Add script to update Felix config in CE#2513
Conversation
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
❌ Deploy Preview for tigera failed. Why did it fail? →Built without sensitive environment variables
|
There was a problem hiding this comment.
Pull request overview
This PR adds a new bash script to automate updating Felix configuration files for Calico Enterprise from the upstream calico-private repository. The script fetches config-params.json files from various release branches and updates both the current development version and all versioned documentation.
Changes:
- Adds felix-update-config-ce.sh script that downloads Felix configuration JSON files from GitHub API
- Updates both master (current) and versioned documentation directories for Calico Enterprise
- Implements version-based branch name mapping logic to handle different release naming conventions
scripts/felix-update-config-ce.sh
Outdated
| curl -fsSL \ | ||
| -H "Authorization: token $GITHUB_TOKEN" \ | ||
| -H "Accept: application/vnd.github.v3.raw" \ | ||
| -o "$TMPFILE" \ | ||
| "$REMOTE_URL" | ||
|
|
||
| if jq -e . "$TMPFILE" >/dev/null 2>&1; then | ||
| echo "Success: $TMPFILE is valid JSON." | ||
| else | ||
| echo "Error: $TMPFILE contains invalid JSON." | ||
| exit 1 | ||
| fi | ||
|
|
||
| curl -fsSL \ | ||
| -H "Authorization: token $GITHUB_TOKEN" \ | ||
| -H "Accept: application/vnd.github.v3.raw" \ | ||
| -o "$LOCAL_PATH" \ | ||
| "$REMOTE_URL" |
There was a problem hiding this comment.
The curl commands lack error handling beyond the default behavior from 'set -e'. When curl fails, the error output goes to stderr but there's no user-friendly error message indicating which version or URL failed. Consider adding explicit error checking with informative messages, especially since this script processes multiple versions in a loop.
| curl -fsSL \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.raw" \ | |
| -o "$TMPFILE" \ | |
| "$REMOTE_URL" | |
| if jq -e . "$TMPFILE" >/dev/null 2>&1; then | |
| echo "Success: $TMPFILE is valid JSON." | |
| else | |
| echo "Error: $TMPFILE contains invalid JSON." | |
| exit 1 | |
| fi | |
| curl -fsSL \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.raw" \ | |
| -o "$LOCAL_PATH" \ | |
| "$REMOTE_URL" | |
| if ! curl -fsSL \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.raw" \ | |
| -o "$TMPFILE" \ | |
| "$REMOTE_URL"; then | |
| echo "Error: Failed to download JSON for version '$VERSION' from '$REMOTE_URL'." | |
| exit 1 | |
| fi | |
| if jq -e . "$TMPFILE" >/dev/null 2>&1; then | |
| echo "Success: $TMPFILE is valid JSON." | |
| else | |
| echo "Error: $TMPFILE contains invalid JSON for version '$VERSION' from '$REMOTE_URL'." | |
| exit 1 | |
| fi | |
| if ! curl -fsSL \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.raw" \ | |
| -o "$LOCAL_PATH" \ | |
| "$REMOTE_URL"; then | |
| echo "Error: Failed to write config for version '$VERSION' to '$LOCAL_PATH' from '$REMOTE_URL'." | |
| exit 1 | |
| fi |
scripts/felix-update-config-ce.sh
Outdated
| printf "%s\n" "${VERSIONS[@]}" | ||
|
|
||
| update_felix_config() { | ||
| #This function prints the target and source locations and |
There was a problem hiding this comment.
Missing space after hash in comment. Should be '# This function' for consistency with comment style at line 49.
| #This function prints the target and source locations and | |
| # This function prints the target and source locations and |
scripts/felix-update-config-ce.sh
Outdated
|
|
||
| update_felix_config() { | ||
| #This function prints the target and source locations and | ||
| #copies the source file to the target file. |
There was a problem hiding this comment.
Missing space after hash in comment. Should be '# copies the source file to the target file.' for consistency with comment style throughout the script.
| #copies the source file to the target file. | |
| # copies the source file to the target file. |
scripts/felix-update-config-ce.sh
Outdated
| if [ "$VERSION" == "3.20-2" ]; then | ||
| printf "%s\n" "Skipping $VERSION: No action required." | ||
| continue | ||
| fi |
There was a problem hiding this comment.
