This is a feature request.

The bot should be able to not push to krew on prerelease tags.

Goreleaser has a setting that can optionally make the GitHub release a prerelease based on either a parameter or the tag name. Right now, the bot doesn't have matching logic, and the Goreleaser action doesn't have an output to determine if it was a prerelease. There are ways to handle this today, but all of them have some drawbacks:

1. Use a separate workflow
   I don't need to use a separate workflow for goreleaser, so making the krew-release-bot a separate workflow is difficult.

2. Add an if step to the workflow, something roughly like:

      - name: Check Tag
        id: check-tag
        run: |
          if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
              echo ::set-output name=match::true
          fi
      - name: Build
        if: steps.check-tag.outputs.match == 'true'
        run: |
          echo "Tag is a match"

That's a little tricky because that regex in the example is super raw. We could look at the goreleaser source to get the right pattern, and that solves it for the case where goreleaser.yml has prerelease: auto.

I propose a cleaner solution, where the krew-release-bot can query the release, and if it's a prerelease, it won't execute. There could be a variable in the action to always release, even on prereleases, if necessary. But I believe that the default should be for the krew-release-bot to ignore prerelease tags.

create separate binaries for github action and webhook

add github action to publish image to ghcr on release tags

@rajatjindal I am a user of this amazing tool. I appreciate your work.

I got the error below.

time="2022-01-20T13:38:29Z" level=fatal msg="expected status code 200 got 500. body: opening pr: authentication required"

I haven't changed the configuration since it worked fine with GitHub Actions.
My configuration of GitHub Actions here.
https://github.com/kei6u/kubectl-explore/blob/7a6942bbb41875ff330bb02aae76487e169209da/.github/workflows/release.yaml#L1-L24

Could you look into this case?

Please have a really small example if you can, then just have 1 go example.

Then, for everything else, link to other repos as the examples.

I tried to set this up for another plugin, but I get the following error:

time="2020-11-07T13:09:30Z" level=info msg="using template file \"/github/workspace/.konfig.yaml\""
time="2020-11-07T13:09:30Z" level=info msg="getting sha256 for v0.2.4 bundle.tar.gz (download)"
time="2020-11-07T13:09:31Z" level=info msg="downloaded file /tmp/156726157/1604754570"
time="2020-11-07T13:09:31Z" level=fatal msg="failed to get plugin name from processed template.\nerr: error converting YAML to JSON: yaml: line 8: did not find expected '-' indicator"

Link: https://github.com/corneliusweig/konfig/runs/1367721586?check_suite_focus=true

Can you tell what's going on?

I've just released v0.8.0 kubectx repo which has ctx and ns plugins.
One worked.
One failed.

https://github.com/ahmetb/kubectx/runs/459044199

Error:

time="2020-02-20T23:13:07Z" level=info msg="using template file \"/github/workspace/.krew/ns.yaml\""
time="2020-02-20T23:13:07Z" level=info msg="getting sha256 for https://github.com/ahmetb/kubectx/archive/v0.8.0.tar.gz"
time="2020-02-20T23:13:07Z" level=info msg="downloaded file /tmp/228467540/1582240387"
time="2020-02-20T23:13:09Z" level=fatal msg="expected status code 200 got 500. body: opening pr: non-fast-forward update: refs/heads/ahmetb-kubectx-v0.8.0\n"

Can you please investigate @rajatjindal? Thanks.

Hey, I'm on v0.0.43. I got error:

time="2022-11-02T23:05:22Z" level=fatal msg="expected status code 200 got 500. body: opening pr: non-fast-forward update: refs/heads/ahmetb-foreach-kubectl-foreach-v0.2.0"

because I basically had a bad commit, so I had to git reset --hard HEAD~1, make a new commit, and git push -f to my master branch.

I'm not sure where the http500 is coming from while opening a PR to krew-index, because the history rewriting happened in my own repo ahmetb/kubectl-foreach. I assume the error message is not fully accurate.

Any ideas if the repo is cached somewhere? If so where would that be, so we can clear it (or fix this) to unblock?

this project should be fairly easy to integrate w/ Cloud Run Button for people who want to self-deploy their own krew-release-bot's.

I suspect it only needs to prompt for GITHUB_TOKEN.

In the future if people want to secure it, you can also require an user-configured KREW_BOT_TOKEN so that the webhook has basic auth.

Occasionally we have a release fail. This isn't due to any bugs in the bot code, but maybe we generated an invalid krew-index update, and this can't be merged because it fails CI.

When this happens, we get stuck, unable to use the bot and have to manually create a krew release because the bot uses deterministic branch names that can't be pushed to.

For example, after creating a broken krew-index release for an update to a project, I fixed the problem and the bot fails with:

time="2021-07-20T15:18:53Z" level=fatal msg="expected status code 200 got 500. body: opening pr: non-fast-forward update: refs/heads/schemahero-schemahero-schemahero-v0.12.3"
Post Checkout

From what I understand this is doing, if the bot were to use a new branch name, we wouldn't have this problem and the bot would recover from this error state properly.

Are there options today that we can specify to remediate, or do we need to manually create the krew-index PR after this state?

• simplify and move webhook to its own package.

add first class support for circleci

Allow something like PLUGIN_MANIFEST_TEMPLATE so that people can customize /.krew.yaml path to something like misc/templates/myplugin.yaml.tpl.

This would get rid of the 1 plugin per repo limitation.

Currently the package github was pinned to v29.0.3 which was released back at Feb 11, 2020 - 3 years ago.

• https://github.com/rajatjindal/krew-release-bot/blob/v0.0.44/go.mod#L7
• https://github.com/rajatjindal/krew-release-bot/blob/v0.0.44/pkg/releaser/git.go#L9
• https://github.com/rajatjindal/krew-release-bot/blob/v0.0.44/pkg/source/actions/webhook.go#L11
• https://github.com/rajatjindal/krew-release-bot/blob/v0.0.44/pkg/source/actions/action_runner.go#L13
• https://github.com/rajatjindal/krew-release-bot/blob/v0.0.44/vendor/modules.txt#L35-L38
• https://github.com/rajatjindal/krew-release-bot/tree/v0.0.44/vendor/github.com/google/go-github/v29

Maybe it could be bump to v50+ for getting bug fixes, new features?

• https://github.com/google/go-github/releases

$ sed -i "" -e 's/v29 v29.0.3/v50 v50.2.0/g' go.mod
$ sed -i "" -e 's/v29/v50/g' pkg/releaser/git.go
$ sed -i "" -e 's/v29/v50/g' pkg/source/actions/webhook.go
$ sed -i "" -e 's/v29/v50/g' pkg/source/actions/action_runner.go
$ go mod vendor
$ go mod tidy

Hi, I am a developer from gitlab.cn Team. Recently, I've been working on some kubectl plugins on GItLab, so I hope krew-release-bot will support GItLab.

For example, the krew_template_file setting is undocumented:

with:
  krew_template_file: .krew/ns.yaml 

Maybe there are even more undocumented features?

Hi!

The bot has been working flawlessly up until now when I'm seeing an error about the scope 'workflow' missing:
https://github.com/XenitAB/azad-kube-proxy/runs/1943752139?check_suite_focus=true

Is this something on my side I need to take care of or is it something wrong with the bot / GitHub permissions?

I'm getting an error like:

...
time="2022-08-29T21:16:48Z" level=info msg="downloaded file /tmp/768358419/1661807808"
time="2022-08-29T21:16:48Z" level=fatal msg="failed to get plugin name from processed template.
err: error converting YAML to JSON: yaml: line 19: did not find expected '-' indicator"

I'm using rajatjindal/[email protected] action.

My template looks like the following:

apiVersion: krew.googlecontainertools.github.com/v1alpha2
kind: Plugin
metadata:
  name: foreach
spec:
  version: {{ .TagName }}
  homepage: https://github.com/ahmetb/kubectl-foreach
  shortDescription: Run kubectl commands against some/all contexts in parallel
  description: |
    Lets you run the same kubectl command against multiple contexts
    simultaneously and prints their output, prefixed by context name.
    You can choose or exclude contexts with exact name match or regular
    expression patterns.
  platforms:
    - selector:
        matchLabels:
          os: darwin
          arch: amd64
      {{addURIAndSha "https://github.com/ahmetb/kubectl-foreach/releases/download/{{ .TagName }}/kubectl-foreach_{{ .TagName }}_darwin_amd64.tar.gz" .TagName }}
      bin: kubectl-foreach
    - selector:
        matchLabels:
          os: darwin
          arch: arm64
      {{addURIAndSha "https://github.com/ahmetb/kubectl-foreach/releases/download/{{ .TagName }}/kubectl-foreach_{{ .TagName }}_darwin_arm64.tar.gz" .TagName }}
      bin: kubectl-foreach
    - selector:
        matchLabels:
          os: linux
          arch: amd64
      {{addURIAndSha "https://github.com/ahmetb/kubectl-foreach/releases/download/{{ .TagName }}/kubectl-foreach_{{ .TagName }}_linux_amd64.tar.gz" .TagName }}
      bin: kubectl-foreach
    - selector:
        matchLabels:
          os: linux
          arch: arm64
      {{addURIAndSha "https://github.com/ahmetb/kubectl-foreach/releases/download/{{ .TagName }}/kubectl-foreach_{{ .TagName }}_linux_arm64.tar.gz" .TagName }}
      bin: kubectl-foreach
    - selector:
        matchLabels:
          os: windows
          arch: amd64
      {{addURIAndSha "https://github.com/ahmetb/kubectl-foreach/releases/download/{{ .TagName }}/kubectl-foreach_{{ .TagName }}_windows_amd64.tar.gz" .TagName }}
      bin: kubectl-foreach.exe

Link to examples people can copy paste, e.g.

• Example: kubectl-whoami plugin (Go) - .krew.yml - Github Workflow
• Example: kubectl-tree plugin (Go) - .krew.yml - Github Workflow
• Example: (maybe a bash based example)

We currently say

... on behalf of User.

Maybe we should prepend that with @ so that:

1. repo owner gets notified and gets automatically subscribed to the PR
2. no need to construct a link as @$USER gets automatically highlighted + work with various chrome extensions

Templating is always hard. It would be nice if it were somehow possible to test the rendered manifest without having to run it on GitHub.

For example, the addURIAndSha and TagName could just render some dummy values. This would make it easier to spot whitespace issues.

Thanks for this bot. We are looking to use this bot with our hosted custom plugin index.
ref: https://krew.sigs.k8s.io/docs/developer-guide/custom-indexes/

Is that possible? If not, could that be supported?

There was one case when the krew-release-bot ran into a 404 error as he'd tried to download the released binary.

I suspect that this rather was a failure on the CDN of GitHub as the released binaries should already have been present. When I tried to download the file manually (by clicking the link in the browser window) it succeeded right away.

do not download again when calculating sha256 if same url is requested again

First of all: thanks for this effort, will save all the krew plugin packaging people a lot of time!

I've been integrating the release bot for the release automation of the kubectl-virt-plugin, where I stumbled over this error here: https://github.com/kubevirt/kubectl-virt-plugin/runs/1571142549?check_suite_focus=true#step:4:11

Unfortunately there's no output of the actual krew manifest generated, so I can't really see what's going on. So I'm turning to you in the hopes that you might see what I did configure wrong in the plugin manifest template.

Some people can not or do not want to use GitHub actions. For those it would be great to have instructions how to use the bot outside of GH actions.

remove webhook/GH app references, just show the GH Workflow (Action) examples

I suspect nobody in krew maintainers will want to maintain any other solution.

Hello

Thank you for your work but I am having some problem integrating this action in my release workflow. This is the error I currently get described in the repository I am attempting the integration

profefe/kube-profefe#41

This is the currently deployed version of the plugin in krew-index

Do you have any feedback for me?
Thanks

• need to add a new cicd provider local

So I installed this to https://github.com/ahmetb/kubectl-tree/ repo. It has access to my repo.

I already have .krew.yaml: https://github.com/ahmetb/kubectl-tree/blob/master/.krew.yaml

I use GitHub Actions with GoReleaser, so my build artifacts arrive to the repo 2-3 minutes later, since it takes time to build.

I see no pull request created to krew-index repository.

Some things to note, and some suspicions:

• plugin doesn't exist in repo yet, maybe this is the issue.
• artifacts are uploaded several minutes later. this might be causing the issue.
• I cannot debug this process. maybe it's a template error, how will I know? if this was a webhook I could go to delivered payloads and read the error possibly

I like the experience that I don't have to write YAML for Github Actions. So GitHub Apps are superior in this case, but there's too much of a black-box. I wish users could go to a web UI and see recent deliveries and their logs.

/cc @corneliusweig

Still trying to release the new version of the kubectl-virt-plugin. Stuck on this error:
https://github.com/kubevirt/kubectl-virt-plugin/runs/1577361409?check_suite_focus=true#step:4:11

Currently my plugin manifest template looks like this, so the error should be resolved no? Or must none of the URLs in the text point towards somewhere else?
https://github.com/kubevirt/kubectl-virt-plugin/blob/master/.krew.yaml#L42

Would appreciate your help on this very much, thanks!

So I've made a mess here with .krew.yaml and needed to release a new version. (kubernetes-sigs/krew-index#444)

But when I've released a newer version, bot got some errors and the previous PR wasn't closed.

/usr/bin/docker run --name rajatjindalkrewreleasebotv0031_794f6a --label 671ee6 --workdir /github/workspace --rm -e GOROOT -e INPUT_WORKDIR -e INPUT_KREW_TEMPLATE_FILE -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/kubepug/kubepug":"/github/workspace" rajatjindal/krew-release-bot:v0.0.31
time="2020-01-19T21:09:39Z" level=info msg="using template file \"/github/workspace/.krew.yaml\""
time="2020-01-19T21:09:39Z" level=info msg="getting sha256 for https://github.com/rikatz/kubepug/releases/download/v0.2.3/kubepug_darwin_amd64.tar.gz"
time="2020-01-19T21:09:40Z" level=info msg="downloaded file /tmp/113529204/1579468179"
time="2020-01-19T21:09:40Z" level=info msg="getting sha256 for https://github.com/rikatz/kubepug/releases/download/v0.2.3/kubepug_linux_amd64.tar.gz"
time="2020-01-19T21:09:40Z" level=info msg="downloaded file /tmp/780636227/1579468180"
time="2020-01-19T21:09:40Z" level=info msg="getting sha256 for https://github.com/rikatz/kubepug/releases/download/v0.2.3/kubepug_windows_amd64.zip"
time="2020-01-19T21:09:40Z" level=info msg="downloaded file /tmp/008821446/1579468180"
time="2020-01-19T21:09:41Z" level=fatal msg="expected status code 200 got 500. body: opening pr: non-fast-forward update: refs/heads/rikatz-kubepug-v0.2.3\n"
##[error]Docker run failed with exit code 1

I just tried the GitHub Action here https://github.com/corneliusweig/rakkess/runs/409914601?check_suite_focus=true.

It looks like the action failed, because the addURIAndSha appears on the same line as -:

platforms:
    - {{ addURIAndSha "https://github.com/corneliusweig/rakkess/releases/download/{{ .TagName }}/access-matrix-amd64-linux.tar.gz" .TagName }}
      bin: access-matrix
      files:
        - from: ./LICENSE
          to: .
        - from: ./access-matrix-amd64-linux
          to: access-matrix
      selector:
        matchLabels:
          os: linux
          arch: amd64

This is the log for the run:

time="2020-01-26T23:47:04Z" level=info msg="using template file "/github/workspace/hack/access-matrix.yaml""
time="2020-01-26T23:47:04Z" level=info msg="getting sha256 for https://github.com/corneliusweig/rakkess/releases/download/v0.4.3/access-matrix-amd64-linux.tar.gz"
time="2020-01-26T23:47:04Z" level=info msg="downloaded file /tmp/004308497/1580082424"
time="2020-01-26T23:47:04Z" level=info msg="getting sha256 for https://github.com/corneliusweig/rakkess/releases/download/v0.4.3/access-matrix-amd64-darwin.tar.gz"
time="2020-01-26T23:47:05Z" level=info msg="downloaded file /tmp/853989436/1580082424"
time="2020-01-26T23:47:05Z" level=info msg="getting sha256 for https://github.com/corneliusweig/rakkess/releases/download/v0.4.3/access-matrix-amd64-windows.zip"
time="2020-01-26T23:47:05Z" level=info msg="downloaded file /tmp/468274795/1580082425"
time="2020-01-26T23:47:05Z" level=fatal msg="error converting YAML to JSON: yaml: line 8: did not find expected '-' indicator"

Is that possible? Or maybe I made some other blunder..

add an example for bash based plugin action