kubernetes-sigs · nawazkh · May 12, 2025 · May 12, 2025 · May 12, 2025 · May 12, 2025
diff --git a/.github/workflows/update-tool-versions.yaml b/.github/workflows/update-tool-versions.yaml
@@ -0,0 +1,103 @@
+name: Update Tool Versions
+
+on:
+    schedule:
+      - cron: '0 0 * * 0'
+    workflow_dispatch:
+
+jobs:
+    update-tools:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: write
+            pull-requests: write
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Install yq, jq and gh
+              run: |
+                sudo apt-get update && sudo apt-get install -y jq
+                curl -sL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/local/bin/yq
+                chmod +x /usr/local/bin/yq
+                curl -sL https://github.com/cli/cli/releases/download/v2.49.0/gh_2.49.0_linux_amd64.tar.gz | tar xz
+                sudo cp gh_*/bin/gh /usr/local/bin/
+
+            - name: Create PRs for Updated Tools
+              env:
+                GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              run: |
+                set -euo pipefail
+                file="hack/tools/tools.yaml"
+                tools=$(yq eval '.tools | keys | .[]' $file)
+
+                get_latest_release() {
+                    local repo=$1
+                    curl -s "https://api.github.com/repos/$repo/releases/latest" | jq -r .tag_name
+                }
+
+                get_kustomize_latest_release() {
+                    local repo=$1
+                    curl -s https://api.github.com/repos/$repo/releases/latest | jq -r '.tag_name' | sed 's|.*/||'
+                }
+
+                get_conversion_gen_latest_release() {
+                    local repo=$1
+                    curl -s "https://api.github.com/repos/kubernetes/code-generator/tags?per_page=100" | jq -r '.[].name' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' |sort -V | tail -n1
+                }
+
+                declare -A repos=(
+                    [controller-gen]="kubernetes-sigs/controller-tools"
+                    [conversion-gen]="kubernetes/code-generator"
+                    [kustomize]="kubernetes-sigs/kustomize"
+                    [azwi]="Azure/azure-workload-identity"
+                    [mockgen]="golang/mock"
+                    [release-notes]="kubernetes/release"
+                    [kubectl]="kubernetes/kubernetes"
+                    [helm]="helm/helm"
+                    [yq]="mikefarah/yq"
+                    [kind]="kubernetes-sigs/kind"
+                    [codespell]="codespell-project/codespell"
+                )
+
+                for tool in "${!repos[@]}"; do
+                    repo="${repos[$tool]}"
+                    current=$(yq ".tools.$tool" $file)
+
+                    if [[ "$tool" == "kubectl" ]]; then
+                    latest="$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)"
+                    elif [[ "$tool" == "kustomize" ]]; then
+                    latest=$(get_kustomize_latest_release $repo)
+                    elif [[ "$tool" == "conversion-gen" ]]; then
+                    latest=$(get_conversion_gen_latest_release $repo)
+                    else
+                    latest=$(get_latest_release $repo)
+                    fi
+
+                    if [[ "$current" != "$latest" ]]; then
+                    echo "$tool"
+                    echo "$current"
+                    echo "$latest"
+                    branch="update-tool-$tool-$latest"
+                    echo "Updating $tool from $current to $latest"
+                    git checkout -b "$branch"
+                    yq -i ".tools.$tool = \"$latest\"" "$file"
+                    git config user.name "github-actions[bot]"
+                    git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+                    git add "$file"
+                    git commit -m "dependency: bump $tool to $latest"
+                    git push origin "$branch" --force
+
+                    gh pr create \
+                        --title "[dependency] bump $tool to $latest" \
+                        --body "This PR updates \`$tool\` from \`$current\` to \`$latest\`." \
+                        --base main \
+                        --label "dependencies,area/dependency,release-note/none,ok-to-test" \
+                        --head "$branch"
+                    else
+                    echo "$tool is already up to date ($current)"
+                    fi
+
+                    git checkout main
+                    git reset --hard origin/main
+                    git clean -fd
+                done
diff --git a/Makefile b/Makefile
@@ -46,20 +46,27 @@ CURL_RETRIES=3
 
