Add image-source-of-truth.yaml and update-truth-sidecars scripts

Makefile

@@ -268,3 +268,7 @@ generate-kustomize: bin/helm
 	cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-csi-node.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/serviceaccount-csi-node.yaml
 	cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/role-leases.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/role-leases.yaml
 	cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/rolebinding-leases.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/rolebinding-leases.yaml
+
+.PHONY: update-truth-sidecars
+update-truth-sidecars: hack/release-scripts/image-source-of-truth.yaml hack/release-scripts/update-truth-sidecars
+	hack/release-scripts/update-truth-sidecars

hack/release-scripts/image-source-of-truth.yaml

@@ -0,0 +1,42 @@
+# This file acts as the source of truth for the driver and sidecar image tags and digests used by the rest of the repository.
+# It is to be updated through the the use of scripts in `hack/release-scripts` or Makefile targets.
+driver:
+  name: "aws-ebs-csi-driver"
+  version: "v1.24.0"
+  gcrStagingImage: "gcr.io/k8s-staging-provider-aws/aws-ebs-csi-driver"
+  manifestDigest: ""
+  gcrImage: "registry.k8s.io/provider-aws/aws-ebs-csi-driver"
+  ecrImage: "public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver"
+sidecars: # sidecar names match upstream helm chart values.yaml
+  snapshotter:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter"
+    tag: ""
+    manifestDigest: ""
+  attacher:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-attacher"
+    tag: ""
+    manifestDigest: ""
+  provisioner:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner"
+    tag: ""
+    manifestDigest: ""
+  resizer:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-resizer"
+    tag: ""
+    manifestDigest: ""
+  livenessProbe:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe"
+    tag: ""
+    manifestDigest: ""
+  nodeDriverRegistrar:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar"
+    tag: ""
+    manifestDigest: ""
+  volumemodifier:
+    image: "public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s"
+    tag: ""
+    manifestDigest: ""
+  snapshotController:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/snapshot-controller"
+    tag: ""
+    manifestDigest: ""

hack/release-scripts/update-truth-sidecars

@@ -0,0 +1,68 @@
+#!/bin/bash
+# This script updates the image-source-of-truth.yaml with the latest tags and associated manifest digests for each sidecar image.
+
+# --- Environment Variables
+export ROOT_DIRECTORY TRUTH_FILEPATH
+ROOT_DIRECTORY=${ROOT_DIRECTORY:=$(git rev-parse --show-toplevel)}
+TRUTH_FILEPATH=${TRUTH_FILEPATH:="$ROOT_DIRECTORY/hack/release-scripts/image-source-of-truth.yaml"}
+
+tmp_filename="tmp_$RANDOM.txt"
+# --- Script Tools
+set -euo pipefail # Exit on any error
+
+log() {
+  printf "%s [INFO] - %s\n" "$(date +"%Y-%m-%d %H:%M:%S")" "${*}" >&2
+}
+
+check_dependencies() {
+  local readonly dependencies=("yq" "git" "crane")
+
+  for cmd in "${dependencies[@]}"; do
+    if ! command -v "${cmd}" &>/dev/null; then
+      log "${cmd} could not be found, please install it."
+      exit 1
+    fi
+  done
+}
+
+error_handler() {
+  printf "Error occurred in script: %s, at line: %s. Command: %s. Error: %s\n" "$1" "$2" "$BASH_COMMAND" "$3" >&2
+  exit 1
+}
+
+trap 'error_handler ${LINENO} $? "$BASH_COMMAND"' ERR
+
+# --- Script
+trap 'rm $tmp_filename' EXIT
+
+crane_get_latest_image_tag() {
+  image=$1
+
+  export TAG
+  TAG=$(crane ls "$image" | sed '/latest/d' | sort -V | tail -1)  # Get tag for $image with latest semvar
+}
+
+update_sidecars_source_of_truth () {
+  yq '.sidecars | keys | .[]' "$TRUTH_FILEPATH" > $tmp_filename
+
+  for sidecar in $(cat $tmp_filename)
+       do
+         log "Updating $sidecar in $TRUTH_FILEPATH"
+         image=$(yq ".sidecars.$sidecar.image" "$TRUTH_FILEPATH")
+
+         export TAG
+         crane_get_latest_image_tag "$image"
+         yq ".sidecars.$sidecar.tag = env(TAG)" -i "$TRUTH_FILEPATH"
+
+         export DIGEST
+         DIGEST=$(crane digest "$image:$TAG")
+         yq ".sidecars.$sidecar.manifestDigest = env(DIGEST)" -i "$TRUTH_FILEPATH"
+       done
+}
+
+main () {
+  check_dependencies
+  update_sidecars_source_of_truth
+}
+
+main