Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package digger-cli for openSUSE:Factory
checked in at 2025-02-12 21:35:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/digger-cli (Old)
and /work/SRC/openSUSE:Factory/.digger-cli.new.8181 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "digger-cli"
Wed Feb 12 21:35:49 2025 rev:6 rq:1245227 version:0.6.85
Changes:
--------
--- /work/SRC/openSUSE:Factory/digger-cli/digger-cli.changes 2025-02-07
23:12:51.892954969 +0100
+++ /work/SRC/openSUSE:Factory/.digger-cli.new.8181/digger-cli.changes
2025-02-12 21:36:50.291365611 +0100
@@ -1,0 +2,7 @@
+Wed Feb 12 06:43:30 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.6.85:
+ * support encrypted s3 bucket for plan uploads (#1882)
+ * remove unused methods (#1881)
+
+-------------------------------------------------------------------
Old:
----
digger-cli-0.6.84.obscpio
New:
----
digger-cli-0.6.85.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ digger-cli.spec ++++++
--- /var/tmp/diff_new_pack.1fICgw/_old 2025-02-12 21:36:52.295448213 +0100
+++ /var/tmp/diff_new_pack.1fICgw/_new 2025-02-12 21:36:52.299448379 +0100
@@ -19,7 +19,7 @@
%define executable_name digger
Name: digger-cli
-Version: 0.6.84
+Version: 0.6.85
Release: 0
Summary: CLI for the digger open source IaC orchestration tool
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.1fICgw/_old 2025-02-12 21:36:52.335449862 +0100
+++ /var/tmp/diff_new_pack.1fICgw/_new 2025-02-12 21:36:52.339450027 +0100
@@ -6,7 +6,7 @@
<param name="exclude">go.mod</param>
<param name="exclude">go.work</param>
<param name="exclude">go.work.sum</param>
- <param name="revision">v0.6.84</param>
+ <param name="revision">v0.6.85</param>
<param name="match-tag">v*</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.1fICgw/_old 2025-02-12 21:36:52.363451016 +0100
+++ /var/tmp/diff_new_pack.1fICgw/_new 2025-02-12 21:36:52.367451182 +0100
@@ -1,7 +1,7 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/diggerhq/digger</param>
- <param
name="changesrevision">7deabf0b5ed958526064be735c821fc5cfda6361</param></service><service
name="tar_scm">
+ <param
name="changesrevision">ba401407d70a06fcd7f1020c368387465f6e2a93</param></service><service
name="tar_scm">
<param
name="url">https://github.com/johanneskastl/digger</param>
<param
name="changesrevision">8fe377068e53e2050ff4c745388d8428d2b13bb0</param></service></servicedata>
(No newline at EOF)
++++++ digger-cli-0.6.84.obscpio -> digger-cli-0.6.85.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/digger-cli-0.6.84/action.yml
new/digger-cli-0.6.85/action.yml
--- old/digger-cli-0.6.84/action.yml 2025-02-04 19:48:40.000000000 +0100
+++ new/digger-cli-0.6.85/action.yml 2025-02-11 20:27:13.000000000 +0100
@@ -100,6 +100,18 @@
upload-plan-destination-s3-bucket:
description: Name of the destination bucket for AWS S3. Should be provided
if destination == aws
required: false
+ upload-plan-destination-s3-encryption-enabled:
+ description: If encryption is to be enabled for s3 bucket
+ required: false
+ default: "false"
+ upload-plan-destination-s3-encryption-type:
