CI: Automate updating docker version

2023-04-06 15:17:03 -07:00 · 2023-04-06 15:17:03 -07:00 · 9137397338
parent 01dcd4313a
commit 9137397338
7 changed files with 198 additions and 15 deletions
--- a/.github/workflows/update-docker-version.yml
+++ b/.github/workflows/update-docker-version.yml
@ -0,0 +1,70 @@
+name: "update-docker-version"
+on:
+  workflow_dispatch:
+  schedule:
+    # every Thursday at around 3 am pacific/10 am UTC
+    - cron: "0 10 * * 4"
+env:
+  GOPROXY: https://proxy.golang.org
+  GO_VERSION: '1.20.2'
+permissions:
+  contents: read
+
+jobs:
+  bump-docker-version:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+      - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: ./go.sum
+      - name: Bump docker Version
+        id: bumpDocker
+        run: |
+          echo "OLD_VERSION=$(DEP=docker make get-dependency-version)" >> $GITHUB_OUTPUT
+          make update-docker-version
+          echo "NEW_VERSION=$(DEP=docker make get-dependency-version)" >> $GITHUB_OUTPUT
+          # The following is to support multiline with GITHUB_OUTPUT, see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+          echo "changes<<EOF" >> $GITHUB_OUTPUT
+          echo "$(git status --porcelain)" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+      - name: Create PR
+        id: createPR
+        if: ${{ steps.bumpDocker.outputs.changes != '' }}
+        uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5
+        with:
+          token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          commit-message: 'Kicbase/ISO: Update docker from ${{ steps.bumpContainerd.outputs.OLD_VERSION }} to ${{ steps.bumpContainerd.outputs.NEW_VERSION }}'
+          committer: minikube-bot <minikube-bot@google.com>
+          author: minikube-bot <minikube-bot@google.com>
+          branch: auto_bump_docker_version
+          branch-suffix: short-commit-hash
+          push-to-fork: minikube-bot/minikube
+          base: master
+          delete-branch: true
+          title: 'Kicbase/ISO: Update docker from ${{ steps.bumpContainerd.outputs.OLD_VERSION }} to ${{ steps.bumpContainerd.outputs.NEW_VERSION }}'
+          body: |
+            The docker project released a [new version](https://github.com/moby/moby/releases)
+
+            This PR was auto-generated by `make update-docker-version` using [update-docker-version.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows/update-docker-version.yml) CI Workflow.
+      - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
+        with:
+          github-token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: ${{ steps.createPR.outputs.pull-request-number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'ok-to-build-image'
+            })
+      - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
+        with:
+          github-token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: ${{ steps.createPR.outputs.pull-request-number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'ok-to-build-iso'
+            })
--- a/7
+++ b/7
@ -1102,10 +1102,15 @@ update-runc-version:
 	(cd hack/update/runc_version && \
 	 go run update_runc_version.go)

+.PHONY: update-docker-version
+update-docker-version:
+	(cd hack/update/docker_version && \
+	 go run update_docker_version.go)
+
 .PHONY: get-dependency-verison
 get-dependency-version:
 	@(cd hack/update/get_version && \
-	 go run get_version.go)
+	  go run get_version.go)

 .PHONY: generate-licenses
 generate-licenses:
--- a/deploy/iso/minikube-iso/arch/aarch64/package/docker-bin-aarch64/docker-bin.hash
