Merge branch 'release/v3.9.0-4'

Author: kahoona77

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v3.9.0-4] - 2025-02-12
+### Changed
+- [#32] Update Makefiles to 9.5.0
+- [#36] exit with error if `logging/root` is invalid
+  - this change is necessary for compatibility with CES Multinode
+
 ## [v3.9.0-3] - 2024-09-18
 ### Changed
 - Relicense to AGPL-3.0-only

Dockerfile

@@ -1,6 +1,6 @@
 FROM registry.cloudogu.com/official/base:3.20.2-1
 LABEL NAME="official/postfix" \
-      VERSION="3.9.0-3" \
+      VERSION="3.9.0-4" \
       [email protected]
 
 # INSTALL POSTFIX

Jenkinsfile

@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@1.67.0', 'github.com/cloudogu/dogu-build-lib@v2.3.0'])
+@Library(['github.com/cloudogu/ces-build-lib@3.1.0', 'github.com/cloudogu/dogu-build-lib@v2.6.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -33,7 +33,7 @@ timestamps {
         }
 
         stage('Shellcheck') {
-            shellCheck()
+            shellCheck("./resources/logging.sh ./resources/startup.sh ./resources/mask2cidr.sh")
         }
     }
     node('vagrant') {

Makefile

@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.1.0
+MAKEFILES_VERSION=9.5.0
 
 .DEFAULT_GOAL:=dogu-release
 

build/make/bats.mk

@@ -9,7 +9,7 @@ BATS_SUPPORT=$(BATS_LIBRARY_DIR)/bats-support
 BATS_FILE=$(BATS_LIBRARY_DIR)/bats-file
 BATS_BASE_IMAGE?=bats/bats
 BATS_CUSTOM_IMAGE?=cloudogu/bats
-BATS_TAG?=1.2.1
+BATS_TAG?=1.11.0
 BATS_DIR=build/make/bats
 BATS_WORKDIR="${WORKDIR}"/"${BATS_DIR}"
 

build/make/bats/Dockerfile

@@ -1,7 +1,9 @@
 ARG BATS_BASE_IMAGE
 ARG BATS_TAG
 
-FROM ${BATS_BASE_IMAGE}:${BATS_TAG}
+FROM ${BATS_BASE_IMAGE:-bats/bats}:${BATS_TAG:-1.11.0}
 
 # Make bash more findable by scripts and tests
 RUN apk add make git bash
+# suppress git "detected dubious ownership" error/warning for repos which are checked out later
+RUN git config --global --add safe.directory /workspace

build/make/build.mk

@@ -3,7 +3,7 @@
 ADDITIONAL_LDFLAGS?=-extldflags -static
 LDFLAGS?=-ldflags "$(ADDITIONAL_LDFLAGS) -X main.Version=$(VERSION) -X main.CommitID=$(COMMIT_ID)"
 GOIMAGE?=golang
-GOTAG?=1.22
+GOTAG?=1.23
 GOOS?=linux
 GOARCH?=amd64
 PRE_COMPILE?=

build/make/k8s-dogu.tpl

@@ -1,4 +1,4 @@
-apiVersion: k8s.cloudogu.com/v1
+apiVersion: k8s.cloudogu.com/v2
 kind: Dogu
 metadata:
   name: NAME

build/make/k8s.mk

@@ -138,7 +138,7 @@ ${K8S_RESOURCE_TEMP_FOLDER}:
 ##@ K8s - Docker
 
 .PHONY: docker-build
-docker-build: check-docker-credentials check-k8s-image-env-var ## Builds the docker image of the K8s app.
+docker-build: check-docker-credentials check-k8s-image-env-var ${BINARY_YQ} ## Builds the docker image of the K8s app.
 	@echo "Building docker image $(IMAGE)..."
 	@DOCKER_BUILDKIT=1 docker build . -t $(IMAGE)
 

build/make/prerelease.mk

@@ -0,0 +1,6 @@
+# used to create switch the dogu to a prerelease namespace
+# e.g. official/usermgmt -> prerelease_official/usermgmt
+
+.PHONY: prerelease_namespace
+prerelease_namespace:
+	build/make/stagex.sh prerelease_namespace

build/make/prerelease.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+prerelease_namespace() {
+
+  # Update version in dogu.json
+  if [ -f "dogu.json" ]; then
+    echo "Updating name in dogu.json..."
+    ORIG_NAME="$(jq -r ".Name" ./dogu.json)"
+    PRERELEASE_NAME="prerelease_${ORIG_NAME}"
+    jq ".Name = \"${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+    jq ".Image = \"registry.cloudogu.com/${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+  fi
+
+  # Update version in Dockerfile
+  if [ -f "Dockerfile" ]; then
+    echo "Updating version in Dockerfile..."
+    ORIG_NAME="$(grep -oP "^[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
+    PRERELEASE_NAME="prerelease_$( echo -e "$ORIG_NAME" | sed 's/\//\\\//g' )"
+    sed -i "s/\(^[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile
+  fi
+
+}
+
+
+TYPE="${1}"
+
+echo ${TYPE}
+if [[ "${TYPE}" == "prerelease_namespace" ]];then
+  prerelease_namespace
+fi

build/make/release.sh

@@ -56,6 +56,7 @@ fi
 
 update_versions "${NEW_RELEASE_VERSION}"
 update_changelog "${NEW_RELEASE_VERSION}" "${FIXED_CVE_LIST}"
+update_releasenotes "${NEW_RELEASE_VERSION}"
 show_diff
 
 if [[ -n "${DRY_RUN}" ]]; then

build/make/release_functions.sh

@@ -207,6 +207,50 @@ update_changelog() {
   git commit -m "Update changelog"
 }
 
+update_releasenotes() {
+  local NEW_RELEASE_VERSION="${1}"
+
+  # ReleaseNotes update
+  local CURRENT_DATE
+  CURRENT_DATE=$(date --rfc-3339=date)
+  local NEW_RELEASENOTE_TITLE="## [v${NEW_RELEASE_VERSION}] - ${CURRENT_DATE}"
+  rm -rf ".rn_changed"
+  find . -name "*release_notes*.md" -print0 | while read -d $'\0' file
+  do
+     # Check if "Unreleased" tag exists
+     while ! grep --silent "## \[Unreleased\]" "${file}"; do
+       echo ""
+       echo -e "\e[31mYour ${file} does not contain a \"## [Unreleased]\" line!\e[0m"
+       echo "Please add one to make it comply to https://keepachangelog.com/en/1.0.0/"
+       wait_for_ok "Please insert a \"## [Unreleased]\" line into ${file} now."
+     done
+
+     # Add new title line to changelog
+     sed -i "s|## \[Unreleased\]|## \[Unreleased\]\n\n${NEW_RELEASENOTE_TITLE}|g" "${file}"
+     echo "Processed ${file}"
+     echo true > ".rn_changed"
+  done
+
+  if test -f ".rn_changed" ; then
+    # Wait for user to validate changelog changes
+    wait_for_ok "Please make sure your release notes looks as desired."
+
+    find . -name "*release_notes*.md" -print0 | while read -d $'\0' file
+    do
+      # Check if new version tag still exists
+      while ! grep --silent "$(echo $NEW_RELEASENOTE_TITLE | sed -e 's/[]\/$*.^[]/\\&/g')" "${file}"; do
+        echo ""
+        echo -e "\e[31mYour ${file} does not contain \"${NEW_RELEASENOTE_TITLE}\"!\e[0m"
+        wait_for_ok "Please update your ${file} now."
+      done
+      git add "${file}"
+    done
+
+    git commit -m "Update ReleaseNotes"
+  fi
+  rm -rf ".rn_changed"
+}
+
 # addFixedCVEListFromReRelease is used in dogu cve releases. The method adds the fixed CVEs under the ### Fixed header
 # in the unreleased section.
 addFixedCVEListFromReRelease() {

build/make/self-update.mk

@@ -19,4 +19,9 @@ remove-old-files:
 
 .PHONY: copy-new-files
 copy-new-files:
-	@cp -r $(TMP_DIR)/makefiles-$(MAKEFILES_VERSION)/build/make $(BUILD_DIR)
+	@cp -r $(TMP_DIR)/makefiles-$(MAKEFILES_VERSION)/build/make $(BUILD_DIR)
+
+.PHONY: update-build-libs
+update-build-libs:
+	@echo "Check for newer Build-Lib versions"
+	build/make/self-update.sh buildlibs

build/make/self-update.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+TYPE="${1}"
+
+update_build_libs() {
+  echo "Get newest version of ces-build-lib and dogu-build-lib"
+  update_jenkinsfile
+  echo "Newest Versions set. Please check your Jenkinsfile"
+}
+
+get_highest_version() {
+  local target="${1}"
+  local gitCesBuildLib
+  # getting tags from ces-build.libs OR dogu-build-libs
+  gitCesBuildLib="$(git ls-remote --tags --refs https://github.com/cloudogu/${target}-build-lib)"
+  local highest
+  # Flagfile for getting results out of while-loop
+  rm -rf .versions
+  while IFS= read -r line; do
+      local version
+      version="$(awk -F'/tags/' '{ for(i=1;i<=NF;i++) print $i }' <<< $line | tail -n 1 | sed 's/[^0-9\.]*//g')"
+      if [[ $version == *"."* ]] ; then
+        echo $version >> ".versions"
+      fi
+  done <<< "$gitCesBuildLib"
+  highest=$(sort .versions | tail -n 1)
+  rm -rf .versions
+  echo "${highest}"
+}
+
+# Patch Jenkinsfile
+update_jenkinsfile() {
+  sed -i "s/ces-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/ces-build-lib@$(get_highest_version ces)/g" Jenkinsfile
+  sed -i "s/dogu-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@$(get_highest_version dogu)/g" Jenkinsfile
+}
+
+# switch for script entrypoint
+if [[ "${TYPE}" == "buildlibs" ]];then
+  update_build_libs
+else
+  echo "Unknown target ${TYPE}"
+fi
+
+
+

build/make/static-analysis.mk

@@ -2,12 +2,12 @@
 
 STATIC_ANALYSIS_DIR=$(TARGET_DIR)/static-analysis
 GOIMAGE?=golang
-GOTAG?=1.22
+GOTAG?=1.23
 CUSTOM_GO_MOUNT?=-v /tmp:/tmp
 
 REVIEW_DOG=$(TMP_DIR)/bin/reviewdog
 LINT=$(TMP_DIR)/bin/golangci-lint
-LINT_VERSION?=v1.58.2
+LINT_VERSION?=v1.61.0
 # ignore tests and mocks
 LINTFLAGS=--tests=false --exclude-files="^.*_mock.go$$" --exclude-files="^.*/mock.*.go$$" --timeout 10m --issues-exit-code 0
 ADDITIONAL_LINTER=-E bodyclose -E containedctx -E contextcheck -E decorder -E dupl -E errname -E forcetypeassert -E funlen -E unparam

build/make/vulnerability-scan.mk

@@ -0,0 +1,13 @@
+##@ Vulnerability scan
+
+GOVULNCHECK_BIN=${UTILITY_BIN_PATH}/govulncheck
+GOVULNCHECK_VERSION?=latest
+
+${GOVULNCHECK_BIN}: ${UTILITY_BIN_PATH}
+	$(call go-get-tool,$(GOVULNCHECK_BIN),golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION))
+
+.PHONY: govulncheck
+govulncheck: ${GOVULNCHECK_BIN} ## This target is used to scan the go repository against known vulnerabilities
+	@echo "Start vulnerability against repository"
+	${GOVULNCHECK_BIN} -show verbose ./...
+	@echo "Finished scan"

dogu.json

@@ -1,6 +1,6 @@
 {
   "Name": "official/postfix",
-  "Version": "3.9.0-3",
+  "Version": "3.9.0-4",
   "DisplayName": "Postfix",
   "Description": "Postfix - Mail Transfer Agent",
   "Logo": "https://cloudogu.com/images/dogus/postfix.png",

resources/logging.sh

@@ -3,10 +3,30 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+SCRIPT_LOG_PREFIX="Log level mapping:"
+
+function exitOnInvalidDoguLogLevel() {
+  echo "${SCRIPT_LOG_PREFIX} Validate root log level"
+
+  validateExitCode=0
+  doguctl validate "${DEFAULT_LOGGING_KEY}" || validateExitCode=$?
+
+  if [[ ${validateExitCode} -ne 0 ]]; then
+      echo "${SCRIPT_LOG_PREFIX} ERROR: The loglevel configured in ${DEFAULT_LOGGING_KEY} is invalid."
+      echo "${SCRIPT_LOG_PREFIX} ERROR: Fix the loglevel. Exiting now"
+      exit 1
+  fi
+
+  return
+}
+
 # logging behaviour can be configured in logging/root with the following options <ERROR,WARN,INFO,DEBUG>
 DEFAULT_LOGGING_KEY="logging/root"
 DEFAULT_LOG_LEVEL="INFO"
 
+# check if loglevel is valid or exit, so that customers see that they need to fix the log level
+exitOnInvalidDoguLogLevel
+
 POSTFIX_LOGLEVEL=$(doguctl config --default "${DEFAULT_LOG_LEVEL}" "${DEFAULT_LOGGING_KEY}")
 export POSTFIX_LOGLEVEL
 
@@ -18,24 +38,6 @@ RSYSLOG_LOGGING="/etc/rsyslog.conf"
 SUPERVISOR_CONF_TEMPLATE="/etc/supervisord.conf.tpl"
 SUPERVISOR_CONF="/etc/supervisord.conf"
 
-SCRIPT_LOG_PREFIX="Log level mapping:"
-function validateDoguLogLevel() {
-  echo "${SCRIPT_LOG_PREFIX} Validate root log level"
-
-  validateExitCode=0
-  doguctl validate "${DEFAULT_LOGGING_KEY}" || validateExitCode=$?
-
-  if [[ ${validateExitCode} -ne 0 ]]; then
-      echo "${SCRIPT_LOG_PREFIX} WARNING: The loglevel configured in ${DEFAULT_LOGGING_KEY} is invalid."
-      echo "${SCRIPT_LOG_PREFIX} WARNING: Removing misconfigured value."
-      doguctl config --rm "${DEFAULT_LOGGING_KEY}"
-  fi
-
-  return
-}
-
-validateDoguLogLevel
-
 echo "Rendering logging configuration..."
 doguctl template ${RSYSLOG_LOGGING_TEMPLATE} ${RSYSLOG_LOGGING}
 doguctl template ${SUPERVISOR_CONF_TEMPLATE} ${SUPERVISOR_CONF}