build the v0.4.1 release

- write the changelog
- generate new example manifests for the release
- update the release documentation
- fix the build-release-yamls script

Signed-off-by: Andrew Stoycos <astoycos@redhat.com>

Cargo.toml

@@ -18,7 +18,7 @@ edition = "2021"
 homepage = "https://bpfman.io"
 license = "Apache-2.0"
 repository = "https://github.com/bpfman/bpfman"
-version = "0.4.1-rc6"
+version = "0.4.1"
 
 [workspace.dependencies]
 anyhow = { version = "1", default-features = false }
@@ -28,8 +28,8 @@ async-trait = { version = "0.1", default-features = false }
 aya = { version = "0.12", default-features = false }
 base16ct = { version = "0.2.0", default-features = false }
 base64 = { version = "0.22.0", default-features = false }
-bpfman = { version = "0.4.1-rc6", path = "./bpfman" }
-bpfman-api = { version = "0.4.1-rc6", path = "./bpfman-api" }
+bpfman = { version = "0.4.1", path = "./bpfman" }
+bpfman-api = { version = "0.4.1", path = "./bpfman-api" }
 bpfman-csi = { version = "1.8.0", path = "./csi" }
 caps = { version = "0.5.4", default-features = false }
 cargo_metadata = { version = "0.18.0", default-features = false }

RELEASE.md

@@ -9,6 +9,7 @@ A release for the bpfman project is comprised of the following major components:
 - bpfman (Core library) and bpfman-api (Core GRPC API protobuf definitions) library crates
 - bpfman (CLI), and bpfman-rpc (gRPC server) binary crates
 - bpf-metrics-exporter and bpf-log-exporter binary crates
+- bpfman RPMs stored in the [bpfman COPR repository][copr-repo].
 - Kubernetes User Facing Custom Resource Definitions (CRDs)
     - `TcProgram`
     - `XdpProgram`
@@ -66,7 +67,7 @@ A release for the bpfman project is comprised of the following major components:
 ### Overview
 
 Each new release of bpfman is defined with a "bundle version" that
-represents the Git tag of a release, such as `v0.4.0`. This contains the
+represents the Git tag of a release, such as `v0.4.1`. This contains the
 components described above
 
 #### Kubernetes API Versions (e.g. v1alpha2, v1beta1)
@@ -97,28 +98,68 @@ a PR. This must go through the regular PR review process and get merged into the
 `main` branch. Approval of the PR indicates community consensus for a new
 release.
 
+Additionally you can navigate to the github release page and draft a release
+generating release notes there as well.
+
 ### Release Steps
 
-The following steps must be done by one of the [bpfman maintainers][bpfman-team]:
+The following steps must be done by one of the [bpfman maintainers][bpfman-team],
+please always try and cut a release candidate before pushing an official major
+or minor release.
+
+#### RELEASE CANDIDATE Release
+
+Often times cutting a release candidate is a great way to test any changes to
+our release infrastructure before cutting an official release. Make sure release
+candidate versions contain an `rc` suffix i.e `0.4.0-rc1`.  This is a lighter
+weight process meaning many of the versioned manifests do not necessarily need
+to be created.
+
+- Open an update PR that:
+    - Adds a new changelog for the release
+    - Updates the [Cargo.toml](https://github.com/bpfman/bpfman/blob/main/Cargo.toml) version for the workspace:
+        - `version = "x.x.x"`
+        - `bpfman = { version = "x.x.x", path = "./bpfman" }"`
+        - `bpfman-api = { version = "x.x.x", path = "./bpfman-api" }`
+        - Note: `bpfman-csi` does not need to be updated.
+    - Runs `cargo generate-lockfile`
+    - Updates the bpfman-operator version in it's [Makefile](https://github.com/bpfman/bpfman/blob/main/bpfman-operator/Makefile):
+        - `VERSION ?= x.x.x`
+- Make sure CI is green and merge the update PR.
+- Create a tag using the `HEAD` of the `main` branch. This can be done using the `git` CLI or
+  Github's [release][release] page.
+- Tag the release using the commit on `main` where the changelog update merged.
+  This can  be done using the `git` CLI or Github's [release][release]
+  page.
+
+Once these steps are completed:
 
