Prepare 1.3.0 release (#200)

Prepare for 1.3.0 release: * Changelog * Update deps: * Update & pin GHA, point jira sync at common workflows * Go version * Go mod * Docker base image * CSI driver version in tests * CI tool and k8s testing versions * Run `make promote-staging-manifest` Also fixed a small bug in the staging manifest's role permissions, and added one extra debug log line that helped me while testing out the latest changes. Co-authored-by: Theron Voran <[email protected]>
hashicorp · Apr 5, 2023 · 360a986 · 360a986
1 parent 6a2f093
commit 360a986
Show file tree

Hide file tree

Showing 14 changed files with 407 additions and 867 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -13,25 +13,12 @@ env:
   PKG_NAME: "vault-csi-provider"
 
 jobs:
-  get-go-version:
-    name: "Determine Go toolchain version"
-    runs-on: ubuntu-latest
-    outputs:
-      go-version: ${{ steps.get-go-version.outputs.go-version }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Determine Go version
-        id: get-go-version
-        run: |
-          echo "Building with Go $(cat .go-version)"
-          echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT
-
   get-product-version:
     runs-on: ubuntu-latest
     outputs:
       product-version: ${{ steps.get-product-version.outputs.product-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: get product version
         id: get-product-version
         run: |
@@ -45,23 +32,22 @@ jobs:
       filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
     steps:
       - name: 'Checkout directory'
-        uses: actions/checkout@v3
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Generate metadata file
         id: generate-metadata-file
         uses: hashicorp/actions-generate-metadata@v1
         with:
           version: ${{ needs.get-product-version.outputs.product-version }}
           product: ${{ env.PKG_NAME }}
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: metadata.json
           path: ${{ steps.generate-metadata-file.outputs.filepath }}
 
   build:
     needs:
       - get-product-version
-      - get-go-version
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -71,12 +57,12 @@ jobs:
     name: Go linux ${{ matrix.arch }} build
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: ${{ needs.get-go-version.outputs.go-version }}
+          go-version-file: .go-version
 
       - name: Build
         env:
@@ -86,7 +72,7 @@ jobs:
           mkdir dist out
           make build
           zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip dist/
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
           path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
@@ -105,7 +91,7 @@ jobs:
       version: ${{needs.get-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Docker Build (Action)
         uses: hashicorp/actions-docker-build@v1
         with:

diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml
@@ -1,72 +1,17 @@
+name: Jira Sync
 on:
   issues:
     types: [opened, closed, deleted, reopened]
   pull_request_target:
     types: [opened, closed, reopened]
   issue_comment: # Also triggers when commenting on a PR from the conversation view
     types: [created]
-
-name: Jira Sync
-
 jobs:
   sync:
-    runs-on: ubuntu-latest
-    name: Jira sync
-    steps:
-    - name: Login
-      uses: atlassian/[email protected]
-      env:
-        JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
-        JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
-        JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
-
-    - name: Preprocess
-      if: github.event.action == 'opened' || github.event.action == 'created'
-      id: preprocess
-      run: |
-        if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
-          echo "type=PR" >> $GITHUB_OUTPUT
-        else
-          echo "type=ISS" >> $GITHUB_OUTPUT
-        fi
-
-    - name: Create ticket
-      if: github.event.action == 'opened'
-      uses: tomhjp/[email protected]
-      with:
-        project: VAULT
-        issuetype: "GH Issue"
-        summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}"
-        description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
-        # customfield_10089 is Issue Link custom field
-        # customfield_10091 is team custom field
-        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "foundations"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
-
-    - name: Search
-      if: github.event.action != 'opened'
-      id: search
-      uses: tomhjp/[email protected]
-      with:
-        # cf[10089] is Issue Link custom field
-        jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
-
-    - name: Sync comment
-      if: github.event.action == 'created' && steps.search.outputs.issue
-      uses: tomhjp/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
-
-    - name: Close ticket
-      if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: Closed
-
-    - name: Reopen ticket
-      if: github.event.action == 'reopened' && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: "Pending Triage"
+    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
+    secrets:
+      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
+      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
+      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
+    with:
+      teams-array: '["ecosystem", "foundations"]'
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -3,45 +3,20 @@ name: Tests
 on: [push, workflow_dispatch]
 
 env:
-  KIND_VERSION: "v0.16.0"
-  BATS_VERSION: "1.8.2"
-  NODE_VERSION: "16"
+  KIND_VERSION: "v0.18.0"
+  BATS_VERSION: "1.9.0"
+  NODE_VERSION: "19.8.1"
   TARBALL_FILE: vault-csi-provider.docker.tar
 
 jobs:
-  get-go-version:
-    name: "Determine Go toolchain version"
-    runs-on: ubuntu-latest
-    outputs:
-      go-version: ${{ steps.get-go-version.outputs.go-version }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Determine Go version
-        id: get-go-version
-        run: |
-          echo "Building with Go $(cat .go-version)"
-          echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT
-
   lint:
-    needs:
-      - get-go-version
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-
-      # cache/restore go mod
-      - uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: ${{ needs.get-go-version.outputs.go-version }}
+          go-version-file: .go-version
+          cache: true
 
       - name: Install tools
         run: make bootstrap
@@ -67,25 +42,13 @@ jobs:
 
 
   test:
-    needs:
-      - get-go-version
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-
-      # cache/restore go mod
-      - uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: ${{ needs.get-go-version.outputs.go-version }}
+          go-version-file: .go-version
+          cache: true
 
       - name: Build
         run: |
@@ -95,7 +58,7 @@ jobs:
       - name: Test
         run: make test
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: vault-csi-provider-image
           path: ${{ env.TARBALL_FILE }}
@@ -107,11 +70,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        kind-k8s-version: [1.21.14, 1.22.15, 1.23.13, 1.24.7, 1.25.3]
+        kind-k8s-version: [1.22.17, 1.23.17, 1.24.12, 1.25.8, 1.26.3]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: ${{ env.NODE_VERSION }}
       - run: npm install -g bats@${{ env.BATS_VERSION }}
@@ -120,14 +83,14 @@ jobs:
         shell: bash
 
       - name: Create Kind Cluster
-        uses: helm/kind-action@v1.4.0
+        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0
         with:
           cluster_name: kind
           config: test/bats/configs/kind/config.yaml
           node_image: kindest/node:v${{ matrix.kind-k8s-version }}
           version: ${{ env.KIND_VERSION }}
 
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: vault-csi-provider-image
 

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.19.3
+1.20.3
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,7 @@
 ## Unreleased
 
+## 1.3.0 (April 5th, 2023)
+
 CHANGES:
 
 * Vault CSI Provider will use service account tokens passed from the Secrets Store CSI Driver instead of generating one if an appropriate token is provided. [[GH-163](https://github.com/hashicorp/vault-csi-provider/pull/163)]
@@ -13,6 +15,19 @@ CHANGES:
   * Requires RBAC permissions to create secrets, and read the same specific secret back. Versions are not generated otherwise and a warning
     is logged on each mount that fails to generate a version.
   * Supports creating the secret with custom name via `-hmac-secret-name`
+* Updated Docker base image from alpine 3.16.3 -> 3.17.3
+* Build with Go v1.20.3
+* Updated dependencies:
+  * github.com/hashicorp/go-hclog v1.3.1 -> v1.5.0
+  * github.com/hashicorp/vault/api v1.8.2 -> v1.9.0
+  * github.com/stretchr/testify v1.8.1 -> v1.8.2
+  * google.golang.org/grpc v1.50.1 -> v1.54.0
+  * k8s.io/api v0.25.4 -> v0.26.3
+  * k8s.io/apimachinery v0.25.4 -> v0.26.3
+  * k8s.io/client-go v0.25.4 -> v0.26.3
+  * k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed -> v0.0.0-20230313181309-38a27ef9d749
+  * sigs.k8s.io/secrets-store-csi-driver v1.2.4 -> v1.3.2
+* Tests are now run against Kubernetes versions: 1.22.17, 1.23.17, 1.24.12, 1.25.8, 1.26.3
 
 IMPROVEMENTS:
 

diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@
 # This Dockerfile contains multiple targets.
 # Use 'docker build --target=<name> .' to build one.
 
-ARG ALPINE_VERSION=3.16.3
+ARG ALPINE_VERSION=3.17.3
 ARG GO_VERSION=latest
 
 # devbuild compiles the binary

diff --git a/Makefile b/Makefile
@@ -15,7 +15,7 @@ PKG=github.com/hashicorp/vault-csi-provider/internal/version
 LDFLAGS?="-X '$(PKG).BuildVersion=$(VERSION)' \
 	-X '$(PKG).BuildDate=$(BUILD_DATE)' \
 	-X '$(PKG).GoVersion=$(shell go version)'"
-CSI_DRIVER_VERSION=1.3.1
+CSI_DRIVER_VERSION=1.3.2
 VAULT_HELM_VERSION=0.23.0
 GOLANGCI_LINT_FORMAT?=colored-line-number