#54 - Fix problem to chown while post-upgrade script deletes pdgata

CHANGELOG.md

@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- [#54] Fix problem to chown files while post-upgrade script deletes the pgdata
+- [#54] Upgrade makefiles to 10.2.0
 
 ## [v14.17-3] - 2025-07-24
 ### Fixed

Makefile

@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.5.0
+MAKEFILES_VERSION=10.2.0
 
 .DEFAULT_GOAL:=dogu-release
 

build/make/build.mk

@@ -3,7 +3,7 @@
 ADDITIONAL_LDFLAGS?=-extldflags -static
 LDFLAGS?=-ldflags "$(ADDITIONAL_LDFLAGS) -X main.Version=$(VERSION) -X main.CommitID=$(COMMIT_ID)"
 GOIMAGE?=golang
-GOTAG?=1.23
+GOTAG?=1.24
 GOOS?=linux
 GOARCH?=amd64
 PRE_COMPILE?=

build/make/k8s-component.mk

@@ -1,4 +1,5 @@
-COMPONENT_DEV_VERSION?=${VERSION}-dev
+COMPONENT_BUILD_VERSION := $(shell date +%s)
+COMPONENT_DEV_VERSION?=${VERSION}-dev.${COMPONENT_BUILD_VERSION}
 
 include ${BUILD_DIR}/make/k8s.mk
 
@@ -15,8 +16,9 @@ HELM_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${VERSION}.tgz
 HELM_DEV_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${COMPONENT_DEV_VERSION}.tgz
 HELM_ARTIFACT_NAMESPACE?=k8s
 ifeq (${RUNTIME_ENV}, remote)
-	HELM_ARTIFACT_NAMESPACE?=testing/k8s
+	HELM_ARTIFACT_NAMESPACE=testing/k8s
 endif
+$(info HELM_ARTIFACT_NAMESPACE=$(HELM_ARTIFACT_NAMESPACE))
 
 K8S_RESOURCE_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${ARTIFACT_ID}-${VERSION}.yaml"
 K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl
@@ -93,10 +95,10 @@ helm-reinstall: helm-delete helm-apply ## Uninstalls the current helm chart and
 .PHONY: helm-chart-import
 helm-chart-import: ${CHECK_VAR_TARGETS} helm-generate helm-package ${IMAGE_IMPORT_TARGET} ## Imports the currently available chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
 		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
         ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
@@ -142,7 +144,7 @@ ${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}: ${K8S_RESOURCE_TEMP_FOLDER}
 	fi
 
 .PHONY: component-apply
-component-apply: check-k8s-namespace-env-var ${COMPONENT_PRE_APPLY_TARGETS} ${IMAGE_IMPORT_TARGET} helm-generate helm-chart-import component-generate ## Applies the component yaml resource to the actual defined context.
+component-apply: isProduction check-k8s-namespace-env-var ${COMPONENT_PRE_APPLY_TARGETS} ${IMAGE_IMPORT_TARGET} helm-generate helm-chart-import component-generate ## Applies the component yaml resource to the actual defined context.
 	@kubectl apply -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}"
 	@echo "Done."
 

build/make/k8s-crd.mk

@@ -1,5 +1,12 @@
-ARTIFACT_CRD_ID = $(ARTIFACT_ID)-crd
-DEV_CRD_VERSION ?= ${VERSION}-dev
+# we set this default to maintain compatibility with CRDs that are still inside monorepos
+APPEND_CRD_SUFFIX ?= true
+ifeq ($(APPEND_CRD_SUFFIX), true)
+	ARTIFACT_CRD_ID = $(ARTIFACT_ID)-crd
+else ifeq ($(APPEND_CRD_SUFFIX), false)
+	ARTIFACT_CRD_ID = $(ARTIFACT_ID)
+endif
+CRD_BUILD_VERSION := $(shell date +%s).$(TIMESTAMP)
+DEV_CRD_VERSION ?= ${VERSION}-dev.${COMPONENT_BUILD_VERSION}
 HELM_CRD_SOURCE_DIR ?= ${WORKDIR}/k8s/helm-crd
 HELM_CRD_TARGET_DIR ?= $(K8S_RESOURCE_TEMP_FOLDER)/helm-crd
 HELM_CRD_RELEASE_TGZ = ${HELM_CRD_TARGET_DIR}/${ARTIFACT_CRD_ID}-${VERSION}.tgz
@@ -28,7 +35,7 @@ crd-add-labels: $(BINARY_YQ)
 	@echo "Adding labels to CRD..."
 	@for file in ${HELM_CRD_SOURCE_DIR}/templates/*.yaml ; do \
 		$(BINARY_YQ) -i e ".metadata.labels.app = \"ces\"" $${file} ;\
-		$(BINARY_YQ) -i e ".metadata.labels.\"app.kubernetes.io/name\" = \"${ARTIFACT_ID}\"" $${file} ;\
+		$(BINARY_YQ) -i e ".metadata.labels.\"app.kubernetes.io/name\" = \"${ARTIFACT_CRD_ID}\"" $${file} ;\
 	done
 
 .PHONY: crd-helm-generate ## Generates the Helm CRD chart
@@ -83,10 +90,10 @@ ${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packa
 .PHONY: crd-helm-chart-import
 crd-helm-chart-import: ${CHECK_VAR_TARGETS} check-k8s-artifact-id crd-helm-generate crd-helm-package ## Imports the currently available Helm CRD chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
 		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
         ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
@@ -105,7 +112,7 @@ crd-component-generate: ${K8S_RESOURCE_TEMP_FOLDER} ## Generate the CRD componen
 	fi
 
 .PHONY: crd-component-apply
-crd-component-apply: check-k8s-namespace-env-var crd-helm-chart-import crd-component-generate ## Applies the CRD component YAML resource to the actual defined context.
+crd-component-apply: isProduction check-k8s-namespace-env-var crd-helm-chart-import crd-component-generate ## Applies the CRD component YAML resource to the actual defined context.
 	@kubectl apply -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}"
 	@echo "Done."
 

build/make/k8s.mk

@@ -36,11 +36,11 @@ K3S_LOCAL_REGISTRY_PORT?=30099
 
 # The URL of the container-registry to use. Defaults to the registry of the local-cluster.
 # If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing"
-CES_REGISTRY_HOST?="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}"
+CES_REGISTRY_HOST?=${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}
 CES_REGISTRY_NAMESPACE ?=
 ifeq (${RUNTIME_ENV}, remote)
-	CES_REGISTRY_HOST="registry.cloudogu.com"
-	CES_REGISTRY_NAMESPACE="/testing"
+	CES_REGISTRY_HOST=registry.cloudogu.com
+	CES_REGISTRY_NAMESPACE=/testing
 endif
 $(info CES_REGISTRY_HOST=$(CES_REGISTRY_HOST))
 
@@ -203,3 +203,14 @@ envtest: ${ENVTEST} ## Download envtest-setup locally if necessary.
 
 ${ENVTEST}:
 	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+
+.PHONY: isProduction
+isProduction:
+	@if [[ "${STAGE}" == "production" ]]; then \
+		echo "Command executed in production stage. Aborting."; \
+		exit 1; \
+	else \
+		echo "Command executed in development stage. Continuing."; \
+	fi
+
+

build/make/mocks.mk

@@ -1,7 +1,7 @@
 ##@ Mocking
 
 MOCKERY_BIN=${UTILITY_BIN_PATH}/mockery
-MOCKERY_VERSION?=v2.42.1
+MOCKERY_VERSION?=v2.53.3
 MOCKERY_YAML=${WORKDIR}/.mockery.yaml
 