+++ b/deploy/iso/minikube-iso/arch/aarch64/package/docker-bin-aarch64/docker-bin.hash
@ -1,10 +1,10 @@
-sha256 ea971edc1179088bfd25edd04a0c12848143d15cb8202ebb93a6a08973464fd0 docker-20.10.14.tgz
-sha256 46102273fab8d6b8a7cf248a928ebaa4bee43114001c593b0d07092a34a439e1 docker-20.10.15.tgz
-sha256 2f35d8d422b63a59279084c159c9092b63b6d974a7fcd868167aee4cc5f79f3b docker-20.10.16.tgz
-sha256 249244024b507a6599084522cc73e73993349d13264505b387593f2b2ed603e6 docker-20.10.17.tgz
-sha256 aa2b2da571fb9160df87fd5a831f203fb97655e35fb9c4e8d46e72078ae16acf docker-20.10.18.tgz
-sha256 a04414b3fcf537f0cff17cf01e2b7cb3e39013c10d12e7959547f11aaf71f63c docker-20.10.19.tgz
-sha256 ef69a2a8ddb87026a8b19e240b2ae3087764b7285860df7faee24e04024f2eb7 docker-20.10.20.tgz
-sha256 b4ceb6151d4dd1bfc7557f5fe0317e29cfcac91f798c34fae7dee891a811f8ee docker-20.10.21.tgz
-sha256 2c75cd6c3dc9b81cb5bde664c882e4339a2054e09cf09606f9f7dd6970e7f078 docker-20.10.22.tgz
-sha256 5c40bb7dcd1aad94be49ad75d24e7fd409119ed0eaad04f5d13c4fddfb397c8a docker-20.10.23.tgz
+sha256 ea971edc1179088bfd25edd04a0c12848143d15cb8202ebb93a6a08973464fd0  docker-20.10.14.tgz
+sha256 46102273fab8d6b8a7cf248a928ebaa4bee43114001c593b0d07092a34a439e1  docker-20.10.15.tgz
+sha256 2f35d8d422b63a59279084c159c9092b63b6d974a7fcd868167aee4cc5f79f3b  docker-20.10.16.tgz
+sha256 249244024b507a6599084522cc73e73993349d13264505b387593f2b2ed603e6  docker-20.10.17.tgz
+sha256 aa2b2da571fb9160df87fd5a831f203fb97655e35fb9c4e8d46e72078ae16acf  docker-20.10.18.tgz
+sha256 a04414b3fcf537f0cff17cf01e2b7cb3e39013c10d12e7959547f11aaf71f63c  docker-20.10.19.tgz
+sha256 ef69a2a8ddb87026a8b19e240b2ae3087764b7285860df7faee24e04024f2eb7  docker-20.10.20.tgz
+sha256 b4ceb6151d4dd1bfc7557f5fe0317e29cfcac91f798c34fae7dee891a811f8ee  docker-20.10.21.tgz
+sha256 2c75cd6c3dc9b81cb5bde664c882e4339a2054e09cf09606f9f7dd6970e7f078  docker-20.10.22.tgz
+sha256 5c40bb7dcd1aad94be49ad75d24e7fd409119ed0eaad04f5d13c4fddfb397c8a  docker-20.10.23.tgz
--- a/hack/update/containerd_version/update_containerd_version.go
+++ b/hack/update/containerd_version/update_containerd_version.go
@ -83,17 +83,17 @@ func updateHashFiles(version string) error {
 		return fmt.Errorf("failed to read response body: %v", err)
 	}
 	sum := sha256.Sum256(b)
-	filePathBase := "../../../deploy/iso/minikube-iso/arch/"
-	if err := updateHashFile(filePathBase+"aarch64/package/containerd-bin-aarch64/containerd-bin.hash", version, sum); err != nil {
+	if err := updateHashFile(version, "aarch64", "-aarch64", sum); err != nil {
 		return fmt.Errorf("aarch64: %v", err)
 	}
-	if err := updateHashFile(filePathBase+"x86_64/package/containerd-bin/containerd-bin.hash", version, sum); err != nil {
+	if err := updateHashFile(version, "x86_64", "", sum); err != nil {
 		return fmt.Errorf("x86_64: %v", err)
 	}
 	return nil
 }

-func updateHashFile(filePath, version string, shaSum [sha256.Size]byte) error {
+func updateHashFile(version, arch, folderSuffix string, shaSum [sha256.Size]byte) error {
+	filePath := fmt.Sprintf("../../../deploy/iso/minikube-iso/arch/%s/package/containerd-bin%s/containerd-bin.hash", arch, folderSuffix)
 	b, err := os.ReadFile(filePath)
 	if err != nil {
 		return fmt.Errorf("failed to read hash file: %v", err)
--- a/hack/update/docker_version/update_docker_version.go
+++ b/hack/update/docker_version/update_docker_version.go
@ -0,0 +1,102 @@
+/*
+Copyright 2023 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"k8s.io/klog/v2"
+	"k8s.io/minikube/hack/update"
+)
+
+const cxTimeout = 5 * time.Minute
