Release infrastructure for Kubernetes and related components
APACHE-2.0 License
Bot releases are visible (Hide)
Please note that you can also download the artifacts for this release from our Google Cloud Bucket:
https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.7
--version/-v
flag to schedule-builder
(#3548, @saschagrunert) [SIG Release]-e/--eol-config-path
support to schedule-builder
(#3550, @saschagrunert) [SIG Release]schedule-builder
if next
field is not set in schedule.yaml
. (#3551, @saschagrunert) [SIG Release]Nothing has changed.
Nothing has changed.
Nothing has changed.
Published by saschagrunert 7 months ago
Please note that you can also download the artifacts for this release from our Google Cloud Bucket:
https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.6
--update
flag to schedule-builder
to update the patch release schedule.yaml
. (#3544, @saschagrunert) [SIG Release]schedule-builder
shorthands as well as update the documentation for the flags. (#3543, @saschagrunert) [SIG Release]version
subcommand to release-notes
tool. (#3478, @saschagrunert) [SIG Release]cloudbuild.yaml
jobs when submitting them using krel
. (#3472, @saschagrunert) [SIG Release]release-note-none
label. (#3509, @saschagrunert) [SIG Release]release-notes
when the --maps-from
value is smaller than 5 characters (#3508, @saschagrunert) [SIG Release]Published by saschagrunert 8 months ago
Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.5
cloudbuild.yaml
jobs when submitting them using krel
. (#3472, @saschagrunert) [SIG Release]release-notes
utility will now have subcommands to support more functionality
release-notes
has now been moved to the release-notes generate
subcommand. This is the default subcommand to avoid breaking compatibility.release-notes check
subcommand to verify if PRs have a valid release notekrel history
to still produce output when unfinished jobs are running. (#3384, @saschagrunert) [SIG Release]krel obs
. (#3378, @saschagrunert) [SIG Release]Published by saschagrunert 11 months ago
Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.4
krel obs stage --wait
to true
(#3318, @saschagrunert) [SIG Release]krel
release instead of master
. (#3359, @saschagrunert) [SIG Release]Nothing has changed.
Nothing has changed.
Published by saschagrunert about 1 year ago
Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.3
krel obs stage --wait
to true
(#3318, @saschagrunert) [SIG Release]krel obs stage --wait=false
. (#3315, @saschagrunert) [SIG Release]kubepkg
and rapture
code parts. (#3313, @saschagrunert) [SIG Release]Nothing has changed.
Nothing has changed.
Published by saschagrunert about 1 year ago
Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.2
--wait
flag for krel obs stage
to wait for OBS build results. (#3304, @saschagrunert) [SIG Release]Nothing has changed.
Nothing has changed.
Published by saschagrunert about 1 year ago
Nothing has changed.
Nothing has changed.
Nothing has changed.
Published by saschagrunert about 1 year ago
osc
(OpenBuildService CLI) to k8s-cloud-builder image (#3084, @xmudrii) [SIG Release]krel obs
(#3229, @saschagrunert) [SIG Release]rpmlint
to releng-ci image gcr.io/k8s-staging-releng/releng-ci:latest-go1.20-bookworm
. (#3167, @saschagrunert) [SIG Release]OBS_USERNAME
for a specific krel obs
user (#3273, @saschagrunert) [SIG Release]architectures
and packages
) as krel obs
arguments. (#3267, @saschagrunert) [SIG Release]krel obs release
command (#3098, @xmudrii) [SIG Release]krel obs stage
command (#3088, @xmudrii) [SIG Release]pkgs.k8s.io
require kubernetes-cni 1.2.0 and cri-tools 1.28.0 (#3192, @xmudrii) [SIG Release]--workspace
configurable in obs stage/release
(#3271, @saschagrunert) [SIG Release]publish release github
and JSON is now the default. (#3020, @puerco) [SIG Release]krel obs specs
command is refactored to better support OpenBuildService (OBS) workflow (#3079, @xmudrii) [SIG Release]/etc/sysconfig/kubelet
to /etc/default/kubelet
for kubeadm
Debian packages published to pkgs.k8s.io
(#3279, @xmudrii) [SIG Release]--template-dir
for krel obs release
(#3272, @saschagrunert) [SIG Release]grep
usage in distroless-iptables, which is now on version v0.3.1. (#3237, @saschagrunert) [SIG Release]arm
architecture from kubepkg
command. (#3106, @saschagrunert) [SIG Release]PROJECT
and PROJECT_TAG
GCB substitutions with OBS_PROJECT
and OBS_PROJECT_TAG
(#3174, @xmudrii) [SIG Release]243952c
-
with ~
in package version for OBS packages to support prereleases (#3094, @xmudrii) [SIG Release]osc
binary in k8s-cloud-builder image. (#3278, @saschagrunert) [SIG Release]krel obs specs
: use default --channel release
, --output .
