diff --git a/.github/actions/build-and-push-image/build-and-push-image.sh b/.github/actions/build-and-push-image/build-and-push-image.sh index 23714d0b..30f48f07 100755 --- a/.github/actions/build-and-push-image/build-and-push-image.sh +++ b/.github/actions/build-and-push-image/build-and-push-image.sh @@ -5,22 +5,16 @@ set -euo pipefail build_and_push_image() { local image_flavor="$1" - docker login -u "$QUAY_RHACS_ENG_RW_USERNAME" --password-stdin <<<"$QUAY_RHACS_ENG_RW_PASSWORD" quay.io + docker login -u "$QUAY_STACKROX_IO_RW_USERNAME" --password-stdin <<<"$QUAY_STACKROX_IO_RW_PASSWORD" quay.io TAG="$(scripts/get_tag.sh "${image_flavor}")" - IMAGE="quay.io/rhacs-eng/apollo-ci:${TAG}" + IMAGE="quay.io/stackrox-io/apollo-ci:${TAG}" make "${image_flavor}-image" retry 5 true docker push "${IMAGE}" echo "image-tag=${IMAGE}" >> "${GITHUB_OUTPUT}" - - # TODO: move all usages of apollo-ci images to quay.io/rhacs-eng/apollo-ci or quay.io/stackrox-io/apollo-ci. - docker login -u "$QUAY_STACKROX_IO_RW_USERNAME" --password-stdin <<<"$QUAY_STACKROX_IO_RW_PASSWORD" quay.io - docker tag "${IMAGE}" "quay.io/stackrox-io/apollo-ci:${TAG}" - - retry 5 true docker push "quay.io/stackrox-io/apollo-ci:${TAG}" } # retry() - retry a command up to a specific numer of times until it exits diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0527bac1..25472a3f 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,8 +10,6 @@ on: tags: - "*" env: - QUAY_RHACS_ENG_RW_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - QUAY_RHACS_ENG_RW_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} QUAY_STACKROX_IO_RW_USERNAME: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} QUAY_STACKROX_IO_RW_PASSWORD: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} @@ -91,7 +89,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Test cci-export in a context similar to how it is used in CI run: | - docker login -u "$QUAY_RHACS_ENG_RW_USERNAME" --password-stdin <<<"$QUAY_RHACS_ENG_RW_PASSWORD" quay.io + docker login -u "$QUAY_STACKROX_IO_RW_USERNAME" --password-stdin <<<"$QUAY_STACKROX_IO_RW_PASSWORD" quay.io make test-cci-export comment-build-images: diff --git a/Makefile b/Makefile index 10aed902..e101256c 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ ifeq ($(DOCKER),) DOCKER=docker endif -QUAY_REPO=rhacs-eng +QUAY_REPO=stackrox-io STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build") diff --git a/README.md b/README.md index 4ac0c518..485747a1 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,4 @@ To bump the Go version across all Docker images in this repository, use the auto - Clean git working tree (no uncommitted changes) - Push access to the repository -- (Optional) [GitHub CLI](https://cli.github.com/) for automatic PR creation - -If GitHub CLI is not installed, the script will provide a link to manually create the PR. +- [GitHub CLI](https://cli.github.com/) installed and authenticated diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 1a7c6e30..79a09457 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -2,7 +2,7 @@ # binaries and images. Builds upon scanner-build.Dockerfile. ARG BASE_TAG -FROM quay.io/rhacs-eng/apollo-ci:${BASE_TAG} as base +FROM quay.io/stackrox-io/apollo-ci:${BASE_TAG} as base # This line makes sure that piped commands in RUN instructions exit early. # This should not affect use in CircleCI because Circle doesn't use diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index ed7b2ce3..c585a1d4 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -2,7 +2,7 @@ # binaries and images. Builds upon stackrox-build.Dockerfile. ARG BASE_TAG -FROM quay.io/rhacs-eng/apollo-ci:${BASE_TAG} as base +FROM quay.io/stackrox-io/apollo-ci:${BASE_TAG} as base # This line makes sure that piped commands in RUN instructions exit early. # This should not affect use in CircleCI because Circle doesn't use diff --git a/images/test.cci-export.Dockerfile b/images/test.cci-export.Dockerfile index 2d329994..9b0c7fb5 100644 --- a/images/test.cci-export.Dockerfile +++ b/images/test.cci-export.Dockerfile @@ -1,5 +1,5 @@ ARG BASE_TAG -FROM quay.io/rhacs-eng/apollo-ci:${BASE_TAG} +FROM quay.io/stackrox-io/apollo-ci:${BASE_TAG} COPY test/ . ENV CI=true diff --git a/images/test/bats/cci-export.bats b/images/test/bats/cci-export.bats index 87906502..20a93956 100755 --- a/images/test/bats/cci-export.bats +++ b/images/test/bats/cci-export.bats @@ -65,10 +65,10 @@ setup() { } @test "cci-export should escape special characters in values" { - run cci-export FOO 'quay.io/rhacs-"eng"/super $canner:2.21.0-15-{{g44}(8f)2dc8fa}' + run cci-export FOO 'quay.io/stackrox-"io"/super $canner:2.21.0-15-{{g44}(8f)2dc8fa}' assert_success run foo_printer - assert_output 'FOO: quay.io/rhacs-"eng"/super $canner:2.21.0-15-{{g44}(8f)2dc8fa}' + assert_output 'FOO: quay.io/stackrox-"io"/super $canner:2.21.0-15-{{g44}(8f)2dc8fa}' refute_output "FOO: " } diff --git a/scripts/bump_go_version.sh b/scripts/bump_go_version.sh index 63c33181..b82dc5de 100755 --- a/scripts/bump_go_version.sh +++ b/scripts/bump_go_version.sh @@ -6,154 +6,119 @@ set -euo pipefail -# Colors for output -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -NC='\033[0m' # No Color - function info() { - echo -e "${GREEN}[INFO]${NC} $1" + echo "[INFO] $1" } function error() { - echo -e "${RED}[ERROR]${NC} $1" >&2 + echo "[ERROR] $1" >&2 } function warning() { - echo -e "${YELLOW}[WARNING]${NC} $1" + echo "[WARNING] $1" } -# Check if target version is provided -if [ $# -ne 1 ]; then - error "Usage: $0 " - error "Example: $0 1.24.6" - exit 1 -fi - -TARGET_VERSION="$1" - -# Validate version format (should be like 1.24.6) -if ! [[ "$TARGET_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - error "Invalid version format: $TARGET_VERSION" - error "Expected format: X.Y.Z (e.g., 1.24.6)" - exit 1 -fi - -info "Target Go version: $TARGET_VERSION" - -# Get the repository root -REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -cd "$REPO_ROOT" - -# Ensure we're on a clean working tree -if ! git diff-index --quiet HEAD -- 2>/dev/null; then - error "Working tree is not clean. Please commit or stash your changes first." - exit 1 -fi - -# Fetch the Go download page -info "Fetching Go download information from https://go.dev/dl/..." -GO_DL_PAGE=$(curl -sSL "https://go.dev/dl/") - -# Extract SHA256 for linux-amd64 -# The HTML structure looks like: ...go1.24.6.linux-amd64.tar.gz...SHA256_HASH... -SHA256=$(echo "$GO_DL_PAGE" | grep -A 50 "go${TARGET_VERSION}.linux-amd64.tar.gz" | sed -n 's/.*\([a-f0-9]\{64\}\)<\/tt>.*/\1/p' | head -1) +function update_dockerfiles() { + # Fetch the Go download page + info "Fetching Go download information from https://go.dev/dl/..." + GO_DL_PAGE=$(curl -sSL "https://go.dev/dl/") -if [ -z "$SHA256" ]; then - error "Failed to retrieve SHA256 checksum for Go version $TARGET_VERSION" - error "Please verify the version exists at https://go.dev/dl/" - error "Note: Archived versions may be further down the page" - exit 1 -fi + # Extract SHA256 for linux-amd64 + # The HTML structure looks like: ...go1.24.6.linux-amd64.tar.gz...SHA256_HASH... + SHA256=$(echo "$GO_DL_PAGE" | grep -A 50 "go${TARGET_VERSION}.linux-amd64.tar.gz" | sed -n 's/.*\([a-f0-9]\{64\}\)<\/tt>.*/\1/p' | head -1) -info "Found SHA256: $SHA256" - -# Find all Dockerfiles that contain GOLANG_VERSION -info "Finding Dockerfiles with GOLANG_VERSION..." -mapfile -t DOCKERFILES < <(grep -rl "ARG GOLANG_VERSION=" images/ 2>/dev/null | sort) - -if [ ${#DOCKERFILES[@]} -eq 0 ]; then - error "No Dockerfiles found with GOLANG_VERSION argument" - exit 1 -fi - -info "Found ${#DOCKERFILES[@]} Dockerfile(s) to update:" -for dockerfile in "${DOCKERFILES[@]}"; do - info " - $dockerfile" -done - -# Update each Dockerfile -info "Updating Dockerfiles..." -for dockerfile in "${DOCKERFILES[@]}"; do - if [ ! -f "$dockerfile" ]; then - warning "File not found: $dockerfile (skipping)" - continue + if [ -z "$SHA256" ]; then + error "Failed to retrieve SHA256 checksum for Go version $TARGET_VERSION" + error "Please verify the version exists at https://go.dev/dl/" + error "Note: Archived versions may be further down the page" + exit 1 fi - info " - Updating $dockerfile" + info "Found SHA256: $SHA256" - # Update GOLANG_VERSION - if grep -q "ARG GOLANG_VERSION=" "$dockerfile"; then - sed -i.bak "s/ARG GOLANG_VERSION=.*/ARG GOLANG_VERSION=${TARGET_VERSION}/" "$dockerfile" - else - warning " GOLANG_VERSION not found in $dockerfile" - fi + # Find all Dockerfiles that contain GOLANG_VERSION + info "Finding Dockerfiles with GOLANG_VERSION..." + mapfile -t DOCKERFILES < <(grep -rl "ARG GOLANG_VERSION=" images/ 2>/dev/null | sort) - # Update GOLANG_SHA256 - if grep -q "ARG GOLANG_SHA256=" "$dockerfile"; then - sed -i.bak "s/ARG GOLANG_SHA256=.*/ARG GOLANG_SHA256=${SHA256}/" "$dockerfile" - else - warning " GOLANG_SHA256 not found in $dockerfile" + if [ ${#DOCKERFILES[@]} -eq 0 ]; then + error "No Dockerfiles found with GOLANG_VERSION argument" + exit 1 fi - # Remove backup files - rm -f "${dockerfile}.bak" -done - -info "All files updated successfully!" - -# Show the changes -info "Changes made:" -git diff - -# Create a new branch -BRANCH_NAME="bump-go-${TARGET_VERSION}" -info "Creating branch: $BRANCH_NAME" -git checkout -b "$BRANCH_NAME" + info "Found ${#DOCKERFILES[@]} Dockerfile(s) to update:" + for dockerfile in "${DOCKERFILES[@]}"; do + info " - $dockerfile" + done + + # Update each Dockerfile + info "Updating Dockerfiles..." + for dockerfile in "${DOCKERFILES[@]}"; do + if [ ! -f "$dockerfile" ]; then + warning "File not found: $dockerfile (skipping)" + continue + fi + + info " - Updating $dockerfile" + + # Update GOLANG_VERSION + if grep -q "ARG GOLANG_VERSION=" "$dockerfile"; then + sed -i.bak "s/ARG GOLANG_VERSION=.*/ARG GOLANG_VERSION=${TARGET_VERSION}/" "$dockerfile" + else + warning " GOLANG_VERSION not found in $dockerfile" + fi + + # Update GOLANG_SHA256 + if grep -q "ARG GOLANG_SHA256=" "$dockerfile"; then + sed -i.bak "s/ARG GOLANG_SHA256=.*/ARG GOLANG_SHA256=${SHA256}/" "$dockerfile" + else + warning " GOLANG_SHA256 not found in $dockerfile" + fi + + # Remove backup files + rm -f "${dockerfile}.bak" + done + + info "All files updated successfully!" +} -# Stage the changes -info "Staging changes..." -for dockerfile in "${DOCKERFILES[@]}"; do - if [ -f "$dockerfile" ]; then - git add "$dockerfile" +function create_pr() { + # Create a new branch + BRANCH_NAME="bump-go-${TARGET_VERSION}" + info "Creating branch: $BRANCH_NAME" + git checkout -b "$BRANCH_NAME" + + # Stage the changes + info "Staging changes..." + for dockerfile in "${DOCKERFILES[@]}"; do + if [ -f "$dockerfile" ]; then + git add "$dockerfile" + fi + done + + # Commit the changes + COMMIT_MSG="Bump Go version to ${TARGET_VERSION} + + Updates GOLANG_VERSION and GOLANG_SHA256 across all Docker images. + + - GOLANG_VERSION: ${TARGET_VERSION} + - GOLANG_SHA256: ${SHA256} + - Archive: go${TARGET_VERSION}.linux-amd64.tar.gz" + + info "Committing changes..." + git commit -m "$COMMIT_MSG" + + # Push the branch + info "Pushing branch to origin..." + if ! git push -u origin "$BRANCH_NAME"; then + error "Failed to push branch. You may need to push manually:" + error " git push -u origin $BRANCH_NAME" + exit 1 fi -done - -# Commit the changes -COMMIT_MSG="Bump Go version to ${TARGET_VERSION} -Updates GOLANG_VERSION and GOLANG_SHA256 across all Docker images. - -- GOLANG_VERSION: ${TARGET_VERSION} -- GOLANG_SHA256: ${SHA256} -- Archive: go${TARGET_VERSION}.linux-amd64.tar.gz" - -info "Committing changes..." -git commit -m "$COMMIT_MSG" - -# Push the branch -info "Pushing branch to origin..." -if ! git push -u origin "$BRANCH_NAME"; then - error "Failed to push branch. You may need to push manually:" - error " git push -u origin $BRANCH_NAME" - exit 1 -fi - -# Create a pull request using GitHub CLI -info "Creating pull request..." -PR_TITLE="Bump Go version to ${TARGET_VERSION}" -PR_BODY="This PR updates the Go version to ${TARGET_VERSION} across all Docker images. + # Create a pull request using GitHub CLI + info "Creating pull request..." + PR_TITLE="chore(go): Bump Go version to ${TARGET_VERSION}" + PR_BODY="This PR updates the Go version to ${TARGET_VERSION} across all Docker images. ## Changes - Updated \`GOLANG_VERSION\` to ${TARGET_VERSION} @@ -167,23 +132,56 @@ PR_BODY="This PR updates the Go version to ${TARGET_VERSION} across all Docker i ## Affected Files $(printf '%s\n' "${DOCKERFILES[@]}" | sed 's/^/- `/' | sed 's/$/`/')" -if command -v gh &> /dev/null; then - PR_URL=$(gh pr create --title "$PR_TITLE" --body "$PR_BODY" --web 2>&1 | tee /dev/tty | grep -o 'https://github.com/[^[:space:]]*' || true) + PR_URL=$(gh pr create --title "$PR_TITLE" --body "$PR_BODY" --draft) if [ -n "$PR_URL" ]; then info "Pull request created successfully!" info "PR URL: $PR_URL" else - warning "GitHub CLI installed but PR creation may have failed." - warning "Please check the output above or create the PR manually at:" - warning " https://github.com/stackrox/rox-ci-image/compare/$BRANCH_NAME" + error "Failed to create pull request" + exit 1 fi -else - warning "GitHub CLI (gh) is not installed." - warning "Please create a pull request manually at:" - warning " https://github.com/stackrox/rox-ci-image/compare/$BRANCH_NAME" - warning "" - warning "Or install GitHub CLI: https://cli.github.com/" + } + +function main() { + update_dockerfiles + create_pr + info "Done! 🎉" +} + +# Check if GitHub CLI is installed +if ! command -v gh &> /dev/null; then + error "GitHub CLI (gh) is required but not installed." + error "Please install it from: https://cli.github.com/" + exit 1 +fi + +# Check if target version is provided +if [ $# -ne 1 ]; then + error "Usage: $0 " + error "Example: $0 1.24.6" + exit 1 +fi + +TARGET_VERSION="$1" + +# Validate version format (should be like 1.24.6) +if ! [[ "$TARGET_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + error "Invalid version format: $TARGET_VERSION" + error "Expected format: X.Y.Z (e.g., 1.24.6)" + exit 1 +fi + +info "Target Go version: $TARGET_VERSION" + +# Get the repository root +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +cd "$REPO_ROOT" + +# Ensure we're on a clean working tree +if ! git diff-index --quiet HEAD -- 2>/dev/null; then + error "Working tree is not clean. Please commit or stash your changes first." + exit 1 fi -info "Done! 🎉" +main "$@"