+ description: the type of encryption to use for the S3 bucket, either
AES256 or KMS
+ required: false
+ default: "AES256"
+ upload-plan-destination-s3-encryption-kms-key-id:
+ description: for encryption of type KMS you need to specify the KMS key ID
to use
+ required: false
+
upload-plan-destination-gcp-bucket:
description: Name of the destination bucket for a GCP bucket. Should be
provided if destination == gcp
required: false
@@ -367,6 +379,9 @@
shell: bash
env:
PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }}
+ PLAN_UPLOAD_S3_ENCRYPTION_ENABLED: ${{
inputs.upload-plan-destination-s3-encryption-enabled }}
+ PLAN_UPLOAD_S3_ENCRYPTION_TYPE: ${{
inputs.upload-plan-destination-s3-encryption-type }}
+ PLAN_UPLOAD_S3_ENCRYPTION_KMS_ID: ${{
inputs.upload-plan-destination-s3-encryption-kms-key-id }}
GOOGLE_STORAGE_LOCK_BUCKET: ${{ inputs.google-lock-bucket }}
GOOGLE_STORAGE_PLAN_ARTEFACT_BUCKET: ${{
inputs.upload-plan-destination-gcp-bucket }}
AWS_S3_BUCKET: ${{ inputs.upload-plan-destination-s3-bucket }}
@@ -404,6 +419,9 @@
env:
actionref: ${{ github.action_ref }}
PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }}
+ PLAN_UPLOAD_S3_ENCRYPTION_ENABLED: ${{
inputs.upload-plan-destination-s3-encryption-enabled }}
+ PLAN_UPLOAD_S3_ENCRYPTION_TYPE: ${{
inputs.upload-plan-destination-s3-encryption-type }}
+ PLAN_UPLOAD_S3_ENCRYPTION_KMS_ID: ${{
inputs.upload-plan-destination-s3-encryption-kms-key-id }}
GOOGLE_STORAGE_LOCK_BUCKET: ${{ inputs.google-lock-bucket }}
GOOGLE_STORAGE_PLAN_ARTEFACT_BUCKET: ${{
inputs.upload-plan-destination-gcp-bucket }}
AWS_S3_BUCKET: ${{ inputs.upload-plan-destination-s3-bucket }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/digger-cli-0.6.84/cli/cmd/digger/main.go
new/digger-cli-0.6.85/cli/cmd/digger/main.go
--- old/digger-cli-0.6.84/cli/cmd/digger/main.go 2025-02-04
19:48:40.000000000 +0100
+++ new/digger-cli-0.6.85/cli/cmd/digger/main.go 2025-02-11
20:27:13.000000000 +0100
@@ -2,57 +2,11 @@
import (
"fmt"
- "github.com/diggerhq/digger/cli/pkg/digger"
"github.com/diggerhq/digger/cli/pkg/usage"
- core_backend "github.com/diggerhq/digger/libs/backendapi"
- "github.com/diggerhq/digger/libs/ci"
- "github.com/diggerhq/digger/libs/comment_utils/reporting"
- "github.com/diggerhq/digger/libs/comment_utils/summary"
- "github.com/diggerhq/digger/libs/digger_config"
- core_locking "github.com/diggerhq/digger/libs/locking"
- core_policy "github.com/diggerhq/digger/libs/policy"
- "github.com/diggerhq/digger/libs/scheduler"
- "github.com/diggerhq/digger/libs/storage"
"log"
"os"
)
-func exec(actor string, projectName string, repoNamespace string, command
string, prNumber int, lock core_locking.Lock, policyChecker
core_policy.Checker, prService ci.PullRequestService, orgService ci.OrgService,
reporter reporting.Reporter, backendApi core_backend.Api) {
-
- //SCMOrganisation, SCMrepository :=
utils.ParseRepoNamespace(runConfig.RepoNamespace)
- currentDir, err := os.Getwd()
- if err != nil {
-
- usage.ReportErrorAndExit(actor, fmt.Sprintf("Failed to get
current dir. %s", err), 4)
-
- }
-
- planStorage, err := storage.NewPlanStorage("", "", "", nil)
- if err != nil {
-
- usage.ReportErrorAndExit(actor, fmt.Sprintf("Failed to get plan
storage. %s", err), 4)
-
- }
-
- changedFiles, err := prService.GetChangedFiles(prNumber)
- if err != nil {
- usage.ReportErrorAndExit(actor, fmt.Sprintf("could not get
changed files: %v", err), 1)
- }
- diggerConfig, _, dependencyGraph, err :=
digger_config.LoadDiggerConfig("./", true, changedFiles)
- if err != nil {
- usage.ReportErrorAndExit(actor, fmt.Sprintf("Failed to load
digger config. %s", err), 4)
- }
- //impactedProjects :=
diggerConfig.GetModifiedProjects(strings.Split(runConfig.FilesChanged, ","))
- impactedProjects := diggerConfig.GetProjects(projectName)
- jobs, _, err := scheduler.ConvertProjectsToJobs(actor, repoNamespace,
command, prNumber, impactedProjects, nil, diggerConfig.Workflows)
- if err != nil {
- usage.ReportErrorAndExit(actor, fmt.Sprintf("Failed to convert
impacted projects to commands. %s", err), 4)
- }
-
- jobs = digger.SortedCommandsByDependency(jobs, &dependencyGraph)
- _, _, err = digger.RunJobs(jobs, prService, orgService, lock, reporter,
planStorage, policyChecker, comment_updater.NoopCommentUpdater{}, backendApi,
"", false, false, "123", currentDir)
-}
-
/*
Exit codes:
0 - No errors
@@ -77,26 +31,6 @@
}
-func getImpactedProjectsAsString(projects []digger_config.Project, prNumber
int) string {
- msg := fmt.Sprintf("Following projects are impacted by pull request
#%d\n", prNumber)
- for _, p := range projects {
- msg += fmt.Sprintf("- %s\n", p.Name)
- }
- return msg
-}
-
-func logCommands(projectCommands []scheduler.Job) {
- logMessage := fmt.Sprintf("Following commands are going to be
executed:\n")
- for _, pc := range projectCommands {
- logMessage += fmt.Sprintf("project: %s: commands: ",
pc.ProjectName)
- for _, c := range pc.Commands {
- logMessage += fmt.Sprintf("\"%s\", ", c)
- }
- logMessage += "\n"
- }
- log.Print(logMessage)
-}
-
func init() {
log.SetOutput(os.Stdout)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/digger-cli-0.6.84/libs/storage/aws_plan_storage.go
new/digger-cli-0.6.85/libs/storage/aws_plan_storage.go
--- old/digger-cli-0.6.84/libs/storage/aws_plan_storage.go 2025-02-04
19:48:40.000000000 +0100
+++ new/digger-cli-0.6.85/libs/storage/aws_plan_storage.go 2025-02-11
20:27:13.000000000 +0100
@@ -24,12 +24,53 @@
DeleteObject(ctx context.Context, params *s3.DeleteObjectInput, optFns
...func(*s3.Options)) (*s3.DeleteObjectOutput, error)
}
+type AwsS3EncryptionType string
+
+const (
+ ServerSideEncryptionAes256 AwsS3EncryptionType = "AES256"
+ ServerSideEncryptionAwsKms AwsS3EncryptionType = "aws:kms"
+)
+
type PlanStorageAWS struct {
- Client S3Client
- Bucket string
- Context context.Context
+ Client S3Client
+ Bucket string
+ Context context.Context
+ EncryptionEnabled bool
+ EncryptionType AwsS3EncryptionType
+ KMSEncryptionId string
}
+func NewAWSPlanStorage(bucketName string, encryptionEnabled bool,
encryptionType string, KMSEncryptionId string) (*PlanStorageAWS, error) {
+ if bucketName == "" {
+ return nil, fmt.Errorf("AWS_S3_BUCKET is not defined")
+ }
+ ctx, client, err := GetAWSStorageClient()
+ if err != nil {
+ return nil, fmt.Errorf("could not retrieve aws storage client")
+ }
+ planStorage := &PlanStorageAWS{
+ Context: ctx,
+ Client: client,
+ Bucket: bucketName,
+ }
+ if encryptionEnabled {
+ planStorage.EncryptionEnabled = true
+ if encryptionType == "AES256" {
+ planStorage.EncryptionType = ServerSideEncryptionAes256
+ } else if encryptionType == "KMS" {
+ if KMSEncryptionId == "" {
+ return nil, fmt.Errorf("KMS encryption
requested but no KMS key specified")
+ }
+ planStorage.EncryptionType = ServerSideEncryptionAwsKms
+ planStorage.KMSEncryptionId = KMSEncryptionId
+ } else {
+ return nil, fmt.Errorf("unknown encryption type
specified for aws plan bucket: %v", encryptionType)
+ }
+ }
+
+ return planStorage, nil
+
+}
func (psa *PlanStorageAWS) PlanExists(artifactName, storedPlanFilePath string)
(bool, error) {
input := &s3.HeadObjectInput{
Bucket: aws.String(psa.Bucket),
@@ -59,6 +100,15 @@
Bucket: aws.String(psa.Bucket),
Key: aws.String(fileName),
}
+
+ // support for encryption
+ if psa.EncryptionEnabled {
+ input.ServerSideEncryption =
types.ServerSideEncryption(psa.EncryptionType)
+ if psa.EncryptionType == ServerSideEncryptionAwsKms {
+ input.SSEKMSKeyId = aws.String(psa.KMSEncryptionId)
+ }
+ }
+
_, err := psa.Client.PutObject(psa.Context, input)
if err != nil {
log.Printf("Failed to write file to bucket: %v", err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/digger-cli-0.6.84/libs/storage/plan_storage.go
new/digger-cli-0.6.85/libs/storage/plan_storage.go
--- old/digger-cli-0.6.84/libs/storage/plan_storage.go 2025-02-04
19:48:40.000000000 +0100
+++ new/digger-cli-0.6.85/libs/storage/plan_storage.go 2025-02-11
20:27:13.000000000 +0100
@@ -235,18 +235,14 @@
Context: ctx,
}
case uploadDestination == "aws":
- ctx, client, err := GetAWSStorageClient()
- if err != nil {
- return nil, fmt.Errorf(fmt.Sprintf("Failed to create
AWS storage client: %s", err))
- }
bucketName := strings.ToLower(os.Getenv("AWS_S3_BUCKET"))
- if bucketName == "" {
- return nil, fmt.Errorf("AWS_S3_BUCKET is not defined")
- }
- planStorage = &PlanStorageAWS{
- Context: ctx,
- Client: client,
- Bucket: bucketName,
+ encryptionEnabled :=
os.Getenv("PLAN_UPLOAD_S3_ENCRYPTION_ENABLED") == "true"
+ encryptionType := os.Getenv("PLAN_UPLOAD_S3_ENCRYPTION_TYPE")
+ encryptionKmsId := os.Getenv("PLAN_UPLOAD_S3_ENCRYPTION_KMS_ID")
+ var err error
+ planStorage, err = NewAWSPlanStorage(bucketName,
encryptionEnabled, encryptionType, encryptionKmsId)
+ if err != nil {
+ return nil, fmt.Errorf("error while creating AWS plan
storage: %v", err)
}
case uploadDestination == "gitlab":
//TODO implement me
++++++ digger-cli.obsinfo ++++++
--- /var/tmp/diff_new_pack.1fICgw/_old 2025-02-12 21:36:53.219486300 +0100
+++ /var/tmp/diff_new_pack.1fICgw/_new 2025-02-12 21:36:53.219486300 +0100
@@ -1,5 +1,5 @@
name: digger-cli
-version: 0.6.84
-mtime: 1738694920
-commit: 7deabf0b5ed958526064be735c821fc5cfda6361
+version: 0.6.85
+mtime: 1739302033
+commit: ba401407d70a06fcd7f1020c368387465f6e2a93
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/digger-cli/vendor.tar.gz
/work/SRC/openSUSE:Factory/.digger-cli.new.8181/vendor.tar.gz differ: char 5,
line 1