and --template-dir cmd/krel/templates/latest
. (#3231, @saschagrunert) [SIG Release]Published by saschagrunert over 1 year ago
krel obs specs
command to generate specs and archives for Open Build Service (#2946, @xmudrii) [SIG Release]v1.25.8-1+3a14fe1af239a0
(#2976, @saschagrunert) [SIG Release]Published by saschagrunert over 1 year ago
krel stage
. (#2774, @saschagrunert) [SIG Release]krel
(#2744, @saschagrunert) [SIG Release]v1.26-cross1.19-bullseye
) (#2795, @xmudrii) [SIG Release]krel stage
if ELF binaries are dynamically linked (we do not fail on that case). (#2797, @saschagrunert) [SIG Release]krel cve
now supports ingesting CVE information data with a temporal vector metric. (#2664, @puerco) [SIG Release]publish-release
can now upload artifacts to GitHub from Cloud Storage buckets (#2707, @puerco) [SIG Release]/var/lib/dpkg/status.d/$package
files (#2831, @BenTheElder) [SIG Release]NONE
). (#2758, @saschagrunert) [SIG Release]hack/rapture/build-packages.sh
(#2736, @saschagrunert) [SIG Release]krel sign blob
will not sync down existing signatures and certs when signing files in a gcs bucket to work around a bug causing file verification to fail
krel sign blob
would not sync new signatures to a bucket that already signed files. (#2785, @puerco) [SIG Release]docker manifest push
on network failure. (#2817, @saschagrunert) [SIG Release]Published by cpanato over 2 years ago
krel stage
(#2397, @saschagrunert) [SIG Release]krel
docs. Users were instructed to set author.email
to the email they used to sign the CNCF CLA, it now reads user.email
. (#2492, @AuraSinis) [SIG Release]NonInteractive
flag to gcb options to allow asking no questions when running in nomock mode. (#2516, @saschagrunert) [SIG Release]krel stage
for using custom Kubernetes refs via K8S_ORG
, K8S_REF
or K8S_REPO
. (#2522, @saschagrunert) [SIG Release]K8S_ORG
, K8S_REF
or K8S_REPO
. (#2524, @saschagrunert) [SIG Release]krel fast-forward
. (#2503, @saschagrunert) [SIG Release]Full Changelog: https://github.com/kubernetes/release/compare/v0.13.0...v0.14.0
Published by justaugustus over 2 years ago
promote-images
subcommand to sigs.k8s.io/promo-toolskpromo pr
bom
utility to sigs.k8s.io/bom (#2330, @justaugustus) [SIG Release]krel changelog
subcommand. (#2401, @saschagrunert) [SIG Release]--non-interactive
flag to krel ff
,krel ff --branch
if not provided.krel ff
will check if a fast forward is required or not bykrel fast-forward
(former krel ff
) in GCB via its new --submit
flag. (#2391, @saschagrunert) [SIG Release]publish-release
, now automatically generates an SBOM describing the source code repository and all artifacts uploaded as assets to the GitHub release page. (#2372, @puerco) [SIG Release]buster
variants (#2370, @justaugustus) [SIG Release]publish-release
now supports a new --release-notes-file
flag. When defined it will read a file and include its contents in a new section on the release page.cip-mm
and gh2gcs
reference from README.md, they're now part of kpromo (#2392, @saschagrunert) [SIG Release]--create-website-pr
(#2421, @csantanapr) [SIG Release]Debian: Default to bullseye
variants
images: Stop attempting to build outdated variants
Drops variants that:
Krel/announce: update kubernetes-dev email distribution (#2374, @cpanato) [SIG Release]
Rebase the main (master) branch instead of merging when syncing with upstream on release (#2348, @xmudrii) [SIG Release]
The provenance attestations written while during the Kubernetes release process now conform to the SLSA v0.2 specification. (#2375, @puerco) [SIG Release]
Update cosign image to use release v1.5.1 (#2406, @cpanato) [SIG Release]
Full Changelog: https://github.com/kubernetes/release/compare/v0.12.0...v0.13.0
Published by justaugustus almost 3 years ago
Remove vulndash
I'm not a fan of doing this (because it was an intern's work), but
vulndash is undeployed and unmaintained.
Given the scope of the work, it creates an attack surface for the
project in an unmaintained state, so we need to remove it. (#2322, @justaugustus)
provenance
. This new package allows projects to generate provenance metadata in in-toto attestations with SLSA compliant predicates. The new package features a scanner to easily add files as subjects in the statement.provenance
package now has tests and mocksGenerateProvenance()
. This step writes a provenance attestation file to make stage
SLSA1 compliant. The file describes the building environment and adds the artifacts that will be consumed from release
as subjects in the statement.StageLocalSourceTree()
functionPushReleaseArtifacts()
in the build package now supports uploading single files to the release bucket. Previously only directories could be uploaded with this function.K8S_ORG
, K8S_REPO
and K8S_REF
environment variable support to stage custom k/k forks. (#2074, @saschagrunert)ProvenanceChecker
object in the release
package to enable release runs to verify provenance metadata.provenance.Statement
object which abstracts in-toto attestations can now read attestations from JSON files and clone predicates from other attestations. (#2283, @puerco)bom document outline
reads an SBOM and prints to the screen a tree-like structure detailing the elements (files/packages) described in the SBoM and the relationships among them. (#2298, @puerco)cosign
to v1.2.0 (#2251, @cpanato)cosign
to v1.2.1 (#2259, @cpanato)release.ProvenanceReade
object handles the generation of provenance subjects during staging. Written in response to a bug found in the intoto subjects included in the attestation, this new object is now more testable. (#2296, @puerco)anago.release
, krel will now download and perform the staged artifact verification in a dedicated directory in the Cloud Build workspace. (#2297, @puerco)krel cve -f
. It now reads "update vulnerability data from a local map file" (#2257, @puerco)Published by puerco about 3 years ago
--dependencies
flag from krel release-notes
, because they will be added during release cut. (#2193, @saschagrunert) [SIG Release]cosign
.kube-cross: Remove etcd from non-legacy builds
images: Enforce Debian codenames for Golang-based images
When there are multiple image builds in flight both upstream and downstream,
we can run into situations where a new Debian version becomes the default for
image builds, which can have unintended side-effects across release branches.
