From 0e8bc11410cae428b336c977cb959b8019ddf79c Mon Sep 17 00:00:00 2001 From: zanejohnson-azure Date: Thu, 28 May 2026 16:09:01 -0700 Subject: [PATCH 1/5] 3.4.0 release notes and chart update Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ReleaseNotes.md | 42 +++++++++++++++++++ .../azuremonitor-containerinsights/Chart.yaml | 2 +- .../values.yaml | 8 ++-- .../values.yaml | 2 +- charts/azuremonitor-containers/Chart.yaml | 2 +- charts/azuremonitor-containers/values.yaml | 4 +- kubernetes/ama-logs.yaml | 10 ++--- kubernetes/linux/Dockerfile.multiarch | 2 +- kubernetes/windows/Dockerfile | 2 +- 9 files changed, 58 insertions(+), 16 deletions(-) diff --git a/ReleaseNotes.md b/ReleaseNotes.md index d9b07d7a4..6380a05ef 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -8,6 +8,48 @@ information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeo additional questions or comments. ## Release History +### 05/28/2026 - +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0 (linux) +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.4.0 (windows) +- Linux + - Golang - 1.26.3 + - MDSD - 1.40.3 + - Telegraf - 1.38.4 + - Fluent-bit - 5.0.4 + - Fluentd - 1.16.3 +- Windows + - Golang - 1.26.3 + - Windows AMA - 47.7.1 + - Telegraf - 1.24.2 + - Fluent-bit - 5.0.3 + - Fluentd - 1.16.3 +##### Code change log +## What's Changed +- Common (Linux + Windows) + * Fix CVE-2026-41316: upgrade erb gem to 4.0.3.1 in ama-logs Linux image (#1692) + * Fix CVE-2026-45363: upgrade jwt gem to 3.2.0 (#1693) + * chore(deps): Upgrade Go to 1.26.3 and update dependencies (#1676, #1690, #1694, #1696) + * Upgrade telegraf-agent to 1.38.3 (#1670) + * Upgrade telegraf-agent to 1.38.4 (#1685) + * Upgrade fluent-bit (Linux 5.0.4, Windows 5.0.3) (#1671) + * Fix Windows multiline test yamls (#1686) + +- Infra + * Migrate release pipeline to SDP (#1681) + * pipeline change for merged chart (#1682) + * fix(helm): coerce OmsAgent.isUsingAADAuth to a boolean (#1679) + * fix: add --force-conflicts to helm deploy to resolve server-side apply ownership conflicts (#1667) + * ci: auto-trigger build pipeline for robot upgrade branches (#1688) + * chore: Add automated Go version upgrade workflow (#1665) + * Add automated telegraf-agent upgrade workflow (#1652) + * fix: process metrics collection for fluentd, ruby, and telegraf. add ProcessName field for easy query (#1662) + * fix(ci): use variable reference for AllNodesClientId in e2e test stage (#1683) + * Update OmsAgent.ImageTagLinux.json (#1684) + * Add multiline-validation skill (#1687) + * add e2e tests to all nodes clusters (#1677) + * remove deployment verification (#1678) + * add ci-logs-dev-aks-all-nodes deploy job (#1666) + ### 04/22/2026 - ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0 (linux) ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.3.0 (windows) diff --git a/charts/azuremonitor-containerinsights/Chart.yaml b/charts/azuremonitor-containerinsights/Chart.yaml index a9a73838e..ec83e917b 100644 --- a/charts/azuremonitor-containerinsights/Chart.yaml +++ b/charts/azuremonitor-containerinsights/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: azuremonitor-containers description: Azure Monitor container monitoring agent Helm chart for Kubernetes (supports both AKS addon and Arc K8s extension) -version: 3.3.0 +version: 3.4.0 appVersion: 7.0.0-1 kubeVersion: "^1.10.0-0" keywords: diff --git a/charts/azuremonitor-containerinsights/values.yaml b/charts/azuremonitor-containerinsights/values.yaml index d03531452..ab3570b5b 100644 --- a/charts/azuremonitor-containerinsights/values.yaml +++ b/charts/azuremonitor-containerinsights/values.yaml @@ -41,8 +41,8 @@ OmsAgent: # Image configuration imageRepository: "/azuremonitor/containerinsights/ciprod" - imageTagLinux: "3.3.0" - imageTagWindows: "win-3.3.0" + imageTagLinux: "3.4.0" + imageTagWindows: "win-3.4.0" isImagePullPolicyAlways: false # Resource ID and cluster information @@ -214,8 +214,8 @@ OmsAgent: amalogs: image: repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" - tag: "3.3.0" - tagWindows: "win-3.3.0" + tag: "3.4.0" + tagWindows: "win-3.4.0" pullPolicy: IfNotPresent dockerProviderVersion: "18.0.1-0" agentVersion: "azure-mdsd-1.40.3" diff --git a/charts/azuremonitor-containers-geneva/values.yaml b/charts/azuremonitor-containers-geneva/values.yaml index b654c9a91..a4b96a87b 100644 --- a/charts/azuremonitor-containers-geneva/values.yaml +++ b/charts/azuremonitor-containers-geneva/values.yaml @@ -17,7 +17,7 @@ genevaLogsConfig: image: repository: mcr.microsoft.com/azuremonitor/containerinsights/ciprod - tag: "3.3.0" + tag: "3.4.0" pullPolicy: IfNotPresent agentVersion: "azure-mdsd-1.40.3" nameOverride: "" diff --git a/charts/azuremonitor-containers/Chart.yaml b/charts/azuremonitor-containers/Chart.yaml index 454cfd81d..3c873ae71 100644 --- a/charts/azuremonitor-containers/Chart.yaml +++ b/charts/azuremonitor-containers/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 7.0.0-1 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes name: azuremonitor-containers -version: 3.3.0 +version: 3.4.0 kubeVersion: "^1.10.0-0" keywords: - monitoring diff --git a/charts/azuremonitor-containers/values.yaml b/charts/azuremonitor-containers/values.yaml index f279ea7f4..b464ff4a3 100644 --- a/charts/azuremonitor-containers/values.yaml +++ b/charts/azuremonitor-containers/values.yaml @@ -24,8 +24,8 @@ Azure: amalogs: image: repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" - tag: "3.3.0" - tagWindows: "win-3.3.0" + tag: "3.4.0" + tagWindows: "win-3.4.0" pullPolicy: IfNotPresent dockerProviderVersion: "18.0.1-0" agentVersion: "azure-mdsd-1.40.3" diff --git a/kubernetes/ama-logs.yaml b/kubernetes/ama-logs.yaml index d921792c4..f356a96fb 100644 --- a/kubernetes/ama-logs.yaml +++ b/kubernetes/ama-logs.yaml @@ -391,7 +391,7 @@ spec: # - NET_ADMIN # - NET_RAW - name: ama-logs - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" imagePullPolicy: IfNotPresent resources: limits: @@ -536,7 +536,7 @@ spec: timeoutSeconds: 15 #Only in sidecar scraping mode - name: ama-logs-prometheus - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" imagePullPolicy: IfNotPresent resources: limits: @@ -841,7 +841,7 @@ spec: # - NET_ADMIN # - NET_RAW # - name: ama-logs -# image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" +# image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" # imagePullPolicy: IfNotPresent # resources: # limits: @@ -1057,7 +1057,7 @@ spec: # - NET_ADMIN # - NET_RAW - name: ama-logs - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0" imagePullPolicy: IfNotPresent # comment resources if VPA configured since the VPA will set these values resources: @@ -1314,7 +1314,7 @@ spec: # add: # - NET_ADMIN - name: ama-logs-windows - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.3.0" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.4.0" imagePullPolicy: IfNotPresent resources: requests: diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index 7dc1601b3..45e810546 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -76,7 +76,7 @@ ENV KUBE_CLIENT_BACKOFF_DURATION 0 ENV RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR 1.0 # default value will be overwritten by pipeline -ARG IMAGE_TAG=3.3.0 +ARG IMAGE_TAG=3.4.0 ENV AGENT_VERSION ${IMAGE_TAG} WORKDIR ${tmpdir} diff --git a/kubernetes/windows/Dockerfile b/kubernetes/windows/Dockerfile index a42d546db..4ac70a81a 100644 --- a/kubernetes/windows/Dockerfile +++ b/kubernetes/windows/Dockerfile @@ -104,7 +104,7 @@ COPY ./amalogswindows/installer/scripts/rubyKeepCertificateAlive/*.rb /etc/fluen COPY ./amalogswindows/ruby/ /etc/fluent/plugin/ # default value will be overwritten by pipeline -ARG IMAGE_TAG=win-3.3.0 +ARG IMAGE_TAG=win-3.4.0 ENV AGENT_VERSION ${IMAGE_TAG} ENV OS_TYPE "windows" From 9c607cc62a67c0818f585bb7903ae50499843180 Mon Sep 17 00:00:00 2001 From: zanejohnson-azure Date: Fri, 29 May 2026 11:18:04 -0700 Subject: [PATCH 2/5] fix(release-notes): add azurelinux/Ruby versions and PR author attributions to 3.4.0 entry Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ReleaseNotes.md | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/ReleaseNotes.md b/ReleaseNotes.md index 6380a05ef..4c2f51fe7 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -12,13 +12,16 @@ additional questions or comments. ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.4.0 (linux) ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.4.0 (windows) - Linux + - [azurelinux 3.0.20260517](https://github.com/microsoft/azurelinux/releases/tag/3.0.20260517-3.0) - Golang - 1.26.3 + - Ruby - arm64 - 3.3.5-7, x86_64 - 3.3.10 - MDSD - 1.40.3 - Telegraf - 1.38.4 - Fluent-bit - 5.0.4 - Fluentd - 1.16.3 - Windows - Golang - 1.26.3 + - Ruby - 3.1.1 - Windows AMA - 47.7.1 - Telegraf - 1.24.2 - Fluent-bit - 5.0.3 @@ -26,29 +29,32 @@ additional questions or comments. ##### Code change log ## What's Changed - Common (Linux + Windows) - * Fix CVE-2026-41316: upgrade erb gem to 4.0.3.1 in ama-logs Linux image (#1692) - * Fix CVE-2026-45363: upgrade jwt gem to 3.2.0 (#1693) - * chore(deps): Upgrade Go to 1.26.3 and update dependencies (#1676, #1690, #1694, #1696) - * Upgrade telegraf-agent to 1.38.3 (#1670) - * Upgrade telegraf-agent to 1.38.4 (#1685) - * Upgrade fluent-bit (Linux 5.0.4, Windows 5.0.3) (#1671) - * Fix Windows multiline test yamls (#1686) + * Fix CVE-2026-41316: upgrade erb gem to 4.0.3.1 in ama-logs Linux image by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1692 + * Fix CVE-2026-45363: upgrade jwt gem to 3.2.0 by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1693 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1676 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1690 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1694 + * chore(deps): Upgrade Go to 1.26.3 and update dependencies by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1696 + * Upgrade telegraf-agent to 1.38.3 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1670 + * Upgrade telegraf-agent to 1.38.4 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1685 + * Upgrade fluent-bit (Linux 5.0.4, Windows 5.0.3) by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1671 + * Fix Windows multiline test yamls by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1686 - Infra - * Migrate release pipeline to SDP (#1681) - * pipeline change for merged chart (#1682) - * fix(helm): coerce OmsAgent.isUsingAADAuth to a boolean (#1679) - * fix: add --force-conflicts to helm deploy to resolve server-side apply ownership conflicts (#1667) - * ci: auto-trigger build pipeline for robot upgrade branches (#1688) - * chore: Add automated Go version upgrade workflow (#1665) - * Add automated telegraf-agent upgrade workflow (#1652) - * fix: process metrics collection for fluentd, ruby, and telegraf. add ProcessName field for easy query (#1662) - * fix(ci): use variable reference for AllNodesClientId in e2e test stage (#1683) - * Update OmsAgent.ImageTagLinux.json (#1684) - * Add multiline-validation skill (#1687) - * add e2e tests to all nodes clusters (#1677) - * remove deployment verification (#1678) - * add ci-logs-dev-aks-all-nodes deploy job (#1666) + * Migrate release pipeline to SDP by @wanlonghenry in https://github.com/microsoft/Docker-Provider/pull/1681 + * Update pipeline for merged chart integration by @wanlonghenry in https://github.com/microsoft/Docker-Provider/pull/1682 + * fix(helm): coerce OmsAgent.isUsingAADAuth to a boolean by @rashmichandrashekar in https://github.com/microsoft/Docker-Provider/pull/1679 + * fix: add --force-conflicts to helm deploy to resolve server-side apply ownership conflicts by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1667 + * ci: auto-trigger build pipeline for robot upgrade branches by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1688 + * chore: Add automated Go version upgrade workflow by @suyadav1 in https://github.com/microsoft/Docker-Provider/pull/1665 + * Add automated telegraf-agent upgrade workflow by @suyadav1 in https://github.com/microsoft/Docker-Provider/pull/1652 + * Zane/fix fluentd procstat pattern by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1662 + * fix(ci): use variable reference for AllNodesClientId in e2e test stage by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1683 + * Update OmsAgent.ImageTagLinux Toggle Document by @NicAtMS in