diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cbc010a..5550eb9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -76,7 +76,7 @@ jobs: run: | git config --global --add safe.directory "$(pwd)" git config --global user.name "Salt Project Packaging" - git config --global user.email saltproject-packaging@vmware.com + git config --global user.email saltproject.pdl@broadcom.com git config --global commit.gpgsign false - name: Update Repository @@ -117,7 +117,7 @@ jobs: ## name: Merge develop into stable ## runs-on: ubuntu-latest ## needs: - ## - update-develop + ## - update-main ## environment: release ## permissions: ## contents: write # To be able to publish the release @@ -134,7 +134,7 @@ jobs: ## run: | ## git config --global --add safe.directory "$(pwd)" ## git config --global user.name "Salt Project Packaging" - ## git config --global user.email saltproject-packaging@vmware.com + ## git config --global user.email saltproject.pdl@broadcom.com ## git config --global commit.gpgsign false ## - name: Download Release Details @@ -187,7 +187,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - ## ref: stable + ref: main repository: ${{ github.repository }} ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }} @@ -207,7 +207,7 @@ jobs: name: ${{ env.CUT_RELEASE_VERSION }} tag_name: ${{ env.CUT_RELEASE_VERSION }} body_path: .cut_release_changes - target_commitish: stable + target_commitish: main draft: false prerelease: false generate_release_notes: false @@ -222,60 +222,79 @@ jobs: name: release-details failOnError: false - ## update-develop-checksums: - ## name: Update Release Checksums on Develop - ## runs-on: ubuntu-latest - ## needs: - ## - publish-release - ## environment: release - ## permissions: - ## contents: write # For action peter-evans/create-pull-request - ## pull-requests: write # For action peter-evans/create-pull-request + update-main-checksums: + name: Update Release Checksums on Main + runs-on: ubuntu-latest + needs: + - publish-release + environment: release + permissions: + contents: write # For action peter-evans/create-pull-request + pull-requests: write # For action peter-evans/create-pull-request - ## steps: - ## - uses: actions/checkout@v4 - ## with: - ## ref: stable - ## repository: ${{ github.repository }} - ## ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }} + steps: + - uses: actions/checkout@v4 + with: + ref: main + repository: ${{ github.repository }} + ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }} - ## ## - name: Get vmtools-salt.sh on stable branch sha256sum - ## ## run: | - ## ## echo "SH=$(sha256sum vmtools-salt.sh | awk '{ print $1 }')" >> "$GITHUB_ENV" - ## ## echo "BS_VERSION=$(sh vmtools-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV" + - name: Get vmtools-salt.sh on main branch sha256sum + run: | + echo "SH=$(sha256sum vmtools-salt.sh | awk '{ print $1 }')" >> "$GITHUB_ENV" + echo "VMTS_VERSION=$(sh vmtools-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV" - ## - uses: actions/checkout@v4 - ## with: - ## ref: develop - ## repository: ${{ github.repository }} - ## ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }} + - uses: actions/checkout@v4 + with: + ref: main + repository: ${{ github.repository }} + ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }} - ## - name: Configure Git - ## shell: bash - ## run: | - ## git config --global --add safe.directory "$(pwd)" - ## git config --global user.name "Salt Project Packaging" - ## git config --global user.email saltproject-packaging@vmware.com - ## git config --global commit.gpgsign false + - name: Configure Git + shell: bash + run: | + git config --global --add safe.directory "$(pwd)" + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject.pdl@broadcom.com + git config --global commit.gpgsign false - ## - name: Update Latest Release on README - ## run: | - ## python3 .github/workflows/scripts/update-release-shasum.py ${{ env.BS_VERSION }} ${{ env.SH }} + - name: Update Latest Release on README + run: | + python3 .github/workflows/scripts/update-release-shasum.py ${{ env.VMTS_VERSION }} ${{ env.SH }} - ## - name: Show Changes - ## run: | - ## git status - ## git diff + - name: Show Changes + run: | + git status + git diff - ## - name: Commit Changes - ## run: | - ## git commit -am "Update README.rst with ${{ env.BS_VERSION }} release sha256sum" || \ - ## git commit -am "Update README.rst with ${{ env.BS_VERSION }} release sha256sum" + - name: Commit Changes + run: | + git commit -am "Update README.rst with ${{ env.VMTS_VERSION }} release sha256sum" || \ + git commit -am "Update README.rst with ${{ env.VMTS_VERSION }} release sha256sum" - ## - name: Push Changes - ## uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839 - ## with: - ## ssh: true - ## atomic: true - ## branch: develop - ## repository: ${{ github.repository }} + - name: Push Changes + uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839 + with: + ssh: true + atomic: true + branch: main + repository: ${{ github.repository }} + + - name: Update vmtools-salt.sh sha256sum's + run: | + sha256sum vmtools-salt.sh | awk '{ print $1 }' > vmtools-salt.sh.sha256 + sha256sum vmtools-salt.ps1 | awk '{ print $1 }' > vmtools-salt.ps1.sha256 + git commit -a -m "Update sha256 checksums" || git commit -a -m "Update sha256 checksums" + + - name: Push Changes + uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839 + with: + ssh: true + tags: true + atomic: true + branch: main + repository: ${{ github.repository }} + + - name: Tag The ${{ needs.update-main.outputs.release-version }} Release + run: | + git tag --no-sign -m "Release ${{ needs.update-main.outputs.release-version }}" -a ${{ needs.update-main.outputs.release-version }} diff --git a/.github/workflows/scripts/cut-release.py b/.github/workflows/scripts/cut-release.py index 2a2a3b4..cd71528 100644 --- a/.github/workflows/scripts/cut-release.py +++ b/.github/workflows/scripts/cut-release.py @@ -197,8 +197,8 @@ def main(): ) svtminion_script_path.write_text( re.sub( - r'__ScriptVersion="(.