Here we use explicit pairings of Golang/Debian versions to retrieve images
Example: FROM golang:1.16.7-buster
kube-cross: Use OS codenames to construct clearer versions for images
Uses the following nomenclature:
v<kubernetes-major>-go<go-major>-<os-codename>.<revision>
Example: v1.23.0-go1.17-buster.0
[go1.17] Build images for go1.17
VARIANT_OF
relationship in multiarch container images was expressed backwards
cosign
to v1.1.0 (#2229, @justaugustus) [SIG Release]gh2gcs
to the promotion tooling repo
pkg/object
and pkg/gcp/gcp.go
to sigs.k8s.io/release-sdk (#2232, @justaugustus) [SIG Release]Published by cpanato about 3 years ago
license.ReadTopLicense()
will scan and return only the most significant license in a directory, potentially avoiding thousands of operations in the classifier code. (#2096, @puerco) [SIG Release]release
package to get the produced artifacts (ListBuildImages, ListBuildTarballs, ListBuildBinaries)spdx.Object
interfacebinary.Binary
object has a new method ContainsString()
that allows for searching inside the binary for one or more strings.
VerifyArtifacts
. Where during which we will perform checks of the artifacts we produce.release.ListBuildBinaries
where server and client tarballs were wrongly included in the output. (#2160, @puerco) [SIG Release]dependencies.yaml
1.15 to use Go 1.15.14
krel
will now prewarm the license cache to have the classifier data ready when generating the bill of materials.
GenerateBillOfMaterials()
step that builds the SPDX documents.PrerequisitesChecker
nos has options, currently the only one is CheckGitHubToken
. This bool allows us to run without setting the GITHUB_TOKEN variable when not needed (#2138, @puerco) [SIG Release]bom
utility
go-git
to v5.4.2 to fix a bug that prevented the release process to clone repositories (#2104, @puerco) [SIG Release]Changed krel --log-level=debug
output less verbose in terms of git commands. The previous behavior can be restored by
using the trace
log level. (#2136, @saschagrunert) [SIG Release]
Debian-iptables: Build buster-v1.6.3 image
Debian-iptables: Stop pinning the iptables version
Gcb/stage: Add read-only GITHUB_TOKEN to enable relnotes generation (#2140, @justaugustus) [SIG Release]
Gcb/stage: Remove extraneous GITHUB_TOKEN from config
Given we no longer set an authenticated git environment in the staging
phase of the release, we no longer need to include the GitHub token in
the secrets environment. (#2137, @justaugustus) [SIG Release]
Gcb: Update GITHUB_TOKEN to use new authentication token format (#2126, @justaugustus) [SIG Release]
Kube-cross: Build v1.16.5-canary-2 image without etcd (#2124, @justaugustus)
Namespaces for the SPDX documents now use the sbom.k8s.io
URI as the final place for the Kubernetes SBOMs. (#2186, @puerco) [SIG Release]
Packages/deb: Use ci/latest.txt as canonical cross build marker (#2153, @justaugustus) [SIG Release]
Push-build.sh defaults to k8s-release-dev instead of
kubernetes-release-dev (https://github.com/kubernetes/k8s.io/issues/846) (#2158, @spiffxp) [SIG Release]
When training the license classifier, the license
package will now ignore deprecated license IDs from the SPDX catalog. (#2159, @puerco) [SIG Release]
Published by justaugustus over 3 years ago
Added i386 crossbuild toolchain to kube-cross. (#2086, @saschagrunert) [SIG Release]
Bump k8s-cloud-builder
to version v1.16.4-2 (#2093, @puerco) [SIG Release]
Debian-base: Build buster-v1.6.0 image (#1991, @justaugustus) [SIG Release]
Debian-base: Build buster-v1.7.0 image (#2080, @justaugustus) [SIG Release]
Debian-iptables: Build buster-v1.6.0 image (#1983, @wespanther) [SIG Release]
Debian-iptables: Build buster-v1.6.1 image
Dependency updates:
Deps: Update sigs.k8s.io/release-utils to v0.2.1 (#2052, @justaugustus) [SIG Release]
Hack: Allow verify-dependencies to succeed when GOBIN is missing
K8s-cloud-builder: Build v1.15.12-legacy-1/v1.15.12-1 image
Kube-cross: Adds mingw-w64 for Windows binary compilation
Kube-cross: Build v1.15.11-1 / v1.15.11-legacy-1 image
New SPDX
package for generating SPDX compliant manifests of artifacts.
license
package now includes a new Catalog
object to interact with spdx license dataNew bom
utility allows software authors to generate spdx manifests for projects. Allows adding files and images to the manifest. (#2066, @puerco) [SIG Release]
New krel cve
subcommand to handle CVE data information in the release bucket. Allow a release manager to upload, delete and edit CVE data files that publish vulnerability information in the changelog. (#1995, @puerco) [SIG Release]
Releng-ci: Enable building multiple image variants (#2089, @justaugustus) [SIG Release]
Setcap: Build buster-v2.0.0 image
Uses debian-base:buster-v1.6.0.
Note: the image major version is arbitrarily bumped here to dissuade any
inferences that it must match the debian-base image tag (#1992, @justaugustus) [SIG Release]
The SPDX package can now index the contents of a directory and produce a Package listing all contents. Directories can be specified by -d
/--directory
go.mod
file is found, the spdx object will now download, scan them for licensing data and create packages which are then linked to the directory package as dependencies.gitignore
exclusions: WHen indexing a directory, the spdx object will detect a .gitignore
file and honor the files excluded by patterns in it.--no-gomod
and --no-gitignore
respectively to bom generate
--ignore
flag in bom
: In addition to the gitignore exclusions, a user can add more patterns with --ignore
bom
will now take directories as arguments to make simple use more intuitive: bom -n namespace .
(#2077, @puerco) [SIG Release]The SPDX package now has unit and integration tests (#2069, @puerco) [SIG Release]
Verify cosign signatures of distroless base images
Vulndash: Build v0.4.3-7
When cutting a patch release, anago/stage will now read CVE information from a bucket, the CVE information read from the cloned data will be added to the changelog when it is generated. (#1996, @puerco) [SIG Release]
[go1.15] Update kubernetes/kubernetes dependents to use go1.15.11
[go1.16] Update kubernetes/kubernetes dependents to use go1.16.3
[go1.16] Update kubernetes/kubernetes dependents to use go1.16.4
bom generate
will now perform go package downloads in parallel
bom
will now list all transient dependencies by default. A new flag --no-transient
can be used to only include direct dependencies in the document.krel release
will now check its inputs locally before submitting a GCB job.
k8s-ci-builder: Match go version of the builder image with k/k@dev
This builder image is responsible for running compile-release-tools and
copying in tooling like krel
into the final image.
AFAIK, the compiled RelEng tools have no requirement to exactly match
the Golang version of all active kubernetes/kubernetes release branches.
In instances where we make changes to releng tooling which are
backwards-incompatible, we have the possibility to cause image build
failures for other branch variants (as is currently happening). (#2003, @justaugustus) [SIG Release]
CONFIG
substitution for 1.21
variant (#2004, @justaugustus) [SIG Release]Fix a bug in gcs.PathExists()
where nonexisting paths would always return an error (instead of false). Now the function can actually be used to check for the non existence of a file. (#2030, @puerco) [SIG Release]
Fixed release notes list manipulation (*
→ -
) which falsely replaced bold markdown text. (#2056, @saschagrunert) [SIG Release]
Fixed tag sorting in git.TagsForBranch()
for recent versions of git (#2025, @saschagrunert) [SIG Release]
Kube-cross: Build v1.16.3-canary-2 image (#2007, @justaugustus)
Pkg/changelog: Add missing "Source Code" heading, fix upper-case consistency in headings, and remove duplicates (#2020, @jihoon-seo) [SIG Release]
Pkg/cip: Revert os/io go1.16 changes
sigs.k8s.io/k8s-container-image-promoter is currently stuck on go1.15
due to a variety of bazel dependency updates that are not straightforward
to untangle.
Due to the incompatibility of the updated os/io packages with go1.15, we're
no longer able to update k/release in k-sigs/cip.
This commit reverts the go1.16 os/io usage to the go1.15-compatible ioutil
methods. (#2097, @justaugustus) [SIG Release]
Added info log notice if a release note got excluded because of required author mismatch (#2010, @saschagrunert) [SIG Release]
Dependencies.yaml: Update zeitgeist to v0.3.0 (#1933, @justaugustus) [SIG Release]
Gcb: Remove build prototype job
This GCB config was initially created to mock the kubernetes_build
bootstrap scenario in preparation for moving Kubernetes builds to
community infra.
Given we've since:
krel
anago
and other shell-based utilitieskrel ci-build
this build config is no longer required. (#2019, @justaugustus) [SIG Release]
Krel release-notes publishes release-notes-draft{.md,.json} under release-notes/ directory (#1922, @wilsonehusin) [SIG Release]
Pkg/cip: Migrate packages back to k-sigs/cip (#2101, @justaugustus) [SIG Release]
Pkg/release: Remove dependency on skopeo binary (#2062, @justaugustus) [SIG Release]
krel cve write
has been eliminated, its functionality now lives in krel cve edit
(#2028, @puerco) [SIG Release]
Published by saschagrunert over 3 years ago
hash
package to unify file based hash creation (#1875, @saschagrunert) [SIG Release]kubecross
package to retrieve kube-cross image versions (latest or for a branch). (#1969, @saschagrunert) [SIG Release]release-notes
: --list-v2
. When defined, it enables the new release notes list code which looks up release notes from merge PRs. (#1925, @puerco) [SIG Release]--list-v2
feature flag to krel release-notes
. Behind a feature gate:
license
package adds the capability to scan source directories, locate license files and classify them to match OSS licenses in the SPDX catalog. (#1874, @puerco) [SIG Release]github.CreateIssue
to file new issues in a GitHub repository (#1964, @puerco) [SIG Release]github.GetMilestone()
that queries the GitHub API to find a given milestone in a repository from its title string (#1965, @puerco) [SIG Release]krel
will now create the publishing bot issue in k8s-release-robot/sig-release
when creating the release branch (#1966, @puerco) [SIG Release]datafields
section of the release notes map files.
hack/packages/verify-published.sh
will skip v1.20.3 when checking packages as none were produced (#1928, @puerco) [SIG Release]krel release-notes
were overwritten by deferred function calls (#1894, @puerco) [SIG Release]main
in kubernetes/k8s.io
as the default branch has been renamed, (#1901, @puerco) [SIG Release]rapture addpkg
(#1923, @puerco) [SIG Release]krel stage
(#1795, @saschagrunert) [SIG Release]stage-ci
Makefile target since it is not used. (#1981, @saschagrunert) [SIG Release]krel
in GCB release jobs (#1961, @puerco) [SIG Release]krel
in GCB jobs (#1959, @puerco) [SIG Release]stage.TagRepository()
will now check out the specified commit before tagging the main branch. (#1827, @puerco) [SIG Release]Published by hasheddan over 3 years ago
Added StageExtraFiles
to build.Options
to allow staging ExtraGcpStageFiles
and ExtraWindowsStageFiles
(#1843, @saschagrunert) [SIG Release]
Added release notes JSON as krel stage/release artifact (#1805, @saschagrunert) [SIG Release]
Added release notes index publishing API to release
package.
GSUtilStatus()
API to gcp
package (#1812, @saschagrunert) [SIG Release]Added the release-notes.json
to krel release
artifacts as well as an updated index file.
The index file can be used to find referencing release notes. The location of the index file
is https://storage.googleapis.com/kubernetes-release-gcb/release/release-notes-index.json
for the mock bucket and https://storage.googleapis.com/kubernetes-release/release/release-notes-index.json
for the production bucket. (#1814, @saschagrunert) [SIG Release]
Changed release notes fetching for official (non patch) releases to also assume a JSON version side by side to the markdown draft (#1815, @saschagrunert) [SIG Release]
Images: Add 1.20 variant for k8s-ci-builder (#1807, @xmudrii) [SIG Release]
Images: Build debian-base:buster-v1.3.0 (#1835, @wespanther) [SIG Release]
Images: Build debian-hyperkube-base:buster-v1.3.0
Images: Build debian-iptables:buster-v1.4.0
Krel release-notes now has 'do_not_publish' field in map to override release-note-none
Krel: add option to post the testgridshot straight to github issue (#1810, @cpanato) [SIG Release]
New binary
module for analysis of executables. Initial functionality includes parsing of ELF, Mach-O and PE (win) executables to determine platform, OS, and wordlength (64/32 bit) (#1856, @puerco) [SIG Release]
New tool publish-release
to make available our release announcement tools to other projects. (#1705, @puerco) [SIG Release]
Pkg/cip: Add cli
package
The cli
package holds configurable options and command function logic
for the commands in the k8s-container-image-promoter repo.
This will allow us to:
kpromo
(Commands were copied in from https://github.com/kubernetes-sigs/k8s-container-image-promoter/tree/455e8e6a6d2888de200d1fdadf2ee0e3d5c7d1d3.) (#1804, @justaugustus) [SIG Release]
Retry up to 3 times if the release does not show up right away when updating the GitHub page. (#1852, @puerco) [SIG Release]
Switch to docker buildx for building debian-base
, debian-iptables
and debian-hyperkube-base
container images (#1864, @saschagrunert) [SIG Release]
The Release Notes draft pull request now includes the JSON version of the release notes draft which (#1821, @puerco) [SIG Release]
The following images are now built with Go 1.15.7:
Vulndash: add filter to get vulnerabilities for a specific registry hostname (#1847, @cpanato) [SIG Release]
Vulndash: improve vulndash html page (#1854, @cpanato) [SIG Release]
krel release-notes
will now generate the complete release notes in JSON when updating the website with the first minor (eg 1.20.0) (#1828, @puerco) [SIG Release]
Ensure the Go version used to build the release is present in the announcement (#1816, @xmudrii) [SIG Release]
Fixed krel stage
bug to not build the release if the build version is exactly a tag without a commit ID. (#1813, @saschagrunert) [SIG Release]
Images: fix Archs expansion in makefile (#1865, @cpanato) [SIG Release]
Mark debian images with their corresponding architectures (#1839, @sozercan) [SIG Release]
Pkg/cip: Use --no-dry-run instead of --dry-run
Similar to our --nomock
flags for other tools, we should use a
--no-dry-run
for cip
, since the default nil value for booleans is
false
.