https://github.com/microsoft/Docker-Provider/pull/1684 + * Add multiline-validation skill by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1687 + * add e2e tests to all nodes clusters by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1677 + * remove deployment verification by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1678 + * pipelines: add ci-logs-dev-aks-all-nodes deploy job by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1666 ### 04/22/2026 - ##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.3.0 (linux) From 51c9a10e77c92a129353cf98c16f16f2a5db96cb Mon Sep 17 00:00:00 2001 From: zanejohnson-azure Date: Fri, 29 May 2026 11:24:15 -0700 Subject: [PATCH 3/5] fix(release-notes): move #1686 Windows multiline test yamls to Infra section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ReleaseNotes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ReleaseNotes.md b/ReleaseNotes.md index 4c2f51fe7..efcabf27a 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -38,9 +38,9 @@ additional questions or comments. * Upgrade telegraf-agent to 1.38.3 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1670 * Upgrade telegraf-agent to 1.38.4 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1685 * Upgrade fluent-bit (Linux 5.0.4, Windows 5.0.3) by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1671 - * Fix Windows multiline test yamls by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1686 - Infra + * Fix Windows multiline test yamls by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1686 * Migrate release pipeline to SDP by @wanlonghenry in https://github.com/microsoft/Docker-Provider/pull/1681 * Update pipeline for merged chart integration by @wanlonghenry in https://github.com/microsoft/Docker-Provider/pull/1682 * fix(helm): coerce OmsAgent.isUsingAADAuth to a boolean by @rashmichandrashekar in https://github.com/microsoft/Docker-Provider/pull/1679 From bd8eb5dcf305d86cc4eb3a479fe03a1feed0a87b Mon Sep 17 00:00:00 2001 From: zanejohnson-azure Date: Fri, 29 May 2026 11:26:01 -0700 Subject: [PATCH 4/5] fix(release-notes): move #1662 fluentd procstat to Common section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ReleaseNotes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ReleaseNotes.md b/ReleaseNotes.md index efcabf27a..db0e1ad4d 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -38,6 +38,7 @@ additional questions or comments. * Upgrade telegraf-agent to 1.38.3 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1670 * Upgrade telegraf-agent to 1.38.4 by @azure-monitor-assistant in https://github.com/microsoft/Docker-Provider/pull/1685 * Upgrade fluent-bit (Linux 5.0.4, Windows 5.0.3) by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1671 + * fix: fluentd procstat pattern by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1662 - Infra * Fix Windows multiline test yamls by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1686 @@ -48,7 +49,6 @@ additional questions or comments. * ci: auto-trigger build pipeline for robot upgrade branches by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1688 * chore: Add automated Go version upgrade workflow by @suyadav1 in https://github.com/microsoft/Docker-Provider/pull/1665 * Add automated telegraf-agent upgrade workflow by @suyadav1 in https://github.com/microsoft/Docker-Provider/pull/1652 - * Zane/fix fluentd procstat pattern by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1662 * fix(ci): use variable reference for AllNodesClientId in e2e test stage by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1683 * Update OmsAgent.ImageTagLinux Toggle Document by @NicAtMS in https://github.com/microsoft/Docker-Provider/pull/1684 * Add multiline-validation skill by @zanejohnson-azure in https://github.com/microsoft/Docker-Provider/pull/1687 From 96d6721c0671957d0e86e525e2949758f38e02ab Mon Sep 17 00:00:00 2001 From: zanejohnson-azure Date: Fri, 29 May 2026 11:33:51 -0700 Subject: [PATCH 5/5] feat(skills): add ama-logs-update-charts-release-notes skill Captures the workflow for cutting an ama-logs release PR: bumping the ciprod image tag across charts/manifests/Dockerfiles and adding a formatted ReleaseNotes.md entry (modeled on PRs #1656 and #1699). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../SKILL.md | 219 ++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 .github/skills/ama-logs-update-charts-release-notes/SKILL.md diff --git a/.github/skills/ama-logs-update-charts-release-notes/SKILL.md b/.github/skills/ama-logs-update-charts-release-notes/SKILL.md new file mode 100644 index 000000000..7e8620ce2 --- /dev/null +++ b/.github/skills/ama-logs-update-charts-release-notes/SKILL.md @@ -0,0 +1,219 @@ +--- +name: ama-logs-update-charts-release-notes +description: "Prepare an ama-logs release PR: bump the image tag (X.Y.Z) across Helm charts, manifests, and Dockerfiles, and add a formatted ReleaseNotes.md entry. Use when: cutting a new ama-logs release, '3.X.Y release notes', 'bump ciprod image tag', 'release PR for Docker-Provider', creating release notes for a new ciprod build. DO NOT USE FOR: MDSD or Windows AMA bumps in isolation, hotfix patches, or anything that does not increment the ciprod image tag." +argument-hint: "[old version] [new version] — e.g. '3.3.0' '3.4.0'. If omitted, infer old from charts/azuremonitor-containerinsights/Chart.yaml and ask the user for new." +--- + +# ama-logs Release PR: Chart Bump + Release Notes + +This skill prepares a release PR in `microsoft/Docker-Provider` that bumps the ciprod image tag across all Helm charts, Kubernetes manifests, and Dockerfiles, and adds a formatted entry to `ReleaseNotes.md`. It mirrors the structure used by recent release PRs (e.g. #1656 for 3.3.0, #1699 for 3.4.0). + +## Required Inputs + +| Input | Description | Example | +|-------|-------------|---------| +| **OLD version** | Current ciprod tag (Linux side) | `3.3.0` | +| **NEW version** | Target ciprod tag | `3.4.0` | +| **Release date** | Date for the ReleaseNotes.md heading (today, MM/DD/YYYY) | `05/28/2026` | +| **PRs in scope** | All PRs merged into `ci_prod` since the previous release | (queried below) | + +If the user did not provide OLD/NEW, read OLD from `charts/azuremonitor-containerinsights/Chart.yaml` (`version:` field) and ask for NEW. + +## Pre-flight: figure out what changed + +### Identify the PRs in this release + +List every PR merged into `ci_prod` since the previous release's merge commit: + +```powershell +# Get the merge commit of the previous release PR (e.g. #1656 for 3.3.0) +gh pr list --repo microsoft/Docker-Provider --state merged --base ci_prod --search " release notes in:title" --json number,mergeCommit,mergedAt + +# Then list PRs merged after that date +gh pr list --repo microsoft/Docker-Provider --state merged --base ci_prod --search "merged:>=" --json number,title,author,mergedAt --limit 100 +``` + +For each PR, capture: number, title, author (`login`), and merged date. + +**Author attribution rules:** +- Human authors: use their GitHub login verbatim, prefixed with `@` (e.g. `@zanejohnson-azure`). +- Bot authors: `gh pr view` returns `app/azure-monitor-assistant` — strip the `app/` prefix and write `@azure-monitor-assistant`. + +**Title rewriting:** If a PR title is messy (e.g. branch-style `Zane/fix fluentd procstat pattern`), rewrite it to a clean conventional-commit-style title (`fix: fluentd procstat pattern`). Keep clean titles verbatim. + +### Classify each PR — Common vs Infra + +This is the most error-prone step. Use these rules: + +- **Common (Linux + Windows)** — anything that ships *inside* the ciprod image: + - CVE fixes in gems/packages baked into the image (`erb`, `jwt`, etc.) + - Go / Telegraf / Fluent-bit / Fluentd / MDSD / Windows AMA upgrades + - Ruby/plugin code changes (e.g. fluentd config bugs) +- **Infra** — anything that does NOT ship in the image: + - Pipeline/CI changes (release pipeline, build pipeline, e2e jobs) + - Helm chart-only fixes that aren't bundled in the image + - Documentation, test yamls, robot/automation workflows + - Skill files + +When in doubt: "does this change the bits inside `ciprod:`?" If yes → Common. If no → Infra. + +### Get azurelinux and Ruby versions FROM THE CONTAINER + +Do **not** copy these