391591a3..d2ded497 100644 --- a/oci/mimir/.trivyignore +++ b/oci/mimir/.trivyignore @@ -8,3 +8,5 @@ CVE-2023-39325 GHSA-m425-mq94-257g # go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp - opentelemetry: DoS vulnerability in otelhttp CVE-2023-45142 +# golang.org/x/crypto - Applications and libraries which misuse the ServerConfig.PublicKeyCall ... +CVE-2024-45337 diff --git a/oci/mimir/_releases.json b/oci/mimir/_releases.json index e2fc31f3..76de1c68 100644 --- a/oci/mimir/_releases.json +++ b/oci/mimir/_releases.json @@ -178,5 +178,50 @@ "edge": { "target": "2.13-22.04_beta" } + }, + "2-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "109" + }, + "candidate": { + "target": "2-24.04_stable" + }, + "beta": { + "target": "2-24.04_candidate" + }, + "edge": { + "target": "2-24.04_beta" + } + }, + "2.14-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "109" + }, + "candidate": { + "target": "2.14-24.04_stable" + }, + "beta": { + "target": "2.14-24.04_candidate" + }, + "edge": { + "target": "2.14-24.04_beta" + } + }, + "2.14.2-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "109" + }, + "candidate": { + "target": "2.14.2-24.04_stable" + }, + "beta": { + "target": "2.14.2-24.04_candidate" + }, + "edge": { + "target": "2.14.2-24.04_beta" + } } } \ No newline at end of file diff --git a/oci/mimir/image.yaml b/oci/mimir/image.yaml index 627fb523..b760e6aa 100644 --- a/oci/mimir/image.yaml +++ b/oci/mimir/image.yaml @@ -1,18 +1,18 @@ version: 1 upload: - source: canonical/mimir-rock - commit: 34cb1b03a93d190f805a3c9c5578056978f0014d + commit: d4d848e4e0344ed052bfdeabd8d528c52b8b7434 directory: 2.14.2 release: - 2.14.2-22.04: - end-of-life: "2025-03-02T00:00:00Z" + 2-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - 2.14-22.04: - end-of-life: "2025-03-02T00:00:00Z" + 2.14-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - 2-22.04: - end-of-life: "2025-03-02T00:00:00Z" + 2.14.2-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable diff --git a/oci/mock-rock/_releases.json b/oci/mock-rock/_releases.json index 62d7445f..edc455e6 100644 --- a/oci/mock-rock/_releases.json +++ b/oci/mock-rock/_releases.json @@ -35,31 +35,31 @@ "1.1-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "candidate": { - "target": "966" + "target": "1002" }, "beta": { - "target": "966" + "target": "1002" }, "edge": { - "target": "966" + "target": "1002" } }, "1-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "candidate": { - "target": "966" + "target": "1002" }, "beta": { - "target": "966" + "target": "1002" }, "edge": { - "target": "966" + "target": "1002" } }, "1.2-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "beta": { - "target": "967" + "target": "1003" }, "edge": { "target": "1.2-22.04_beta" diff --git a/oci/prometheus/.trivyignore b/oci/prometheus/.trivyignore index fcc7b4be..f06a33ed 100644 --- a/oci/prometheus/.trivyignore +++ b/oci/prometheus/.trivyignore @@ -20,3 +20,9 @@ CVE-2022-41721 CVE-2022-41723 # golang.org/x/text - golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags CVE-2022-32149 +# github.com/docker/docker - moby: Authz zero length regression +CVE-2024-41110 +# golang.org/x/crypto - Applications and libraries which misuse the ServerConfig.PublicKeyCall ... +CVE-2024-45337 +# stdlib - encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested ... +CVE-2024-34156 diff --git a/oci/prometheus/_releases.json b/oci/prometheus/_releases.json index aec8fe42..f4a9ed54 100644 --- a/oci/prometheus/_releases.json +++ b/oci/prometheus/_releases.json @@ -268,5 +268,80 @@ "edge": { "target": "2.45-22.04_beta" } + }, + "2.53-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "111" + }, + "candidate": { + "target": "2.53-24.04_stable" + }, + "beta": { + "target": "2.53-24.04_candidate" + }, + "edge": { + "target": "2.53-24.04_beta" + } + }, + "2.53.3-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "111" + }, + "candidate": { + "target": "2.53.3-24.04_stable" + }, + "beta": { + "target": "2.53.3-24.04_candidate" + }, + "edge": { + "target": "2.53.3-24.04_beta" + } + }, + "2-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "112" + }, + "candidate": { + "target": "2-24.04_stable" + }, + "beta": { + "target": "2-24.04_candidate" + }, + "edge": { + "target": "2-24.04_beta" + } + }, + "2.55-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "112" + }, + "candidate": { + "target": "2.55-24.04_stable" + }, + "beta": { + "target": "2.55-24.04_candidate" + }, + "edge": { + "target": "2.55-24.04_beta" + } + }, + "2.55.1-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "112" + }, + "candidate": { + "target": "2.55.1-24.04_stable" + }, + "beta": { + "target": "2.55.1-24.04_candidate" + }, + "edge": { + "target": "2.55.1-24.04_beta" + } } } \ No newline at end of file diff --git a/oci/prometheus/image.yaml b/oci/prometheus/image.yaml index 31c956dc..5235c062 100644 --- a/oci/prometheus/image.yaml +++ b/oci/prometheus/image.yaml @@ -1,26 +1,30 @@ version: 1 upload: - source: canonical/prometheus-rock - commit: ebe3742f58628c2be2c385b1c300d33a5d519e0b - directory: 2.37.0 + commit: dbc5c65e0bf8e5c3d9fd28bba8076cdb761e3635 + directory: 2.53.3 release: - 2.37.0-22.04: - end-of-life: "2024-10-04T00:00:00Z" + 2.53-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - 2.37-22.04: - end-of-life: "2024-10-04T00:00:00Z" + 2.53.3-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - source: canonical/prometheus-rock - commit: ebe3742f58628c2be2c385b1c300d33a5d519e0b - directory: 2.45.0 + commit: dbc5c65e0bf8e5c3d9fd28bba8076cdb761e3635 + directory: 2.55.1 release: - 2.45.0-22.04: - end-of-life: "2024-10-04T00:00:00Z" + 2-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - 2.45-22.04: - end-of-life: "2024-10-04T00:00:00Z" + 2.55-24.04: + end-of-life: '2025-03-14T00:00:00Z' + risks: + - stable + 2.55.1-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable diff --git a/oci/python/_releases.json b/oci/python/_releases.json index c53e77ff..be533d2b 100644 --- a/oci/python/_releases.json +++ b/oci/python/_releases.json @@ -1,47 +1,47 @@ { "3.8-20.04": { "edge": { - "target": "43" + "target": "54" }, "end-of-life": "2025-03-31T00:00:00Z", "stable": { - "target": "43" + "target": "54" }, "candidate": { - "target": "43" + "target": "54" }, "beta": { - "target": "43" + "target": "54" } }, "3.12-24.04": { "end-of-life": "2029-03-31T00:00:00Z", "edge": { - "target": "48" + "target": "56" }, "stable": { - "target": "48" + "target": "56" }, "candidate": { - "target": "48" + "target": "56" }, "beta": { - "target": "48" + "target": "56" } }, "3.10-22.04": { "end-of-life": "2027-03-31T00:00:00Z", "stable": { - "target": "38" + "target": "55" }, "candidate": { - "target": "38" + "target": "55" }, "beta": { - "target": "38" + "target": "55" }, "edge": { - "target": "38" + "target": "55" } } } \ No newline at end of file diff --git a/oci/python/image.yaml b/oci/python/image.yaml index 9d71e805..d4b13284 100644 --- a/oci/python/image.yaml +++ b/oci/python/image.yaml @@ -2,7 +2,7 @@ version: 1 upload: - source: canonical/chiselled-python - commit: e0943bf2923ef50c9117ac58cd02a86146ece1fb + commit: 4f4d52540d7be7902bc4232ef51a16f42ec7d60a directory: python3.8/ release: 3.8-20.04: @@ -13,7 +13,7 @@ upload: - beta - edge - source: canonical/chiselled-python - commit: e0943bf2923ef50c9117ac58cd02a86146ece1fb + commit: 4f4d52540d7be7902bc4232ef51a16f42ec7d60a directory: python3.10/ release: 3.10-22.04: @@ -24,7 +24,7 @@ upload: - beta - edge - source: canonical/chiselled-python - commit: e0943bf2923ef50c9117ac58cd02a86146ece1fb + commit: 4f4d52540d7be7902bc4232ef51a16f42ec7d60a directory: python3.12/ release: 3.12-24.04: diff --git a/oci/tempo/.trivyignore b/oci/tempo/.trivyignore new file mode 100644 index 00000000..fde68fe3 --- /dev/null +++ b/oci/tempo/.trivyignore @@ -0,0 +1,4 @@ +# Upstream CVEs + +# golang.org/x/crypto - Applications and libraries which misuse the ServerConfig.PublicKeyCall ... +CVE-2024-45337 diff --git a/oci/tempo/_releases.json b/oci/tempo/_releases.json index a2b2f8ef..077dc7ad 100644 --- a/oci/tempo/_releases.json +++ b/oci/tempo/_releases.json @@ -88,5 +88,50 @@ "edge": { "target": "2.6-22.04_beta" } + }, + "2-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "4" + }, + "candidate": { + "target": "2-24.04_stable" + }, + "beta": { + "target": "2-24.04_candidate" + }, + "edge": { + "target": "2-24.04_beta" + } + }, + "2.6-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "4" + }, + "candidate": { + "target": "2.6-24.04_stable" + }, + "beta": { + "target": "2.6-24.04_candidate" + }, + "edge": { + "target": "2.6-24.04_beta" + } + }, + "2.6.1-24.04": { + "end-of-life": "2025-03-14T00:00:00Z", + "stable": { + "target": "4" + }, + "candidate": { + "target": "2.6.1-24.04_stable" + }, + "beta": { + "target": "2.6.1-24.04_candidate" + }, + "edge": { + "target": "2.6.1-24.04_beta" + } } } \ No newline at end of file diff --git a/oci/tempo/image.yaml b/oci/tempo/image.yaml index 57b46703..f95e915d 100644 --- a/oci/tempo/image.yaml +++ b/oci/tempo/image.yaml @@ -1,18 +1,18 @@ version: 1 upload: - source: canonical/tempo-rock - commit: 61866670957aecbb67481f8c5250b72aa82fc7f4 + commit: f484d825ad257f747a0fa10b62bc850d74cae447 directory: 2.6.1 release: - 2.6.1-22.04: - end-of-life: "2025-01-18T00:00:00Z" + 2-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - 2.6-22.04: - end-of-life: "2025-01-18T00:00:00Z" + 2.6-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable - 2-22.04: - end-of-life: "2025-01-18T00:00:00Z" + 2.6.1-24.04: + end-of-life: '2025-03-14T00:00:00Z' risks: - stable diff --git a/src/image/define_image_revision.sh b/src/image/define_image_revision.sh index 00dad985..dc49f830 100755 --- a/src/image/define_image_revision.sh +++ b/src/image/define_image_revision.sh @@ -7,11 +7,11 @@ set -x # Does image already exist in Swift? # If not, then this is immediately revision number 1 -swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME | grep $IMAGE_NAME || \ +swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME/ | grep $IMAGE_NAME || \ (echo "revision=1" >> "$GITHUB_OUTPUT" && exit 0) # If the script gets here, then it means this image already has revisions -highest_revision=$(swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME \ +highest_revision=$(swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME/ \ | sort -t / -k 3 -V \ | tail -1 \ | awk -F'/' '{print $3}') diff --git a/src/image/get_canonical_tags_from_swift.sh b/src/image/get_canonical_tags_from_swift.sh index 6cad6e61..330fb499 100755 --- a/src/image/get_canonical_tags_from_swift.sh +++ b/src/image/get_canonical_tags_from_swift.sh @@ -5,7 +5,7 @@ source $(dirname $0)/../configs/swift.public.novarc set -x -canonical_tags=$(swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME \ +canonical_tags=$(swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME/ \ | awk -F '/' '{print $2"_"$3}' | uniq | sort | tr '\n' ',') echo "canonical-tags=${canonical_tags}" >> "$GITHUB_OUTPUT" diff --git a/src/image/prepare_single_image_build_matrix.py b/src/image/prepare_single_image_build_matrix.py index 52432701..c144b205 100755 --- a/src/image/prepare_single_image_build_matrix.py +++ b/src/image/prepare_single_image_build_matrix.py @@ -107,11 +107,20 @@ def filter_eol_tracks(build: dict[str, Any]) -> dict[str, Any]: def filter_eol_builds(builds: list[dict[str, Any]]) -> list[dict[str, Any]]: - """Remove any builds with no tracks specified.""" - # remove any end of life tracks - builds = [filter_eol_tracks(build) for build in builds] + """Remove any builds with eol tracks.""" - return [build for build in builds if len(build["release"])] + # if no release exists and therefore no eol is specified, do nothing + non_release_builds = [build for build in builds if "release" not in build] + + # if we have release info, then filter based on eol + release_builds = [ + filtered_build + for build in builds + if "release" in build + and (filtered_build := filter_eol_tracks(build))["release"] + ] + + return non_release_builds + release_builds def write_revision_data(data_dir: Path, build: dict[str, Any]): @@ -157,7 +166,7 @@ def write_github_output( """Write script result to GITHUB_OUTPUT.""" outputs = { "build-matrix": {"include": builds}, - "release-to": release_to, + "release-to": "true" if release_to else "", "revision-data-dir": str(revision_data_dir), } with GithubOutput() as github_output: @@ -221,16 +230,21 @@ def main(): f"Generating matrix for following builds: \n {json.dumps(builds, indent=4)}" ) + # trigger a release if specified in the image_trigger root + release = "release" in image_trigger + for build in builds: write_revision_data(args.revision_data_dir, build) - # the workflow GH matrix has a problem parsing nested JSON dicts - # so let's remove this field since we don't need it for the builds - del build["release"] + if "release" in build: + # trigger a release if specified in any of the builds + release = True - release_to = "true" if "release" in image_trigger else "" + # the workflow GH matrix has a problem parsing nested JSON dicts + # so let's remove this field since we don't need it for the builds themselves + del build["release"] - write_github_output(release_to, builds, args.revision_data_dir) + write_github_output(release, builds, args.revision_data_dir) if __name__ == "__main__": diff --git a/src/uploads/swift_lockfile_lock.sh b/src/uploads/swift_lockfile_lock.sh index e3da5d4f..6e2f776c 100755 --- a/src/uploads/swift_lockfile_lock.sh +++ b/src/uploads/swift_lockfile_lock.sh @@ -26,7 +26,7 @@ pushd "${staging_area}" # are waiting for the lockfile to get removed, and they may exit # the while loop at the same time, getting into a race condition. while [ $TIMEOUT -gt 0 ]; do - swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME | grep "lockfile.lock" && sleep $SLEEP_TIME || break + swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME/ | grep "lockfile.lock" && sleep $SLEEP_TIME || break TIMEOUT=$(( $TIMEOUT - $SLEEP_TIME )) if [ $TIMEOUT -lt 1 ]; then echo "Timeout reached while waiting to write lockfile into the Swift container for ${IMAGE_NAME}." diff --git a/src/uploads/swift_lockfile_unlock.sh b/src/uploads/swift_lockfile_unlock.sh index 629c1f62..07260ebc 100755 --- a/src/uploads/swift_lockfile_unlock.sh +++ b/src/uploads/swift_lockfile_unlock.sh @@ -12,6 +12,6 @@ IMAGE_NAME=$1 # if it does not, emit an error # SWIFT_CONTAINER_NAME comes from env LOCKFILE="${IMAGE_NAME}/lockfile.lock" -swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME | grep "$LOCKFILE" && \ +swift list $SWIFT_CONTAINER_NAME -p $IMAGE_NAME/ | grep "$LOCKFILE" && \ (swift delete $SWIFT_CONTAINER_NAME "$LOCKFILE" && echo "Lock file removed successfully.") || \ echo "Lock file does not exist." diff --git a/tests/data/image_all_eol_tracks.yaml b/tests/data/image_all_eol_tracks.yaml new file mode 100644 index 00000000..2a0550b3 --- /dev/null +++ b/tests/data/image_all_eol_tracks.yaml @@ -0,0 +1,37 @@ +version: 1 + +upload: + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.0 + release: + 1.0-22.04: + end-of-life: "2020-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.1 + release: + 1.1-22.04: + end-of-life: "2000-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + 1-22.04: + end-of-life: "2000-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.2 + release: + 1.2-22.04: + end-of-life: "2000-05-01T00:00:00Z" + risks: + - beta diff --git a/tests/data/image_all_eol_tracks_with_release.yaml b/tests/data/image_all_eol_tracks_with_release.yaml new file mode 100644 index 00000000..b92f7b27 --- /dev/null +++ b/tests/data/image_all_eol_tracks_with_release.yaml @@ -0,0 +1,45 @@ +version: 1 + +release: + latest: + end-of-life: "2030-05-01T00:00:00Z" + candidate: 1.2-22.04_beta + test: + end-of-life: "2030-05-01T00:00:00Z" + beta: 1.1-22.04_beta + +upload: + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.0 + release: + 1.0-22.04: + end-of-life: "2020-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.1 + release: + 1.1-22.04: + end-of-life: "2000-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + 1-22.04: + end-of-life: "2000-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.2 + release: + 1.2-22.04: + end-of-life: "2000-05-01T00:00:00Z" + risks: + - beta diff --git a/tests/data/image_no_track_releases.yaml b/tests/data/image_no_track_releases.yaml new file mode 100644 index 00000000..941bcd17 --- /dev/null +++ b/tests/data/image_no_track_releases.yaml @@ -0,0 +1,14 @@ +version: 1 + +upload: + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.0 + + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.1 + + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.2 diff --git a/tests/data/image_single_track_release.yaml b/tests/data/image_single_track_release.yaml new file mode 100644 index 00000000..47efa36b --- /dev/null +++ b/tests/data/image_single_track_release.yaml @@ -0,0 +1,19 @@ +version: 1 + +upload: + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.0 + + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.1 + + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.2 + release: + 1.2-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - beta diff --git a/tests/data/image_with_release.yaml b/tests/data/image_with_release.yaml new file mode 100644 index 00000000..72382b32 --- /dev/null +++ b/tests/data/image_with_release.yaml @@ -0,0 +1,45 @@ +version: 1 + +release: + latest: + end-of-life: "2030-05-01T00:00:00Z" + candidate: 1.2-22.04_beta + test: + end-of-life: "2030-05-01T00:00:00Z" + beta: 1.1-22.04_beta + +upload: + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.0 + release: + 1.0-22.04: + end-of-life: "2024-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.1 + release: + 1.1-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + 1-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.2 + release: + 1.2-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - beta diff --git a/tests/data/image_without_release.yaml b/tests/data/image_without_release.yaml new file mode 100644 index 00000000..488174c5 --- /dev/null +++ b/tests/data/image_without_release.yaml @@ -0,0 +1,37 @@ +version: 1 + +upload: + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.0 + release: + 1.0-22.04: + end-of-life: "2024-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.1 + release: + 1.1-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + 1-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - candidate + - edge + - beta + - source: "canonical/rocks-toolbox" + commit: 17916dd5de270e61a6a3fd3f4661a6413a50fd6f + directory: mock_rock/1.2 + release: + 1.2-22.04: + end-of-life: "2030-05-01T00:00:00Z" + risks: + - beta diff --git a/tests/integration/test_prepare_single_image_build_matrix.py b/tests/integration/test_prepare_single_image_build_matrix.py new file mode 100644 index 00000000..95082977 --- /dev/null +++ b/tests/integration/test_prepare_single_image_build_matrix.py @@ -0,0 +1,86 @@ +# from pathlib import Path +# import pytest + +import json +import re +import shutil +import sys +from pathlib import Path + +import pytest + +from src.image.prepare_single_image_build_matrix import \ + main as prepare_build_matrix + +from .. import DATA_DIR + + +@pytest.fixture +def prep_execution(tmpdir, monkeypatch, request): + + image_trigger_sample = getattr(request, "param", None) + + # configure files/env requried for the test + github_output = tmpdir / "github_output" + monkeypatch.setenv("GITHUB_OUTPUT", str(github_output)) + + revision_data_dir = tmpdir / "revision-data" + revision_data_dir.mkdir() + + oci_trigger_dir = tmpdir / "image_trigger" + oci_trigger_dir.mkdir() + shutil.copy( + image_trigger_sample, + oci_trigger_dir / "image.yaml", + ) + + # patch the arv for the test. script.py can be anything + args = ( + f"--oci-path {oci_trigger_dir} --revision-data-dir {revision_data_dir}".split( + " " + ) + ) + monkeypatch.setattr(sys, "argv", ["script.py"] + args) + + return revision_data_dir, github_output + + +@pytest.mark.parametrize( + "prep_execution, expected_release_to, expected_release_count", + [ + (DATA_DIR / "image_all_eol_tracks_with_release.yaml", True, 0), + (DATA_DIR / "image_all_eol_tracks.yaml", False, 0), + (DATA_DIR / "image_no_track_releases.yaml", False, 0), + (DATA_DIR / "image_single_track_release.yaml", True, 1), + (DATA_DIR / "image_with_release.yaml", True, 3), + (DATA_DIR / "image_without_release.yaml", True, 3), + ], + indirect=["prep_execution"], +) +def test_release_to(prep_execution, expected_release_to, expected_release_count): + """Test state of release-to in github output after running prepare_single_image_build_matrix""" + revision_data_dir, github_output = prep_execution + + # run main from prepare_single_image_build_matrix + prepare_build_matrix() + + github_output_content = github_output.read_text("utf8") + + assert re.search( + f'^release-to={"true" if expected_release_to else ""}$', + github_output_content, + re.M, + ), "Invalid release-to value" + + revision_files = Path(revision_data_dir).glob("*") + + release_count = 0 + + for file in revision_files: + revision_data = json.loads(file.read_text()) + if release_list := revision_data.get("release"): + release_count += len(release_list) + + assert ( + expected_release_count == release_count + ), "Invalid number of builds to release" diff --git a/tools/cli-client/go.mod b/tools/cli-client/go.mod index f037895c..914fa0fd 100644 --- a/tools/cli-client/go.mod +++ b/tools/cli-client/go.mod @@ -6,7 +6,7 @@ require ( github.com/briandowns/spinner v1.23.0 github.com/canonical/go-flags v0.0.0-20230403090104-105d09a091b8 github.com/go-git/go-git/v5 v5.12.0 - golang.org/x/term v0.26.0 + golang.org/x/term v0.27.0 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c gopkg.in/yaml.v3 v3.0.1 ) @@ -37,7 +37,7 @@ require ( golang.org/x/mod v0.18.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.27.0 // indirect + golang.org/x/sys v0.28.0 // indirect golang.org/x/tools v0.22.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/tools/cli-client/go.sum b/tools/cli-client/go.sum index bd927193..13304977 100644 --- a/tools/cli-client/go.sum +++ b/tools/cli-client/go.sum @@ -130,6 +130,8 @@ golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -141,6 +143,8 @@ golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/tools/workflow-engine/charms/temporal-worker/oci_factory/activities/find_images_to_update.py b/tools/workflow-engine/charms/temporal-worker/oci_factory/activities/find_images_to_update.py index 5e6f10dc..3b187ec0 100755 --- a/tools/workflow-engine/charms/temporal-worker/oci_factory/activities/find_images_to_update.py +++ b/tools/workflow-engine/charms/temporal-worker/oci_factory/activities/find_images_to_update.py @@ -15,15 +15,16 @@ import json import logging import os -from datetime import datetime, timezone -import requests -import swiftclient import sys import tempfile import time -import yaml import zipfile +from datetime import datetime, timezone +from fnmatch import fnmatchcase +import requests +import swiftclient +import yaml if __name__ == "__main__": logging.basicConfig(stream=sys.stderr, level=logging.INFO) @@ -103,11 +104,10 @@ def find_released_revisions(releases_json: dict) -> list: ) # This is the metadata file we want to get from Swift - build_metadata_file = "build_metadata.json" + # match objects with name ///build_metadata.json img_objs = list( filter( - lambda o: o["name"].startswith(image) - and o["name"].endswith(build_metadata_file), + lambda o: fnmatchcase(o["name"], f"{image}/*/*/build_metadata.json"), swift_oci_factory_objs, ) ) diff --git a/tools/workflow-engine/charms/temporal-worker/pyproject.toml b/tools/workflow-engine/charms/temporal-worker/pyproject.toml index f87b16ca..36089ddf 100644 --- a/tools/workflow-engine/charms/temporal-worker/pyproject.toml +++ b/tools/workflow-engine/charms/temporal-worker/pyproject.toml @@ -28,7 +28,7 @@ importlib-resources = "^6.0.1" pytest = "^7.1.3" black = "^22.8.0" isort = "^5.10.1" -poethepoet = "^0.30.0" +poethepoet = "^0.31.0" pytest-asyncio = "^0.19.0" mypy = "^0.971"