Meaning: If --dry-run
is not explicitly set to true
, our tooling will
initiate an image promotion. (#1806, @justaugustus) [SIG Release]
Print the krel announce send command after a successful release run (#1817, @xmudrii) [SIG Release]
The announce package now support reading the changelog from a file defined in changelogFile
(#1811, @puerco) [SIG Release]
When staging releases, we now always checkout a branch and avoid going into detached HEAD (#1826, @puerco) [SIG Release]
cloud.google.com/go
dependency to v0.73.0
cloud.google.com/go/logging
dependency to v1.1.2
github.com/GoogleCloudPlatform/testgrid
dependency to v0.0.32
github.com/containers/image/v5
dependency to v5.9.0
github.com/google/go-containerregistry
dependency to v0.2.1
github.com/mitchellh/mapstructure
dependency to v1.4.0
github.com/sendgrid/sendgrid-go
dependency to v3.7.2
github.com/shirou/gopsutil/v3
dependency to v3.20.11
google.golang.org/api
dependency to v0.36.0
gopkg.in/yaml.v2
dependency to v2.4.0
golang.org/x/net
dependency to v0.0.0-20201207224615-747e23833adb
golang.org/x/oauth2
dependency to v0.0.0-20201208152858-08078c50e5b5
google.golang.org/genproto
dependency to v0.0.0-20201207150747-9ee31aac76e7
(#1822, @cpanato) [SIG Release]cloud.google.com/go
dependency to v0.75.0
github.com/GoogleCloudPlatform/testgrid
dependency to v0.0.38
github.com/google/go-containerregistry
dependency to v0.3.0
github.com/google/uuid
dependency to v1.1.4
github.com/mitchellh/mapstructure
dependency to v1.4.1
github.com/moby/term
dependency to v0.0.0-20201216013528-df9cb8a40635
github.com/shirou/gopsutil/v3
dependency to v3.20.12
github.com/stretchr/testify
dependency to v1.7.0
github.com/yuin/goldmark
dependency to v1.3.1
golang.org/x/net
dependency to v0.0.0-20201224014010-6772e930b67b
golang.org/x/oauth2
dependency to v0.0.0-20210112200429-01de73cf58bd
google.golang.org/genproto
dependency to v0.0.0-20210111234610-22ae2b108f89
k8s.io/utils
dependency to v0.0.0-20210111153108-fddb29f9d009
(#1844, @cpanato) [SIG Release]Nothing has changed.
Published by saschagrunert almost 4 years ago
Added Env()
API to command
package (#1796, @saschagrunert)
Added container image promotion packages (#1767, @justaugustus)
Added k8s-ci-builder image to support Kubernetes builds in CI (#1700, @justaugustus)
k8s-ci-builder: Short-circuit logic building by using krte image (#1700, @justaugustus)
pkg/build: Cleanup some CI flags and build requirements (#1700, @justaugustus)
pkg/build: Don't rewrite bucket in build Instance (#1700, @justaugustus)
pkg/build: Consolidate build type / directory setting logic (#1700, @justaugustus)
pkg/build: Properly handle extra version markers (#1700, @justaugustus)
Added krel push Version
option to manually overwrite the build version (#1644, @saschagrunert)
Added prerequisites check to krel stage/release
(#1764, @saschagrunert)
Added --stream
flag to krel stage/release
(#1763, @saschagrunert)
Added BranchChecker
API to release
package. (#1753, @saschagrunert)
Added SetURL(remote, newURL string)
API for git repositories (#1677, @saschagrunert)
Added git.Tags()
API which is now used for validation of available tags on krel anago push-git-objects
(#1717, @saschagrunert)
Added krel gcbmgr --krel
flag to use krel stage/release
instead of anago (#1687, @saschagrunert)
Added krel gcbmgr --release …
message if krel stage
finished staging the artifacts. (#1708, @saschagrunert)
Added krel history
subcommand (as replacement to krel gcbmgr history
) (#1762, @saschagrunert)
Added krel stage
workspace preparation step. (#1688, @saschagrunert)
Added tar.Extract(tarFilePath, destinationPath string)
API function (#1674, @saschagrunert)
Added tar
package which now contains the ReadFileFromGzippedTar()
as well as the Compress()
API. (#1664, @saschagrunert)
Added artifact pushing and release version generation to krel stage/release
(#1689, @saschagrunert)
Added changelog generation to krel stage
(#1702, @saschagrunert)
Added krel stage/release shared CLI parameters (#1685, @saschagrunert)
Added log file support to krel stage/release. (#1774, @saschagrunert)
Added progress counter to krel stage/release steps (#1741, @saschagrunert)
Added release branch state check for krel stage/release
. (#1754, @saschagrunert)
Added release build functionality to krel stage
(#1692, @saschagrunert)
Added repository tagging functionality to krel stage
(#1707, @saschagrunert)
Added verbose git command output if --log-level=[debug,trace]
(#1728, @saschagrunert)
Added workspace preparation to krel release
. (#1686, @saschagrunert)
Cip-mm: replace klog to use k/release/pkg/log (#1770, @cpanato)
Disable git
clone output if log level is not debug or trace. (#1701, @saschagrunert)
Go-runner: Build buster-v2.2.2 image
Rebuild go1.15.5 image with all arches enabled (#1780, @justaugustus)
Images: Build go-runner:buster-v2.2.1
No image content changes.