-For a **PATCH** release:
+- Make sure a new RPM has been built and pushed to the bpfman COPR repository.
+- Make sure all [actions][gh-actions] have completed successfully
+- Ensure images are built and updated with the new version tag at:
+    - quay.io/bpfman
+    - quay.io/bpfman-bytecode
+    - quay.io/bpfman-userspace
+
+#### PATCH Release
 
 - Create a new branch in your fork named something like `<githubuser>/release-x.x.x`. Use the new branch
   in the upcoming steps.
 - Use `git` to cherry-pick all relevant PRs into your branch.
 - Create a branch from the major-minor tag of interest i.e:
   `git checkout -b release-x.x.x <major.minor.patch>`
 - Create a pull request of the `<githubuser>/release-x.x.x` branch into the `release-x.x` branch upstream.
-  Add a hold on this PR waiting for at least one maintainer/codeowner to provide a `lgtm`. This PR should:
-    - Add a new changelog for the release
-    - Update the [Cargo.toml](https://github.com/bpfman/bpfman/blob/main/Cargo.toml) version for the workspace:
+  Add a hold on this PR waiting for at least one maintainer/codeowner to provide a `lgtm`. This PR:
+    - Adds a new changelog for the release
+    - Updates the [Cargo.toml](https://github.com/bpfman/bpfman/blob/main/Cargo.toml) version for the workspace:
         - `version = "x.x.x"`
         - `bpfman = { version = "x.x.x", path = "./bpfman" }"`
         - `bpfman-api = { version = "x.x.x", path = "./bpfman-api" }`
         - Note: `bpfman-csi` does not need to be updated.
-    - Update the bpfman-operator version in it's [Makefile](https://github.com/bpfman/bpfman/blob/main/bpfman-operator/Makefile):
+    - Runs `cargo generate-lockfile`
+    - Updates the bpfman-operator version in it's [Makefile](https://github.com/bpfman/bpfman/blob/main/bpfman-operator/Makefile):
         - `VERSION ?= x.x.x`
-    - Run `make bundle` from the bpfman-operator directory to update the bundle version.
+    - Runs `make bundle` from the bpfman-operator directory to update the bundle version.
       This will generate a new `/bpfman-operator/bundle` directory which will ONLY be tracked in the
       `release-x.x` branch not `main`.
 - Verify the CI tests pass and merge the PR into `release-x.x`.
@@ -131,25 +172,35 @@ For a **PATCH** release:
         - `go-xdp-counter-install.yaml`
         - `go-tc-counter-install.yaml`
         - `go-tracepoint-counter-install.yaml`
+        - `go-uprobe-counter-install.yaml`
+        - `go-uretprobe-counter-install.yaml`
+        - `go-kprobe-counter-install.yaml`
+        - `go-xdp-counter-install-selinux.yaml`
+        - `go-tc-counter-install-selinux.yaml`
+        - `go-tracepoint-counter-install-selinux.yaml`
+        - `go-uprobe-counter-install-selinux.yaml`
+        - `go-uretprobe-counter-install-selinux.yaml`
+        - `go-kprobe-counter-install-selinux.yaml`
 - Update the [community-operator](https://github.com/k8s-operatorhub/community-operators) and
   [community-operators-prod](https://github.com/redhat-openshift-ecosystem/community-operators-prod) repositories with
   the latest bundle manifests. See the following PRs as examples:
     - https://github.com/redhat-openshift-ecosystem/community-operators-prod/pull/2696
     - https://github.com/k8s-operatorhub/community-operators/pull/2790
 