+
+var schema = map[string]update.Item{
+	"deploy/iso/minikube-iso/arch/aarch64/package/docker-bin-aarch64/docker-bin.mk": {
+		Replace: map[string]string{
+			`DOCKER_BIN_AARCH64_VERSION = .*`: `DOCKER_BIN_AARCH64_VERSION {{.Version}}`,
+		},
+	},
+	"deploy/iso/minikube-iso/arch/x86_64/package/docker-bin/docker-bin.mk": {
+		Replace: map[string]string{
+			`DOCKER_BIN_VERSION = .*`: `DOCKER_BIN_VERSION = {{.Version}}`,
+		},
+	},
+}
+
+type Data struct {
+	Version string
+}
+
+func main() {
+	ctx, cancel := context.WithTimeout(context.Background(), cxTimeout)
+	defer cancel()
+
+	stable, _, _, err := update.GHReleases(ctx, "moby", "moby")
+	if err != nil {
+		klog.Fatalf("Unable to get docker stable version: %v", err)
+	}
+
+	data := Data{Version: strings.TrimPrefix(stable.Tag, "v")}
+
+	update.Apply(schema, data)
+
+	if err := updateHashFile(data.Version, "aarch64", "-aarch64"); err != nil {
+		klog.Fatalf("failed to update hash file: %v", err)
+	}
+	if err := updateHashFile(data.Version, "x86_64", ""); err != nil {
+		klog.Fatalf("failed to update hash file: %v", err)
+	}
+}
+
+func updateHashFile(version, arch, folderSuffix string) error {
+	r, err := http.Get(fmt.Sprintf("https://download.docker.com/linux/static/stable/%s/docker-%s.tgz", arch, version))
+	if err != nil {
+		return fmt.Errorf("failed to download source code: %v", err)
+	}
+	defer r.Body.Close()
+	b, err := io.ReadAll(r.Body)
+	if err != nil {
+		return fmt.Errorf("failed to read response body: %v", err)
+	}
+	sum := sha256.Sum256(b)
+	filePath := fmt.Sprintf("../../../deploy/iso/minikube-iso/arch/%s/package/docker-bin%s/docker-bin.hash", arch, folderSuffix)
+	b, err = os.ReadFile(filePath)
+	if err != nil {
+		return fmt.Errorf("failed to read hash file: %v", err)
+	}
+	if strings.Contains(string(b), version) {
+		klog.Infof("hash file already contains %q", version)
+		return nil
+	}
+	f, err := os.OpenFile(filePath, os.O_APPEND|os.O_WRONLY, 0644)
+	if err != nil {
+		return fmt.Errorf("failed to open hash file: %v", err)
+	}
+	defer f.Close()
+	if _, err := f.WriteString(fmt.Sprintf("sha256 %x  docker-%s.tgz\n", sum, version)); err != nil {
+		return fmt.Errorf("failed to write to hash file: %v", err)
+	}
+	return nil
+}
--- a/hack/update/get_version/get_version.go
+++ b/hack/update/get_version/get_version.go
@ -32,6 +32,7 @@ var dependencies = map[string]dependency{
 	"cloud-spanner":  {"pkg/minikube/assets/addons.go", `cloud-spanner-emulator/emulator:(.*)@`},
 	"containerd":     {"deploy/iso/minikube-iso/arch/x86_64/package/containerd-bin/containerd-bin.mk", `CONTAINERD_BIN_VERSION = (.*)`},
 	"cri-o":          {"deploy/iso/minikube-iso/package/crio-bin/crio-bin.mk", `CRIO_BIN_VERSION = (.*)`},
+	"docker":         {"deploy/iso/minikube-iso/arch/x86_64/package/docker-bin/docker-bin.mk", `DOCKER_BIN_VERSION = (.*)`},
 	"gh":             {"hack/jenkins/installers/check_install_gh.sh", `GH_VERSION="(.*)"`},
 	"go":             {"Makefile", `GO_VERSION \?= (.*)`},
 	"golint":         {"Makefile", `GOLINT_VERSION \?= (.*)`},
--- a/hack/update/golang_version/update_golang_version.go
+++ b/hack/update/golang_version/update_golang_version.go
@ -155,6 +155,11 @@ var (
 				`GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`,
 			},
 		},
+		".github/workflows/update-docker-version.yml": {
+			Replace: map[string]string{
+				`GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`,
+			},
+		},
 		".github/workflows/sync-minikube.yml": {
 			Replace: map[string]string{
 				`GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`,