Rebuild to pick up fixes to the distroless images to include an armhf
variant in their manifests to allow us to continue releasing all of the
arch artifacts we do today. (#1752, @justaugustus)
Images: Build k8s-cloud-builder:v1.15.3-1 (#1654, @justaugustus)
Uses kube-cross:v1.15.3-1 (#1654, @justaugustus)
Images: Build releng-ci:v0.1.1 image (#1679, @justaugustus)
Integrate the release archiver into krel release
(#1769, @puerco)
Kpromo: Add file promotion and manifest generation functionality (#1771, @justaugustus)
Deprecate promobot-files
and promobot-generate-manifest
in favor of kpromo
(#1771, @justaugustus)
Migrate vulnerability dashboard (vulndash) to k/release (#1657, @justaugustus)
Migrated the "stage source tree" step from anago to krel anago push
(#1661, @saschagrunert)
Pkg/git: remove sensitive data when returning errors that will be output (#1729, @cpanato)
The anago
function archive_release ()
to copy a release into the archive bucket is now implemented in go. (#1768, @puerco)
The announce
package now has the capability to create/update the GitHub page of a release and upload asset files (#1704, @puerco)
New functions added to the github package: UpdateReleasePage()
as well as ListReleaseAssets()
, DeleteReleaseAsset()
and UploadReleaseAsset()
to work with asset files (#1704, @puerco)
The krel gcbmgr --log-level
will now passed to krel stage/release
and applies in the same way. (#1695, @saschagrunert)
The following images are now built with go1.15.5:
The git package now has four new functions: git.Status()
, git.Fetch()
, git.ShowLastCommit()
and git.Rebase()
(#1691, @puerco)
krel anago
now has a new flag --push-main
that pushes changes made to the main branch (#1691, @puerco)
The log file sanitizer now removes GitHub tokens in addition to the original anago checks (#1781, @puerco)
UpdateGitHubPage() is now implemented in krel release
.
Vulndash: Add page size when listing vulnerabilities more logs and build v0.3.0 image (#1667, @cpanato)
[krel] Initial commit krel ci-build command (#1698, @justaugustus)
[krel] Introduce krel subcommand to screenshot testgrid dashboards (#1696, @cpanato)
CreateAnnouncement()
and PushGitObjects()
in krel release are now implemented (#1697, @puerco)
--log-level
and --nomock
flags for krel (#1737, @saschagrunert)Add first batch of tests to ensure proper reading, parsing and applying of the maps.
Fix a bug where all but the last map file would be ignored by a mapProvider
when multiple maps for a PR were found (#1669, @puerco)
Cloudbuild: define disk request size to the gcp cloudbuild (#1716, @cpanato)
Fix default krel history
dates (#1775, @saschagrunert)
Fixed bug to always push remote branches when pushing the git objects. (#1736, @saschagrunert)
Fixed bug where it tried to update the version markers on krel push
if --noupdatelatest
is provided. (#1638, @saschagrunert)
Fixed release artifact nested structure when running krel release
multiple times. (#1727, @saschagrunert)
Fixed wrong GCB substitutions for the release versions. (#1790, @saschagrunert)
Pkg/gcp/gcs: Improve path normalization logic
Ensure constructed paths are prefixed with gs://
Use flag vars instead of strings for RsyncRecursive
Add isPathNormalized function
Use this function as pre-check for any gsutil/GCS functions that
manipulate GCS bucket contents.
Use isPathNormalized in RsyncRecursive and PathExists
Clarify when we are constructing a release path or version marker path
pkg/gcp/gcs: NormalizeGCSPath now handles multiple path elements
This allows any caller to pass an arbitrary GCS path elements without
having to handle any filepath.Join() logic.
Should handle the following cases:
gs://
gs:/
/
Should error if:
pkg: Update usages of gcs.NormalizeGCSPath()
pkg/release: Respect the GCS suffix when pushing version markers
pkg/gcp/gcs: Add a few test cases for GCS paths
pkg/build: Fixup filepath.Join() bug when pushing release artifacts
pkg/build: Deprecate the GCSSuffix option and introduce GCSRoot option
Testing with the --gcs-suffix
flag has been frustrating.
It's possible the original shell library never properly handled this
option and it was never noticed because the option isn't exercised in
our releases or CI jobs.
Here we replace its usage with --gcs-root
.
If specified, it will override BuildType.
When unset:
When set:
pkg/build: Drop references to GCSSuffix
pkg/gcp/gcs: RsyncRecursive doesn't need to run against normalized paths
gsutil rsync
doesn't actual require that either of the specified
directories be GCS paths, so here we remove that requirement.
