From ae54aaf87adabcf02e9ac2bc88e77591317b9271 Mon Sep 17 00:00:00 2001
From: Drew Sirenko <68304519+AndrewSirenko@users.noreply.github.com>
Date: Thu, 2 Nov 2023 10:36:02 -0400
Subject: [PATCH] Add release scripts for upgrading sidecar dependencies

---
 .gitignore                                    |   5 +-
 Makefile                                      |  11 ++
 hack/release-scripts/generate-sidecar-tags    | 114 ++++++++++++++++++
 .../release-scripts/get-latest-sidecar-images |  88 ++++++++++++++
 .../image-digests-template.yaml               |  43 +++++++
 5 files changed, 260 insertions(+), 1 deletion(-)
 create mode 100755 hack/release-scripts/generate-sidecar-tags
 create mode 100755 hack/release-scripts/get-latest-sidecar-images
 create mode 100644 hack/release-scripts/image-digests-template.yaml

diff --git a/.gitignore b/.gitignore
index bc282140a1..000ff70b0d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,7 +22,7 @@ Vagrantfile
 # IntelliJ
 .idea/
 
-#MacOS system files
+# MacOS system files
 *.DS_Store
 
 # Vendor dir
@@ -30,3 +30,6 @@ vendor/
 
 # .image-* files used by Makefile
 .image-*
+
+# Files used by Makefile when upgrading sidecars
+hack/release-scripts/image-digests.yaml
diff --git a/Makefile b/Makefile
index 22a45d4ab8..f7fa89e983 100644
--- a/Makefile
+++ b/Makefile
@@ -268,3 +268,14 @@ generate-kustomize: bin/helm
 	cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-csi-node.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/serviceaccount-csi-node.yaml
 	cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/role-leases.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/role-leases.yaml
 	cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/rolebinding-leases.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/rolebinding-leases.yaml
+
+.PHONY: update-truth-sidecars
+update-truth-sidecars: hack/release-scripts/image-digests-template.yaml hack/release-scripts/get-latest-sidecar-images
+	./hack/release-scripts/get-latest-sidecar-images
+
+.PHONY: generate-sidecar-tags
+generate-sidecar-tags: hack/release-scripts/image-digests.yaml charts/aws-ebs-csi-driver/values.yaml deploy/kubernetes/overlays/stable/gcr/kustomization.yaml hack/release-scripts/generate-sidecar-tags
+	./hack/release-scripts/generate-sidecar-tags
+
+.PHONY: update-sidecar-dependencies
+update-sidecar-dependencies: update-truth-sidecars generate-sidecar-tags generate-kustomize
diff --git a/hack/release-scripts/generate-sidecar-tags b/hack/release-scripts/generate-sidecar-tags
new file mode 100755
index 0000000000..60dd0f8695
--- /dev/null
+++ b/hack/release-scripts/generate-sidecar-tags
@@ -0,0 +1,114 @@
+#!/bin/bash
+# Copyright 2019 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ---
+# This script generates the sidecar image tags in `deploy/kubernetes/overlays/stable/gcr/kustomization.yaml`and
+# `charts/aws-ebs-csi-driver/values.yaml` based off of the values in the generated
+# `hack/release-scripts/image-digests.yaml` file from running the get-latest-sidecar-images script.
+
+# --- Environment Variables
+export ROOT_DIRECTORY TRUTH_FILEPATH HELM_VALUES_FILEPATH KUSTOMIZE_FILEPATH
+ROOT_DIRECTORY=${ROOT_DIRECTORY:=$(git rev-parse --show-toplevel)}
+IMAGE_DIGESTS_FILEPATH=${IMAGE_DIGESTS_FILEPATH:="$ROOT_DIRECTORY/hack/release-scripts/image-digests.yaml"}
+HELM_VALUES_FILEPATH=${HELM_VALUES_FILEPATH:="$ROOT_DIRECTORY/charts/aws-ebs-csi-driver/values.yaml"}
+KUSTOMIZE_FILEPATH=${KUSTOMIZE_FILEPATH:="$ROOT_DIRECTORY/deploy/kubernetes/overlays/stable/gcr/kustomization.yaml"}
+
+tmp_filename="tmp_$RANDOM.txt"
+
+# --- Script Tools
+set -euo pipefail # Exit on any error
+
+log() {
+  printf "%s [INFO] - %s\n" "$(date +"%Y-%m-%d %H:%M:%S")" "${*}" >&2
+}
+
+check_dependencies() {
+  local readonly dependencies=("yq" "git" "sed")
+
+  for cmd in "${dependencies[@]}"; do
+    if ! command -v "${cmd}" &>/dev/null; then
+      log "${cmd} could not be found, please install it."
+      exit 1
+    fi
+  done
+
+# Force macOS users to use gsed due to -i incompatibility
+  export SED="sed"
+  if [[ $(uname) = "Darwin" ]]; then
+    if ! command -v "gsed" &>/dev/null; then
+      log "gsed could not be found, please install it."
+            exit 1
+    fi
+    SED="gsed"
+  fi
+}
+
+error_handler() {
+  printf "Error occurred in script: %s, at line: %s. Command: %s. Error: %s\n" "$1" "$2" "$BASH_COMMAND" "$3" >&2
+  exit 1
+}
+
+trap 'error_handler ${LINENO} $? "$BASH_COMMAND"' ERR
+
+# --- Script
+trap 'rm $tmp_filename' EXIT
+
+update_gcr_kustomize_sidecar_tag () {
+  sidecar_name=$1
+  line_above=$2
+
+  tag=$(yq ".sidecars.$sidecar_name.tag" "$IMAGE_DIGESTS_FILEPATH" | awk -F- '{print $1}') # Cut off -eks-1... off of tag
+  log "Updating gcr kustomize $sidecar_name to $tag"
+  $SED -i "\|$line_above|{n;s/.*/    newTag: $tag/;}" "$KUSTOMIZE_FILEPATH"
+}
+
+update_helm_chart_sidecar_tag () {
+  sidecar_name=$1
+
+  export TAG
+  TAG=$(yq ".sidecars.$sidecar_name.tag" "$IMAGE_DIGESTS_FILEPATH")
+  log "Updating helm $sidecar_name sidecar to $TAG"
+  yq ".sidecars.$sidecar_name.image.tag = env(TAG)" -i "$HELM_VALUES_FILEPATH"
+}
+
+generate_gcr_kustomize () {
+    update_gcr_kustomize_sidecar_tag "provisioner" "newName: registry.k8s.io/sig-storage/csi-provisioner"
+    update_gcr_kustomize_sidecar_tag "attacher" "newName: registry.k8s.io/sig-storage/csi-attacher"
+    update_gcr_kustomize_sidecar_tag "livenessProbe" "newName: registry.k8s.io/sig-storage/livenessprobe"
+    update_gcr_kustomize_sidecar_tag "snapshotter" "newName: registry.k8s.io/sig-storage/csi-snapshotter"
+    update_gcr_kustomize_sidecar_tag "resizer" "newName: registry.k8s.io/sig-storage/csi-resizer"
+    update_gcr_kustomize_sidecar_tag "nodeDriverRegistrar" "newName: registry.k8s.io/sig-storage/csi-node-driver-registrar"
+
+    log "Success: All sidecar tags in $KUSTOMIZE_FILEPATH updated"
+}
+
+generate_helm_sidecars () {
+    yq '.sidecars | keys | .[]' "$IMAGE_DIGESTS_FILEPATH" > $tmp_filename
+
+    for sidecar in $(cat $tmp_filename)
+         do
+           update_helm_chart_sidecar_tag "$sidecar"
+         done
+
+    log "Success: All sidecar tags in $HELM_VALUES_FILEPATH updated"
+}
+
+main () {
+  check_dependencies
+  generate_gcr_kustomize
+  generate_helm_sidecars
+}
+
+main
diff --git a/hack/release-scripts/get-latest-sidecar-images b/hack/release-scripts/get-latest-sidecar-images
new file mode 100755
index 0000000000..644bb651e6
--- /dev/null
+++ b/hack/release-scripts/get-latest-sidecar-images
@@ -0,0 +1,88 @@
+#!/bin/bash
+# Copyright 2019 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ---
+# This script generates a copy of image-digests-template.yaml with the latest tags and associated manifest digests
+# for each sidecar image at OUTPUT_FILEPATH.
+
+# --- Environment Variables
+export ROOT_DIRECTORY IMAGE_DIGESTS_TEMPLATE_FILEPATH OUTPUT_FILEPATH
+ROOT_DIRECTORY=${ROOT_DIRECTORY:=$(git rev-parse --show-toplevel)}
+IMAGE_DIGESTS_TEMPLATE_FILEPATH=${IMAGE_DIGESTS_TEMPLATE_FILEPATH:="$ROOT_DIRECTORY/hack/release-scripts/image-digests-template.yaml"}
+OUTPUT_FILEPATH=${OUTPUT_FILEPATH:="$ROOT_DIRECTORY/hack/release-scripts/image-digests.yaml"}
+
+tmp_filename="tmp_$RANDOM.txt"
+
+# --- Script Tools
+set -euo pipefail # Exit on any error
+
+log() {
+  printf "%s [INFO] - %s\n" "$(date +"%Y-%m-%d %H:%M:%S")" "${*}" >&2
+}
+
+check_dependencies() {
+  local readonly dependencies=("yq" "git" "crane")
+
+  for cmd in "${dependencies[@]}"; do
+    if ! command -v "${cmd}" &>/dev/null; then
+      log "${cmd} could not be found, please install it."
+      exit 1
+    fi
+  done
+}
+
+error_handler() {
+  printf "Error occurred in script: %s, at line: %s. Command: %s. Error: %s\n" "$1" "$2" "$BASH_COMMAND" "$3" >&2
+  exit 1
+}
+
+trap 'error_handler ${LINENO} $? "$BASH_COMMAND"' ERR
+
+# --- Script
+trap 'rm $tmp_filename' EXIT
+
+crane_get_latest_image_tag() {
+  image=$1
+
+  export TAG
+  TAG=$(crane ls "$image" | sed '/latest/d' | sort -V | tail -1)  # Get tag for $image with latest semvar
+}
+
+update_sidecars_source_of_truth () {
+  cp "$IMAGE_DIGESTS_TEMPLATE_FILEPATH" "$OUTPUT_FILEPATH"
+
+  yq '.sidecars | keys | .[]' "$OUTPUT_FILEPATH" > $tmp_filename
+
+  for sidecar in $(cat $tmp_filename)
+       do
+         log "Updating $sidecar in $OUTPUT_FILEPATH"
+         image=$(yq ".sidecars.$sidecar.image" "$OUTPUT_FILEPATH")
+
+         export TAG
+         crane_get_latest_image_tag "$image"
+         yq ".sidecars.$sidecar.tag = env(TAG)" -i "$OUTPUT_FILEPATH"
+
+         export DIGEST
+         DIGEST=$(crane digest "$image:$TAG")
+         yq ".sidecars.$sidecar.manifestDigest = env(DIGEST)" -i "$OUTPUT_FILEPATH"
+       done
+}
+
+main () {
+  check_dependencies
+  update_sidecars_source_of_truth
+}
+
+main
diff --git a/hack/release-scripts/image-digests-template.yaml b/hack/release-scripts/image-digests-template.yaml
new file mode 100644
index 0000000000..c7766476d8
--- /dev/null
+++ b/hack/release-scripts/image-digests-template.yaml
@@ -0,0 +1,43 @@
+# This file acts as the source of truth for the driver and sidecar image tags and digests used by the rest of the repository.
+# It is to be updated through the use of scripts in `hack/release-scripts` or Makefile targets.
+driver:
+  name: "aws-ebs-csi-driver"
+  version: ""
+  gcrStagingImage: "gcr.io/k8s-staging-provider-aws/aws-ebs-csi-driver"
+  gcrStagingTag: ""
+  manifestDigest: ""
+  gcrImage: "registry.k8s.io/provider-aws/aws-ebs-csi-driver"
+  ecrImage: "public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver"
+sidecars: # sidecar names match upstream helm chart values.yaml
+  snapshotter:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter"
+    tag: ""
+    manifestDigest: ""
+  attacher:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-attacher"
+    tag: ""
+    manifestDigest: ""
+  provisioner:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner"
+    tag: ""
+    manifestDigest: ""
+  resizer:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-resizer"
+    tag: ""
+    manifestDigest: ""
+  livenessProbe:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe"
+    tag: ""
+    manifestDigest: ""
+  nodeDriverRegistrar:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar"
+    tag: ""
+    manifestDigest: ""
+  volumemodifier:
+    image: "public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s"
+    tag: ""
+    manifestDigest: ""
+  snapshotController:
+    image: "public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/snapshot-controller"
+    tag: ""
+    manifestDigest: ""