The hardcoded skip for version 3.20-2 lacks documentation explaining why this version should be skipped. This makes the script harder to maintain - future maintainers won't know if this skip is still necessary or can be removed. Add a comment explaining the reason for skipping this version.
scripts/felix-update-config-ce.sh
Outdated
| #This function prints the target and source locations and | ||
| #copies the source file to the target file. | ||
|
|
||
| TMPFILE=$(mktemp /tmp/remote-url-output.XXXXXX) |
There was a problem hiding this comment.
The mktemp command uses a template pattern '/tmp/remote-url-output.XXXXXX' which is not portable. On some systems (particularly macOS), mktemp requires a template suffix. The more portable approach is to use 'mktemp' without arguments (which uses the system's temp directory) or 'mktemp -t remote-url-output' for better cross-platform compatibility.
| TMPFILE=$(mktemp /tmp/remote-url-output.XXXXXX) | |
| TMPFILE=$(mktemp -t remote-url-output) |
scripts/felix-update-config-ce.sh
Outdated
| @@ -0,0 +1,90 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
The shebang uses '#!/bin/bash' which is inconsistent with other scripts in this directory. The update-component-versions.sh and serve-test.sh scripts use '#!/usr/bin/env bash', which is more portable and follows best practices for finding bash in different environments.
scripts/felix-update-config-ce.sh
Outdated
| update_felix_config() { | ||
| #This function prints the target and source locations and | ||
| #copies the source file to the target file. | ||
|
|
||
| TMPFILE=$(mktemp /tmp/remote-url-output.XXXXXX) | ||
| trap 'rm -f "$TMPFILE"' EXIT |
There was a problem hiding this comment.
The trap command sets up cleanup for the TMPFILE, but this cleanup only applies within the function scope where it's called. If the script exits from within this function (line 36), the trap will execute. However, if curl fails (lines 26-30 or 39-43) with the -f flag, it will return a non-zero exit code, causing the script to exit due to 'set -e' before the trap can clean up the temp file. Consider moving the trap to the global scope or using a different cleanup strategy.
| update_felix_config() { | |
| #This function prints the target and source locations and | |
| #copies the source file to the target file. | |
| TMPFILE=$(mktemp /tmp/remote-url-output.XXXXXX) | |
| trap 'rm -f "$TMPFILE"' EXIT | |
| TMPFILE="" | |
| cleanup() { | |
| if [[ -n "${TMPFILE:-}" && -f "$TMPFILE" ]]; then | |
| rm -f "$TMPFILE" | |
| fi | |
| } | |
| trap cleanup EXIT | |
| update_felix_config() { | |
| #This function prints the target and source locations and | |
| #copies the source file to the target file. | |
| cleanup | |
| TMPFILE=$(mktemp /tmp/remote-url-output.XXXXXX) |
scripts/felix-update-config-ce.sh
Outdated
| curl -fsSL \ | ||
| -H "Authorization: token $GITHUB_TOKEN" \ | ||
| -H "Accept: application/vnd.github.v3.raw" \ | ||
| -o "$LOCAL_PATH" \ | ||
| "$REMOTE_URL" |
There was a problem hiding this comment.
The script downloads the same file twice from the remote URL - once to TMPFILE for validation (lines 26-30) and again to LOCAL_PATH (lines 39-43). This is inefficient and doubles the API calls. Consider validating the TMPFILE and then moving it to LOCAL_PATH if validation passes, rather than downloading twice.
| curl -fsSL \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.raw" \ | |
| -o "$LOCAL_PATH" \ | |
| "$REMOTE_URL" | |
| mv "$TMPFILE" "$LOCAL_PATH" |
scripts/felix-update-config-ce.sh
Outdated
| curl -fsSL \ | ||
| -H "Authorization: token $GITHUB_TOKEN" \ | ||
| -H "Accept: application/vnd.github.v3.raw" \ | ||
| -o "$LOCAL_PATH" \ | ||
| "$REMOTE_URL" |
There was a problem hiding this comment.
The script does not verify that the target directory exists before attempting to write the file. If the directory 'calico-enterprise_versioned_docs/version-${VERSION}/_includes/components/FelixConfig/' doesn't exist, the curl command will fail. Consider adding a check or using 'mkdir -p' to create the directory structure if it doesn't exist.
ctauchen
force-pushed
the
felix-update-script-ce
branch
from
d6c13dd to
9808546
Compare
|
Closing this, folded all the CE work into #2510 |
1 participant
Following the work in #2510 , this PR adds a script that does the same thing for Calico Enterprise. Largely identical, but adds logic for authentication to private repository and funny business to determine CE branch names.
Product Version(s):
Issue:
Link to docs preview:
SME review:
DOCS review:
Additional information:
Merge checklist: