From 42d0780bc8626840fd82c194bf56fe33a994019e Mon Sep 17 00:00:00 2001 From: Nan Yu Date: Fri, 23 Feb 2024 22:01:22 +0000 Subject: [PATCH] fix: update git-sync to v4.2.1 to fix a pulling issue There is a bug in git-sync v4.1.0. When branches in different remotes are out of sync, `git-sync` fetches the commit SHA from the last line, which may not be the latest. This leads to an issue that Config Sync couldn't pull the latest commit from HEAD. The issue was fixed in v4.2.0 by https://github.com/kubernetes/git-sync/pull/845. This commit updates git-sync to v4.2.1 to include the fix. It also bumps the debian-base to latest version for CVE fixes. b/325341042 --- Makefile | 2 +- e2e/testcases/git_sync_test.go | 28 +++++++++++-------- .../reconciler-manager-configmap.yaml | 2 +- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index b162596675..2fcc6637fc 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ GO_DIR := $(OUTPUT_DIR)/go # Base image used for all golang containers GOLANG_IMAGE := golang:1.21.5-bookworm # Base image used for debian containers -DEBIAN_BASE_IMAGE := gcr.io/gke-release/debian-base:bookworm-v1.0.1-gke.0 +DEBIAN_BASE_IMAGE := gcr.io/gke-release/debian-base:bookworm-v1.0.1-gke.1 # Base image used for gcloud install, primarily for test images. # We use -slim for a smaller base image where we can choose which components to install. # https://cloud.google.com/sdk/docs/downloads-docker#docker_image_options diff --git a/e2e/testcases/git_sync_test.go b/e2e/testcases/git_sync_test.go index e91ff83eb9..7223e0b8de 100644 --- a/e2e/testcases/git_sync_test.go +++ b/e2e/testcases/git_sync_test.go @@ -17,8 +17,8 @@ package e2e import ( "testing" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" "kpt.dev/configsync/e2e/nomostest" "kpt.dev/configsync/e2e/nomostest/gitproviders" nomostesting "kpt.dev/configsync/e2e/nomostest/testing" @@ -53,21 +53,27 @@ func TestMultipleRemoteBranchesOutOfSync(t *testing.T) { if err := nt.Validate("hello", "", &corev1.Namespace{}); err != nil { nt.T.Fatal(err) } + rs = fake.RootSyncObjectV1Beta1(configsync.RootSyncName) + if err := nt.KubeClient.Get(configsync.RootSyncName, configmanagement.ControllerNamespace, rs); err != nil { + nt.T.Fatal(err) + } + updatedSyncCommit := rs.Status.LastSyncedCommit + assert.NotEqual(t, initialSyncedCommit, updatedSyncCommit) + + nt.T.Logf("Verify git-sync can pull the latest commit with the default branch and revision") + nomostest.SetGitBranch(nt, configsync.RootSyncName, gitproviders.MainBranch) + if err := nt.WatchForAllSyncs(); err != nil { + nt.T.Fatal(err) + } if err := nt.Validate(configsync.RootSyncName, configmanagement.ControllerNamespace, &v1beta1.RootSync{}, testpredicates.RootSyncLastSyncedCommitNotEquals(initialSyncedCommit)); err != nil { nt.T.Fatal(err) } - // Apply the mitigation first to validate Config Sync couldn't pull the latest commit. - nt.T.Logf("Verify the issue exist with the default branch and revision") - nomostest.SetGitBranch(nt, configsync.RootSyncName, gitproviders.MainBranch) - if err := nt.WatchForAllSyncs(nomostest.WithRootSha1Func( - // DefaultRootSha1Fn returns the hash with `git rev-parse HEAD`, which is - // different from `git ls-remote ...` - // So, overwrite the root hash with the initial lastSyncedCommit. - func(_ *nomostest.NT, _ types.NamespacedName) (string, error) { - return initialSyncedCommit, nil - })); err != nil { + nt.T.Logf("Remove the test namespace to make sure git-sync can fetch new commit") + nt.Must(nt.RootRepos[configsync.RootSyncName].Remove("acme/namespaces/hello/ns.yaml")) + nt.Must(nt.RootRepos[configsync.RootSyncName].CommitAndPush("remove Namespace")) + if err := nt.WatchForAllSyncs(); err != nil { nt.T.Fatal(err) } if err := nt.ValidateNotFound("hello", "", &corev1.Namespace{}); err != nil { diff --git a/manifests/templates/reconciler-manager-configmap.yaml b/manifests/templates/reconciler-manager-configmap.yaml index ec752869db..c73a673627 100644 --- a/manifests/templates/reconciler-manager-configmap.yaml +++ b/manifests/templates/reconciler-manager-configmap.yaml @@ -101,7 +101,7 @@ data: - ALL imagePullPolicy: IfNotPresent - name: git-sync - image: gcr.io/config-management-release/git-sync:v4.1.0-gke.7__linux_amd64 + image: gcr.io/config-management-release/git-sync:v4.2.1-gke.1__linux_amd64 args: ["--root=/repo/source", "--link=rev", "--max-failures=30", "--error-file=error.json"] volumeMounts: - name: repo