-For a **MAJOR** or **MINOR** release:
+#### MAJOR or MINOR Release
 
 - Open an update PR that:
     - Adds a new changelog for the release
-    - Update the [Cargo.toml](https://github.com/bpfman/bpfman/blob/main/Cargo.toml) version for the workspace:
+    - Updates the [Cargo.toml](https://github.com/bpfman/bpfman/blob/main/Cargo.toml) version for the workspace:
         - `version = "x.x.x"`
         - `bpfman = { version = "x.x.x", path = "./bpfman" }"`
         - `bpfman-api = { version = "x.x.x", path = "./bpfman-api" }`
         - Note: `bpfman-csi` does not need to be updated.
-    - Update the bpfman-operator version in it's [Makefile](https://github.com/bpfman/bpfman/blob/main/bpfman-operator/Makefile):
+    - Runs `cargo generate-lockfile`
+    - Updates the bpfman-operator version in it's [Makefile](https://github.com/bpfman/bpfman/blob/main/bpfman-operator/Makefile):
         - `VERSION ?= x.x.x`
-    - Run `make bundle` from the bpfman-operator directory to update the bundle version.
-    - Add's a new `examples` config directory for the release version
+    - Runs `make bundle` from the bpfman-operator directory to update the bundle version.
+    - Adds a new `examples` config directory for the release version
 - Make sure CI is green and merge the update PR.
 - Create a tag using the `HEAD` of the `main` branch. This can be done using the `git` CLI or
   Github's [release][release] page.
@@ -163,6 +214,17 @@ For a **MAJOR** or **MINOR** release:
         - `go-xdp-counter-install.yaml`
         - `go-tc-counter-install.yaml`
         - `go-tracepoint-counter-install.yaml`
+        - `go-uprobe-counter-install.yaml`
+        - `go-uretprobe-counter-install.yaml`
+        - `go-kprobe-counter-install.yaml`
+        - `go-xdp-counter-install-selinux.yaml`
+        - `go-tc-counter-install-selinux.yaml`
+        - `go-tracepoint-counter-install-selinux.yaml`
+        - `go-uprobe-counter-install-selinux.yaml`
+        - `go-uretprobe-counter-install-selinux.yaml`
+        - `go-kprobe-counter-install-selinux.yaml`
 
 [release]: https://github.com/bpfman/bpfman/releases
 [bpfman-team]: https://github.com/bpfman/bpfman/blob/main/CODEOWNERS
+[copr-repo]: https://copr.fedorainfracloud.org/coprs/g/ebpf-sig/bpfman/
+[gh-actions]: https://github.com/bpfman/bpfman/actions

bpfman-operator/Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.4.0
+VERSION ?= 0.4.1
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

bpfman-operator/hack/build-release-yamls.sh

@@ -76,23 +76,29 @@ echo "Generated:" release-v${VERSION}/go-tracepoint-counter-install.yaml
 ### UPROBE
 ${KUSTOMIZE} build ../examples/config/v${VERSION}/go-uprobe-counter > release-v${VERSION}/go-uprobe-counter-install.yaml
 echo "Generated:" release-v${VERSION}/go-uprobe-counter-install.yaml
+### URETPROBE
+${KUSTOMIZE} build ../examples/config/v${VERSION}/go-uretprobe-counter > release-v${VERSION}/go-uretprobe-counter-install.yaml
+echo "Generated:" release-v${VERSION}/go-uretprobe-counter-install.yaml
 ### KPROBE
 ${KUSTOMIZE} build ../examples/config/v${VERSION}/go-kprobe-counter > release-v${VERSION}/go-kprobe-counter-install.yaml
 echo "Generated:" release-v${VERSION}/go-kprobe-counter-install.yaml
 
-## 4. examples install yamls for OCP
+## 4. examples install yamls for SELINUX distros
 ### XDP
-${KUSTOMIZE} build ../examples/config/v${VERSION}-ocp/go-xdp-counter > release-v${VERSION}/go-xdp-counter-install-ocp.yaml
-echo "Generated:" release-v${VERSION}/go-xdp-counter-install-ocp.yaml
+${KUSTOMIZE} build ../examples/config/v${VERSION}-selinux/go-xdp-counter > release-v${VERSION}/go-xdp-counter-install-selinux.yaml
+echo "Generated:" release-v${VERSION}/go-xdp-counter-install-selinux.yaml
 ### TC
-${KUSTOMIZE} build ../examples/config/v${VERSION}-ocp/go-tc-counter > release-v${VERSION}/go-tc-counter-install-ocp.yaml
-echo "Generated:" release-v${VERSION}/go-tc-counter-install-ocp.yaml
+${KUSTOMIZE} build ../examples/config/v${VERSION}-selinux/go-tc-counter > release-v${VERSION}/go-tc-counter-install-selinux.yaml
+echo "Generated:" release-v${VERSION}/go-tc-counter-install-selinux.yaml
 ### TRACEPOINT
-${KUSTOMIZE} build ../examples/config/v${VERSION}-ocp/go-tracepoint-counter > release-v${VERSION}/go-tracepoint-counter-install-ocp.yaml
-echo "Generated:" release-v${VERSION}/go-tracepoint-counter-install-ocp.yaml
+${KUSTOMIZE} build ../examples/config/v${VERSION}-selinux/go-tracepoint-counter > release-v${VERSION}/go-tracepoint-counter-install-selinux.yaml
+echo "Generated:" release-v${VERSION}/go-tracepoint-counter-install-selinux.yaml
 ### UPROBE
-${KUSTOMIZE} build ../examples/config/v${VERSION}-ocp/go-uprobe-counter > release-v${VERSION}/go-uprobe-counter-install-ocp.yaml
-echo "Generated:" release-v${VERSION}/go-uprobe-counter-install-ocp.yaml
+${KUSTOMIZE} build ../examples/config/v${VERSION}-selinux/go-uprobe-counter > release-v${VERSION}/go-uprobe-counter-install-selinux.yaml
+echo "Generated:" release-v${VERSION}/go-uprobe-counter-install-selinux.yaml
+### URETPROBE
+${KUSTOMIZE} build ../examples/config/v${VERSION}-selinux/go-uretprobe-counter > release-v${VERSION}/go-uretprobe-counter-install-selinux.yaml
+echo "Generated:" release-v${VERSION}/go-uretprobe-counter-install-selinux.yaml
 ### KPROBE
-${KUSTOMIZE} build ../examples/config/v${VERSION}-ocp/go-kprobe-counter > release-v${VERSION}/go-kprobe-counter-install-ocp.yaml
-echo "Generated:" release-v${VERSION}/go-kprobe-counter-install-ocp.yaml
+${KUSTOMIZE} build ../examples/config/v${VERSION}-selinux/go-kprobe-counter > release-v${VERSION}/go-kprobe-counter-install-selinux.yaml
+echo "Generated:" release-v${VERSION}/go-kprobe-counter-install-selinux.yaml

changelogs/CHANGELOG-v0.4.1.md

@@ -0,0 +1,44 @@
+The v0.4.1 release is a patch release which includes some bug fixes found
+in the original v0.4.0 release.  Additionally support has been added for deploying
+the example applications as unprivileged containers on productions systems which
+enable SELinux by default.
+
+Users can now access released RPMs from the [bpfman COPR repo](https://copr.fedorainfracloud.org/coprs/g/ebpf-sig/bpfman) and nightly RPMs from the [bpfman-next COPR repo](https://copr.fedorainfracloud.org/coprs/g/ebpf-sig/bpfman-next/).
+
+For even more details Please see the individual commit
+messages shown below.
+
+## What's Changed
+* bpfman: dir bpfman-sock missing for bpfman-rpc by @Billy99 in https://github.com/bpfman/bpfman/pull/1082
+* docs: Reduce release changes by @Billy99 in https://github.com/bpfman/bpfman/pull/1071
+* build(deps): bump async-trait from 0.1.79 to 0.1.80 in the production-dependencies group by @dependabot in https://github.com/bpfman/bpfman/pull/1085
+* build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in the production-dependencies group by @dependabot in https://github.com/bpfman/bpfman/pull/1086
+* add csi fsgroup support by @astoycos in https://github.com/bpfman/bpfman/pull/1089
+* bpfman: include license in crate workspace by @danielmellado in https://github.com/bpfman/bpfman/pull/1087
+* rpm: Add bpfman-rpc and bpfman-ns to rpm package by @Billy99 in https://github.com/bpfman/bpfman/pull/1096
+* Add target aware uretprobe example by @msherif1234 in https://github.com/bpfman/bpfman/pull/1064
+* Examples/Docs: idiomatic Go usage and update installation instructions for apt-based OS by @thediveo in https://github.com/bpfman/bpfman/pull/1084
+* build(deps): bump the production-dependencies group with 3 updates by @dependabot in https://github.com/bpfman/bpfman/pull/1099
+* image: Add missing images to push to quay by @Billy99 in https://github.com/bpfman/bpfman/pull/1098
+* update packit config by @astoycos in https://github.com/bpfman/bpfman/pull/1083
+* fix mounter image to fedora 39 by @astoycos in https://github.com/bpfman/bpfman/pull/1102
+* test: add negative test cases to integration tests by @Billy99 in https://github.com/bpfman/bpfman/pull/1100
+* Start providing manifests for running our eBPF example applications as truly non-root by @astoycos in https://github.com/bpfman/bpfman/pull/1097
+* build(deps): bump golangci/golangci-lint-action from 4 to 5 in the production-dependencies group by @dependabot in https://github.com/bpfman/bpfman/pull/1105
+* build(deps): bump the production-dependencies group with 2 updates by @dependabot in https://github.com/bpfman/bpfman/pull/1106
+* De-duplicate code in the bpfman-agent by @anfredette in https://github.com/bpfman/bpfman/pull/1068
+* test: add image name test by @Billy99 in https://github.com/bpfman/bpfman/pull/1107
+* Add bpfman 0.4.1-rc1 to builds and cargo metadata by @danielmellado in https://github.com/bpfman/bpfman/pull/1112
+* Free up disk space for running k8s int tests by @anfredette in https://github.com/bpfman/bpfman/pull/1110
+* Remove propose_downstream packit job by @danielmellado in https://github.com/bpfman/bpfman/pull/1111
+* cut an rc2 to ensure our rpm builds are working by @astoycos in https://github.com/bpfman/bpfman/pull/1114
+* cut an rc3 release by @astoycos in https://github.com/bpfman/bpfman/pull/1115
+* cut a rc4 release by @astoycos in https://github.com/bpfman/bpfman/pull/1116
+* cut a 0.4.1-rc5 by @astoycos in https://github.com/bpfman/bpfman/pull/1117
+* fix a bug in the release automation, test with rc6 by @astoycos in https://github.com/bpfman/bpfman/pull/1120
+
+## New Contributors
+* @thediveo made their first contribution in https://github.com/bpfman/bpfman/pull/1084
+* @Silvanoc opened their first issue in https://github.com/bpfman/bpfman/issues/1077
+
+**Full Changelog**: https://github.com/bpfman/bpfman/compare/v0.4.0...v0.4.1