 ${MOCKERY_BIN}: ${UTILITY_BIN_PATH}

build/make/prerelease.mk

@@ -3,4 +3,4 @@
 
 .PHONY: prerelease_namespace
 prerelease_namespace:
-	build/make/stagex.sh prerelease_namespace
+	build/make/prerelease.sh prerelease_namespace

build/make/prerelease.sh

@@ -5,23 +5,49 @@ set -o pipefail
 
 prerelease_namespace() {
 
+  TIMESTAMP=$(date +"%Y%m%d%H%M%S")
+
   # Update version in dogu.json
   if [ -f "dogu.json" ]; then
     echo "Updating name in dogu.json..."
     ORIG_NAME="$(jq -r ".Name" ./dogu.json)"
+    ORIG_VERSION="$(jq -r ".Version" ./dogu.json)"
     PRERELEASE_NAME="prerelease_${ORIG_NAME}"
+    PRERELEASE_VERSION="${ORIG_VERSION}${TIMESTAMP}"
     jq ".Name = \"${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+    jq ".Version = \"${PRERELEASE_VERSION}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
     jq ".Image = \"registry.cloudogu.com/${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
   fi
 
   # Update version in Dockerfile
   if [ -f "Dockerfile" ]; then
     echo "Updating version in Dockerfile..."
-    ORIG_NAME="$(grep -oP "^[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
-    PRERELEASE_NAME="prerelease_$( echo -e "$ORIG_NAME" | sed 's/\//\\\//g' )"
-    sed -i "s/\(^[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile
-  fi
+    LABEL_BLOCK=$(sed -n '/^LABEL[[:space:]]/ {N; /NAME=".*"/ {N; /VERSION=".*"/ {p}}}' Dockerfile)
+
+    # Extract NAME and VERSION from the LABEL block
+    ORIG_NAME=$(echo "$LABEL_BLOCK" | sed -n 's/.*NAME="\([^"]*\)".*/\1/p')
+    ORIG_VERSION=$(echo "$LABEL_BLOCK" | sed -n 's/.*VERSION="\([^"]*\)".*/\1/p')
 
+    # Output the extracted values for debugging
+    echo "ORIG_NAME Dockerfile: ${ORIG_NAME}"
+    echo "ORIG_VERSION Dockerfile: ${ORIG_VERSION}"
+
+    # Prepare prerelease name and version
+    PRERELEASE_NAME="prerelease_$(echo -e "$ORIG_NAME" | sed 's/\//\\\//g')"
+    PRERELEASE_VERSION="${ORIG_VERSION}${TIMESTAMP}"
+
+    # Output the new values for debugging
+    echo "PRERELEASE_NAME Dockerfile: ${PRERELEASE_NAME}"
+    echo "PRERELEASE_VERSION Dockerfile: ${PRERELEASE_VERSION}"
+
+    # Only replace NAME= and VERSION= and only inside the LABEL block
+    # This assumes LABEL block is between 'LABEL' and first non-indented line
+    sed -i '/^LABEL/,/^[^[:space:]]/ {
+      s/\(NAME="\)[^"]*\("\)/\1'"${PRERELEASE_NAME}"'\2/
+      s/\(VERSION="\)[^"]*\("\)/\1'"${PRERELEASE_VERSION}"'\2/
+    }' Dockerfile
+  fi
+
 }
 
 

build/make/release.mk

@@ -4,7 +4,7 @@
 
 .PHONY: dogu-release
 dogu-release: ## Start a dogu release
-	build/make/release.sh dogu
+	build/make/release.sh dogu "${FIXED_CVE_LIST}" $(DRY_RUN)
 
 .PHONY: node-release
 node-release: ## Start a node package release
@@ -14,6 +14,10 @@ node-release: ## Start a node package release
 go-release: ## Start a go tool release
 	build/make/release.sh go-tool
 
+.PHONY: image-release
+image-release: ## Start a go tool release
+	build/make/release.sh image
+
 .PHONY: dogu-cve-release
 dogu-cve-release: ## Start a dogu release of a new build if the local build fixes critical CVEs
 	@bash -c "build/make/release_cve.sh \"${REGISTRY_USERNAME}\" \"${REGISTRY_PASSWORD}\" \"${TRIVY_IMAGE_SCAN_FLAGS}\" \"${DRY_RUN}\" \"${CVE_SEVERITY}\""

build/make/self-update.mk

@@ -24,4 +24,9 @@ copy-new-files:
 .PHONY: update-build-libs
 update-build-libs:
 	@echo "Check for newer Build-Lib versions"
-	build/make/self-update.sh buildlibs
+	build/make/self-update.sh buildlibs
+
+.PHONY: set-dogu-version
+set-dogu-version:
+	@echo "Set Version of Dogu without Release"
+	build/make/self-update.sh versions

build/make/self-update.sh

@@ -3,6 +3,10 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+
+# shellcheck disable=SC1090
+source "$(pwd)/build/make/release_functions.sh"
+
 TYPE="${1}"
 
 update_build_libs() {
@@ -34,12 +38,23 @@ get_highest_version() {
 # Patch Jenkinsfile
 update_jenkinsfile() {
   sed -i "s/ces-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/ces-build-lib@$(get_highest_version ces)/g" Jenkinsfile
-  sed -i "s/dugu-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@$(get_highest_version dogu)/g" Jenkinsfile
+  sed -i "s/dogu-build-lib@v[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@v$(get_highest_version dogu)/g" Jenkinsfile
+}
+
+# Patch Dogu Version without Release
+set_dogu_version() {
+  CURRENT_TOOL_VERSION=$(get_current_version_by_dogu_json)
+  echo "$(tput setaf 1)ATTENTION: Make sure that the new version corresponds to the current software version$(tput sgr0)"
+  NEW_RELEASE_VERSION="$(read_new_version)"
+  validate_new_version "${NEW_RELEASE_VERSION}"
+  update_versions "${NEW_RELEASE_VERSION}"
 }
 
 # switch for script entrypoint
 if [[ "${TYPE}" == "buildlibs" ]];then
   update_build_libs
+elif [[ "${TYPE}" == "versions" ]];then
+  set_dogu_version
 else
   echo "Unknown target ${TYPE}"
 fi

build/make/static-analysis.mk

@@ -2,14 +2,14 @@
 
 STATIC_ANALYSIS_DIR=$(TARGET_DIR)/static-analysis
 GOIMAGE?=golang
-GOTAG?=1.23
+GOTAG?=1.24
 CUSTOM_GO_MOUNT?=-v /tmp:/tmp
 
 REVIEW_DOG=$(TMP_DIR)/bin/reviewdog
 LINT=$(TMP_DIR)/bin/golangci-lint
-LINT_VERSION?=v1.61.0
+LINT_VERSION?=v2.1.6
 # ignore tests and mocks
-LINTFLAGS=--tests=false --exclude-files="^.*_mock.go$$" --exclude-files="^.*/mock.*.go$$" --timeout 10m --issues-exit-code 0
+LINTFLAGS=--tests=false --timeout 10m --issues-exit-code 0
 ADDITIONAL_LINTER=-E bodyclose -E containedctx -E contextcheck -E decorder -E dupl -E errname -E forcetypeassert -E funlen -E unparam
 
 .PHONY: static-analysis
@@ -47,7 +47,7 @@ $(STATIC_ANALYSIS_DIR)/static-analysis.log: $(STATIC_ANALYSIS_DIR)
 
 $(STATIC_ANALYSIS_DIR)/static-analysis-cs.log: $(STATIC_ANALYSIS_DIR)
 	@echo "run static analysis with export to checkstyle format"
-	@$(LINT) $(LINTFLAGS) run --out-format=checkstyle ./... $(ADDITIONAL_LINTER) > $@
+	@$(LINT) $(LINTFLAGS) --output.checkstyle.path stdout run ./... $(ADDITIONAL_LINTER) > $@
 
 $(STATIC_ANALYSIS_DIR): $(LINT)
 	@mkdir -p $(STATIC_ANALYSIS_DIR)

build/make/test-common.mk

@@ -1,6 +1,6 @@
 GO_JUNIT_REPORT=$(UTILITY_BIN_PATH)/go-junit-report
-GO_JUNIT_REPORT_VERSION=v1.0.0
+GO_JUNIT_REPORT_VERSION=v2.1.0
 
 $(GO_JUNIT_REPORT): $(UTILITY_BIN_PATH)
 	@echo "Download go-junit-report..."
-	@$(call go-get-tool,$@,github.com/jstemmer/go-junit-report@$(GO_JUNIT_REPORT_VERSION))
+	@$(call go-get-tool,$@,github.com/jstemmer/go-junit-report/v2@$(GO_JUNIT_REPORT_VERSION))

build/make/test-unit.mk

@@ -1,17 +1,24 @@
 ##@ Unit testing
 
 UNIT_TEST_DIR=$(TARGET_DIR)/unit-tests
+XUNIT_JSON=$(UNIT_TEST_DIR)/report.json
 XUNIT_XML=$(UNIT_TEST_DIR)/unit-tests.xml
 UNIT_TEST_LOG=$(UNIT_TEST_DIR)/unit-tests.log
 COVERAGE_REPORT=$(UNIT_TEST_DIR)/coverage.out
 
 PRE_UNITTESTS?=
 POST_UNITTESTS?=
 
+ASJSON?=
+
 .PHONY: unit-test
-unit-test: $(XUNIT_XML) ## Start unit tests
+unit-test: $(XUNIT_JSON) ## Start unit tests
+
+ifeq ($(ENVIRONMENT),ci)
+ASJSON='-json'
+endif
 
-$(XUNIT_XML): $(SRC) $(GO_JUNIT_REPORT)
+$(XUNIT_JSON): $(SRC) $(GO_JUNIT_REPORT)
 ifneq ($(strip $(PRE_UNITTESTS)),)
 	@make $(PRE_UNITTESTS)
 endif
@@ -20,13 +27,15 @@ endif
 	@echo 'mode: set' > ${COVERAGE_REPORT}
 	@rm -f $(UNIT_TEST_LOG) || true
 	@for PKG in $(PACKAGES) ; do \
-    ${GO_CALL} test -v $$PKG -coverprofile=${COVERAGE_REPORT}.tmp 2>&1 | tee $(UNIT_TEST_LOG).tmp ; \
+    ${GO_CALL} test -v $$PKG -coverprofile=${COVERAGE_REPORT}.tmp ${ASJSON} 2>&1 | tee $(UNIT_TEST_LOG).tmp ; \
 		cat ${COVERAGE_REPORT}.tmp | tail +2 >> ${COVERAGE_REPORT} ; \
 		rm -f ${COVERAGE_REPORT}.tmp ; \
 		cat $(UNIT_TEST_LOG).tmp >> $(UNIT_TEST_LOG) ; \
 		rm -f $(UNIT_TEST_LOG).tmp ; \
 	done
-	@cat $(UNIT_TEST_LOG) | $(GO_JUNIT_REPORT) > $@
+	@cat $(UNIT_TEST_LOG) >> $@
+	@cat $(UNIT_TEST_LOG) | $(GO_JUNIT_REPORT) -parser gojson > $(XUNIT_XML)
+
 	@if grep '^FAIL' $(UNIT_TEST_LOG); then \
 		exit 1; \
 	fi

build/make/trivyscan.mk

@@ -0,0 +1,9 @@
+# used to create switch the dogu to a prerelease namespace
+# e.g. official/usermgmt -> prerelease_official/usermgmt
+
+# scan a already build dogu image with trivy
+# usage:   make trivysan                               - will scan with severity CRITICAL
+#          make SEVERITY="HIGH, CRITICAL" trivysacn    - will scan with different severity options (e.g. HIGH and CRITICAL)
+.PHONY: trivyscan
+trivyscan:
+	build/make/trivyscan.sh scan $(SEVERITY)

build/make/trivyscan.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# scan a already build image for CVE findings
+# Get tag name from dogu.json
+trivy_scan() {
+  echo "Build image and get Tag-Name:"
+  IMAGE_TAG="$(jq ".Image" --raw-output dogu.json):$(jq ".Version" --raw-output dogu.json)"
+  docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image --severity $SEVERITY $IMAGE_TAG
+}
+
+TYPE="${1}"
+SEVERITY="${2:-"CRITICAL"}"
+
+if [[ "${TYPE}" == "scan" ]];then
+  trivy_scan
+fi