200 |
201 | Detailed information about the commit message goes here
202 | ```
203 |
204 | Both the title and the body of the commit message shoud not exceed
205 | 72 characters in length. i.e. Please keep the title length under 72
206 | characters, and the wrap the body of the message at 72 characters.
207 |
208 | Separate the title and the body by 1 empty line.
209 |
210 | Use the [imperative mood](https://chris.beams.io/posts/git-commit/#imperative)
211 | for the title, and don't add a period at the end.
212 |
213 | For the commit's message body, a period should come at the end of each
214 | sentence (unless the line is not a regular sentence, e.g. code).
215 |
216 | Here is an example of commit messages:
217 |
218 | Good:
219 | ```
220 | app-shells/bash: update ebuild to 5.3
221 |
222 | Gentoo upstream has unmasked bash 5.3 and declared it stable.
223 | This change updates the component to use the latest upstream ebuild.
224 | ```
225 |
226 | Bad:
227 | ```
228 | Update bash
229 |
230 | Updated bash to the latest one.
231 | ```
232 |
--------------------------------------------------------------------------------
/EMERITUS_MAINTAINERS.md:
--------------------------------------------------------------------------------
1 | # Flatcar Container Linux Emeritus Maintainers
2 |
3 | This file lists contributors to the Flatcar project whose maintainership rests.
4 | It is meant to provide a fast-track back to active maintainer status should the emeritus decide to do so.
5 |
6 |
7 | * William Light [@wrl](https://github.com/wrl)
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/MAINTAINERS.md:
--------------------------------------------------------------------------------
1 | # Maintainers
2 |
3 | See [Governance](https://github.com/flatcar/Flatcar/blob/main/governance.md) for governance, commit, and vote guidelines as well as maintainer responsibilities. Everybody listed in this file is a maintainer as per governance definition.
4 |
5 |
6 | ## Repositories
7 |
8 | ### Flatcar
9 | maintainers:
10 | * Thilo Fromm @t-lo
11 |
12 | ### scripts
13 | maintainers:
14 | * Kai Lüke @pothos
15 | * Gabriel Samfira @gabriel-samfira
16 | * Thilo Fromm @t-lo
17 | * Krzesimir Nowak @krnowak
18 | * Adrian Vladu @ader1990
19 | * Dongsu Park @dongsupark
20 | * Mathieu Tortuyaux @tormath1
21 | * Sayan Chowdhury @sayanchowdhury
22 | * Jeremi Piotrowski @jepio
23 | * James Le Cuirot @chewi
24 |
25 | ### Nebraska
26 | maintainers:
27 | * Ervin Racz @ErvinRacz
28 |
29 | ### flatcar-website
30 | maintainers:
31 | * Kai Lüke @pothos
32 | * Thilo Fromm @t-lo
33 | * Mathieu Tortuyaux @tormath1
34 |
35 | ### mantle
36 | maintainers:
37 | * Mathieu Tortuyaux @tormath1
38 |
39 | ### locksmith
40 | maintainers:
41 | * Mathieu Tortuyaux @tormath1
42 |
43 | ### update_engine
44 | maintainers:
45 | * Kai Lüke @pothos
46 | * Dongsu Park @dongsupark
47 |
48 | ### ue-rs
49 | maintainers:
50 | * Kai Lüke @pothos
51 | * Dongsu Park @dongsupark
52 |
53 | ### flatcar-linux-update-operator
54 | maintainers:
55 | * Mateusz Gozdek @invidian
56 |
57 | ### init
58 | maintainers:
59 | * Kai Lüke @pothos
60 |
61 | ### bootengine
62 | maintainers:
63 | * Kai Lüke @pothos
64 | * James Le Cuirot @chewi
65 |
66 | ### container-linux-config-transpiler
67 | maintainers:
68 | * Jeremi Piotrowski @jepio
69 |
70 | ### ign-converter
71 | maintainers:
72 | * Mathieu Tortuyaux @tormath1
73 |
74 | ### baselayout
75 | maintainers:
76 | * Kai Lüke @pothos
77 |
78 | ### sysext-bakery
79 | maintainers:
80 | * Kai Lüke @pothos
81 |
82 | ### flatcar-tutorial
83 | maintainers:
84 | * Mathieu Tortuyaux @tormath1
85 |
86 | ### flatcar-app-minecraft
87 | maintainers:
88 | * Jan Bronicki @John15321
89 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | [](https://www.flatcar.org/)
4 | [](https://app.element.io/#/room/#flatcar:matrix.org)
5 | [](https://kubernetes.slack.com/archives/C03GQ8B5XNJ)
6 | [](https://x.com/flatcar)
7 | [](https://hachyderm.io/@flatcar)
8 | [](https://bsky.app/profile/flatcar.org)
9 |
10 |
11 |
12 | # Flatcar Container Linux
13 |
14 | ## Mission statement
15 |
16 | _Flatcar Container Linux is a fully open source, minimal-footprint, secure by default and always up-to-date Linux distribution for running containers at scale._
17 |
18 | ## Code of Conduct
19 |
20 | We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
21 |
22 | Please contact [private Maintainer mailing list](maintainers@flatcar-linux.org) or the Linux Foundation mediator, Mishi Choudhary mishi@linux.com
23 | to report an issue.
24 |
25 | ## Releases
26 |
27 | See the [project website](https://www.flatcar.org/) for information about [current releases](https://www.flatcar.org/releases).
28 |
29 | ## Install and operate Flatcar
30 |
31 | Flatcar Container Linux has a dedicated [documentation site](https://www.flatcar.org/docs/latest/).
32 |
33 | The getting started guide has further links to the topics Ignition, local testing with QEMU, controlling automatic updates, and usage with cloud providers:
34 |
35 | * [Getting started](https://www.flatcar.org/docs/latest/installing/)
36 |
37 | **Does Flatcar run in my environment?** Consult the [interop-matrix](interop-matrix.md).
38 |
39 | **Does Flatcar have CIS Benchmarks?** Consult the [CIS reports](CIS/README.md).
40 |
41 | ## Report bugs and request features
42 |
43 | If you hit a bug, or have a feature request, please [file an issue](https://github.com/flatcar/Flatcar/issues/new/choose) right here in this github project.
44 | Please select the appropriate issue type to help us triage incoming requests. For example, if you would like a new package to be added to the base Flatcar image, use the "New Package Request" issue type. (In that specific case, please also see [adding new packages to the Flatcar Linux OS image](adding-new-packages.md) for general guidelines.)
45 |
46 | ### Chat
47 |
48 | For quick questions or for just hanging out with the community please use
49 | * Our matrix chat (via element.io): [https://app.element.io/#/room/#flatcar:matrix.org](https://app.element.io/#/room/#flatcar:matrix.org)
50 | * Our Slack channel in the Kubernetes Slack org: https://kubernetes.slack.com/archives/C03GQ8B5XNJ
51 |
52 | ### Discussions
53 |
54 | For more far-reaching topics please have a look at our [discussions](https://github.com/flatcar/Flatcar/discussions). Feel free to open a new discussion if you don't find an existing one covering your topic.
55 |
56 | ### Mailing lists
57 |
58 | Though the use of Github Discussions is encouraged (see above), we also maintain groups / mailing lists for a more old-fashioned way of having a discussion. Please note that we might consider to discontinue these mailing lists at some point in the future.
59 | * Flatcar Users: https://groups.google.com/g/flatcar-linux-user
60 | * Flatcar Devs: https://groups.google.com/g/flatcar-linux-dev
61 |
62 | ### Social Media/Fediverse
63 |
64 | You can follow the [Flatcar Mastodon account](https://hachyderm.io/@flatcar). While Mastodon, as an open platform, is our preferred social media channel, we also have an [account on X](https://x.com/flatcar).
65 |
66 | ## Participate and contribute
67 |
68 | If you are thinking of making a contribution, then please engage with the project as early as possible -- by commenting on an existing issue, or creating a new issue, on GitHub. Consider the project’s mission, and how your contribution furthers it.
69 | Making your intent visible early on can be a major factor for getting your work accepted.
70 |
71 | For the general guidelines on making PRs/commits easier to review, please check out the project's [contribution guidelines](CONTRIBUTING.md).
72 |
73 | For an introduction to the Flatcar SDK and a walk-through of common developer cases like customising the OS image (e.g. adding or upgrading packages), have a look at our [developer guides](https://www.flatcar.org/docs/latest/reference/developer-guides/); particularly the [howto on building custom images from source](https://www.flatcar.org/docs/latest/reference/developer-guides/sdk-modifying-flatcar/).
74 | The guides aim to provide a solid base for working with the SDK to help you filing successful PRs to the Flatcar project.
75 |
76 | ### Becoming a maintainer
77 |
78 | The Flatcar maintainer path is laid out in our [governance document](governance.md).
79 |
80 | ## Project status and roadmap - What's everybody working on, right now and in the future?
81 |
82 | 1. short-term concerns (bugs and minor enhancements) enter the project via our [issue tracker](https://github.com/flatcar/Flatcar/issues)
83 | 2. our [tactical board](https://github.com/orgs/flatcar/projects/7/views/1) reflects the issues and PRs the maintainers and the contributors are currently engaged with
84 | 3. items which are done will be assigned to an upcoming release on the [release board](https://github.com/orgs/flatcar/projects/7/views/8)
85 | in our release planning calls
86 |
87 | Lastly, epics like major features and long-term items are reflected in our [roadmap board](https://github.com/orgs/flatcar/projects/7/views/9).
88 |
89 | Check out our Matrix and Slack channels (mentioned above) for getting into contact with maintainers, and consider joining our Flatcar Developer Sync (next section below) where contributors and maintainers coordinate our work.
90 |
91 | ### Monthly Office hours and Developer Syncs
92 |
93 | We maintain a [Google Calendar](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com) ([iCal](https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics)) with both our Office Hours and Developer Sync meeting series which interested folks can comfortably import into the calendar app of their choice.
94 |
95 | Join us in our monthly [office hours meetings](../../discussions/categories/flatcar-office-hours) to engage with the Flatcar User community interactively, to learn about the project's directions, and to discuss contributions. We also conduct the occasional user-focused demo of technologies related to image-based Linux.
96 | Lastly, the call includes a brief Release Planning with an update on the changes in the next immediate releases.
97 |
98 | If you'd like to share something or if you have a pressing issue you'd like discussed, please let us know.
99 | Either comment on the respective meeting discussion, reach out to us on Matrix (see below), or simply join the meeting and speak up in the meeting's Q&A.
100 |
101 | **Flatcar Office Hours are on the second Wednesday of every month at 2:30pm UTC**
102 |
103 | * Meeting agendas are published in advance - check our [discussions section](../../discussions/categories/flatcar-office-hours) for examples.
104 | * Call link: [https://meet.flatcar.org/OfficeHours](https://meet.flatcar.org/OfficeHours)
105 | * A Youtube live stream (which also serves as the meeting's recording) will be published on the respective agenda when a meeting starts.
106 |
107 |
108 | **Flatcar Developer Syncs commence every 4th Wednesday of a month at 2:30pm UTC**
109 |
110 | While release planning is a recurring part of each community call we also conduct separate Developer Syncs for backlog grooming and task planning. We discuss Roadmap items, special projects, and day-to-day issues in these calls. If you want to participate and discuss or pick up work, that call is for you!
111 | Just like the Office Hours the call includes a brief Release Planning with an update on the changes in the next immediate releases.
112 |
113 | * Meeting agendas are published in advance - check our [discussions section](../../discussions/categories/flatcar-developer-sync) for examples.
114 | * Call link: [https://meet.flatcar.org/OfficeHours](https://meet.flatcar.org/OfficeHours)
115 | * A youtube live stream (which also serves as the meeting's recording) will be published on the respective agenda when a meeting starts.
116 |
117 | ## Release process
118 |
119 | Flatcar Container Linux follows an Alpha-Beta-Stable release process. New features and major version upgrades will enter the Alpha channel for initial testing, then transition to Beta, before landing in Stable.
120 |
121 | Note that unlike features, bug fixes for any release channel will be released to that respective channel directly, i.e. Alpha bug fixes will be included in the next Alpha, Beta fixes will directly go to Beta, and Stable fixes will be released with the next Stable.
122 |
123 | We plan our releases in a 14-day cadence. The maintainer team holds fortnightly release meetings - both as recurring part of our monthly [community calls](tree/main/community-meetings/) as well as a separate meeting in-between the monthly community call cadence. Up-to-date planning status is reflected in our [release planning board](https://github.com/orgs/flatcar/projects/7).
124 |
125 | ### LTS
126 |
127 | Some users prefer to avoid the operational impact of frequent version upgrades.
128 | For such users, the Flatcar project provides an "LTS channel".
129 | The LTS channel / branch is based on a "golden Stable" and is maintained for 18 months.
130 | A new LTS is branched from Stable every 12 months, leaving a 6 months window for LTS users to upgrade.
131 |
132 | ## Project governance
133 |
134 | Flatcar is a community-driven project, with community members participating through the following forums:
135 |
136 | * Contributors.
137 | * Maintainers.
138 |
139 | Every participant of the open source project - bug reporter, feature requester, code contributor - is considered a contributor.
140 |
141 | Maintainers have commit access to one or more repositories and help govern the project, driving it forward and maintaining its scope and vision.
142 | Please find more details in our [governance doc](governance.md).
143 |
144 | ## Repositories
145 |
146 | The github repositories that comprise Flatcar Container Linux can be found via the [organization](https://github.com/flatcar) page.
147 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Flatcar Security
2 | To keep Flatcar secure, the maintainers put a strong focus on tracking new and existing security issues.
3 | Dealing with Security concerns is owned by the [Flatcar Security team](https://github.com/orgs/flatcar/teams/flatcar-security-team), a sub-set of the Maintainers team, and elected by the Maintainers (see [governance.md](./governance.md)).
4 |
5 | While the team actively researches and tracks new and existing security issues, it may also be notified of issues via [security@flatcar-linux.org](mailto:security@flatcar-linux.org).
6 |
7 | The Security team meets in a fortnightly cadence, in a private video call.
8 | The team maintains an internal list of security Primaries and Secondaries, which are rotated on a weekly basis.
9 | Primary and Secondary are expected to actively engage in security work each day, including executing the Runbook (see below) and working on fixing ongoing security issues.
10 |
11 | Undisclosed security issues are tracked in a private repository only accessible by members of the security team.
12 | Public issues are tracked publicly in the project's main issue tracker.
13 |
14 | Security issues are addressed by releasing an updated OS image. Releases may be expedited depending on the issues' severity. For each release, release notes contain a concise list of security issues fixed. Also, a separate, detailed report on each of the issues addressed is part of every release.
15 |
16 | ## Daily security runbook for Security team primaries and secondaries
17 |
18 | The runbook below discusses steps for identifying new potential security issues and for making the issues known to the Flatcar project's maintainers and / or the other members of the Security team.
19 |
20 | Primaries are expected to execute the runbook at least once per day, optionally assisted or off-loaded by Secondaries.
21 |
22 | Every day look into upstream security trackers like below:
23 | - Gentoo security vulnerabilities. It might be useful to use gorss + RSS feed for this.
24 | - oss-security mailing list
25 | - Golang announce mailing list
26 | - Rust security announcements
27 | - (optional) issue trackers of other distros
28 | - Whenever we discover any new CVE, we add it to an internal database, and use automation tools to create a new issue about the CVE in [Flatcar GitHub issues](https://github.com/Flatcar/Flatcar/issues) with labels `security` and `advisory`.
29 | - If an issue of updating the specific package affected by the new CVE is already open in [Flatcar GitHub issues](https://github.com/Flatcar/Flatcar/issues), then unfortunately we need to manually edit the existing issue to add the new CVE.
30 |
--------------------------------------------------------------------------------
/adding-new-packages.md:
--------------------------------------------------------------------------------
1 | # Proposing new packages for inclusion into Flatcar Container Linux
2 |
3 | Flatcar Container Linux is a modern Linux distribution for running container workloads.
4 | To stay modern, the packages included need to be kept up-to-date, and sometimes new packages introduced.
5 | This documents explains the process for the latter.
6 |
7 | ## Project definition
8 |
9 | When proposing new packages for inclusion into Flatcar Container Linux, it's important to keep in mind how the project defines itself:
10 | _Flatcar Container Linux is a fully open source, minimal-footprint, secure by default and always up-to-date Linux distribution for running containers at scale._
11 |
12 | ## New package criteria
13 |
14 | As a minimal Linux distribution, the tools and applications included in Flatcar Container Linux are to be kept to a minimum.
15 | This is to reduce both the image size and attack surface.
16 | Package addition requests are evaluated with this in mind.
17 | Other criteria that are weighed are the following.
18 |
19 | - ***Secure by default***: Does the package increase the security of Flatcar?
20 | - ***Always up-to-date***: Is the package actively maintained?
21 | - ***Running containers***: Does the package make Flatcar more relevant for container environments?
22 | - ***At scale***: Does the package improve automation of or telemetry served by Flatcar and/or ease operational burden?
23 |
24 | ## How to propose a package for inclusion
25 |
26 | In order to propose a new package for inclusion, [open an issue using the "New Package Request" template](https://github.com/flatcar/Flatcar/issues/new?assignees=&labels=kind%2Fnew-package&template=new-package-request.md&title=New+Package+Request%3A+%5Bpackage-name%5D).
27 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-05-11-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-05-11-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-05-11.md:
--------------------------------------------------------------------------------
1 | # Flatcar community call Tuesday, 11th of May, 17:30 CEST
2 |
3 | - [Slide deck](2021-05-11-slides.pdf)
4 | - Youtube recording: [https://youtu.be/YBfq2fcjp8E](https://youtu.be/YBfq2fcjp8E)
5 |
6 | # Call Agenda
7 |
8 | ## Welcome
9 | - Introduction to the new community meetings
10 | - Meet the team
11 | - Review agenda
12 | - Introduction: Brief intro of the team and community members participating in the call
13 |
14 | ## Flatcar Interoperability
15 | Review of our work on interoperability and how we plan to track/report
16 |
17 | ## Upcoming releases
18 | We give a brief overview of upcoming releases and the features included.
19 |
20 | ## Spotlight: CAPI
21 | Details on our ClusterAPI work so far and future plans
22 |
23 | ## Community Q&A
24 | Open Q&A / discussion
25 |
26 |
27 | # Call Minutes
28 |
29 | The meeting largely followed the [slide deck](2021-05-11-slides.pdf). After the presentation, community participants raised a total of 3 questions.
30 |
31 | 1. The Flatcar team, Thilo, Sayan, Marga, Dongsu, Mathieu, Andy, Kai, and Iago introduce themselves.
32 | 2. Andy briefly addresses the future of Flatcar following Kinvolk's acquisition by Microsoft.
33 | - “[...] we want to assure the Flatcar community that Microsoft and the Kinvolk team will continue to collaborate with the larger Flatcar community on the evolution of Flatcar Container Linux.” - Brendan Burns, Microsoft
34 | - “This will not be a replay of the movie you’ve seen before. In fact, we and Microsoft are committed to doubling down on the Flatcar community: we want to expand the universe of partners, contributors, and users, to ensure a vibrant, successful and sustainable long-term future for Flatcar as a truly open, community-driven project.” - Chris Kühl, Kinvolk
35 | 3. Thilo introduces monthly community calls and the new community focus of the Flatcar project, overcoming and leaving behind its single vendor past.
36 | 4. Marga introduces the [interop matrix](../interop-matrix.md) as a means to track Flatcar's support of runtime environments (clouds, on premise, etc.).
37 | - Some environments, while supported, do not currently have an owner.
38 | - The project aims to have community owners who operate workloads / clusters in the respective environments, in the long term.
39 | 5. Andy elaborates on Flatcar's core philosophy and shares details on stabilisation process and on release cadence.
40 | - Alpha introduces new major versions, which then transition to Beta and Stable. Not every Alpha is promoted to Beta, not every Beta becomes Stable.
41 | - Frequent Alpha releases, every 2 weeks on average.
42 | - Beta release for (typically) every second Alpha, with patch releases in between.
43 | - Stable releases roughly every 2 months.
44 | - "golden" Stable to become LTS once a year.
45 | 6. Sayan summarises the last round of releases, and provides an outlook of upcoming releases.
46 | - April 28th round shipped new major Alpha (2857.0.0) and Beta (2823.1.0) versions, and patch level updates to Stable (2765.2.3) and to LTS (2605.15.1).
47 | - Alpha release removes `rkt` and `kubelet-wrapper`. The changes will transition to Beta in June, and to Stable in July.
48 | - Upcoming May 19th releases will ship a new major Alpha (2879.0.0) and patch level updates to Beta, Stable, and LTS.
49 | 7. Dongsu provide an overview of ClusterAPI, and elaborates on our work to add Flatcar support to CAPI.
50 | - CAPI utilises a management cluster to deploy workload clusters on a variety of inrastructure providers.
51 | - Adding OS support for providers requires a separate implementation for each; there is no unified standard for OS config.
52 | - OS images are provided via the ClusterAPI Image Builder project.
53 | - Workload clusters are provisioned via the ClusterAPI Bootstrap provider.
54 | - Current Flatcar status:
55 | - QEmu and AWS OS images supported for Flatcar in Image builder.
56 | - Bootstrap (kubeadm) Ignition support added to enable Flatcar OS config.
57 | - AWS provider Ignition support added to enable Flatcar OS config.
58 | - Future plans:
59 | - support other cloud providers (Metal3, Azure, vSphere, Tinkerbell, Equinix Metal)
60 | 8. Thilo shares call for action to the community to join the project
61 |
62 | ## Q&A
63 |
64 | - Q: **What's the relationship between ClusterAPI and Lokomotive?**
65 | - Iago: Currently, no direct relation. We plan to investigate using parts of CAPI in the future, e.g. provisioning, but we do not plan to support the full-blown management / workload clusters pattern at this time.
66 |
67 | - Q: **here seems to be a lack of bare metal deployments / supported platforms in the compatibility matrix - is this intentional? Do we exepct Flatcar to "just work" since it's using Linux? Is there potential to add bare metal platforms (we use / plan to use Flatcar primarily on bare metal)?**
68 | - Thilo: It's Linux, as long as it PXE boots, you should be fine.
69 | - Andy: Are we discussing a hardware compatibility list?
70 | - Jannik: Not quite, however since we'll be running on bare metal we'll also test our bare metal. We're willing to support the community for our use cases.
71 | - Vincent: Currently, if you run into issues it's best to just open a ticket. If you'd like to expose your work to the community (test results etc.) you're of course welcome to do so!
72 | - Kai: We cover bare metal PXE boot / ignition config implicitly by our Equinix Metal workloads / CI / release tests. Lokomotive also maintains a bare metal CI test which covers PXE boots and deployments.
73 | - Marga: It's a good point that our interop matrix currently does not discuss hardware support at all. For instance, it's tribal knowledge that Flatcar boots on Rasperry Pi (with some tweaks), but that's not documented anywhere.
74 | - Andy: This might be something we should involve the larger community with, e.g. establishing a hardware interop list for users' existing deployments. Individual users then could volunteer to keep that list up to date for new releases since they'd be testing the release on their hardware anyway.
75 | - Jannik: We could use the hardware interop doc to also share tweaks / notes for specific environments more easily.
76 |
77 | - Q: **Can you talk about ARM64 support? There's Alpha support, but what's the path to Beta and Stable?**
78 | - Thilo: It's work in progress, we staffed / resourced this concern very recently. Some plumbing level and package upgrades are necessary to make things work for Stable, these are being worked on as we speak.
79 | - Kai: A number of system components' tests are currently failing. We're also interested in hardware enablement, i.e. getting feedback on our ARM64 kernel config / modules on different ARM64 platforms. Other than that, it's about ensuring our release tests pass.
80 | - Thilo: We need to discuss this in terms of support levels - you could go ahead and use Alpha ARM64 support today, there are no deal breakers we know of - it will support your workload.
81 | It just won't support the entire range of Flatcar features, and some boot-up units might fail (SELinux in particular).
82 | We're working on bringing up these components on ARM64.
83 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-06-08-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-06-08-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-06-08.md:
--------------------------------------------------------------------------------
1 | # Flatcar community call Tuesday, 8th of June, 17:30 CEST
2 |
3 | - [Slide deck](2021-06-08-slides.pdf)
4 | - Youtube recording: [https://www.youtube.com/watch?v=cZ4o-ZD6r10&t=235s](https://www.youtube.com/watch?v=cZ4o-ZD6r10&t=235s)
5 |
6 | ## Welcome
7 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
8 | - Review the meeting agenda.
9 |
10 | ## Spotlight: Nebraska update server
11 | - Brief presentation of Flatcar’s open source update server.
12 |
13 | ## Spotlight: Nightlies, Tests, and Releases
14 | - Brief presentation of Flatcar’s test and releases process.
15 |
16 | ## Status update: ARM64
17 | - What’s done, what’s missing, and how to help.
18 |
19 | ## Releases review & planning
20 | - We share details of the May 19th release, some bumps encountered.
21 | - We plan the next releases, including new features, bug fixes, and related PRs.
22 |
23 | ## Q&A
24 | - Questions from community participants, answered by the Flatcar maintainers.
25 |
26 |
27 | # Call Minutes
28 |
29 | As usual, the meeting minutes will be added here after the call.
30 | [tbd.]
31 |
32 | ## Q&A
33 |
34 | No questions this time.
35 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-07-13-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-07-13-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-07-13.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar community call on Tuesday, 13th of July, 17:30 CEST
2 |
3 | ## Links for participants
4 | - [Slide deck](2021-07-13-slides.pdf)
5 | - Youtube live stream link (for passively watching): [http://www.youtube.com/watch?v=jcwH4ZTrXnk](http://www.youtube.com/watch?v=jcwH4ZTrXnk)
6 |
7 | ## Welcome
8 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
9 | - Review the meeting agenda.
10 |
11 | ## Spotlight: Flatcar Release Process
12 | - We will be talking about the Flatcar Release Process and Planning.
13 |
14 | ## Status update: ARM64
15 | - List of release tests that fail
16 | - Deep dive into selected test failures
17 |
18 | ## NEW: Release planning
19 | - Introducing our public release planning board
20 | - Items to be in the release of the week of July 21st
21 | - Community input wanted for upcoming releases!
22 |
23 | ## Q&A
24 | - Questions from community participants, answered by the Flatcar maintainers.
25 |
26 | # Call Minutes
27 |
28 | 1. Sayan introduces agenda for today:
29 | - Flatcar releases
30 | - Arm updates
31 | - Flatcar release planning
32 | - QA
33 | 2. Flatcar team introduce themselves: Sayan, Jeremi, Kai, Marga, William, Danielle (program manager for ARM support for Flatcar)
34 | 3. Kai talks about Flatcar Release Process
35 | - In contrast to regular distros, releases are not just bi-yearly but more frequent
36 | - Update granularity is whole image, not single packages
37 | - Releases are based on package updates, open PRs that are ready, and critical security fixes
38 | - Build is performed on private Jenkins instance, from scratch
39 | - Flatcar test suite runs on PRs
40 | - Big test run right before a release may uncover issues not found during development
41 | - Each release is signed and gets uploaded to our website and all supported cloud providers
42 | - Release planning happens every two weeks: review pending PRs and see if they can be fast tracked into the release
43 | - Release planning board has been made public today (https://github.com/orgs/kinvolk/projects/15) 😊 Community input is welcome!
44 | - Build/Test:
45 | - New SDK is produced on alpha release
46 | - Update signature is always cryptographically verified
47 | - Nightlies: packages from nightly builds can be consumed by SDK
48 | - Planned improvements to the CI process
49 | - Setting up a community accessible CI system (Concourse maybe)
50 | - Setting up automatic CI for PRs
51 | - Making release scripts independent of Jenkins and making it possible to build releases on dev machines
52 | 4. William talks about state of ARM64:
53 | - William lists failing test cases
54 | - A lot of test cases seem to be failing due to similar root causes, we hope the community can help investigate
55 | - Ongoing work in the ARM64 stream:
56 | - Polkit depends on spidermonkey, but spidermonkey is complex for cross-compilation and ARM64
57 | - We are going to replace spidermonkey with duktape like others in open source community have done
58 | - Help welcome! Find us on Matrix/IRC "wrl"
59 | 5. Sayan talks about recent releases:
60 | - Alpha 2920.0.0, Beta 2905.1.0
61 | - There will be monthly community call for release planning and a smaller bi-weekly to check progress
62 | - Sayan introduces the planning board (https://github.com/orgs/kinvolk/projects/15)
63 | - Columns for planned/in-progress/ready-for-review and items-completed for the closest update of alpha (and bumps of the other release channels).
64 |
65 | ## Q&A
66 |
67 | * Q (Adam): migrated from CoreOS to Flatcar for hosting bioinformatics workloads on Kubernetes. Hitting limits on ignition file sizes on AWS (16K), wondering about possibility of using compression to buy some more time (ignition v3). Is ignition the right thing to use, plans for upgrade (flatcar is currently on v2)?
68 | * A (Kai): Probably will upgrade to v3 at some point, but keep v2 support unlike upstream. For the AWS issue, recommend fetching bigger ignition payloads from S3, is secured by IAM.
69 |
70 | * Q (Adam): what's the practical difference between cloud-config vs. Ignition. If cloud-config works for us, should we still migrate?
71 | * A (Kai): differences: ignition runs during initramfs, before systemd from rootfs starts, allowing more customization and potentially sparing users from a reboot. Also ignition runs once and not on every boot. Coreos-cloudconfig is an independent Go implementation of the Python cloudconfig found in Ubuntu. It’s not actively developed but will stick around.
72 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-07-26.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar Release Planning call on Monday, 26th of July, 17:30 CEST
2 |
3 | ## Links for participants
4 | - Call (for actively participating): [https://zoom.us/j/99741357880](https://zoom.us/j/99741357880)
5 | - Youtube live stream link (for passively watching): https://www.youtube.com/watch?v=SM4lfaITzsI
6 | - Release Planning Board: [https://github.com/orgs/kinvolk/projects/15](https://github.com/orgs/kinvolk/projects/15)
7 |
8 | ## Welcome
9 | - Brief introduction of new participants or attendees
10 | - Status of the previous Flatcar Release
11 | - Planning for the upcoming release for the week of August 2nd.
12 |
13 | ## Q&A
14 | - Questions from community participants, answered by the Flatcar maintainers.
15 |
16 | # Call Minutes
17 | As usual, the meeting minutes will be added here after the call.
18 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-08-10-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-08-10-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-08-10.md:
--------------------------------------------------------------------------------
1 | # Flatcar community call Tuesday, 10th of August, 5:30 pm CEST
2 |
3 | - [Slide deck](2021-08-10-slides.pdf)
4 | - Youtube recording: [https://www.youtube.com/watch?v=Hy34rw7kax8](https://www.youtube.com/watch?v=Hy34rw7kax8)
5 |
6 | ## Welcome
7 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
8 | - Review the meeting agenda.
9 |
10 | ## News
11 | - New section! We will discuss news and happenings in the Flatcar world, including how the team handled issues recently with Cilium interoperability and an image availability failure.
12 |
13 | ## Spotlight: Docker 20.10 / cgroups v2 update
14 | - Docker 20 and CGroups v2 (unified mode) are coming to Flatcar Linux! We'll give an overview of the challenges and the implications, as well as discuss the timeline.
15 |
16 | ## Spotlight community committer: contributing to Flatcar
17 | - What it took Aniruddha to contribute to Flatcar and solve the locksmith reboot issue.
18 |
19 | ## Status update: ARM64
20 | - What’s done, what’s missing, and how to help.
21 |
22 | ## Releases review & planning
23 | - Update from our planning for the next releases, including new features, bug fixes, and related PRs.
24 |
25 | ## Q&A
26 | - Questions from community participants, answered by the Flatcar maintainers.
27 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-08-23.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar Release Planning call on Monday, August of 23rd, 17:30 CEST
2 |
3 | ## Links for participants
4 | - Call (for actively participating): [https://us06web.zoom.us/j/85781192057](https://us06web.zoom.us/j/85781192057)
5 | - Youtube live stream link (for passively watching): http://www.youtube.com/watch?v=TfmiNy5020g
6 | - Release Planning Board: [https://github.com/orgs/kinvolk/projects/15](https://github.com/orgs/kinvolk/projects/15)
7 |
8 | ## Welcome
9 | - Brief introduction of new participants or attendees
10 | - Status of the previous Flatcar Release
11 | - Planning for the upcoming release for the week of August 30th.
12 |
13 | ## Q&A
14 | - Questions from community participants, answered by the Flatcar maintainers.
15 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-09-14-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-09-14-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-09-14.md:
--------------------------------------------------------------------------------
1 | # Flatcar community call Tuesday, 14th of September, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
2 |
3 | - [Slide deck](2021-09-14-slides.pdf)
4 | - Youtube recording: http://www.youtube.com/watch?v=9YxsZYyQrkA
5 |
6 | ## Welcome
7 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
8 |
9 | ## News
10 | - We will discuss news and happenings in the Flatcar world, including our move out of the Kinvolk github org / website back into our own, features coming to the Flatcar community release images, and the results of our recent user survey.
11 |
12 | ## Spotlight: Equinix Metal's use of Flatcar Container Linux
13 | - Andy Holtzmann [@andy-v-h](https://github.com/andy-v-h) gives an introduction on EM's use of Flatcar.
14 |
15 | ## Status update: ARM64
16 | - Progress made, remaining items, and next steps.
17 | - Ed Vielmetti [@vielmetti](https://github.com/vielmetti) shares information on the "Works on ARM" project at Equinix Metal, inclunding hardware available today and in the near future.
18 |
19 | ## Releases review & planning (updated section!)
20 | - We'll wrap up changes for the upcoming release (week of September 20) and will plan items we aim to integrate for the release after that (week of October 4th).
21 |
22 | ## Q&A
23 | - Questions from community participants, answered by the Flatcar maintainers.
24 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-09-28.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar Release Team call on Tuesday, September 28th, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
2 |
3 | ## Links for participants
4 | * Zoom link: [https://us06web.zoom.us/j/82054240491](https://us06web.zoom.us/j/82054240491)
5 | * Meeting ID: 843 3611 6610
6 | * Passcode: 444888
7 | - Youtube live stream / recording: [https://www.youtube.com/watch?v=XbkHZMJlC8g](https://www.youtube.com/watch?v=XbkHZMJlC8g)
8 | - Release Planning Board: [https://github.com/orgs/flatcar-linux/projects/5](https://github.com/orgs/flatcar-linux/projects/5)
9 |
10 | ## Welcome
11 | - Brief introduction of new participants or attendees
12 | - Status of the previous Flatcar Release
13 | - Status/Planning for the release for the week of October 4th
14 | - Planning for the release for the week of October 18th
15 |
16 | ## Q&A
17 | - Questions from community participants, answered by the Flatcar maintainers.
18 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-10-19-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-10-19-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-10-19.md:
--------------------------------------------------------------------------------
1 | # Flatcar community call Tuesday, 19th of October, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
2 |
3 | - [Slide deck](2021-10-11-slides.pdf)
4 | - Youtube recording: [https://www.youtube.com/watch?v=YP9HnYxepVo](https://www.youtube.com/watch?v=YP9HnYxepVo)
5 |
6 | ## Welcome
7 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
8 |
9 | ## News
10 | - We will discuss news and happenings in the Flatcar world.
11 | - We will elaborate on recent issues with our CI infrastructure, and repercussions for people using the SDK or the developer container.
12 | - Today's call won't have a release planning section (there's a dedicated release planning coming up right next week).
13 | - We're participating in [Hacktoberfest](https://hacktoberfest.digitalocean.com/), your contribution to a Flatcar repo will count!
14 |
15 | ## Spotlight: Flatcar dev mini-projects
16 | - Support for Ignition v3
17 | - Flog, the automated changelog generator
18 | - SDK container
19 |
20 | ## Status update: ARM64
21 | - Progress made, remaining items, and next steps.
22 |
23 | ## Q&A
24 | - Questions from community participants, answered by the Flatcar maintainers.
25 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-10-26.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar Release Team call on Tuesday, October 26th, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
2 |
3 | ## Links for participants
4 | - Zoom link: [https://us06web.zoom.us/j/82054240491](https://us06web.zoom.us/j/82054240491)
5 | - Meeting ID: 820 5424 0491
6 | - Passcode: 444888
7 | - Youtube live stream / recording: [https://www.youtube.com/watch?v=xh-MkIoZvVw](https://www.youtube.com/watch?v=xh-MkIoZvVw)
8 | - Release Planning Board: [https://github.com/orgs/flatcar-linux/projects/5](https://github.com/orgs/flatcar-linux/projects/5)
9 |
10 | ## Welcome
11 | - Brief introduction of new participants or attendees
12 | - Status of the previous Flatcar Release
13 | - Status/Planning for the release for the week of November 1st
14 | - Planning for the release for the week of November 15th
15 |
16 | ## Q&A
17 | - Questions from community participants, answered by the Flatcar maintainers.
18 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-11-09.md:
--------------------------------------------------------------------------------
1 | # Flatcar community call Tuesday, 9th of November, 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
2 |
3 | - Zoom link: [https://us06web.zoom.us/j/84336116610](https://us06web.zoom.us/j/84336116610)
4 | - Meeting ID: 843 3611 6610
5 | - Passcode: 444888
6 | - Youtube live stream / recording: https://www.youtube.com/watch?v=5XCgOByOSeQ
7 |
8 | - Community Calls calendar (all future calls): [link](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com)
9 | - iCal version: [link](https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics)
10 |
11 | ## Welcome
12 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
13 |
14 | ## News
15 | - We will discuss news and happenings in the Flatcar world.
16 | - CGroups V2 are coming to stable
17 | - ARM64 goes beta
18 |
19 | ## Spotlight: Flatcar dev mini-projects
20 | - OpenSSL 3.0 in Alpha-3046.0.0 FIPS provider showcase
21 | - ignition-as-a-service: online ignition transpiler
22 | - Flatcar on Firecracker hack + demo
23 |
24 | ## Status update: ARM64
25 | - Progress made, next steps, and path to stable.
26 |
27 | ## Release planning
28 | - Status/Planning for the release for the week of November 15th
29 | - Planning for the release for the week of November 29th
30 |
31 | ## Q&A
32 | - Questions from community participants, answered by the Flatcar maintainers - e.g. feedback on the new Stable release w/ cgroups v2.
33 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-11-23.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar Release Team call on Tuesday, 23rd of November 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
2 |
3 | ## Links for participants
4 | - Zoom link: [https://us06web.zoom.us/j/82054240491](https://us06web.zoom.us/j/82054240491)
5 | - Meeting ID: 820 5424 0491
6 | - Passcode: 444888
7 | - Youtube live stream / recording: [https://www.youtube.com/watch?v=VUzMuZgFQfY](https://www.youtube.com/watch?v=VUzMuZgFQfY)
8 | - Release Planning Board: [https://github.com/orgs/flatcar-linux/projects/5](https://github.com/orgs/flatcar-linux/projects/5)
9 |
10 | ## Welcome
11 | - Brief introduction of new participants or attendees
12 | - Status of the previous Flatcar Release
13 | - Status/Planning for the release for the week of November 29th
14 | - Planning for the release for the week of December 13th
15 |
16 | ## Q&A
17 | - Questions from community participants, answered by the Flatcar maintainers.
18 |
--------------------------------------------------------------------------------
/attic/community-meetings/2021-12-17-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2021-12-17-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2021-12-17.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar community call on Friday, 17th of December 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
2 |
3 | - [Slide deck](2021-12-17-slides.pdf)
4 | - Youtube recording: [https://www.youtube.com/watch?v=1YsY9XEtF7Q](https://www.youtube.com/watch?v=1YsY9XEtF7Q)
5 |
6 | ## Welcome
7 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
8 |
9 | ## News
10 | - We will discuss news and happenings in the Flatcar world.
11 | - ARM64 goes stable
12 | - Flatcar CAPI support with CAPI release 1.1
13 |
14 | ## Q&A
15 | - Questions from community participants, answered by the Flatcar maintainers
16 |
--------------------------------------------------------------------------------
/attic/community-meetings/2022-01-11-slides.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flatcar/Flatcar/e1f2e41bcb0ae40e721ce9d355cdb42f5dcb32c2/attic/community-meetings/2022-01-11-slides.pdf
--------------------------------------------------------------------------------
/attic/community-meetings/2022-01-11.md:
--------------------------------------------------------------------------------
1 | # Agenda for the Flatcar community call on Tuesday, 11th of January 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
2 |
3 | - Zoom link: [https://us06web.zoom.us/j/84336116610](https://us06web.zoom.us/j/84336116610)
4 | - Meeting ID: 843 3611 6610
5 | - Passcode: 444888
6 | - Youtube live stream / recording: [link](https://www.youtube.com/watch?v=X_nqgXLOmLk)
7 | - [Slide deck](2022-01-11-slides.pdf)
8 | - Community Calls calendar (all future calls): [link](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com)
9 | - iCal version: [link](https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics)
10 |
11 |
12 | ## Welcome
13 | - Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
14 |
15 | ## News
16 | - 5.15 Kernel in Alpha
17 | - upcoming FOSDEM devroom talks overview
18 |
19 | ## Spotlight
20 | - 2021 recap - cgroupsv2, systemd updates, docker 20, ARM64
21 | - Flatcar on Raspberry Pi blog
22 | - Fleetlock (@aniruddha2000, @tormath1 )
23 |
24 | ## Release planning
25 | - Ongoing and upcoming releases (https://github.com/orgs/flatcar-linux/projects/5)
26 |
27 | ## Q&A
28 | - Questions from community participants, answered by the Flatcar maintainers
29 |
30 |
--------------------------------------------------------------------------------
/attic/community-meetings/README.md:
--------------------------------------------------------------------------------
1 | # Old-style community meeting agendas and presentation slides
2 |
3 | Community meeting planning / agendas has moved to [Github discussions](../../../../discussions/categories/community-meeting-agenda)
4 |
5 | This section in the attic contains agenda markdown files of "old style" Flatcar community calls where the agenda was agreed on in a PR instead of a github discussion.
6 | Also archived here are slide decks used in these meetings.
7 |
8 |
--------------------------------------------------------------------------------
/governance.md:
--------------------------------------------------------------------------------
1 | # Flatcar Project Governance
2 |
3 |
4 | Flatcar is a community based project, anyone who wants to participate is welcomed.
5 | We adopted the [CNCF code of Conduct](./CODE_OF_CONDUCT.md) as we pledge to be an opening and welcoming community for anyone who want to participate in it.
6 |
7 | The project is governed by a flat hierarchy - a group of people sharing a common vision of Flatcar in accordance to its mission statement.
8 |
9 | This goverance explains how the project is run.
10 |
11 | - [Values](#values)
12 | - [Maintainers](#maintainers)
13 | - [Becoming a Maintainer](#becoming-a-maintainer)
14 | - [Meetings](#meetings)
15 | - [CNCF Resources](#cncf-resources)
16 | - [Code of Conduct Enforcement](#code-of-conduct)
17 | - [Security Response Team](#security-response-team)
18 | - [Voting](#voting)
19 | - [Modifications](#modifying-this-charter)
20 |
21 | ## Values
22 |
23 | The Flatcar project, its leadership, and its maintainers embrace the following values:
24 |
25 | * Openness: Communication and decision-making happens in the open and is discoverable for future
26 | reference. As much as possible, all discussions and work take place in public
27 | forums and open repositories.
28 |
29 | * Fairness: All stakeholders have the opportunity to provide feedback and submit
30 | contributions, which will be considered on their merits.
31 |
32 | * Community over Product or Company: Sustaining and growing our community takes
33 | priority over shipping code or sponsors' organizational goals. Each
34 | contributor participates in the project as an individual.
35 |
36 | * Inclusivity: We innovate through different perspectives and skill sets, which
37 | can only be accomplished in a welcoming and respectful environment.
38 |
39 | * Participation: Responsibilities within the project are earned through
40 | participation, and there is a clear path up the contributor ladder into leadership
41 | positions.
42 |
43 | ## Maintainers
44 |
45 | Flatcar Maintainers have full access to most of the repositories in the [Flatcar project](https://github.com/orgs/flatcar/), except for very few repositories that contain sensitive information, e.g. for with undisclosed security issues (see [SECURITY.md](./SECURITY.md) for more information).
46 | Maintainers can merge PRs, approve PR builds+tests, and create and publish releases.
47 | Maintainers collectively manage the project's resources, interact with contributors, elect new maintainers, and remove inactive ones.
48 | The current list of maintainers can be found in [MAINTAINERS.md](./MAINTAINERS.md). Most maintainer access privileges are granted via membership of the Flatcar Github organisation's [Flatcar Maintainers team](https://github.com/orgs/flatcar/teams/flatcar-maintainers).
49 |
50 | This privilege is granted with some expectation of responsibility: maintainers
51 | are people who care about the Flatcar project and want to help it grow and
52 | improve. A maintainer is not just someone who can make changes, but someone who
53 | has demonstrated their ability to collaborate with the team, get the most
54 | knowledgeable people to review code and docs, contribute high-quality code, and
55 | follow through to fix issues (in code or tests).
56 |
57 | A maintainer is a contributor to the project's success and a citizen helping
58 | the project succeed.
59 |
60 | The collective team of all Maintainers is known as the Maintainer Council, which
61 | is the governing body for the project.
62 |
63 | ### Becoming a Maintainer
64 |
65 | Maintainers are active community members who are responsible for the overall quality and stewardship of the project, and are expected to remain actively involved in the project and participate in voting and discussing of proposed project level changes.
66 |
67 | Anyone with an established track record of contributions to the project can become a maintainer.
68 | The contributions are expected to be substantial, and must demonstrate a commitment to the long-term success of the project.
69 | Maintainership is not limited to engineering / development merits; all contributions - e.g. working with issues, providing guidance and feedback to users, reviewing PRs, contributing to docs, evangelising Flatcar - count.
70 | Becoming a maintainer is about building trust with the current maintainers of the project and being a person that they can depend on to make decisions in the best interest of the project in a consistent manner.
71 |
72 | Maintainer candidates should have demonstrated they:
73 | - Collaborate well.
74 | - Have a deep and comprehensive understanding of the Flatcar code base, technical goals, and directions.
75 | - Actively engage with major Flatcar feature proposals and implementations.
76 |
77 | The Flatcar project welcomes both development as well as community-focuses contributions.
78 | To gain maintainership, the following is expected:
79 | * commitment to the project's continued success:
80 | * participate in discussions, contributions, code and documentation reviews for 6 months or more,
81 | * actively evangelise Flatcar in at least 20 talks/presentations at 10 different conferences or meetups
82 | * organise and chair at least 15 maintainer events, e.g. bug fixing or doc writing days, with at least 5 maintainers participating each event
83 | * Contribute to the project's development
84 | * perform reviews for 30 non-trivial pull requests,
85 | * contribute 10 non-trivial pull requests and have them merged,
86 | * ability to write quality code and/or documentation,
87 | * ability to collaborate with the team,
88 | * demonstrated understanding of how the team works (policies, processes for testing and code review, etc),
89 | * understanding of the project's code base and coding and / or documentation style.
90 |
91 | Periodically, the existing maintainers curate a list of contributors that have shown regular activity on the project over the prior months.
92 | The nominating maintainer will create a PR to update the Maintainers List.
93 | It is recommended to describe the reasons for the nomination and the contribution of the nominee in the PR.
94 | Upon consensus of incumbent maintainers, the PR will be approved and the new maintainer becomes active.
95 |
96 | Maintainers who are selected will be granted the necessary GitHub rights.
97 |
98 |
99 | ### Removing a Maintainer
100 |
101 | Life priorities, interests, and passions can change.
102 | If you're a maintainer but feel you must remove yourself from the list, inform other maintainers that you intend to step down, and if possible, help find someone to pick up your work.
103 | At the very least, ensure your work can be continued where you left off.
104 | After you've informed other maintainers, create a pull request to remove yourself from the [MAINTAINERS](MAINTAINERS.md) file.
105 | If applicable, include a change to [EMERITUS_MAINTAINERS](EMERITUS_MAINTAINERS.md) to add yourself to the list of emeritus maintainers.
106 | This will ease your return to active maintainership in the future.
107 |
108 | Maintainers may also be removed after being inactive, failure to fulfill their
109 | Maintainer responsibilities, violating the Code of Conduct, or other reasons.
110 | Inactivity is defined as a period of very low or no activity in the project
111 | for a year or more, with no definite schedule to return to full Maintainer
112 | activity.
113 |
114 | A Maintainer may be removed at any time by a 2/3 vote of the remaining maintainers.
115 |
116 | Depending on the reason for removal, a Maintainer may be converted to Emeritus
117 | status. Emeritus Maintainers will still be consulted on some project matters,
118 | and can be rapidly returned to Maintainer status if their availability changes.
119 |
120 |
121 | ## Meetings
122 |
123 | Time zones permitting, Maintainers are expected to participate in the Flatcar Developer Syncs meeting every 4th Wednesday of a month.
124 | The meeting time observes the Universal Coordinated time. It occurs at 2:30pm UTC.
125 | Depending on your local timezone, the slot might be subject to summer time changes.
126 | * During daylight saving time, the meeting occurs at 8pm IST (IST does not observe daylight saving time) / 4:30pm CEST / 10:30am EDT / 7:30am PST.
127 | * Outside of daylight saving time, the meeting occurs at 8pm IST / 3:30pm CET / 9:30am EST / 6:30am PST.
128 |
129 | A calendar is available to ease planning. The calendar contains Developer syncs, project office hours, and one-off events like bug fixing or doc writing days.
130 | * Google calendar link: https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com
131 | * iCal link (for importing): https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics
132 |
133 | Maintainers will also have closed meetings in order to discuss security reports
134 | or Code of Conduct violations. Such meetings should be scheduled by any
135 | Maintainer on receipt of a security issue or CoC report. All current Maintainers
136 | must be invited to such closed meetings, except for any Maintainer who is
137 | accused of a CoC violation.
138 |
139 | ## CNCF Resources
140 |
141 | Any Maintainer may suggest a request for CNCF resources during a
142 | meeting. A simple majority of Maintainers approves the request. The Maintainers
143 | may also choose to delegate working with the CNCF to non-Maintainer community
144 | members, who will then be added to the [CNCF's Maintainer List](https://github.com/cncf/foundation/blob/main/project-maintainers.csv)
145 | for that purpose.
146 |
147 | ## Code of Conduct
148 |
149 | [Code of Conduct](./code-of-conduct.md)
150 | violations by community members will be discussed and resolved
151 | on the [private Maintainer mailing list](maintainers@flatcar-linux.org). If a Maintainer is directly involved
152 | in the report, the Maintainers will instead designate two Maintainers to work
153 | with the CNCF Code of Conduct Committee in resolving it.
154 |
155 | ## Security Response Team
156 |
157 | The Maintainers will appoint a Security Response Team to handle security reports.
158 | This committee is a sub-set of the Maintainer Council with full access to undisclosed security issues tracked by the project.
159 | Members of the Security Response team as well as respective access permissions to sensitive data are administrated via membership in the [Flatcar Github organisation's Security team](https://github.com/orgs/flatcar/teams/flatcar-security-team).
160 | The Maintainers will review who is assigned to this at least once a year.
161 |
162 | The Security Response Team is responsible for handling all reports of security
163 | issues and breaches according to the [security policy](./SECURITY.md).
164 |
165 | ## Voting
166 |
167 | While most business in Flatcar is conducted by "[lazy consensus](https://community.apache.org/committers/lazyConsensus.html)",
168 | periodically the Maintainers may need to vote on specific actions or changes.
169 | A vote can be taken on
170 | [the private Maintainer mailing list](maintainers@flatcar-linux.org) for security or conduct matters.
171 | Votes may also be taken at [Flatcar Developer Syncs meetings](https://meet.flatcar.org/OfficeHours). Any Maintainer may
172 | demand a vote be taken.
173 |
174 | Most votes require a simple majority of all Maintainers to succeed, except where
175 | otherwise noted. Two-thirds majority votes mean at least two-thirds of all
176 | existing maintainers.
177 |
178 | ## Modifying this Charter
179 |
180 | Changes to this Governance and its supporting documents may be approved by
181 | a 2/3 vote of the Maintainers.
182 |
--------------------------------------------------------------------------------
/interop-matrix.md:
--------------------------------------------------------------------------------
1 | # Flatcar inter-operation matrix
2 |
3 | This document tracks Flatcar inter-operability across environments.
4 |
5 | Ownership of an item implies ensuring test coverage in release tests of official Flatcar releases (L2 and above) as well as handling bugs and feature requests that affect the respective environment specifically.
6 | Please propose ownership by filing a PR for this document.
7 |
8 | ## Public cloud (machines)
9 |
10 | | Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
11 | |-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
12 | | EC2 | Partial | X | X | @flatcar/flatcar-maintainers | | IAM 2.0 support missing |
13 | | Azure | X | X | X | @flatcar/flatcar-maintainers | | |
14 | | GCE | X | X | X | @flatcar/flatcar-maintainers | | |
15 | | Digital Ocean (VMs) | X | X | X | @flatcar/flatcar-maintainers | | |
16 | | Equinix Metal | X | X | X | @flatcar/flatcar-maintainers | | |
17 | | ESXi / vSphere | X | X | X | @flatcar/flatcar-maintainers | | |
18 | | Hetzner Cloud | | X | | [no owner] | | |
19 | | Vultr VPS | | X | | [no owner] | | |
20 | | Cloudscale | | X | | [no owner] | | |
21 | | Oracle Cloud | | X | | [no owner] | | Bring-your-own-image on OCI VMs; install via Ubuntu on OCI bare metal |
22 | | Tencent | | | | [no owner] | | |
23 | | AliCloud | | | | [no owner] | | |
24 | | Yandex | | | | [no owner] | | |
25 | | Brightbox | X | X | X | @flatcar/flatcar-maintainers | | |
26 |
27 | ## Private Cloud (machines)
28 |
29 | | Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
30 | |-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
31 | | Azure Stack | | w/ caveat | | [no owner] | | controller node not supported on Flatcar (cloud-init feature missing) |
32 | | Tinkerbell | | X | | [no owner] | | |
33 | | Rancher (VMs) | | X | | [no owner] | | |
34 | | QEmu / KVM backed | X | X | X | @flatcar/flatcar-maintainers | | |
35 | | OpenStack | X | X | X | @flatcar/flatcar-maintainers | | |
36 | | VirtualBox | | X | | [no owner] | | |
37 | | Vagrant | | X | | [no owner] | | Isn't this plain qemu/kvm? |
38 |
39 | ## Managed Kubernetes
40 |
41 | | Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
42 | |-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
43 | | EKS | | X | | [no owner] | | |
44 | | GiantSwarm | | X | | Provider | | |
45 |
46 | ## Cluster API
47 |
48 | | Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
49 | |-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
50 | | CAPB | X | X | X (upstream) | Upstream | | Covered by CAPB release tests |
51 | | CAPA | X | X | X (upstream) | Upstream | | Covered by CAPA release tests |
52 | | CAPA EKS | | | | [no owner] | | |
53 | | CAPZ | | w/ caveat | | @flatcar/flatcar-maintainers | | WIP Prototype |
54 | | CAPV | | [no owner] | | | |
55 | | CAPM3 | | [no owner] | | | |
56 | | CAPG | | [no owner] | | | |
57 | | CAPO | | X | X (upstream) | Upstream | | |
58 |
59 | ## Kubernetes Distros
60 |
61 | | Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
62 | |-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
63 | | AKS Engine | | X | | [no owner] | | https://kinvolk.io/blog/2020/12/supercharging-aks-engine-with-flatcar-container-linux/ |
64 | | Rancher (rke) | | X | | [no owner] | | |
65 | | Rancher (rke2) | | | | [no owner] | | |
66 | | Lokomotive | X | X | X | @kinvolk/lokomotive-developers | | |
67 | | Tanzu KG | | X | | [no owner] | | |
68 | | K3s | | X | | [no owner] | | |
69 | | EKS-Distro | | X | | [no owner] | | |
70 | | KOPS | | X | | upstream | | |
71 | | Kubematic | | X | | [no owner] | | |
72 | | Gardener | | X | | [no owner] | | |
73 |
74 | ## Other
75 |
76 | Please add below what does not fit into any of the categories above.
77 |
78 | | Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
79 | |-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
80 | | | | | | | | |
81 |
--------------------------------------------------------------------------------
/sync-maintainers/README:
--------------------------------------------------------------------------------
1 | A personal access token with public_repo scope is needed.
2 | Usage:
3 |
4 | ```
5 | python3 -m venv venv
6 | . venv/bin/activate
7 | pip install -r requirements.txt
8 | ./sync-maintainers.py list
9 | ./sync-maintainers.py repo --repo=REPONAME
10 | GITHUB_TOKEN=... ./sync-maintainers github --repo=REPONAME
11 | ```
12 |
--------------------------------------------------------------------------------
/sync-maintainers/requirements.txt:
--------------------------------------------------------------------------------
1 | requests
2 | black
3 |
--------------------------------------------------------------------------------
/sync-maintainers/sync-maintainers.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import requests
3 | import json
4 | import subprocess
5 | import os
6 | import sys
7 | import argparse
8 |
9 |
10 | def parse(m):
11 | para = []
12 | repos = []
13 | while len(m):
14 | line = m.pop(0)
15 | if line == "# Maintainers":
16 | line = m.pop(0)
17 | while not line.startswith("#"):
18 | para.append(line)
19 | line = m.pop(0)
20 | if line.startswith("###"):
21 | repo = line.split("### ")[1].strip()
22 | maint = []
23 | m.pop(0) # maintainers:
24 | line = m.pop(0)
25 | while line.startswith("* "):
26 | maint.append(line)
27 | line = m.pop(0) if len(m) else ""
28 | if repo != "Flatcar":
29 | repos.append((repo, maint))
30 | return para, repos
31 |
32 |
33 | MAINTAINERS_TEMPLATE = """# Maintainers
34 |
35 | {maintainers}
36 |
37 | {paragraph}
38 |
39 | The contents of this file are synchronized from [Flatcar/MAINTAINERS.md](https://github.com/flatcar/Flatcar/blob/main/MAINTAINERS.md).
40 | """
41 |
42 |
43 | def write_maintainers_file(repo_name, paragraph, maintainers):
44 | maintainers_entry = "\n".join(maintainers)
45 | maintainers_content = MAINTAINERS_TEMPLATE.format(
46 | maintainers=maintainers_entry, paragraph=paragraph
47 | )
48 | repo_filename = f"{repo_name}/MAINTAINERS.md"
49 | with open(repo_filename, "w") as f:
50 | f.write(maintainers_content)
51 |
52 |
53 | BRANCH_NAME = "sync-maintainers"
54 |
55 |
56 | def checkout_branch(repo_name):
57 | return subprocess.run(
58 | ["git", "-C", repo_name, "checkout", "-B", BRANCH_NAME, "origin/HEAD"],
59 | check=True,
60 | )
61 |
62 |
63 | def commit(repo_name):
64 | subprocess.run(["git", "-C", repo_name, "add", "MAINTAINERS.md"], check=True)
65 | subprocess.run(
66 | [
67 | "git",
68 | "-C",
69 | repo_name,
70 | "commit",
71 | "-m",
72 | "Sync maintainers file from flatcar/flatcar repository",
73 | ],
74 | check=True,
75 | )
76 |
77 |
78 | def push(repo_name):
79 | subprocess.run(
80 | ["git", "-C", repo_name, "push", "--force", "origin", BRANCH_NAME], check=True
81 | )
82 |
83 |
84 | def parse_maintainers(repo=None):
85 | maint_file = "../MAINTAINERS.md"
86 | with open(maint_file) as f:
87 | m = f.read().splitlines()
88 | para, repos = parse(m)
89 | paragraph = "\n".join(para).strip()
90 | if repo:
91 | repos = [r for r in repos if r[0] == repo]
92 | return repos, paragraph
93 |
94 |
95 | def main_repo(args):
96 | repos, paragraph = parse_maintainers(args.repo)
97 | for (repo_name, maintainers) in repos:
98 | repo_url = f"git@github.com:flatcar/{repo_name}"
99 | subprocess.run(["git", "clone", "--depth=1", repo_url])
100 | checkout_branch(repo_name)
101 | write_maintainers_file(repo_name, paragraph, maintainers)
102 | commit(repo_name)
103 | push(repo_name)
104 |
105 |
106 | def prepare_req(repo, token, api):
107 | api = "/" + api if api else ""
108 | url = f"https://api.github.com/repos/flatcar/{repo}{api}"
109 | headers = {
110 | "Accept": "application/vnd.github+json",
111 | f"Authorization": "Bearer {token}",
112 | }
113 | return url, headers
114 |
115 |
116 | def get_pr(repo, token):
117 | url, headers = prepare_req(repo, token, "pulls")
118 | params = {"state": "open", "head": f"flatcar:{BRANCH_NAME}"}
119 | return requests.get(url, headers=headers, params=params)
120 |
121 |
122 | def get_default_branch(repo, token):
123 | url, headers = prepare_req(repo, token, "")
124 | resp = requests.get(url, headers=headers).json()
125 | return resp["default_branch"]
126 |
127 |
128 | def create_pr(repo, token, base):
129 | url, headers = prepare_req(repo, token, "pulls")
130 | data = {
131 | "title": "Sync MAINTAINERS.md",
132 | "head": f"flatcar:{BRANCH_NAME}",
133 | "base": base,
134 | }
135 | return requests.post(url, headers=headers, json=data)
136 |
137 |
138 | def update_assignees(repo, token, pr, assignees):
139 | url, headers = prepare_req(repo, token, f"pulls/{pr}/requested_reviewers")
140 | data = {"reviewers": assignees}
141 | return requests.post(url, headers=headers, json=data)
142 |
143 |
144 | def get_assignees(maintainers):
145 | assignees = [e.split("@")[1] for e in maintainers]
146 | return assignees
147 |
148 |
149 | def main_github(args):
150 | token = os.getenv("GITHUB_TOKEN")
151 | if not token:
152 | raise Exception("Missing GITHUB_TOKEN env variable")
153 | repos, _ = parse_maintainers(args.repo)
154 | for (repo_name, maintainers) in repos:
155 | pr = get_pr(repo_name, token).json()
156 | if not pr:
157 | print(f"{repo_name} creating pr")
158 | base = get_default_branch(repo_name, token)
159 | pr = [create_pr(repo_name, token, base).json()]
160 | prnum = pr[0]["number"]
161 | assignees = get_assignees(maintainers)
162 | resp = update_assignees(repo_name, token, prnum, assignees)
163 | if resp.status_code != 201:
164 | print(resp.json())
165 | else:
166 | print("{repo_name} ok")
167 |
168 |
169 | def main_list(args):
170 | repos, _ = parse_maintainers()
171 | for (repo_name, _) in repos:
172 | print(repo_name)
173 |
174 |
175 | parser = argparse.ArgumentParser(prog="sync-maintainers.py")
176 | subparser = parser.add_subparsers(required=True, dest="cmd")
177 | parser_repo = subparser.add_parser("repo", help="perform git repository operations")
178 | parser_repo.add_argument("--repo", help="Repository to operate on; default all")
179 | parser_repo.set_defaults(func=main_repo)
180 | parser_github = subparser.add_parser(
181 | "github", help="perform github pull request operations"
182 | )
183 | parser_github.add_argument("--repo", help="Repository to operate on; default all")
184 | parser_github.set_defaults(func=main_github)
185 | parser_list = subparser.add_parser("list", help="list all repositories with entries")
186 | parser_list.set_defaults(func=main_list)
187 |
188 | if __name__ == "__main__":
189 | args = parser.parse_args()
190 | args.func(args)
191 |
--------------------------------------------------------------------------------