From 87d99a71ec6a1c993b06dedc4ab54e16b77003b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 20 Jul 2023 17:12:10 +0200
Subject: [PATCH 1/3] versions: Remove "kernel-experimental"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We've not been using nor shipping this kernel for a very long time.

Regardless, we're leaving behind the logic in the kernel scripts to
build it, in case it becomes necessary in the future.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/kata-deploy/local-build/Makefile       |  3 ---
 .../kata-deploy/local-build/kata-deploy-binaries.sh    | 10 ----------
 versions.yaml                                          |  5 -----
 3 files changed, 18 deletions(-)

diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index fc7ed41d21..dc887e703b 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -64,9 +64,6 @@ firecracker-tarball:
 kernel-dragonball-experimental-tarball:
 	${MAKE} $@-build
 
-kernel-experimental-tarball:
-	${MAKE} $@-build
-
 kernel-nvidia-gpu-tarball:
 	${MAKE} $@-build
 
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 9b22767420..bcd3a6bb11 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -346,14 +346,6 @@ install_kernel_nvidia_gpu_tdx_experimental() {
 		"-x tdx -g nvidia -u ${kernel_url} -H deb"
 }
 
-#Install experimental kernel asset
-install_kernel_experimental() {
-	install_kernel_helper \
-		"assets.kernel-experimental.version" \
-		"kernel-experimental" \
-		"-f -b experimental"
-}
-
 #Install experimental TDX kernel asset
 install_kernel_tdx_experimental() {
 	local kernel_url="$(get_from_kata_deps assets.kernel-tdx-experimental.url)"
@@ -648,8 +640,6 @@ handle_build() {
 
 	kernel-dragonball-experimental) install_kernel_dragonball_experimental ;;
 
-	kernel-experimental) install_kernel_experimental ;;
-
 	kernel-nvidia-gpu) install_kernel_nvidia_gpu ;;
 
 	kernel-nvidia-gpu-snp) install_kernel_nvidia_gpu_snp;;
diff --git a/versions.yaml b/versions.yaml
index 5cb014fea1..e31dab1645 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -179,11 +179,6 @@ assets:
       url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
       version: "v5.19.2"
 
-  kernel-experimental:
-    description: "Linux kernel with virtio-fs support"
-    url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
-    tag: "v5.13.10"
-
   kernel-arm-experimental:
     description: "Linux kernel with cpu/mem hotplug support on arm64"
     url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"

From 5dddd7c5d1e75959198121c38b1fd102b0b5791b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 20 Jul 2023 17:23:40 +0200
Subject: [PATCH 2/3] release: Upload versions.yaml as part of the release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Although this file is far away from being a SBOM, it'll help folks to
easily visualise which components are part of a release, and even have
SBOMs generated from that.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .github/workflows/release.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e06ed61b58..dbdf182402 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -121,6 +121,19 @@ jobs:
           GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
           popd
 
+  upload-versions-yaml-tarball:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: upload versions.yaml
+        run: |
+          tag=$(echo $GITHUB_REF | cut -d/ -f3-)
+          pushd $GITHUB_WORKSPACE
+          versions_file="kata-containers-$tag-versions.yaml"
+          cp versions.yaml ${versions_file}
+          hub release edit -m "" -a "${versions_file}" "${tag}"
+          popd
+
   upload-cargo-vendored-tarball:
     needs: upload-multi-arch-static-tarball
     runs-on: ubuntu-latest

From 59fdd69b85635728f933fbaba1b9e40dcd0a9fb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 20 Jul 2023 17:52:24 +0200
Subject: [PATCH 3/3] kata-deploy: Add VERSION and versions.yaml to the final
 tarball
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's make things simpler to figure out which version of Kata
Containers has been deployed, and also which artefacts come with it.

This will help us immensely in the future, for the TEEs use case, so we
can easily know whether we can deploy a specific guest kernel for a
specific host kernel.

Fixes: #7394

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .../workflows/build-kata-static-tarball-amd64.yaml    |  2 +-
 .../workflows/build-kata-static-tarball-arm64.yaml    |  2 +-
 .../workflows/build-kata-static-tarball-s390x.yaml    |  2 +-
 tools/packaging/kata-deploy/local-build/Makefile      |  2 +-
 .../local-build/kata-deploy-merge-builds.sh           | 11 +++++++++++
 5 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml
index f0f606850b..869d49bc60 100644
--- a/.github/workflows/build-kata-static-tarball-amd64.yaml
+++ b/.github/workflows/build-kata-static-tarball-amd64.yaml
@@ -99,7 +99,7 @@ jobs:
           path: kata-artifacts
       - name: merge-artifacts
         run: |
-          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts
+          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml
       - name: store-artifacts
         uses: actions/upload-artifact@v3
         with:
diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml
index 2ad97a0ba4..85d7bd18b8 100644
--- a/.github/workflows/build-kata-static-tarball-arm64.yaml
+++ b/.github/workflows/build-kata-static-tarball-arm64.yaml
@@ -83,7 +83,7 @@ jobs:
           path: kata-artifacts
       - name: merge-artifacts
         run: |
-          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts
+          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml
       - name: store-artifacts
         uses: actions/upload-artifact@v3
         with:
diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml
index cf28310336..8c7b886370 100644
--- a/.github/workflows/build-kata-static-tarball-s390x.yaml
+++ b/.github/workflows/build-kata-static-tarball-s390x.yaml
@@ -80,7 +80,7 @@ jobs:
           path: kata-artifacts
       - name: merge-artifacts
         run: |
-          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts
+          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml
       - name: store-artifacts
         uses: actions/upload-artifact@v3
         with:
diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index dc887e703b..ece1900c02 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -125,7 +125,7 @@ virtiofsd-tarball:
 	${MAKE} $@-build
 
 merge-builds:
-	$(MK_DIR)/kata-deploy-merge-builds.sh build
+	$(MK_DIR)/kata-deploy-merge-builds.sh build "$(MK_DIR)/../../../../versions.yaml"
 
 install-tarball:
 	tar -xf ./kata-static.tar.xz -C /
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh
index b2d02b43fb..ff13708ef8 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh
@@ -11,6 +11,8 @@ set -o pipefail
 set -o errtrace
 
 kata_build_dir=${1:-build}
+kata_versions_yaml_file=${2:-""}
+
 tar_path="${PWD}/kata-static.tar.xz"
 
 pushd "${kata_build_dir}"
@@ -24,6 +26,15 @@ do
 	tar -xvf "${c}" -C "${tarball_content_dir}"
 done
 
+pushd ${tarball_content_dir}
+	shim="containerd-shim-kata-v2"
+	shim_path=$(find . -name ${shim} | sort | head -1)
+	prefix=${shim_path%"bin/${shim}"}
+
+	echo "$(git describe)" > ${prefix}/VERSION
+	[[ -n "${kata_versions_yaml_file}" ]] && cp ${kata_versions_yaml_file} ${prefix}/
+popd
+
 echo "create ${tar_path}"
 (cd "${tarball_content_dir}"; tar cvfJ "${tar_path}" .)
 popd