pkg/release: Fix prefix check to determine bucket permissions (#1738, @justaugustus)
Pkg/release/publish: Don't attempt to set ACLs on K8s Infra buckets (#1731, @justaugustus)
pkg/gcp/gcs: Add GetReleasePath as a common builder for a GCS path (#1731, @justaugustus)
pkg/release: Respect a GCS suffix when publishing version markers (#1731, @justaugustus)
Removed the escaping of #
characters in release notes, which should fix broken anchored links. (#1715, @saschagrunert)
Vulndash: fix file mode when creating the dashboard.json (#1666, @cpanato)
krel anago push-git-objects
to determine which branches should be pushed (#1659, @puerco)History
support to gcb
package (#1759, @saschagrunert)gcb
package which is directly used by krel gcbmgr
. (#1721, @saschagrunert)cip-mm
as an external dependency and use instead the new CIP packages (#1670, @puerco)BUILD_POINT
GCB substitution in favor of BUILD_VERSION
. (#1783, @saschagrunert)anago
and all referencing dependencies, for example the krel anago …
and the krel gcbmgr
subcommands. (#1765, @saschagrunert)util.FakeGOPATH()
function (#1778, @saschagrunert)sigs.k8s.io/mdtoc
) to generate the table of contents in krel changelog
and release-notes
(#1647, @puerco)cip-mm
tool now uses spf13/cobra
to render its command line interface (#1671, @puerco)cloud.google.com/go
dependency to v0.72.0
(#1714, @cpanato)github.com/GoogleCloudPlatform/testgrid
dependency to v0.0.30
(#1714, @cpanato)google.golang.org/api
dependency to v0.35.0
(#1714, @cpanato)github.com/sendgrid/sendgrid-go
dependency to v3.7.1
(#1714, @cpanato)github.com/moby/term
dependency to v0.0.0-20201110203204-bea5bbe245bf
(#1714, @cpanato)golang.org/x/net
dependency to v0.0.0-20201110031124-69a78807bb2b
(#1714, @cpanato)golang.org/x/oauth2
dependency to v0.0.0-20201109201403-9fd604954f58
(#1714, @cpanato)google.golang.org/genproto
dependency to v0.0.0-20201110150050-8816d57aaa9a
(#1714, @cpanato)k8s.io/utils
dependency to v0.0.0-20201110183641-67b214c5f920
(#1714, @cpanato)krel
instead of the old bash code. (#1658, @puerco)Published by justaugustus almost 4 years ago
RsyncRecursive()
API to gcs package to run gsutil rsync
(#1627, @saschagrunert)--fast
flag to krel push
(#1575, @saschagrunert)--validate-images
flag to krel push
to validate the existence of the remote images (default: false
) (#1582, @saschagrunert)NewImages().Publish()
API to release
package. (#1568, @saschagrunert)krel anago push
subcommand for publishing anago stage and release artifacts. (#1597, @saschagrunert)release.PushReleaseArtifacts
API which is now used in anago to push artifacts to GCS (#1603, @saschagrunert)krel anago push --stage
to test for the image promotion. (#1633, @saschagrunert)krel anago push
(#1606, @saschagrunert)iptables-wrapper
, which was extraneous for the stretchcip-mm
promobot-files
promobot-generate-manifest
(#1652, @justaugustus)release.GitObjectPusher
object to handle pushes to remote git repos
git.RemoteTags()
and git.HasRemoteTag()
which return the tags in the default remote repository and check if one exists
release.StageLocalArtifacts()
API (#1593, @saschagrunert)kubernetes/sig-release
. (#1648, @puerco)git.Repo()
now has a SetMaxRetries()
function to enable retrying git ops when a network error occurs.
Adjust the way krel release-notes
determines the start tag to match the post 1.19 branching strategy (#1573, @puerco)
Changed krel changelog
to always generate the release notes against the latest minor on alpha.1 pre-release cuts. (#1572, @saschagrunert)
Fixed --fast
upload location for krel push
(#1583, @saschagrunert)
Fixed a bug in krel anago push
where it did download kubernetes.tar
into the wrong local destination path. (#1617, @saschagrunert)
Fixed bug where a command
execution could dead-lock when only producing stderr output. Both streams are now in sync. (#1604, @saschagrunert)
Fixed image verification step to always stick to the provided container registry and not automatically use k8s.gcr.io
(#1631, @saschagrunert)
New package k8s.io/release/pkg/editor
gets rid of the dependency to the editor package in kubectl. (#1599, @puerco)
Starting with Debian Buster, nftables is available as a replacement for
iptables, by default.
More details here: https://wiki.debian.org/nftables
This introduces both a "legacy" and an "nft" iptables variant.
To deal with this, an iptables-wrapper script was introduced to detect the
correct variant and run update-alternatives:
A corresponding Dockerfile change was created to use iptables-wrapper
.
These now apply to the stretch image build, and assume that the legacy/nft
variants exist, but they do not. This change removes the alternative
handling, which is not applicable back in Debian Stretch.
This is needed to build a new version of debian-iptables with a newer
debian-base than we currently have available in the public repos. (#1613, @wespanther)
release.BuildDIr
const for referencing the default build directory _output
(#1586, @saschagrunert)gcp.GSUtilExecutable
to be private. Please use the gcp.GSUtil()
function instead. (#1649, @saschagrunert)update-deps-go
Makefile target (#1601, @saschagrunert)github.DownloadReleaseAssets()
instead of using k8s.io/apimachinery (#1598, @puerco)--release-type
flag from krel push
. Please use --ci
instead. (#1587, @saschagrunert)nomock
option from krel push
(#1602, @saschagrunert)prin
and script-template
from the repository. (#1584, @saschagrunert)--local-gcs-stage-path
, --local-release-images-path
, --gcs-suffix
, --staged-bucket
from krel anago push
(#1618, @saschagrunert)cloud.google.com/go/storage
dependency to v1.12.0 which is the latest available and has the following changes