 # Directories.
 ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+# Tools directory
 TOOLS_DIR := hack/tools
 TOOLS_BIN_DIR := $(abspath $(TOOLS_DIR)/bin)
+TOOLS_YAML := $(TOOLS_DIR)/tools.yaml
+ADDONS_DIR := templates/addons
+
+# Templates directory
 TEMPLATES_DIR := $(ROOT_DIR)/templates
-BIN_DIR := $(abspath $(ROOT_DIR)/bin)
-EXP_DIR := exp
-GO_INSTALL = ./scripts/go_install.sh
 E2E_DATA_DIR ?= $(ROOT_DIR)/test/e2e/data
+AZURE_TEMPLATES := $(E2E_DATA_DIR)/infrastructure-azure
 KUBETEST_CONF_PATH ?= $(abspath $(E2E_DATA_DIR)/kubetest/conformance.yaml)
 KUBETEST_WINDOWS_CONFIG ?= upstream-windows.yaml
 KUBETEST_WINDOWS_CONF_PATH ?= $(abspath $(E2E_DATA_DIR)/kubetest/$(KUBETEST_WINDOWS_CONFIG))
 KUBETEST_REPO_LIST_PATH ?= $(abspath $(E2E_DATA_DIR)/kubetest/)
-AZURE_TEMPLATES := $(E2E_DATA_DIR)/infrastructure-azure
-ADDONS_DIR := templates/addons
-CONVERSION_VERIFIER := $(TOOLS_BIN_DIR)/conversion-verifier
+
+# Bin directory
+BIN_DIR := $(abspath $(ROOT_DIR)/bin)
+
+# Exp directory
+EXP_DIR := exp
 
 # use the project local tool binaries first
 export PATH := $(TOOLS_BIN_DIR):$(PATH)
@@ -69,43 +76,51 @@ ifneq ($(abspath $(ROOT_DIR)),$(GOPATH)/src/sigs.k8s.io/cluster-api-provider-azu
   OUTPUT_BASE := --output-base=$(ROOT_DIR)
 endif
 
+define yaml-ver
+$(shell yq '.tools.$(1)' $(TOOLS_YAML))
+endef
+
 # Binaries.
-CONTROLLER_GEN_VER := v0.16.1
+CONVERSION_VERIFIER := $(TOOLS_BIN_DIR)/conversion-verifier
+
+CONTROLLER_GEN_VER := $(call yaml-ver,controller-gen)
 CONTROLLER_GEN_BIN := controller-gen
 CONTROLLER_GEN := $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER)
 
-CONVERSION_GEN_VER := v0.31.0
+CONVERSION_GEN_VER := $(call yaml-ver,conversion-gen)
 CONVERSION_GEN_BIN := conversion-gen
 CONVERSION_GEN := $(TOOLS_BIN_DIR)/$(CONVERSION_GEN_BIN)-$(CONVERSION_GEN_VER)
 
-ENVSUBST_VER := $(shell go list -m -f '{{.Version}}' github.com/drone/envsubst/v2)
+ENVSUBST_VER := $(shell go list -m -f '{{.Version}}' github.com/drone/envsubst/v2) # Evnsubst is not updated via hack/tools/tools.yaml
 ENVSUBST_BIN := envsubst
 ENVSUBST := $(TOOLS_BIN_DIR)/$(ENVSUBST_BIN)-$(ENVSUBST_VER)
 
-GOLANGCI_LINT_VER := $(shell cat .github/workflows/pr-golangci-lint.yaml | grep [[:space:]]version: | sed 's/.*version: //')
+GOLANGCI_LINT_VER := $(shell cat .github/workflows/pr-golangci-lint.yaml | grep [[:space:]]version: | sed 's/.*version: //') # golangci-lint is not updated via hack/tools/tools.yaml
 GOLANGCI_LINT_BIN := golangci-lint
 GOLANGCI_LINT := $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER)
 
-KUSTOMIZE_VER := v5.4.1
+KUSTOMIZE_VER := $(call yaml-ver,kustomize)
 KUSTOMIZE_BIN := kustomize
 KUSTOMIZE := $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER)
 
-AZWI_VER := v1.2.2
+AZWI_VER := $(call yaml-ver,azwi)
 AZWI_BIN := azwi
 AZWI := $(TOOLS_BIN_DIR)/$(AZWI_BIN)-$(AZWI_VER)
 
-MOCKGEN_VER := v0.4.0
+MOCKGEN_VER := $(call yaml-ver,mockgen)
 MOCKGEN_BIN := mockgen
 MOCKGEN := $(TOOLS_BIN_DIR)/$(MOCKGEN_BIN)-$(MOCKGEN_VER)
 
-RELEASE_NOTES_VER := v0.18.0
+RELEASE_NOTES_VER := $(call yaml-ver,release-notes)
 RELEASE_NOTES_BIN := release-notes
 RELEASE_NOTES := $(TOOLS_BIN_DIR)/$(RELEASE_NOTES_BIN)-$(RELEASE_NOTES_VER)
 
+# TODO: update kpromo using hack/tools/tools.yaml
 KPROMO_VER := v4.0.5
 KPROMO_BIN := kpromo
 KPROMO := $(TOOLS_BIN_DIR)/$(KPROMO_BIN)-$(KPROMO_VER)
 
+# TODO: update go-apidiff using hack/tools/tools.yaml
 GO_APIDIFF_VER := v0.8.2
 GO_APIDIFF_BIN := go-apidiff
 GO_APIDIFF := $(TOOLS_BIN_DIR)/$(GO_APIDIFF_BIN)
@@ -114,27 +129,28 @@ GINKGO_VER := $(shell go list -m -f '{{.Version}}' github.com/onsi/ginkgo/v2)
 GINKGO_BIN := ginkgo
 GINKGO := $(TOOLS_BIN_DIR)/$(GINKGO_BIN)-$(GINKGO_VER)
 
-KUBECTL_VER := v1.29.10
+KUBECTL_VER := $(call yaml-ver,kubectl)
 KUBECTL_BIN := kubectl
 KUBECTL := $(TOOLS_BIN_DIR)/$(KUBECTL_BIN)-$(KUBECTL_VER)
 
-HELM_VER := v3.14.4
+HELM_VER := $(call yaml-ver,helm)
 HELM_BIN := helm
 HELM := $(TOOLS_BIN_DIR)/$(HELM_BIN)-$(HELM_VER)
 
-YQ_VER := v4.35.2
+YQ_VER := $(call yaml-ver,yq)
 YQ_BIN := yq
 YQ :=  $(TOOLS_BIN_DIR)/$(YQ_BIN)-$(YQ_VER)
 
 KIND_VER := $(shell go list -m -f '{{.Version}}' sigs.k8s.io/kind)
 KIND_BIN := kind
 KIND :=  $(TOOLS_BIN_DIR)/$(KIND_BIN)-$(KIND_VER)
 
-CODESPELL_VER := 2.2.6
+CODESPELL_VER := $(call yaml-ver,codespell)
 CODESPELL_BIN := codespell
 CODESPELL_DIST_DIR := codespell_dist
 CODESPELL := $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR)/$(CODESPELL_BIN)
 
+# TODO: update setup-envtest using hack/tools/tools.yaml
 SETUP_ENVTEST_VER := release-0.19
 SETUP_ENVTEST_BIN := setup-envtest
 SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER))
@@ -813,6 +829,7 @@ aks-cleanup: $(KUBECTL) ## Deletes deployments, secrets and service-accounts fro
 ## --------------------------------------
 
 ##@ Tooling Binaries:
+GO_INSTALL = ./scripts/go_install.sh
 
 conversion-verifier: $(CONVERSION_VERIFIER) go.mod go.sum ## Build a local copy of CAPI's conversion verifier.
 controller-gen: $(CONTROLLER_GEN) ## Build a local copy of controller-gen.

diff --git a/hack/tools/tools.yaml b/hack/tools/tools.yaml
@@ -0,0 +1,12 @@
+tools:
+  controller-gen: v0.16.1
+  conversion-gen: v0.31.0
+  kustomize: v5.4.1
+  azwi: v1.2.2
+  mockgen: v0.4.0
+  release-notes: v0.18.0
+  kubectl: v1.29.10
+  helm: v3.14.4
+  yq: v4.35.2
+  kind: v0.27.0
+  codespell: 2.2.6