docs/getting-started/running-release.md

@@ -7,7 +7,7 @@ releases.
 > **Note:** Instructions for interacting with bpfman change from release to release, so reference
 > release specific documentation. For example:
 >
->    [https://bpfman.io/v0.4.0/getting-started/running-release/](https://bpfman.io/v0.4.0/getting-started/running-release/)
+>    [https://bpfman.io/v0.4.1/getting-started/running-release/](https://bpfman.io/v0.4.1/getting-started/running-release/)
 
 Jump to the [Setup and Building bpfman](./building-bpfman.md) section
 for help building from the latest code or building from a release branch.
@@ -30,7 +30,7 @@ links above for further information on how to test and interact with `bpfman`.
 ## Run as a Long Lived Process
 
 ```console
-export BPFMAN_REL=0.4.0
+export BPFMAN_REL=0.4.1
 mkdir -p $HOME/src/bpfman-${BPFMAN_REL}/; cd $HOME/src/bpfman-${BPFMAN_REL}/
 wget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-linux-x86_64.tar.gz
 tar -xzvf bpfman-linux-x86_64.tar.gz; rm bpfman-linux-x86_64.tar.gz
@@ -77,7 +77,7 @@ kind create cluster --name=test-bpfman
 Next, deploy the bpfman CRDs:
 
 ```console
-export BPFMAN_REL=0.4.0
+export BPFMAN_REL=0.4.1
 kubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-crds-install.yaml
 ```
 

examples/config/v0.4.1-selinux/go-kprobe-counter/kustomization.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Patch the bytecode.yaml to change tag on the "url" field (which is an
+# image) to new value. This actually overwrites the image with the same value.
+patches:
+  - target:
+      kind: KprobeProgram
+      name: go-kprobe-counter-example
+    patch: |-
+      - op: replace
+        path: "/spec/bytecode/image/url"
+        value: quay.io/bpfman-bytecode/go-kprobe-counter:v0.4.1
+# Patch the deployment.yaml to change container image in Daemonset
+# to new tag on the image.
+images:
+  - name: quay.io/bpfman-userspace/go-kprobe-counter
+    newName: quay.io/bpfman-userspace/go-kprobe-counter
+    newTag: v0.4.1
+resources: [../../selinux/go-kprobe-counter]

examples/config/v0.4.1-selinux/go-target/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Patch the deployment.yaml to change container image in Daemonset
+# to new tag on the image.
+images:
+  - name: quay.io/bpfman-userspace/go-target
+    newName: quay.io/bpfman-userspace/go-target
+    newTag: v0.4.1
+resources: [../../selinux/go-target]