Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add script and pipeline that automatically bumps gVisor version #184

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add script and pipeline that automatically bumps gVisor version #184

wants to merge 2 commits into from

Conversation

MrBatschner
Copy link
Contributor

What this PR does / why we need it:

Adds a script and a pipeline that checks for new/updated gVisor versions at regular intervals and files a pull request should a new version be found.

Release note:

NONE

@MrBatschner MrBatschner requested review from a team as code owners February 7, 2025 13:21
@gardener-robot-ci-2 gardener-robot-ci-2 added ci/broken-pipeline-definition reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 7, 2025
@gardener-robot-ci-3 gardener-robot-ci-3 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 7, 2025
@MrBatschner MrBatschner marked this pull request as draft February 7, 2025 13:37
@MrBatschner
Add automatic bump of gVisor version
054683e 
Adds a script that checks https://github.com/google/gvisor/tags
for new releases and updates GVISOR_VERSION if a newer release was
found. Intended to be run in a Concourse pipeline at regular
recurring intervals.
@MrBatschner MrBatschner force-pushed the dev/automatic-gvisor-bump branch from b54c402 to 054683e Compare February 7, 2025 13:54
@gardener gardener deleted a comment from gardener-robot-ci-2 Feb 7, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 7, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 7, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 7, 2025
@gardener gardener deleted a comment from gardener-robot-ci-2 Feb 7, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 7, 2025
@gardener-robot gardener-robot added the needs/review Needs review label Feb 7, 2025
@MrBatschner
Copy link
Contributor Author

This PR proposes changes that would break the pipeline definition:

gardener-extension-runtime-gvisor-dev_automatic-gvisor-bump: Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/concourse/replicator.py", line 141, in render
    definition_descriptor = self._render(definition_descriptor)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/concourse/replicator.py", line 185, in _render
    'definition': factory.create_pipeline_definition(),
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/concourse/factory.py", line 88, in create_pipeline_definition
    self._apply_traits(variant)
  File "/usr/lib/python3.12/site-packages/concourse/factory.py", line 177, in _apply_traits
    transformer.process_pipeline_args(pipeline_def)
  File "/usr/lib/python3.12/site-packages/concourse/model/traits/release.py", line 520, in process_pipeline_args
    raise ValueError(textwrap.dedent(f'''\
ValueError: asset=BuildstepLogAsset(ocm_labels=[{'name': 'gardener.cloud/purposes', 'value': ['lint', 'sast', 'gosec']}, {'name': 'gardener.cloud/comment', 'value': 'We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.\nEnabled by https://github.com/gardener/gardener-extension-runtime-gvisor/pull/155\n'}], type='build-step-log', name='verify-build-step-log', step_name='verify', artefact_type='application/data', artefact_extra_id={}, purposes=['lint', 'sast', 'gosec'], comment='We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.\nEnabled by https://github.com/gardener/gardener-extension-runtime-gvisor/pull/155\n', upload_as_github_asset=True, github_asset_name=None)'s step_name refers to an absent build-step. If the step in question is
declared branch-specifically, i.e. via `branch.cfg`, and the current branch is
going to be merged with a branch declaring the pipeline step, this error can be
safely ignored, iff the branch is transient only (not used for release).

This comes from the changes to pipeline_defitinitions in #173, check my comment there.

@gardener gardener deleted a comment from gardener-robot-ci-2 Feb 7, 2025
@MrBatschner MrBatschner marked this pull request as ready for review February 7, 2025 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci/broken-pipeline-definition needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MrBatschner @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot