main release_notes routines

Author: vivus-ignis

src/gardenlinux/constants.py

@@ -147,3 +147,5 @@
 OCI_IMAGE_INDEX_MEDIA_TYPE = "application/vnd.oci.image.index.v1+json"
 
 RELEASE_ID_FILE = ".github_release_id"
+
+REQUESTS_TIMEOUTS = (5, 30)  # connect, read

src/gardenlinux/github/release/__init__.py

@@ -4,12 +4,10 @@
 
 import requests
 
-from gardenlinux.constants import RELEASE_ID_FILE
+from gardenlinux.constants import RELEASE_ID_FILE, REQUESTS_TIMEOUTS
 from gardenlinux.logger import LoggerSetup
 
-LOGGER = LoggerSetup.get_logger("gardenlinux.github", "INFO")
-
-REQUESTS_TIMEOUTS = (5, 30)  # connect, read
+LOGGER = LoggerSetup.get_logger("gardenlinux.github.release", "INFO")
 
 
 def create_github_release(owner, repo, tag, commitish, latest, body):

src/gardenlinux/github/release_notes/__init__.py

@@ -0,0 +1,31 @@
+from .helpers import get_package_list
+from .sections import (
+    release_notes_changes_section,
+    release_notes_compare_package_versions_section,
+    release_notes_software_components_section,
+)
+
+
+def create_github_release_notes(gardenlinux_version, commitish):
+    package_list = get_package_list(gardenlinux_version)
+
+    output = ""
+
+    output += release_notes_changes_section(gardenlinux_version)
+
+    output += release_notes_software_components_section(package_list)
+
+    output += release_notes_compare_package_versions_section(
+        gardenlinux_version, package_list
+    )
+
+    output += "\n"
+    output += "## Kernel Module Build Container (kmodbuild)"
+    output += "\n"
+    output += "```"
+    output += "\n"
+    output += f"ghcr.io/gardenlinux/gardenlinux/kmodbuild:{gardenlinux_version}"
+    output += "\n"
+    output += "```"
+    output += "\n"
+    return output

src/gardenlinux/github/release_notes/helpers.py

@@ -0,0 +1,35 @@
+import gzip
+import io
+
+import requests
+
+from gardenlinux.apt import DebsrcFile, GardenLinuxRepo
+from gardenlinux.apt.package_repo_info import compare_repo
+from gardenlinux.constants import REQUESTS_TIMEOUTS
+
+
+def get_package_list(gardenlinux_version):
+    url = f"https://packages.gardenlinux.io/gardenlinux/dists/{gardenlinux_version}/main/binary-amd64/Packages.gz"
+    response = requests.get(url, timeout=REQUESTS_TIMEOUTS)
+    response.raise_for_status()
+
+    d = DebsrcFile()
+
+    with io.BytesIO(response.content) as buf:
+        with gzip.open(buf, "rt") as f:
+            d.read(f)
+
+    return d
+
+
+def compare_apt_repo_versions(previous_version, current_version):
+    previous_repo = GardenLinuxRepo(previous_version)
+    current_repo = GardenLinuxRepo(current_version)
+    pkg_diffs = sorted(compare_repo(previous_repo, current_repo), key=lambda t: t[0])
+
+    output = f"| Package | {previous_version} | {current_version} |\n"
+    output += "|---------|--------------------|-------------------|\n"
+
+    for pkg in pkg_diffs:
+        output += f"|{pkg[0]} | {pkg[1] if pkg[1] is not None else '-'} | {pkg[2] if pkg[2] is not None else '-'} |\n"
+    return output

src/gardenlinux/github/release_notes/sections.py

@@ -0,0 +1,109 @@
+import re
+import textwrap
+
+import requests
+
+from gardenlinux.constants import REQUESTS_TIMEOUTS
+from gardenlinux.logger import LoggerSetup
+
+from .helpers import compare_apt_repo_versions
+
+LOGGER = LoggerSetup.get_logger("gardenlinux.github.release_notes", "INFO")
+
+
+def release_notes_changes_section(gardenlinux_version):
+    """
+    Get list of fixed CVEs, grouped by upgraded package.
+    Note: This result is not perfect, feel free to edit the generated release notes and
+    file issues in glvd for improvement suggestions https://github.com/gardenlinux/glvd/issues
+    """
+    try:
+        url = f"https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/patchReleaseNotes/{gardenlinux_version}"
+        response = requests.get(url, timeout=REQUESTS_TIMEOUTS)
+        response.raise_for_status()
+        data = response.json()
+
+        if len(data["packageList"]) == 0:
+            return ""
+
+        output = [
+            "## Changes",
+            "The following packages have been upgraded, to address the mentioned CVEs:",
+        ]
+        for package in data["packageList"]:
+            upgrade_line = (
+                f"- upgrade '{package['sourcePackageName']}' from `{package['oldVersion']}` "
+                f"to `{package['newVersion']}`"
+            )
+            output.append(upgrade_line)
+
+            if package["fixedCves"]:
+                for fixedCve in package["fixedCves"]:
+                    output.append(f"  - {fixedCve}")
+
+        return "\n".join(output) + "\n\n"
+    except Exception as exn:
+        # There are expected error cases, for example with versions not supported by glvd (1443.x) or when the api is not available
+        # Fail gracefully by adding the placeholder we previously used, so that the release note generation does not fail.
+        LOGGER.error(f"Failed to process GLVD API output: {exn}")
+        return textwrap.dedent(
+            """
+        ## Changes
+        The following packages have been upgraded, to address the mentioned CVEs:
+        **todo release facilitator: fill this in**
+        """
+        )
+
+
+def release_notes_software_components_section(package_list):
+    output = "## Software Component Versions\n"
+    output += "```"
+    output += "\n"
+    packages_regex = re.compile(
+        r"^linux-image-amd64$|^systemd$|^containerd$|^runc$|^curl$|^openssl$|^openssh-server$|^libc-bin$"
+    )
+    for entry in package_list.values():
+        if packages_regex.match(entry.deb_source):
+            output += f"{entry!r}\n"
+    output += "```"
+    output += "\n\n"
+    return output
+
+
+def release_notes_compare_package_versions_section(gardenlinux_version, package_list):
+    output = ""
+    version_components = gardenlinux_version.split(".")
+    # Assumes we always have version numbers like 1443.2
+    if len(version_components) == 2:
+        try:
+            major = int(version_components[0])
+            patch = int(version_components[1])
+
+            if patch > 0:
+                previous_version = f"{major}.{patch - 1}"
+
+                output += (
+                    f"## Changes in Package Versions Compared to {previous_version}\n"
+                )
+                output += compare_apt_repo_versions(
+                    previous_version, gardenlinux_version
+                )
+            elif patch == 0:
+                output += f"## Full List of Packages in Garden Linux version {major}\n"
+                output += "<details><summary>Expand to see full list</summary>\n"
+                output += "<pre>"
+                output += "\n"
+                for entry in package_list.values():
+                    output += f"{entry!r}\n"
+                output += "</pre>"
+                output += "\n</details>\n\n"
+
+        except ValueError:
+            LOGGER.error(
+                f"Could not parse {gardenlinux_version} as the Garden Linux version, skipping version compare section"
+            )
+    else:
+        LOGGER.error(
+            f"Unexpected version number format {gardenlinux_version}, expected format (major is int).(patch is int)"
+        )
+    return output