From be7838eb1378947c47dfc9557134c74313f9b1e9 Mon Sep 17 00:00:00 2001
From: Steven Powell <spowellgrr@gmail.com>
Date: Thu, 24 Aug 2023 16:29:25 -0700
Subject: [PATCH] CI: Auto update crictl

---
 .github/workflows/update-crictl-version.yml   |  72 +++++++++++
 Makefile                                      |   5 +
 .../crictl_version/update_crictl_version.go   | 118 ++++++++++++++++++
 hack/update/get_version/get_version.go        |   1 +
 4 files changed, 196 insertions(+)
 create mode 100644 .github/workflows/update-crictl-version.yml
 create mode 100644 hack/update/crictl_version/update_crictl_version.go

diff --git a/.github/workflows/update-crictl-version.yml b/.github/workflows/update-crictl-version.yml
new file mode 100644
index 0000000000..6be542969c
--- /dev/null
+++ b/.github/workflows/update-crictl-version.yml
@@ -0,0 +1,72 @@
+name: "update-crictl-version"
+on:
+  workflow_dispatch:
+  schedule:
+    # every Wednesday at around 3 am pacific/10 am UTC
+    - cron: "0 10 * * 3"
+env:
+  GOPROXY: https://proxy.golang.org
+  GO_VERSION: '1.20.7'
+permissions:
+  contents: read
+
+jobs:
+  bump-crictl-version:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: ./go.sum
+      - name: Bump crictl Version
+        id: bumpCrictl
+        run: |
+          echo "OLD_VERSION=$(DEP=crictl make get-dependency-version)" >> $GITHUB_OUTPUT
+          make update-crictl-version
+          echo "NEW_VERSION=$(DEP=crictl make get-dependency-version)" >> $GITHUB_OUTPUT
+          # The following is to support multiline with GITHUB_OUTPUT, see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+          echo "changes<<EOF" >> $GITHUB_OUTPUT
+          echo "$(git status --porcelain)" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+      - name: Create PR
+        id: createPR
+        if: ${{ steps.bumpCrictl.outputs.changes != '' }}
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
+        with:
+          token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          commit-message: 'Kicbase/ISO: Update crictl from ${{ steps.bumpCrictl.outputs.OLD_VERSION }} to ${{ steps.bumpCrictl.outputs.NEW_VERSION }}'
+          committer: minikube-bot <minikube-bot@google.com>
+          author: minikube-bot <minikube-bot@google.com>
+          branch: auto_bump_crictl_version
+          branch-suffix: short-commit-hash
+          push-to-fork: minikube-bot/minikube
+          base: master
+          delete-branch: true
+          title: 'Kicbase/ISO: Update crictl from ${{ steps.bumpCrictl.outputs.OLD_VERSION }} to ${{ steps.bumpCrictl.outputs.NEW_VERSION }}'
+          body: |
+            The crictl project released a [new version](https://github.com/moby/crictl/releases)
+
+            This PR was auto-generated by `make update-crictl-version` using [update-crictl-version.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows/update-crictl-version.yml) CI Workflow.
+      - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
+        if: ${{ steps.bumpCrictl.outputs.changes != '' }}
+        with:
+          github-token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: ${{ steps.createPR.outputs.pull-request-number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'ok-to-build-image'
+            })
+      - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
+        if: ${{ steps.bumpCrictl.outputs.changes != '' }}
+        with:
+          github-token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: ${{ steps.createPR.outputs.pull-request-number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'ok-to-build-iso'
+            })
diff --git a/Makefile b/Makefile
index 9823109939..e9bcac2448 100644
--- a/Makefile
+++ b/Makefile
@@ -1160,6 +1160,11 @@ update-nerdctl-version:
 	(cd hack/update/nerdctl_version && \
 	 go run update_nerdctl_version.go)
 
+.PHONY: update-crictl-version
+update-crictl-version:
+	(cd hack/update/crictl_version && \
+	 go run update_crictl_version.go)
+
 .PHONY: get-dependency-verison
 get-dependency-version:
 	@(cd hack/update/get_version && \
diff --git a/hack/update/crictl_version/update_crictl_version.go b/hack/update/crictl_version/update_crictl_version.go
new file mode 100644
index 0000000000..17a07a91e1
--- /dev/null
+++ b/hack/update/crictl_version/update_crictl_version.go
@@ -0,0 +1,118 @@
+/*
+Copyright 2023 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"k8s.io/klog/v2"
+	"k8s.io/minikube/hack/update"
+)
+
+var (
+	schema = map[string]update.Item{
+		"deploy/iso/minikube-iso/arch/aarch64/package/crictl-bin-aarch64/crictl-bin.mk": {
+			Replace: map[string]string{
+				`CRICTL_BIN_AARCH64_VERSION = .*`: `CRICTL_BIN_AARCH64_VERSION = {{.Version}}`,
+			},
+		},
+		"deploy/iso/minikube-iso/arch/x86_64/package/crictl-bin/crictl-bin.mk": {
+			Replace: map[string]string{
+				`CRICTL_BIN_VERSION = .*`: `CRICTL_BIN_VERSION = {{.Version}}`,
+			},
+		},
+		".github/workflows/master.yml": {
+			Replace: map[string]string{
+				`CRICTL_VERSION=.*`: `CRICTL_VERSION="{{.Version}}"`,
+			},
+		},
+		".github/workflows/pr.yml": {
+			Replace: map[string]string{
+				`CRICTL_VERSION=.*`: `CRICTL_VERSION="{{.Version}}"`,
+			},
+		},
+		"hack/jenkins/linux_integration_tests_none.sh": {
+			Replace: map[string]string{
+				`CRICTL_VERSION=.*`: `CRICTL_VERSION="{{.Version}}"`,
+			},
+		},
+	}
+)
+
+type Data struct {
+	Version string
+	Commit  string
+}
+
+func main() {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
+	defer cancel()
+
+	stable, _, _, err := update.GHReleases(ctx, "kubernetes-sigs", "cri-tools")
+	if err != nil {
+		klog.Fatalf("Unable to get stable version: %v", err)
+	}
+
+	data := Data{Version: stable.Tag}
+
+	update.Apply(schema, data)
+
+	if err := updateHashFile(data.Version, "arm64", "aarch64/package/crictl-bin-aarch64"); err != nil {
+		klog.Fatalf("failed to update hash files: %v", err)
+	}
+	if err := updateHashFile(data.Version, "amd64", "x86_64/package/crictl-bin"); err != nil {
+		klog.Fatalf("failed to update hash files: %v", err)
+	}
+}
+
+func updateHashFile(version, arch, packagePath string) error {
+	r, err := http.Get(fmt.Sprintf("https://github.com/kubernetes-sigs/cri-tools/releases/download/%s/crictl-%s-linux-%s.tar.gz", version, version, arch))
+	if err != nil {
+		return fmt.Errorf("failed to download source code: %v", err)
+	}
+	defer r.Body.Close()
+	b, err := io.ReadAll(r.Body)
+	if err != nil {
+		return fmt.Errorf("failed to read response body: %v", err)
+	}
+	sum := sha256.Sum256(b)
+	filePath := fmt.Sprintf("../../../deploy/iso/minikube-iso/arch/%s/crictl-bin.hash", packagePath)
+	b, err = os.ReadFile(filePath)
+	if err != nil {
+		return fmt.Errorf("failed to read hash file: %v", err)
+	}
+	if strings.Contains(string(b), version) {
+		klog.Infof("hash file already contains %q", version)
+		return nil
+	}
+	f, err := os.OpenFile(filePath, os.O_APPEND|os.O_WRONLY, 0644)
+	if err != nil {
+		return fmt.Errorf("failed to open hash file: %v", err)
+	}
+	defer f.Close()
+	if _, err := f.WriteString(fmt.Sprintf("sha256 %x  crictl-%s-linux-%s.tar.gz\n", sum, version, arch)); err != nil {
+		return fmt.Errorf("failed to write to hash file: %v", err)
+	}
+	return nil
+}
diff --git a/hack/update/get_version/get_version.go b/hack/update/get_version/get_version.go
index 1992f17338..9757ace00d 100644
--- a/hack/update/get_version/get_version.go
+++ b/hack/update/get_version/get_version.go
@@ -37,6 +37,7 @@ var dependencies = map[string]dependency{
 	"containerd":       {"deploy/iso/minikube-iso/arch/x86_64/package/containerd-bin/containerd-bin.mk", `CONTAINERD_BIN_VERSION = (.*)`},
 	"cri-dockerd":      {"deploy/kicbase/Dockerfile", `CRI_DOCKERD_VERSION="(.*)"`},
 	"cri-o":            {"deploy/iso/minikube-iso/package/crio-bin/crio-bin.mk", `CRIO_BIN_VERSION = (.*)`},
+	"crictl":           {"deploy/iso/minikube-iso/arch/x86_64/package/crictl-bin/crictl-bin.mk", `CRICTL_BIN_VERSION = (.*)`},
 	"docker":           {"deploy/iso/minikube-iso/arch/x86_64/package/docker-bin/docker-bin.mk", `DOCKER_BIN_VERSION = (.*)`},
 	"flannel":          {"pkg/minikube/cni/flannel.yaml", `flannel:(.*)`},
 	"gcp-auth":         {addonsFile, `k8s-minikube/gcp-auth-webhook:(.*)@`},