From 89a781a7cfda7d5755ddf79713fa67c0f8c8b864 Mon Sep 17 00:00:00 2001
From: Gus Rivera <gus.rivera@goteleport.com>
Date: Sat, 24 Aug 2024 21:57:51 -0500
Subject: [PATCH 1/2] Release notes now supports adding security labels to
 releases

---
 Makefile                                      |  3 +-
 .../tooling/cmd/release-notes/main.go         |  2 ++
 .../cmd/release-notes/release_notes.go        |  9 ++++++
 .../cmd/release-notes/release_notes_test.go   | 10 +++++++
 .../template/release-notes.md.tmpl            |  6 ++++
 .../testdata/expected-release-notes.md        | 18 +++++------
 .../testdata/expected-with-labels.md          | 30 +++++++++++++++++++
 7 files changed, 68 insertions(+), 10 deletions(-)
 create mode 100644 build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md

diff --git a/Makefile b/Makefile
index 63cfb10ff2f37..01c419101627b 100644
--- a/Makefile
+++ b/Makefile
@@ -1789,8 +1789,9 @@ changelog: $(CHANGELOG)
 # For more information on release notes generation see ./build.assets/tooling/cmd/release-notes
 .PHONY: create-github-release
 create-github-release: LATEST = false
+create-github-release: GITHUB_RELEASE_LABELS = ""
 create-github-release: $(RELEASE_NOTES_GEN)
-	@NOTES=$$($(RELEASE_NOTES_GEN) $(VERSION) CHANGELOG.md) && gh release create v$(VERSION) \
+	@NOTES=$$($(RELEASE_NOTES_GEN) --labels=$(GITHUB_RELEASE_LABELS) $(VERSION) CHANGELOG.md) && gh release create v$(VERSION) \
 	-t "Teleport $(VERSION)" \
 	--latest=$(LATEST) \
 	--verify-tag \
diff --git a/build.assets/tooling/cmd/release-notes/main.go b/build.assets/tooling/cmd/release-notes/main.go
index 9c0d51a8709c0..8ec06e4c43c93 100644
--- a/build.assets/tooling/cmd/release-notes/main.go
+++ b/build.assets/tooling/cmd/release-notes/main.go
@@ -29,6 +29,7 @@ import (
 var (
 	version   = kingpin.Arg("version", "Version to be released").Required().String()
 	changelog = kingpin.Arg("changelog", "Path to CHANGELOG.md").Required().String()
+	labels    = kingpin.Flag("labels", "Labels to apply to the end of a release, e.g. security labels").String()
 )
 
 func main() {
@@ -42,6 +43,7 @@ func main() {
 
 	gen := &releaseNotesGenerator{
 		releaseVersion: *version,
+		labels:         *labels,
 	}
 
 	notes, err := gen.generateReleaseNotes(clFile)
diff --git a/build.assets/tooling/cmd/release-notes/release_notes.go b/build.assets/tooling/cmd/release-notes/release_notes.go
index 0de1bba5b68a2..6795efc841dbb 100644
--- a/build.assets/tooling/cmd/release-notes/release_notes.go
+++ b/build.assets/tooling/cmd/release-notes/release_notes.go
@@ -36,6 +36,7 @@ var tmpl string
 type tmplInfo struct {
 	Version     string
 	Description string
+	Labels      string
 }
 
 var (
@@ -46,6 +47,13 @@ type releaseNotesGenerator struct {
 	// releaseVersion is the version for the release.
 	// This will be compared against the version present in the changelog.
 	releaseVersion string
+	// labels is a string applied to the end of the release description
+	// that will be picked up by other automation.
+	//
+	// It won't be validated but it is expected to be a comma separated list of
+	// entries in the format
+	// 	label=key
+	labels string
 }
 
 func (r *releaseNotesGenerator) generateReleaseNotes(md io.Reader) (string, error) {
@@ -57,6 +65,7 @@ func (r *releaseNotesGenerator) generateReleaseNotes(md io.Reader) (string, erro
 	info := tmplInfo{
 		Version:     r.releaseVersion,
 		Description: desc,
+		Labels:      r.labels,
 	}
 	var buff bytes.Buffer
 	if err := releaseNotesTemplate.Execute(&buff, info); err != nil {
diff --git a/build.assets/tooling/cmd/release-notes/release_notes_test.go b/build.assets/tooling/cmd/release-notes/release_notes_test.go
index 5e3fc5216ab8a..546b12a923f04 100644
--- a/build.assets/tooling/cmd/release-notes/release_notes_test.go
+++ b/build.assets/tooling/cmd/release-notes/release_notes_test.go
@@ -32,6 +32,7 @@ func Test_generateReleaseNotes(t *testing.T) {
 	tests := []struct {
 		name           string
 		releaseVersion string
+		labels         string
 		clFile         *os.File
 		want           string
 		wantErr        bool
@@ -43,6 +44,14 @@ func Test_generateReleaseNotes(t *testing.T) {
 			want:           mustRead(t, "expected-release-notes.md"),
 			wantErr:        false,
 		},
+		{
+			name:           "with labels",
+			releaseVersion: "16.0.1",
+			labels:         "security-path=yes, security-patch-alts=v16.0.0,v16.0.1",
+			clFile:         mustOpen(t, "test-changelog.md"),
+			want:           mustRead(t, "expected-with-labels.md"),
+			wantErr:        false,
+		},
 		{
 			name:           "version mismatch",
 			releaseVersion: "15.0.1", // test-changelog has 16.0.1
@@ -55,6 +64,7 @@ func Test_generateReleaseNotes(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &releaseNotesGenerator{
 				releaseVersion: tt.releaseVersion,
+				labels:         tt.labels,
 			}
 
 			got, err := r.generateReleaseNotes(tt.clFile)
diff --git a/build.assets/tooling/cmd/release-notes/template/release-notes.md.tmpl b/build.assets/tooling/cmd/release-notes/template/release-notes.md.tmpl
index 632aba58c1040..a4825e3ac7d40 100644
--- a/build.assets/tooling/cmd/release-notes/template/release-notes.md.tmpl
+++ b/build.assets/tooling/cmd/release-notes/template/release-notes.md.tmpl
@@ -18,3 +18,9 @@ Download the current release of Teleport plugins from the links below.
 * Jira [Linux amd64](https://cdn.teleport.dev/teleport-access-jira-v{{ .Version }}-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-jira-v{{ .Version }}-linux-arm64-bin.tar.gz)
 * Email [Linux amd64](https://cdn.teleport.dev/teleport-access-email-v{{ .Version }}-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-email-v{{ .Version }}-linux-arm64-bin.tar.gz)
 * Microsoft Teams [Linux amd64](https://cdn.teleport.dev/teleport-access-msteams-v{{ .Version }}-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-msteams-v{{ .Version }}-linux-arm64-bin.tar.gz)
+{{- if .Labels }}
+
+---
+
+labels: {{ .Labels }}
+{{- end }}
diff --git a/build.assets/tooling/cmd/release-notes/testdata/expected-release-notes.md b/build.assets/tooling/cmd/release-notes/testdata/expected-release-notes.md
index d52e94a60d7b1..a8e835ad84ad5 100644
--- a/build.assets/tooling/cmd/release-notes/testdata/expected-release-notes.md
+++ b/build.assets/tooling/cmd/release-notes/testdata/expected-release-notes.md
@@ -15,12 +15,12 @@ Download the current and previous releases of Teleport at https://goteleport.com
 ## Plugins
 
 Download the current release of Teleport plugins from the links below.
-* Slack ([Linux amd64](https://cdn.teleport.dev/teleport-access-slack-v16.0.1-linux-amd64-bin.tar.gz))
-* Mattermost ([Linux amd64](https://cdn.teleport.dev/teleport-access-mattermost-v16.0.1-linux-amd64-bin.tar.gz))
-* Discord ([Linux amd64](https://cdn.teleport.dev/teleport-access-discord-v16.0.1-linux-amd64-bin.tar.gz))
-* Terraform Provider ([Linux amd64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-linux-arm64-bin.tar.gz) | [macOS amd64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-amd64-bin.tar.gz) | [macOS arm64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-arm64-bin.tar.gz) | [macOS universal](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-universal-bin.tar.gz))
-* Event Handler ([Linux amd64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-linux-amd64-bin.tar.gz) | [macOS amd64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-darwin-amd64-bin.tar.gz))
-* PagerDuty ([Linux amd64](https://cdn.teleport.dev/teleport-access-pagerduty-v16.0.1-linux-amd64-bin.tar.gz))
-* Jira ([Linux amd64](https://cdn.teleport.dev/teleport-access-jira-v16.0.1-linux-amd64-bin.tar.gz))
-* Email ([Linux amd64](https://cdn.teleport.dev/teleport-access-email-v16.0.1-linux-amd64-bin.tar.gz))
-* Microsoft Teams ([Linux amd64](https://cdn.teleport.dev/teleport-access-msteams-v16.0.1-linux-amd64-bin.tar.gz))
+* Slack [Linux amd64](https://cdn.teleport.dev/teleport-access-slack-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-slack-v16.0.1-linux-arm64-bin.tar.gz) 
+* Mattermost [Linux amd64](https://cdn.teleport.dev/teleport-access-mattermost-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-mattermost-v16.0.1-linux-arm64-bin.tar.gz)
+* Discord [Linux amd64](https://cdn.teleport.dev/teleport-access-discord-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-discord-v16.0.1-linux-arm64-bin.tar.gz)
+* Terraform Provider [Linux amd64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-linux-arm64-bin.tar.gz) | [macOS amd64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-amd64-bin.tar.gz) | [macOS arm64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-arm64-bin.tar.gz) | [macOS universal](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-universal-bin.tar.gz)
+* Event Handler [Linux amd64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-linux-arm64-bin.tar.gz) | [macOS amd64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-darwin-amd64-bin.tar.gz)
+* PagerDuty [Linux amd64](https://cdn.teleport.dev/teleport-access-pagerduty-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-pagerduty-v16.0.1-linux-arm64-bin.tar.gz)
+* Jira [Linux amd64](https://cdn.teleport.dev/teleport-access-jira-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-jira-v16.0.1-linux-arm64-bin.tar.gz)
+* Email [Linux amd64](https://cdn.teleport.dev/teleport-access-email-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-email-v16.0.1-linux-arm64-bin.tar.gz)
+* Microsoft Teams [Linux amd64](https://cdn.teleport.dev/teleport-access-msteams-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-msteams-v16.0.1-linux-arm64-bin.tar.gz)
diff --git a/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md b/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md
new file mode 100644
index 0000000000000..87da499cc71e2
--- /dev/null
+++ b/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md
@@ -0,0 +1,30 @@
+## Description
+
+* `tctl` now ignores any configuration file if the auth_service section is disabled, and prefer loading credentials from a given identity file or tsh profile instead. [#43115](https://github.com/gravitational/teleport/pull/43115)
+* Skip `jamf_service` validation when the service is not enabled. [#43095](https://github.com/gravitational/teleport/pull/43095)
+* Fix v16.0.0 amd64 Teleport plugin images using arm64 binaries. [#43084](https://github.com/gravitational/teleport/pull/43084)
+* Add ability to edit user traits from the Web UI. [#43067](https://github.com/gravitational/teleport/pull/43067)
+* Enforce limits when reading events from Firestore for large time windows to prevent OOM events. [#42966](https://github.com/gravitational/teleport/pull/42966)
+* Allow all authenticated users to read the cluster `vnet_config`. [#42957](https://github.com/gravitational/teleport/pull/42957)
+* Improve search and predicate/label based dialing performance in large clusters under very high load. [#42943](https://github.com/gravitational/teleport/pull/42943)
+
+## Download
+
+Download the current and previous releases of Teleport at https://goteleport.com/download.
+
+## Plugins
+
+Download the current release of Teleport plugins from the links below.
+* Slack [Linux amd64](https://cdn.teleport.dev/teleport-access-slack-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-slack-v16.0.1-linux-arm64-bin.tar.gz) 
+* Mattermost [Linux amd64](https://cdn.teleport.dev/teleport-access-mattermost-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-mattermost-v16.0.1-linux-arm64-bin.tar.gz)
+* Discord [Linux amd64](https://cdn.teleport.dev/teleport-access-discord-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-discord-v16.0.1-linux-arm64-bin.tar.gz)
+* Terraform Provider [Linux amd64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-linux-arm64-bin.tar.gz) | [macOS amd64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-amd64-bin.tar.gz) | [macOS arm64](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-arm64-bin.tar.gz) | [macOS universal](https://cdn.teleport.dev/terraform-provider-teleport-v16.0.1-darwin-universal-bin.tar.gz)
+* Event Handler [Linux amd64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-linux-arm64-bin.tar.gz) | [macOS amd64](https://cdn.teleport.dev/teleport-event-handler-v16.0.1-darwin-amd64-bin.tar.gz)
+* PagerDuty [Linux amd64](https://cdn.teleport.dev/teleport-access-pagerduty-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-pagerduty-v16.0.1-linux-arm64-bin.tar.gz)
+* Jira [Linux amd64](https://cdn.teleport.dev/teleport-access-jira-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-jira-v16.0.1-linux-arm64-bin.tar.gz)
+* Email [Linux amd64](https://cdn.teleport.dev/teleport-access-email-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-email-v16.0.1-linux-arm64-bin.tar.gz)
+* Microsoft Teams [Linux amd64](https://cdn.teleport.dev/teleport-access-msteams-v16.0.1-linux-amd64-bin.tar.gz) | [Linux arm64](https://cdn.teleport.dev/teleport-access-msteams-v16.0.1-linux-arm64-bin.tar.gz)
+
+---
+
+labels: security-path=yes, security-patch-alts=v16.0.0,v16.0.1

From 638311dabfb0541417e9759abd005719650ca9bf Mon Sep 17 00:00:00 2001
From: Gus Rivera <gus.rivera@goteleport.com>
Date: Mon, 26 Aug 2024 10:21:28 -0500
Subject: [PATCH 2/2] Fixing typo

---
 build.assets/tooling/cmd/release-notes/release_notes_test.go    | 2 +-
 .../tooling/cmd/release-notes/testdata/expected-with-labels.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.assets/tooling/cmd/release-notes/release_notes_test.go b/build.assets/tooling/cmd/release-notes/release_notes_test.go
index 546b12a923f04..67af99d28ce9c 100644
--- a/build.assets/tooling/cmd/release-notes/release_notes_test.go
+++ b/build.assets/tooling/cmd/release-notes/release_notes_test.go
@@ -47,7 +47,7 @@ func Test_generateReleaseNotes(t *testing.T) {
 		{
 			name:           "with labels",
 			releaseVersion: "16.0.1",
-			labels:         "security-path=yes, security-patch-alts=v16.0.0,v16.0.1",
+			labels:         "security-patch=yes, security-patch-alts=v16.0.0,v16.0.1",
 			clFile:         mustOpen(t, "test-changelog.md"),
 			want:           mustRead(t, "expected-with-labels.md"),
 			wantErr:        false,
diff --git a/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md b/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md
index 87da499cc71e2..4a91b668129d2 100644
--- a/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md
+++ b/build.assets/tooling/cmd/release-notes/testdata/expected-with-labels.md
@@ -27,4 +27,4 @@ Download the current release of Teleport plugins from the links below.
 
 ---
 
-labels: security-path=yes, security-patch-alts=v16.0.0,v16.0.1
+labels: security-patch=yes, security-patch-alts=v16.0.0,v16.0.1