*)"', - f'__ScriptVersion="{options.release_tag.lstrip("v")}"', + r'SCRIPT_VERSION="(.*)"', + f'SCRIPT_VERSION="{options.release_tag.lstrip("v")}"', svtminion_script_path.read_text(), ) ) @@ -212,8 +212,8 @@ def main(): ) svtminion_script_path.write_text( re.sub( - r'\$__ScriptVersion = "(.*)"', - f'$__ScriptVersion = "{options.release_tag.lstrip("v")}"', + r'\$SCRIPT_VERSION= "(.*)"', + f'$SCRIPT_VERSION= "{options.release_tag.lstrip("v")}"', svtminion_script_path.read_text(), ) ) diff --git a/.github/workflows/scripts/update-release-shasum.py b/.github/workflows/scripts/update-release-shasum.py index 46e38a0..6ea6001 100644 --- a/.github/workflows/scripts/update-release-shasum.py +++ b/.github/workflows/scripts/update-release-shasum.py @@ -5,7 +5,7 @@ THIS_FILE = pathlib.Path(__file__).resolve() CODE_ROOT = THIS_FILE.parent.parent.parent.parent -README_PATH = CODE_ROOT / "README.rst" +README_PATH = CODE_ROOT / "README.md" def main(version, sha256sum): @@ -31,7 +31,7 @@ def main(version, sha256sum): continue out_contents += line - if line.startswith(".. _sha256sums:"): + if line.startswith("## _sha256sums"): found_anchor = True if in_contents != out_contents: README_PATH.write_text(out_contents) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7eb47ab..2159937 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,6 +29,14 @@ repos: - id: check-yaml - id: check-json + - repo: https://github.com/jazzband/pip-tools + rev: 7.3.0 + hooks: + - id: pip-compile + files: ^requirements/release\.(in|txt)$ + args: + - requirements/release.in + - repo: local hooks: - id: generate-actions-workflow diff --git a/README.md b/README.md index be82ef0..6ffccdb 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,21 @@ The script can install, remove, and check the status of an installed Salt minion either using a direct command line option or via VMware's use of Guest Variables, commonly referred to as guestVars. +In every two-step installation example, you would be well-served to **verify against the SHA256 +sum** of the downloaded `svtminion.sh` file. + +## _sha256sums + +The SHA256 sum of the `svtminion.sh` file, per release, is: + + +If you're looking for a *one-liner* to install Salt Minion, please read below. + +There are also .sha256 files for verifying against in the repo for the main branch. You can also +get the correct sha256 sum for the tagged release from +https://github.com/saltstack/salt-vmtools/releases/latest/download/svtminion.sh.sha256 and +https://github.com/saltstack/salt-vmtools/releases/latest/download/svtminion.ps1.sha256 + ## Configuration options diff --git a/requirements/release.in b/requirements/release.in new file mode 100644 index 0000000..5107b06 --- /dev/null +++ b/requirements/release.in @@ -0,0 +1,2 @@ +pre-commit +python-tools-scripts >= 0.18.6 diff --git a/requirements/release.txt b/requirements/release.txt new file mode 100644 index 0000000..95d117a --- /dev/null +++ b/requirements/release.txt @@ -0,0 +1,60 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile requirements/release.in +# +annotated-types==0.7.0 + # via pydantic +attrs==24.2.0 + # via python-tools-scripts +certifi==2024.8.30 + # via requests +cfgv==3.4.0 + # via pre-commit +charset-normalizer==3.4.0 + # via requests +distlib==0.3.9 + # via virtualenv +filelock==3.16.1 + # via + # python-tools-scripts + # virtualenv +identify==2.6.3 + # via pre-commit +idna==3.10 + # via requests +markdown-it-py==3.0.0 + # via rich +mdurl==0.1.2 + # via markdown-it-py +nodeenv==1.9.1 + # via pre-commit +platformdirs==4.3.6 + # via virtualenv +pre-commit==4.0.1 + # via -r requirements/release.in +pydantic==2.10.3 + # via python-tools-scripts +pydantic-core==2.27.1 + # via pydantic +pygments==2.18.0 + # via rich +python-tools-scripts==0.20.5 + # via -r requirements/release.in +pyyaml==6.0.2 + # via pre-commit +requests==2.32.3 + # via python-tools-scripts +rich==13.9.4 + # via python-tools-scripts +typing-extensions==4.12.2 + # via + # pydantic + # pydantic-core + # python-tools-scripts + # rich +urllib3==2.2.3 + # via requests +virtualenv==20.28.0 + # via pre-commit diff --git a/windows/svtminion.ps1 b/windows/svtminion.ps1 index 37630e5..032c861 100644 --- a/windows/svtminion.ps1 +++ b/windows/svtminion.ps1 @@ -287,9 +287,9 @@ if ($help) { } # This value is populated via CICD during build -$script_version = "SCRIPT_VERSION_REPLACE" +$SCRIPT_VERSION = "SCRIPT_VERSION_REPLACE" if ($Version) { - Write-Host $script_version + Write-Host $SCRIPT_VERSION exit 0 } @@ -457,7 +457,7 @@ $guestvars_salt_desired_state = "$guestvars_salt.desiredstate" function Get-Version { - return $script_version + return $SCRIPT_VERSION }