diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 031e493c..ed2d438f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -5,6 +5,7 @@ A detailed explanation of the changes in your PR. Feel free to remove this section if it is overkill for your PR, and the title of your PR is sufficiently descriptive. ## Checklist +- [ ] Patch has a change log entry **OR** does not need one. - [ ] Investigated and inspected CI test results - [ ] Updated documentation accordingly diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..7b687a39 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,69 @@ +# Change log + +This document is maintained in a best effort manner. If you consider +your change is worthy of a note, please add a line to the list below. If +possible include a PR number for easier tracking. + +## Next + +* ROX-30256: track files and directories being renamed (#308) +* ROX-33198: Instrument inode tracking on file open lsm hook (#391) +* ROX-33217: Instrument inode tracking on directory being created path mkdir (#465) +* ROX-33216: implement inode tracking for path_rename (#487) +* ROX-33218: Instrument inode tracking on directory being deleted (#530) +* ROX-33199: unlink inode tracking (#429) +* ROX-33197: implement periodic scanning of host paths (#329) +* feat: make the maximum number of tracked inodes configurable (#409) +* Moves glob/wildcard matching into Fact. (#323) +* ROX-33540: adds rate limiting (#499) +* ROX-33471: do not attach progs when no paths configured (#371) +* ROX-31937: Generate third-party deps license files. (#192) +* cleanup(bpf): reduce preemption fragility in overlayfs dedup (#558) +* ROX-33133: Enable post-quantum crypto-policies for fact (#349) +* ROX-33133: Enable post-quantum crypto-policies for upstream fact (#364) +* ROX-32841: Quote args (#295) +* ROX-31266: Implement tests with valid and invalid utf 8 strings (#251) +* test: add tests for files being created and modified with text editors (#215) +* chore(tests): replace __eq__ with diff() for detailed test diagnostics (#314) +* Update edition to 2024 (#413) +* cleanup: restrict broadcast channels to the output component (#557) + +## v0.2 + +* feat: sanitize paths generated by calling d_path (#181) +* ROX-30258: Track file ownership changes (#156) +* ROX-30257: implement permission change tracking (#157) +* ROX-31430: delegate TLS to host implementation (#168) +* feat(ebpf): use bpf_loop for local d_path implementation (#175) +* 087a210 ROX-30437: basic inode tracking for host path resolution (#166) +* Add performance test pipeline (#104) +* ROX-30630: run BPF bootstrap test in CI (#131) +* Replace custom d_path with bpf_d_path (#154) +* fix(fact-ebpf): improve kernel compatibility (#125) +* ROX-30836: implement hotreloading for monitored paths (#120) +* ROX-30836: implement hotreloading configuration for outputs (#119) +* ROX-30836: implement configuration hotreloading (#110) +* ROX-30255: track file deletions (#86) +* ROX-30438: Reimplement kernel side path filtering (#79) +* ROX-30254: Track file creation events (#65) +* ROX-30746: implement layered configuration (#53) +* ROX-30294: Add prometheus metrics (#40) +* ROX-30260: Konflux arm64 builds (#35) +* ROX-30260: add support for arm64 [upstream] (#30) + +## v0.1 + +* Initial release +* file_open added as the only supported LSM hook. +* JSON and gRPC outputs. +* Pre-flight check for BPF LSM support. +* Miscellaneous helper functions for host information querying. +* Basic health check endpoint. +* Basic configuration via CLI and environment variables only. +* Basic gRPC mock server for validation. +* CI + * Basic job for compiling, testing and linting. + * x86 container builds. + * Onboarded to Konflux (only half way through). + * Integrated with MintMaker. + * Integration tests on Fedora coreos for both GHA and Konflux builds. diff --git a/docs/release.md b/docs/release.md index 6a12e2ba..1d002c89 100644 --- a/docs/release.md +++ b/docs/release.md @@ -31,15 +31,42 @@ which the release is forked. git push --set-upstream origin "release-${FACT_RELEASE}" ``` -At this point you will need to wait for the downstream release engineers -to create the git resources for Konflux before proceeding. +## Update CHANGELOG.md and version on main -## Update Konflux resources and application version +1. Set the following environment variable: + + * `FACT_RELEASE`: The next version of fact to be released. + + ```sh + export FACT_RELEASE=0.2 + ``` + +1. On the `main` branch, run the following commands. + + ```sh + sed -i \ + -e "s/^## Next/&\n\n## ${FACT_RELEASE}.0/" \ + CHANGELOG.md + + sed -i \ + -e "/^version = / s/\".*\"/\"${FACT_RELEASE}.0-dev\"/" \ + fact/Cargo.toml + ``` + +1. Create a new branch for these changes and push it to the repository. + ```sh + git checkout -b "release/update-versions-${FACT_RELEASE}" + git add . + git commit -m "chore: update change log and application version for ${FACT_RELEASE}" + git push --set-upstream origin "release/update-versions-${FACT_RELEASE}" + ``` + +1. Create a PR pointing to the main branch and get it merged. + +## Pin compiler version and update the application version 1. Set the following environment variables: - * `STACKROX_SUFFIX`: The major and minor versions of ACS that will - use this `fact` version (e.g., `4-10`). * `FACT_RELEASE`: The release version you set in the previous section. * `FACT_PATCH`: The patch version for this release (e.g., `0`). @@ -48,52 +75,36 @@ to create the git resources for Konflux before proceeding. (e.g., `1.88`). ```sh - export STACKROX_SUFFIX=4-10 export FACT_RELEASE=0.2 export FACT_PATCH=0 export RUST_VERSION=1.88 ``` -1. On the release branch, run the following commands to update the -Konflux build configuration and the application version. +1. On the release branch, run the following commands. ```sh - sed -i \ - -e "/appstudio.openshift.io\/application: / s/$/-${STACKROX_SUFFIX}/" \ - -e "/appstudio.openshift.io\/component: / s/$/-${STACKROX_SUFFIX}/" \ - -e "/serviceAccountName: / s/$/-${STACKROX_SUFFIX}/" \ - .tekton/fact-build.yaml + sed -i -e "s/^RUST_VERSION .*/RUST_VERSION ?= ${RUST_VERSION}/" \ + constants.mk sed -i \ -e "/^version = / s/\".*\"/\"${FACT_RELEASE}.0\"/" \ fact/Cargo.toml ``` -1. Run the following command to pin the Rust version to be used. - - ```sh - sed -i -e "/^RUST_VERSION / s/stable/${RUST_VERSION}/" \ - constants.mk - ``` - -1. Run the following command to stop mintmaker from attempting to - update our crate dependencies. - - ```sh - sed -i -e "/\"cargo\",/d" .github/renovate.json5 - ``` - 1. Create a new branch for these changes and push it to the repository. ```sh - git checkout -b "release/konflux-resources-${FACT_RELEASE}" + git checkout -b "release/prepare-${FACT_RELEASE}" git add . - git commit -m "Update Konflux resources for release ${FACT_RELEASE}" - git push --set-upstream origin "release/konflux-resources-${FACT_RELEASE}" + git commit -m "chore: prepare release branch for ${FACT_RELEASE}" + git push --set-upstream origin "release/prepare-${FACT_RELEASE}" ``` 1. Create a PR pointing to the release branch and get it merged. -1. Once the PR is in, you can go ahead and tag the fact release. +1. Since the release of artifacts via Konflux require some additional +configuration, you will need to wait for the release engineer to make +these and request a tag for fact. Once this happens, you can create a +new tag with the following commands: ```sh git checkout "release-${FACT_RELEASE}" git pull --ff-only