diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml new file mode 100644 index 000000000..dd4fd195a --- /dev/null +++ b/.github/workflows/release-tag.yml @@ -0,0 +1,24 @@ +name: Auto-tag release + +on: + pull_request: + types: [closed] + branches: [master] + +jobs: + tag: + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'release/v') + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + + - name: Create and push tag + run: | + VERSION="${GITHUB_HEAD_REF#release/}" + echo "Creating tag $VERSION on master" + git tag "$VERSION" + git push origin "$VERSION" diff --git a/Makefile b/Makefile index c668d9752..aea7707ac 100644 --- a/Makefile +++ b/Makefile @@ -242,31 +242,75 @@ proxy: port-forward: kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(POD_PREFIX)/' | awk 'END {print $$1}') $(SRC_PORT):$(DST_PORT) -release: +release: ## Print release workflow instructions. + @echo "Release workflow (2 steps):" + @echo "" + @echo " 1. make release-pr VERSION=x.y.z" + @echo " Tags sibling repos, bumps version, creates PRs" + @echo " (kubeshark + kubeshark.github.io helm chart)." + @echo " Review and merge both PRs manually." + @echo "" + @echo " 2. (automatic) Tag is created when release PR merges." + @echo " Fallback: make release-tag VERSION=x.y.z" + +release-pr: ## Step 1: Tag sibling repos, bump version, create release PR. @cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags - @cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags @cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags @cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags - @cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make + @cd ../kubeshark && git checkout master && git pull + @sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml + @$(MAKE) build VER=$(VERSION) @if [ "$(shell uname)" = "Darwin" ]; then \ codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \ fi - @make generate-helm-values && make generate-manifests - @git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push - @git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags - @rm -rf ../kubeshark.github.io/charts/chart && mkdir ../kubeshark.github.io/charts/chart && cp -r helm-chart/ ../kubeshark.github.io/charts/chart/ - @cd ../kubeshark.github.io/ && git add -A . && git commit -m ":sparkles: Update the Helm chart" && git push + @$(MAKE) generate-helm-values && $(MAKE) generate-manifests + @git checkout -b release/v$(VERSION) + @git add -A . + @git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" + @git push -u origin release/v$(VERSION) + @gh pr create --title ":bookmark: Release v$(VERSION)" \ + --body "Automated release PR for v$(VERSION)." \ + --base master \ + --reviewer corest + @rm -rf ../kubeshark.github.io/charts/chart + @mkdir ../kubeshark.github.io/charts/chart + @cp -r helm-chart/ ../kubeshark.github.io/charts/chart/ + @cd ../kubeshark.github.io && git checkout master && git pull \ + && git checkout -b helm-v$(VERSION) \ + && git add -A . \ + && git commit -m ":sparkles: Update the Helm chart to v$(VERSION)" \ + && git push -u origin helm-v$(VERSION) \ + && gh pr create --title ":sparkles: Helm chart v$(VERSION)" \ + --body "Update Helm chart for release v$(VERSION)." \ + --base master \ + --reviewer corest @cd ../kubeshark + @echo "" + @echo "Release PRs created:" + @echo " - kubeshark: Review and merge the release PR." + @echo " - kubeshark.github.io: Review and merge the helm chart PR." + @echo "Tag will be created automatically, or run: make release-tag VERSION=$(VERSION)" + +release-tag: ## Step 2 (fallback): Tag master after release PR is merged. + @echo "Verifying release PR was merged..." + @if ! gh pr list --state merged --head release/v$(VERSION) --json number --jq '.[0].number' | grep -q .; then \ + echo "Error: No merged PR found for release/v$(VERSION). Merge the PR first."; \ + exit 1; \ + fi + @git checkout master && git pull + @git tag -d v$(VERSION) 2>/dev/null; git tag v$(VERSION) && git push origin --tags + @echo "" + @echo "Tagged v$(VERSION) on master. GitHub Actions will build the release." release-dry-run: @cd ../worker && git checkout master && git pull - @cd ../tracer && git checkout master && git pull + # @cd ../tracer && git checkout master && git pull @cd ../hub && git checkout master && git pull @cd ../front && git checkout master && git pull @cd ../kubeshark && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make - @if [ "$(shell uname)" = "Darwin" ]; then \ - codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \ - fi + # @if [ "$(shell uname)" = "Darwin" ]; then \ + # codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \ + # fi @make generate-helm-values && make generate-manifests @rm -rf ../kubeshark.github.io/charts/chart && mkdir ../kubeshark.github.io/charts/chart && cp -r helm-chart/ ../kubeshark.github.io/charts/chart/ @cd ../kubeshark.github.io/ diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 9ad9f3756..209cf4082 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kubeshark -version: "52.12.0" +version: "53.1.0" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.com keywords: diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 00f5c8d50..7df549461 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -42,13 +42,14 @@ tap: storageClass: "" storageSize: 20Gi cloud: - provider: "" # cloud storage provider: "s3" (empty = disabled) - configMaps: [] # names of ConfigMaps with cloud storage env vars - secrets: [] # names of Secrets with cloud storage credentials + provider: "" + configMaps: [] + secrets: [] release: repo: https://helm.kubeshark.com name: kubeshark namespace: default + helmChartPath: "" persistentStorage: false persistentStorageStatic: false persistentStoragePvcVolumeMode: FileSystem diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 2ea0b364f..8f017a0a5 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-hub-network-policy namespace: default @@ -33,10 +33,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front-network-policy @@ -60,10 +60,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-dex-network-policy @@ -87,10 +87,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-network-policy @@ -116,10 +116,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-service-account namespace: default @@ -132,10 +132,10 @@ metadata: namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' @@ -151,10 +151,10 @@ metadata: namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_CRT: | @@ -167,10 +167,10 @@ metadata: namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_KEY: | @@ -182,10 +182,10 @@ metadata: name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm data: default.conf: | @@ -248,10 +248,10 @@ metadata: namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -306,10 +306,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-cluster-role-default namespace: default @@ -353,10 +353,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-cluster-role-binding-default namespace: default @@ -374,10 +374,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -424,10 +424,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -447,10 +447,10 @@ kind: Service metadata: labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-hub namespace: default @@ -468,10 +468,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-front namespace: default @@ -489,10 +489,10 @@ kind: Service apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -502,10 +502,10 @@ metadata: spec: selector: app.kubeshark.com/app: worker - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -518,10 +518,10 @@ kind: Service apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -531,10 +531,10 @@ metadata: spec: selector: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -549,10 +549,10 @@ metadata: labels: app.kubeshark.com/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: default @@ -566,10 +566,10 @@ spec: metadata: labels: app.kubeshark.com/app: worker - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -579,7 +579,7 @@ spec: - /bin/sh - -c - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf - image: 'docker.io/kubeshark/worker:v52.12' + image: 'docker.io/kubeshark/worker:v53.1' imagePullPolicy: Always name: mount-bpf securityContext: @@ -618,7 +618,7 @@ spec: - '500Mi' - -cloud-api-url - 'https://api.kubeshark.com' - image: 'docker.io/kubeshark/worker:v52.12' + image: 'docker.io/kubeshark/worker:v53.1' imagePullPolicy: Always name: sniffer ports: @@ -690,7 +690,7 @@ spec: - -disable-tls-log - -loglevel - 'warning' - image: 'docker.io/kubeshark/worker:v52.12' + image: 'docker.io/kubeshark/worker:v53.1' imagePullPolicy: Always name: tracer env: @@ -782,10 +782,10 @@ kind: Deployment metadata: labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-hub namespace: default @@ -800,10 +800,10 @@ spec: metadata: labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -819,9 +819,9 @@ spec: - -capture-stop-after - "5m" - -snapshot-size-limit - - '20Gi' + - '' - -dissector-image - - 'kubeshark/worker:master' + - 'docker.io/kubeshark/worker:v53.1' - -dissector-cpu - '1' - -dissector-memory @@ -843,7 +843,7 @@ spec: value: 'production' - name: PROFILING_ENABLED value: 'false' - image: 'docker.io/kubeshark/hub:v52.12' + image: 'docker.io/kubeshark/hub:v53.1' imagePullPolicy: Always readinessProbe: periodSeconds: 5 @@ -911,10 +911,10 @@ kind: Deployment metadata: labels: app.kubeshark.com/app: front - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm name: kubeshark-front namespace: default @@ -929,10 +929,10 @@ spec: metadata: labels: app.kubeshark.com/app: front - helm.sh/chart: kubeshark-52.12.0 + helm.sh/chart: kubeshark-53.1.0 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.12.0" + app.kubernetes.io/version: "53.1.0" app.kubernetes.io/managed-by: Helm spec: containers: @@ -979,7 +979,7 @@ spec: value: 'false' - name: REACT_APP_SENTRY_ENVIRONMENT value: 'production' - image: 'docker.io/kubeshark/front:v52.12' + image: 'docker.io/kubeshark/front:v53.1' imagePullPolicy: Always name: kubeshark-front livenessProbe: