diff --git a/.github/skills/ama-logs-update-charts-release-notes/SKILL.md b/.github/skills/ama-logs-update-charts-release-notes/SKILL.md new file mode 100644 index 000000000..7e8620ce2 --- /dev/null +++ b/.github/skills/ama-logs-update-charts-release-notes/SKILL.md @@ -0,0 +1,219 @@ +--- +name: ama-logs-update-charts-release-notes +description: "Prepare an ama-logs release PR: bump the image tag (X.Y.Z) across Helm charts, manifests, and Dockerfiles, and add a formatted ReleaseNotes.md entry. Use when: cutting a new ama-logs release, '3.X.Y release notes', 'bump ciprod image tag', 'release PR for Docker-Provider', creating release notes for a new ciprod build. DO NOT USE FOR: MDSD or Windows AMA bumps in isolation, hotfix patches, or anything that does not increment the ciprod image tag." +argument-hint: "[old version] [new version] — e.g. '3.3.0' '3.4.0'. If omitted, infer old from charts/azuremonitor-containerinsights/Chart.yaml and ask the user for new." +--- + +# ama-logs Release PR: Chart Bump + Release Notes + +This skill prepares a release PR in `microsoft/Docker-Provider` that bumps the ciprod image tag across all Helm charts, Kubernetes manifests, and Dockerfiles, and adds a formatted entry to `ReleaseNotes.md`. It mirrors the structure used by recent release PRs (e.g. #1656 for 3.3.0, #1699 for 3.4.0). + +## Required Inputs + +| Input | Description | Example | +|-------|-------------|---------| +| **OLD version** | Current ciprod tag (Linux side) | `3.3.0` | +| **NEW version** | Target ciprod tag | `3.4.0` | +| **Release date** | Date for the ReleaseNotes.md heading (today, MM/DD/YYYY) | `05/28/2026` | +| **PRs in scope** | All PRs merged into `ci_prod` since the previous release | (queried below) | + +If the user did not provide OLD/NEW, read OLD from `charts/azuremonitor-containerinsights/Chart.yaml` (`version:` field) and ask for NEW. + +## Pre-flight: figure out what changed + +### Identify the PRs in this release + +List every PR merged into `ci_prod` since the previous release's merge commit: + +```powershell +# Get the merge commit of the previous release PR (e.g. #1656 for 3.3.0) +gh pr list --repo microsoft/Docker-Provider --state merged --base ci_prod --search " release notes in:title" --json number,mergeCommit,mergedAt + +# Then list PRs merged after that date +gh pr list --repo microsoft/Docker-Provider --state merged --base ci_prod --search "merged:>=" --json number,title,author,mergedAt --limit 100 +``` + +For each PR, capture: number, title, author (`login`), and merged date. + +**Author attribution rules:** +- Human authors: use their GitHub login verbatim, prefixed with `@` (e.g. `@zanejohnson-azure`). +- Bot authors: `gh pr view` returns `app/azure-monitor-assistant` — strip the `app/` prefix and write `@azure-monitor-assistant`. + +**Title rewriting:** If a PR title is messy (e.g. branch-style `Zane/fix fluentd procstat pattern`), rewrite it to a clean conventional-commit-style title (`fix: fluentd procstat pattern`). Keep clean titles verbatim. + +### Classify each PR — Common vs Infra + +This is the most error-prone step. Use these rules: + +- **Common (Linux + Windows)** — anything that ships *inside* the ciprod image: + - CVE fixes in gems/packages baked into the image (`erb`, `jwt`, etc.) + - Go / Telegraf / Fluent-bit / Fluentd / MDSD / Windows AMA upgrades + - Ruby/plugin code changes (e.g. fluentd config bugs) +- **Infra** — anything that does NOT ship in the image: + - Pipeline/CI changes (release pipeline, build pipeline, e2e jobs) + - Helm chart-only fixes that aren't bundled in the image + - Documentation, test yamls, robot/automation workflows + - Skill files + +When in doubt: "does this change the bits inside `ciprod:`?" If yes → Common. If no → Infra. + +### Get azurelinux and Ruby versions FROM THE CONTAINER + +Do **not** copy these from the previous release entry. Pull the published `ciprod:` image (or `ciprod:` if it has already been built) and read them out — they may have shifted even if you didn't bump anything explicitly, because `mcr.microsoft.com/azurelinux/base/core:3.0` is a floating base tag. + +```powershell +# Docker Desktop must be running. If not: +# Start-Process "C:\Program Files\Docker\Docker\Docker Desktop.exe" +# Start-Sleep -Seconds 60 + +docker pull mcr.microsoft.com/azuremonitor/containerinsights/ciprod: +docker run --rm --entrypoint cat mcr.microsoft.com/azuremonitor/containerinsights/ciprod: /etc/os-release | Select-String '^VERSION=' +# => VERSION="3.0.20260517" + +docker run --rm --entrypoint ruby mcr.microsoft.com/azuremonitor/containerinsights/ciprod: -e "puts RUBY_VERSION" +# => 3.3.10 (x86_64 amalogs; the arm64 build may differ — keep both lines if so) +``` + +If `ciprod:` is already published (CI built it), re-run against `:` to confirm nothing shifted. + +## File edits — exact list + +These eight files **always** change on a release. Do not add or remove files unless the user explicitly asks. + +### 1. `charts/azuremonitor-containerinsights/Chart.yaml` +- `version: ` → `version: ` +- Leave `appVersion` alone unless the user says otherwise. + +### 2. `charts/azuremonitor-containerinsights/values.yaml` +- `imageTagLinux: ""` → `""` +- `imageTagWindows: "win-"` → `"win-"` +- `tag: ""` → `""` (inside the `amalogs.image` block) +- `tagWindows: "win-"` → `"win-"` +- **Do NOT** touch `agentVersion` (MDSD) or `winAgentVersion` (Win AMA) unless those components were actually bumped this cycle. + +### 3. `charts/azuremonitor-containers/Chart.yaml` +- `version: ` → `version: ` + +### 4. `charts/azuremonitor-containers/values.yaml` +- `tag: ""` → `""` +- `tagWindows: "win-"` → `"win-"` + +### 5. `charts/azuremonitor-containers-geneva/values.yaml` +- `tag: ""` → `""` + +### 6. `kubernetes/ama-logs.yaml` +- Replace every `mcr.microsoft.com/azuremonitor/containerinsights/ciprod:` with `:`. +- Replace every `:win-` with `:win-`. +- **Include commented-out blocks** — prior release PRs update those too (e.g. the dev/test image comment). +- Do NOT touch `agentVersion:` annotations or RBAC rules unless the user explicitly asked. + +### 7. `kubernetes/linux/Dockerfile.multiarch` +- `ARG IMAGE_TAG=` → `ARG IMAGE_TAG=` + +### 8. `kubernetes/windows/Dockerfile` +- `ARG IMAGE_TAG=win-` → `ARG IMAGE_TAG=win-` + +## ReleaseNotes.md entry + +Insert at the **top** of the `## Release History` section, immediately below the heading and above the previous release's entry. Follow the exact format of the most recent prior entry. Keep one trailing blank line so entries are visually separated. + +```markdown +### - +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod: (linux) +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win- (windows) +- Linux + - [azurelinux ](https://github.com/microsoft/azurelinux/releases/tag/-3.0) + - Golang - + - Ruby - arm64 - , x86_64 - + - MDSD - + - Telegraf - + - Fluent-bit - + - Fluentd - +- Windows + - Golang - + - Ruby - + - Windows AMA - + - Telegraf - + - Fluent-bit - + - Fluentd - +##### Code change log +## What's Changed +- Common (Linux + Windows) + * by @<author> in https://github.com/microsoft/Docker-Provider/pull/<num> + * ... + +- Infra + * <Title> by @<author> in https://github.com/microsoft/Docker-Provider/pull/<num> + * ... + +``` + +**Formatting rules:** +- One PR per line. If multiple PRs share the same title (e.g. four Go upgrade auto-PRs), still emit one line per PR — do NOT consolidate. +- Always include the full `https://github.com/microsoft/Docker-Provider/pull/<num>` URL — not a markdown link. +- Use a blank line between the `Common` and `Infra` blocks. +- For dependency versions not bumped this cycle, copy the value from the previous entry **but verify against the chart values files and the container** — don't trust the prior entry blindly. + +## Verification before commit + +Run from the repo root and confirm no stray old-version references remain in files that should have been bumped: + +```powershell +git --no-pager diff --stat +git --no-pager grep -n "<OLD>" -- charts kubernetes +git --no-pager grep -n "win-<OLD>" -- charts kubernetes +``` + +Remaining matches are acceptable **only** in: +- Older `ReleaseNotes.md` entries (anywhere outside the new entry). +- Test fixtures, scripts, or comments that intentionally pin `<OLD>`. + +If anything else still references `<OLD>` under `charts/` or `kubernetes/`, fix it before committing. + +## Commit, push, PR + +**One commit.** Message: + +``` +<NEW> release notes and chart update + +Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> +``` + +Use the auto-created session branch (do not create a new branch manually). Push and open the PR against `ci_prod`: + +```powershell +git add charts kubernetes ReleaseNotes.md +git commit -m "<NEW> release notes and chart update`n`nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>" +git push 2>&1 | Select-Object -Last 5 +``` + +Open the PR with the `create_pull_request` tool (or `gh pr create`): +- **Title:** `<NEW> Release notes` +- **Base:** `ci_prod` +- **Body:** brief summary mirroring the prior release PR — call out (1) image tag bump `<OLD> → <NEW>` across charts/manifests/Dockerfiles, (2) the release notes entry with dep changes, (3) which components are unchanged this cycle (e.g. MDSD, Windows AMA). Reference the previous release PR as the template. +- **Not** a draft. + +## Iteration: moving PRs between sections + +Reviewers will often ask to reclassify or rename a PR entry after the initial PR is open. Make one focused commit per move/rename: + +``` +fix(release-notes): move #<num> <short title> to <Common|Infra> section +``` + +or + +``` +fix(release-notes): rename #<num> to "<new title>" +``` + +Always re-grep the file to make sure each PR appears in exactly one section after the move. + +## Important rules + +- **Never** invent dependency versions. Pull them from the chart values files or the container. +- **Never** bump MDSD or Windows AMA versions unless the user explicitly says so — they are tracked in `agentVersion` / `winAgentVersion` and are decoupled from the ciprod tag. +- **Never** modify unrelated files (CI yamls, source code, RBAC rules) inside this skill's PR. Other PRs already in the release brought those changes — this PR is *only* the tag bump and the notes. +- **Never** mark the PR as draft. +- Keep edits idempotent: re-running the skill against the same OLD/NEW must not produce a second diff. diff --git a/ReleaseNotes.md b/ReleaseNotes.md index d9b07d7a4..db0e1ad4d 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -8,6 +8,54 @@ information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeo additional questions or comments. ## Release History +### 05/28/2026 - +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0 (linux) +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.4.0 (windows) +- Linux + - [azurelinux 3.0.20260517](https://github.com/microsoft/azurelinux/releases/tag/3.0.20260517-3.0) + - Golang - 1.26.3 + - Ruby - arm64 - 3.3.5-7, x86_64 - 3.3.10 + - MDSD - 1.40.3 + - Telegraf - 1.38.4 + - Fluent-bit - 5.0.4 + - Fluentd - 1.16.3 +- Windows + - Golang - 1.26.3 + - Ruby - 3.1.1 + - Windows AMA - 47.7.1 + - Telegraf - 1.24.2 + - Fluent-bit - 5.0.3 + - Fluentd - 1.16.3 +##### Code change log +## What's Changed +- Common (Linux + Windows) + * Fix CVE-2026-41316: upgrade erb gem to 4.0.3.1 in ama-logs Linux image by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1692 + * Fix CVE-2026-45363: upgrade jwt gem to 3.2.0 by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1693 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1676 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1690 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1694 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1696 + * Upgrade telegraf-agent to 1.38.3 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1670 + * Upgrade telegraf-agent to 1.38.4 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1685 + * Upgrade fluent-bit (Linux 5.0.4, Windows 5.0.3) by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1671 + * fix: fluentd procstat pattern by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1662 + +- Infra + * Fix Windows multiline test yamls by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1686 + * Migrate release pipeline to SDP by @wanlonghenry in https://github.com/microsoft/Docker-Provider/pull/1681 + * Update pipeline for merged chart integration by @wanlonghenry in https://github.com/microsoft/Docker-Provider/pull/1682 + * fix(helm): coerce OmsAgent.isUsingAADAuth to a boolean by @rashmichandrashekar in https://github.com/microsoft/Docker-Provider/pull/1679 + * fix: add --force-conflicts to helm deploy to resolve server-side apply ownership conflicts by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1667 + * ci: auto-trigger build pipeline for robot upgrade branches by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1688 + * chore: Add automated Go version upgrade workflow by @suyadav1 in https://github.com/microsoft/Docker-Provider/pull/1665 + * Add automated telegraf-agent upgrade workflow by @suyadav1 in https://github.com/microsoft/Docker-Provider/pull/1652 + * fix(ci): use variable reference for AllNodesClientId in e2e test stage by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1683 + * Update OmsAgent.ImageTagLinux Toggle Document by @NicAtMS in https://github.com/microsoft/Docker-Provider/pull/1684 + * Add multiline-validation skill by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1687 + * add e2e tests to all nodes clusters by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1677 + * remove deployment verification by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1678 + * pipelines: add ci-logs-dev-aks-all-nodes deploy job by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1666 + ### 04/22/2026 - ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0 (linux) ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.3.0 (windows) diff --git a/charts/azuremonitor-containerinsights/Chart.yaml b/charts/azuremonitor-containerinsights/Chart.yaml index a9a73838e..ec83e917b 100644 --- a/charts/azuremonitor-containerinsights/Chart.yaml +++ b/charts/azuremonitor-containerinsights/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: azuremonitor-containers description: Azure Monitor container monitoring agent Helm chart for Kubernetes (supports both AKS addon and Arc K8s extension) -version: 3.3.0 +version: 3.4.0 appVersion: 7.0.0-1 kubeVersion: "^1.10.0-0" keywords: diff --git a/charts/azuremonitor-containerinsights/values.yaml b/charts/azuremonitor-containerinsights/values.yaml index d03531452..ab3570b5b 100644 --- a/charts/azuremonitor-containerinsights/values.yaml +++ b/charts/azuremonitor-containerinsights/values.yaml @@ -41,8 +41,8 @@ OmsAgent: # Image configuration imageRepository: "/azuremonitor/containerinsights/ciprod" - imageTagLinux: "3.3.0" - imageTagWindows: "win-3.3.0" + imageTagLinux: "3.4.0" + imageTagWindows: "win-3.4.0" isImagePullPolicyAlways: false # Resource ID and cluster information @@ -214,8 +214,8 @@ OmsAgent: amalogs: image: repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" - tag: "3.3.0" - tagWindows: "win-3.3.0" + tag: "3.4.0" + tagWindows: "win-3.4.0" pullPolicy: IfNotPresent dockerProviderVersion: "18.0.1-0" agentVersion: "azure-mdsd-1.40.3" diff --git a/charts/azuremonitor-containers-geneva/values.yaml b/charts/azuremonitor-containers-geneva/values.yaml index b654c9a91..a4b96a87b 100644 --- a/charts/azuremonitor-containers-geneva/values.yaml +++ b/charts/azuremonitor-containers-geneva/values.yaml @@ -17,7 +17,7 @@ genevaLogsConfig: image: repository: mcr.microsoft.com/azuremonitor/containerinsights/ciprod - tag: "3.3.0" + tag: "3.4.0" pullPolicy: IfNotPresent agentVersion: "azure-mdsd-1.40.3" nameOverride: "" diff --git a/charts/azuremonitor-containers/Chart.yaml b/charts/azuremonitor-containers/Chart.yaml index 454cfd81d..3c873ae71 100644 --- a/charts/azuremonitor-containers/Chart.yaml +++ b/charts/azuremonitor-containers/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 7.0.0-1 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes name: azuremonitor-containers -version: 3.3.0 +version: 3.4.0 kubeVersion: "^1.10.0-0" keywords: - monitoring diff --git a/charts/azuremonitor-containers/values.yaml b/charts/azuremonitor-containers/values.yaml index f279ea7f4..b464ff4a3 100644 --- a/charts/azuremonitor-containers/values.yaml +++ b/charts/azuremonitor-containers/values.yaml @@ -24,8 +24,8 @@ Azure: amalogs: image: repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" - tag: "3.3.0" - tagWindows: "win-3.3.0" + tag: "3.4.0" + tagWindows: "win-3.4.0" pullPolicy: IfNotPresent dockerProviderVersion: "18.0.1-0" agentVersion: "azure-mdsd-1.40.3" diff --git a/kubernetes/ama-logs.yaml b/kubernetes/ama-logs.yaml index d921792c4..f356a96fb 100644 --- a/kubernetes/ama-logs.yaml +++ b/kubernetes/ama-logs.yaml @@ -391,7 +391,7 @@ spec: # - NET_ADMIN # - NET_RAW - name: ama-logs - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" imagePullPolicy: IfNotPresent resources: limits: @@ -536,7 +536,7 @@ spec: timeoutSeconds: 15 #Only in sidecar scraping mode - name: ama-logs-prometheus - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" imagePullPolicy: IfNotPresent resources: limits: @@ -841,7 +841,7 @@ spec: # - NET_ADMIN # - NET_RAW # - name: ama-logs -# image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" +# image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" # imagePullPolicy: IfNotPresent # resources: # limits: @@ -1057,7 +1057,7 @@ spec: # - NET_ADMIN # - NET_RAW - name: ama-logs - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" imagePullPolicy: IfNotPresent # comment resources if VPA configured since the VPA will set these values resources: @@ -1314,7 +1314,7 @@ spec: # add: # - NET_ADMIN - name: ama-logs-windows - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.4.0" imagePullPolicy: IfNotPresent resources: requests: diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index 7dc1601b3..45e810546 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -76,7 +76,7 @@ ENV KUBE_CLIENT_BACKOFF_DURATION 0 ENV RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR 1.0 # default value will be overwritten by pipeline -ARG IMAGE_TAG=3.3.0 +ARG IMAGE_TAG=3.4.0 ENV AGENT_VERSION ${IMAGE_TAG} WORKDIR ${tmpdir} diff --git a/kubernetes/windows/Dockerfile b/kubernetes/windows/Dockerfile index a42d546db..4ac70a81a 100644 --- a/kubernetes/windows/Dockerfile +++ b/kubernetes/windows/Dockerfile @@ -104,7 +104,7 @@ COPY ./amalogswindows/installer/scripts/rubyKeepCertificateAlive/*.rb /etc/fluen COPY ./amalogswindows/ruby/ /etc/fluent/plugin/ # default value will be overwritten by pipeline -ARG IMAGE_TAG=win-3.3.0 +ARG IMAGE_TAG=win-3.4.0 ENV AGENT_VERSION ${IMAGE_TAG} ENV OS_TYPE "windows"