Merge branch 'release/v14.15-1'

Author: kahoona77

CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v14.15-1] - 2025-01-23
+### Changed 
+- [#42] Update Makefiles to 9.5.0
+- [#42] Update postgresql to 14.15
+- [#42] Add migration checker to post-upgrade.sh
+  - The migration checker fixes potentially corrupt data in postgres, due to bugfixes in postgres itself
+
 ## [v14.13-1] - 2024-11-13
 ### Changed
 - [#40] Update postgresql to v14.13

Dockerfile

@@ -1,4 +1,4 @@
-FROM registry.cloudogu.com/official/base:3.20.2-1 as builder
+FROM registry.cloudogu.com/official/base:3.21.0-1 as builder
 
 ENV GOSU_SHA256=bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3
 
@@ -15,15 +15,15 @@ RUN set -x -o errexit \
  && echo "${GOSU_SHA256} */build/usr/local/bin/gosu" | sha256sum -c - \
  && chmod +x /build/usr/local/bin/gosu
 
-FROM registry.cloudogu.com/official/base:3.20.2-1
+FROM registry.cloudogu.com/official/base:3.21.0-1
 
 LABEL NAME="official/postgresql" \
-        VERSION="14.13-1" \
+        VERSION="14.15-1" \
         maintainer="[email protected]"
 
 ENV LANG=en_US.utf8 \
     PGDATA=/var/lib/postgresql \
-    POSTGRESQL_VERSION=14.13-r0
+    POSTGRESQL_VERSION=14.15-r0
 
 RUN set -x -o errexit \
  && set -o nounset \

Jenkinsfile

@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@2.2.1', 'github.com/cloudogu/dogu-build-lib@v2.5.0'])
+@Library(['github.com/cloudogu/ces-build-lib@4.0.1', 'github.com/cloudogu/dogu-build-lib@v3.0.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -45,11 +45,13 @@ node('vagrant') {
             parameters([
                     booleanParam(defaultValue: false, description: 'Test dogu upgrade from latest release or optionally from defined version below', name: 'TestDoguUpgrade'),
                     string(defaultValue: '', description: 'Old Dogu version for the upgrade test (optional; e.g. 4.1.0-3)', name: 'OldDoguVersionForUpgradeTest'),
+                    booleanParam(defaultValue: true, description: 'Enables cypress to take screenshots of failing integration tests.', name: 'EnableScreenshotRecording'),
+                    choice(name: 'TrivySeverityLevels', choices: [TrivySeverityLevel.CRITICAL, TrivySeverityLevel.HIGH_AND_ABOVE, TrivySeverityLevel.MEDIUM_AND_ABOVE, TrivySeverityLevel.ALL], description: 'The levels to scan with trivy', defaultValue: TrivySeverityLevel.CRITICAL),
+                    choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.', defaultValue: TrivyScanStrategy.UNSTABLE),
             ])
         ])
 
         EcoSystem ecoSystem = new EcoSystem(this, 'gcloud-ces-operations-internal-packer', 'jenkins-gcloud-ces-operations-internal')
-        Trivy trivy = new Trivy(this, ecoSystem)
 
         try {
             stage('Provision') {
@@ -69,13 +71,20 @@ node('vagrant') {
             }
 
             stage('Build') {
+                // change namespace to prerelease_namespace if in develop-branch
+                if (gitflow.isPreReleaseBranch()) {
+                    ecoSystem.vagrant.ssh "cd /dogu && make prerelease_namespace"
+                }
                 ecoSystem.build(doguDirectory)
             }
 
             stage('Trivy scan') {
-                trivy.scanDogu("/dogu", TrivyScanFormat.HTML, TrivyScanLevel.CRITICAL, TrivyScanStrategy.UNSTABLE)
-                trivy.scanDogu("/dogu", TrivyScanFormat.JSON, TrivyScanLevel.CRITICAL, TrivyScanStrategy.UNSTABLE)
-                trivy.scanDogu("/dogu", TrivyScanFormat.PLAIN, TrivyScanLevel.CRITICAL, TrivyScanStrategy.UNSTABLE)
+                ecoSystem.copyDoguImageToJenkinsWorker("/dogu")
+                Trivy trivy = new Trivy(this)
+                trivy.scanDogu(".", params.TrivySeverityLevels, params.TrivyStrategy)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.TABLE)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.JSON)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.HTML)
             }
 
             stage('Verify') {
@@ -93,21 +102,22 @@ node('vagrant') {
             }
 
             if (gitflow.isReleaseBranch()) {
-                String releaseVersion = git.getSimpleBranchName()
-
+                String releaseVersion = git.getSimpleBranchName();
                 stage('Finish Release') {
                     gitflow.finishRelease(releaseVersion)
                 }
-
                 stage('Push Dogu to registry') {
-                    ecoSystem.push(doguDirectory)
+                    ecoSystem.push("/dogu")
                 }
-
-                stage ('Add Github-Release') {
+                stage('Add Github-Release') {
                     github.createReleaseWithChangelog(releaseVersion, changelog)
                 }
+            } else if (gitflow.isPreReleaseBranch()) {
+                // push to registry in prerelease_namespace
+                stage('Push Prerelease Dogu to registry') {
+                    ecoSystem.pushPreRelease("/dogu")
+                }
             }
-
         } finally {
             stage('Clean') {
                 ecoSystem.destroy()

Makefile

@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.2.0
+MAKEFILES_VERSION=9.5.0
 
 .DEFAULT_GOAL:=dogu-release
 
@@ -7,3 +7,4 @@ include build/make/self-update.mk
 include build/make/release.mk
 include build/make/bats.mk
 include build/make/k8s-dogu.mk
+include build/make/prerelease.mk

build/make/build.mk

@@ -3,7 +3,7 @@
 ADDITIONAL_LDFLAGS?=-extldflags -static
 LDFLAGS?=-ldflags "$(ADDITIONAL_LDFLAGS) -X main.Version=$(VERSION) -X main.CommitID=$(COMMIT_ID)"
 GOIMAGE?=golang
-GOTAG?=1.22
+GOTAG?=1.23
 GOOS?=linux
 GOARCH?=amd64
 PRE_COMPILE?=

build/make/k8s-dogu.tpl

@@ -1,4 +1,4 @@
-apiVersion: k8s.cloudogu.com/v1
+apiVersion: k8s.cloudogu.com/v2
 kind: Dogu
 metadata:
   name: NAME

build/make/k8s.mk

@@ -138,7 +138,7 @@ ${K8S_RESOURCE_TEMP_FOLDER}:
 ##@ K8s - Docker
 
 .PHONY: docker-build
-docker-build: check-docker-credentials check-k8s-image-env-var ## Builds the docker image of the K8s app.
+docker-build: check-docker-credentials check-k8s-image-env-var ${BINARY_YQ} ## Builds the docker image of the K8s app.
 	@echo "Building docker image $(IMAGE)..."
 	@DOCKER_BUILDKIT=1 docker build . -t $(IMAGE)
 

build/make/prerelease.mk

@@ -0,0 +1,6 @@
+# used to create switch the dogu to a prerelease namespace
+# e.g. official/usermgmt -> prerelease_official/usermgmt
+
+.PHONY: prerelease_namespace
+prerelease_namespace:
+	build/make/stagex.sh prerelease_namespace

build/make/prerelease.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+prerelease_namespace() {
+
+  # Update version in dogu.json
+  if [ -f "dogu.json" ]; then
+    echo "Updating name in dogu.json..."
+    ORIG_NAME="$(jq -r ".Name" ./dogu.json)"
+    PRERELEASE_NAME="prerelease_${ORIG_NAME}"
+    jq ".Name = \"${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+    jq ".Image = \"registry.cloudogu.com/${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+  fi
+
+  # Update version in Dockerfile
+  if [ -f "Dockerfile" ]; then
+    echo "Updating version in Dockerfile..."
+    ORIG_NAME="$(grep -oP "^[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
+    PRERELEASE_NAME="prerelease_$( echo -e "$ORIG_NAME" | sed 's/\//\\\//g' )"
+    sed -i "s/\(^[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile
+  fi
+
+}
+
+
+TYPE="${1}"
+
+echo ${TYPE}
+if [[ "${TYPE}" == "prerelease_namespace" ]];then
+  prerelease_namespace
+fi

build/make/release.sh

@@ -56,6 +56,7 @@ fi
 
 update_versions "${NEW_RELEASE_VERSION}"
 update_changelog "${NEW_RELEASE_VERSION}" "${FIXED_CVE_LIST}"
+update_releasenotes "${NEW_RELEASE_VERSION}"
 show_diff
 
 if [[ -n "${DRY_RUN}" ]]; then

build/make/release_functions.sh

@@ -207,6 +207,50 @@ update_changelog() {
   git commit -m "Update changelog"
 }
 
+update_releasenotes() {
+  local NEW_RELEASE_VERSION="${1}"
+
+  # ReleaseNotes update
+  local CURRENT_DATE
+  CURRENT_DATE=$(date --rfc-3339=date)
+  local NEW_RELEASENOTE_TITLE="## [v${NEW_RELEASE_VERSION}] - ${CURRENT_DATE}"
+  rm -rf ".rn_changed"
+  find . -name "*release_notes*.md" -print0 | while read -d $'\0' file
+  do
+     # Check if "Unreleased" tag exists
+     while ! grep --silent "## \[Unreleased\]" "${file}"; do
+       echo ""
+       echo -e "\e[31mYour ${file} does not contain a \"## [Unreleased]\" line!\e[0m"
+       echo "Please add one to make it comply to https://keepachangelog.com/en/1.0.0/"
+       wait_for_ok "Please insert a \"## [Unreleased]\" line into ${file} now."
+     done
+
+     # Add new title line to changelog
+     sed -i "s|## \[Unreleased\]|## \[Unreleased\]\n\n${NEW_RELEASENOTE_TITLE}|g" "${file}"
+     echo "Processed ${file}"
+     echo true > ".rn_changed"
+  done
+
+  if test -f ".rn_changed" ; then
+    # Wait for user to validate changelog changes
+    wait_for_ok "Please make sure your release notes looks as desired."
+
+    find . -name "*release_notes*.md" -print0 | while read -d $'\0' file
+    do
+      # Check if new version tag still exists
+      while ! grep --silent "$(echo $NEW_RELEASENOTE_TITLE | sed -e 's/[]\/$*.^[]/\\&/g')" "${file}"; do
+        echo ""
+        echo -e "\e[31mYour ${file} does not contain \"${NEW_RELEASENOTE_TITLE}\"!\e[0m"
+        wait_for_ok "Please update your ${file} now."
+      done
+      git add "${file}"
+    done
+
+    git commit -m "Update ReleaseNotes"
+  fi
+  rm -rf ".rn_changed"
+}
+
 # addFixedCVEListFromReRelease is used in dogu cve releases. The method adds the fixed CVEs under the ### Fixed header
 # in the unreleased section.
 addFixedCVEListFromReRelease() {

build/make/self-update.mk

@@ -19,4 +19,9 @@ remove-old-files:
 
 .PHONY: copy-new-files
 copy-new-files:
-	@cp -r $(TMP_DIR)/makefiles-$(MAKEFILES_VERSION)/build/make $(BUILD_DIR)
+	@cp -r $(TMP_DIR)/makefiles-$(MAKEFILES_VERSION)/build/make $(BUILD_DIR)
+
+.PHONY: update-build-libs
+update-build-libs:
+	@echo "Check for newer Build-Lib versions"
+	build/make/self-update.sh buildlibs

build/make/self-update.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+TYPE="${1}"
+
+update_build_libs() {
+  echo "Get newest version of ces-build-lib and dogu-build-lib"
+  update_jenkinsfile
+  echo "Newest Versions set. Please check your Jenkinsfile"
+}
+
+get_highest_version() {
+  local target="${1}"
+  local gitCesBuildLib
+  # getting tags from ces-build.libs OR dogu-build-libs
+  gitCesBuildLib="$(git ls-remote --tags --refs https://github.com/cloudogu/${target}-build-lib)"
+  local highest
+  # Flagfile for getting results out of while-loop
+  rm -rf .versions
+  while IFS= read -r line; do
+      local version
+      version="$(awk -F'/tags/' '{ for(i=1;i<=NF;i++) print $i }' <<< $line | tail -n 1 | sed 's/[^0-9\.]*//g')"
+      if [[ $version == *"."* ]] ; then
+        echo $version >> ".versions"
+      fi
+  done <<< "$gitCesBuildLib"
+  highest=$(sort .versions | tail -n 1)
+  rm -rf .versions
+  echo "${highest}"
+}
+
+# Patch Jenkinsfile
+update_jenkinsfile() {
+  sed -i "s/ces-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/ces-build-lib@$(get_highest_version ces)/g" Jenkinsfile
+  sed -i "s/dugu-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@$(get_highest_version dogu)/g" Jenkinsfile
+}
+
+# switch for script entrypoint
+if [[ "${TYPE}" == "buildlibs" ]];then
+  update_build_libs
+else
+  echo "Unknown target ${TYPE}"
+fi
+
+
+

build/make/static-analysis.mk

@@ -2,12 +2,12 @@
 
 STATIC_ANALYSIS_DIR=$(TARGET_DIR)/static-analysis
 GOIMAGE?=golang
-GOTAG?=1.22
+GOTAG?=1.23
 CUSTOM_GO_MOUNT?=-v /tmp:/tmp
 
 REVIEW_DOG=$(TMP_DIR)/bin/reviewdog
 LINT=$(TMP_DIR)/bin/golangci-lint
-LINT_VERSION?=v1.58.2
+LINT_VERSION?=v1.61.0
 # ignore tests and mocks
 LINTFLAGS=--tests=false --exclude-files="^.*_mock.go$$" --exclude-files="^.*/mock.*.go$$" --timeout 10m --issues-exit-code 0
 ADDITIONAL_LINTER=-E bodyclose -E containedctx -E contextcheck -E decorder -E dupl -E errname -E forcetypeassert -E funlen -E unparam

dogu.json

@@ -1,6 +1,6 @@
 {
   "Name": "official/postgresql",
-  "Version": "14.13-1",
+  "Version": "14.15-1",
   "DisplayName": "PostgreSQL",
   "Description": "PostgreSQL Database.",
   "Url": "https://www.postgresql.org/",
@@ -42,6 +42,10 @@
       "Name": "pre-upgrade",
       "Command": "/pre-upgrade.sh"
     },
+    {
+      "Name": "post-upgrade",
+      "Command": "/post-upgrade.sh"
+    },
     {
       "Name": "backup-consumer",
       "Command": "/backup-consumer.sh"