from the previous release entry. Pull the published `ciprod:` image (or `ciprod:` if it has already been built) and read them out — they may have shifted even if you didn't bump anything explicitly, because `mcr.microsoft.com/azurelinux/base/core:3.0` is a floating base tag. + +```powershell +# Docker Desktop must be running. If not: +# Start-Process "C:\Program Files\Docker\Docker\Docker Desktop.exe" +# Start-Sleep -Seconds 60 + +docker pull mcr.microsoft.com/azuremonitor/containerinsights/ciprod: +docker run --rm --entrypoint cat mcr.microsoft.com/azuremonitor/containerinsights/ciprod: /etc/os-release | Select-String '^VERSION=' +# => VERSION="3.0.20260517" + +docker run --rm --entrypoint ruby mcr.microsoft.com/azuremonitor/containerinsights/ciprod: -e "puts RUBY_VERSION" +# => 3.3.10 (x86_64 amalogs; the arm64 build may differ — keep both lines if so) +``` + +If `ciprod:` is already published (CI built it), re-run against `:` to confirm nothing shifted. + +## File edits — exact list + +These eight files **always** change on a release. Do not add or remove files unless the user explicitly asks. + +### 1. `charts/azuremonitor-containerinsights/Chart.yaml` +- `version: ` → `version: ` +- Leave `appVersion` alone unless the user says otherwise. + +### 2. `charts/azuremonitor-containerinsights/values.yaml` +- `imageTagLinux: ""` → `""` +- `imageTagWindows: "win-"` → `"win-"` +- `tag: ""` → `""` (inside the `amalogs.image` block) +- `tagWindows: "win-"` → `"win-"` +- **Do NOT** touch `agentVersion` (MDSD) or `winAgentVersion` (Win AMA) unless those components were actually bumped this cycle. + +### 3. `charts/azuremonitor-containers/Chart.yaml` +- `version: ` → `version: ` + +### 4. `charts/azuremonitor-containers/values.yaml` +- `tag: ""` → `""` +- `tagWindows: "win-"` → `"win-"` + +### 5. `charts/azuremonitor-containers-geneva/values.yaml` +- `tag: ""` → `""` + +### 6. `kubernetes/ama-logs.yaml` +- Replace every `mcr.microsoft.com/azuremonitor/containerinsights/ciprod:` with `:`. +- Replace every `:win-` with `:win-`. +- **Include commented-out blocks** — prior release PRs update those too (e.g. the dev/test image comment). +- Do NOT touch `agentVersion:` annotations or RBAC rules unless the user explicitly asked. + +### 7. `kubernetes/linux/Dockerfile.multiarch` +- `ARG IMAGE_TAG=` → `ARG IMAGE_TAG=` + +### 8. `kubernetes/windows/Dockerfile` +- `ARG IMAGE_TAG=win-` → `ARG IMAGE_TAG=win-` + +## ReleaseNotes.md entry + +Insert at the **top** of the `## Release History` section, immediately below the heading and above the previous release's entry. Follow the exact format of the most recent prior entry. Keep one trailing blank line so entries are visually separated. + +```markdown +### - +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod: (linux) +##### Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win- (windows) +- Linux + - [azurelinux ](https://github.com/microsoft/azurelinux/releases/tag/-3.0) + - Golang - + - Ruby - arm64 - , x86_64 - + - MDSD - + - Telegraf - + - Fluent-bit - + - Fluentd - +- Windows + - Golang - + - Ruby - + - Windows AMA - + - Telegraf - + - Fluent-bit - + - Fluentd - +##### Code change log +## What's Changed +- Common (Linux + Windows) + * by @<author> in https://github.com/microsoft/Docker-Provider/pull/<num> + * ... + +- Infra + * <Title> by @<author> in https://github.com/microsoft/Docker-Provider/pull/<num> + * ... + +``` + +**Formatting rules:** +- One PR per line. If multiple PRs share the same title (e.g. four Go upgrade auto-PRs), still emit one line per PR — do NOT consolidate. +- Always include the full `https://github.com/microsoft/Docker-Provider/pull/<num>` URL — not a markdown link. +- Use a blank line between the `Common` and `Infra` blocks. +- For dependency versions not bumped this cycle, copy the value from the previous entry **but verify against the chart values files and the container** — don't trust the prior entry blindly. + +## Verification before commit + +Run from the repo root and confirm no stray old-version references remain in files that should have been bumped: + +```powershell +git --no-pager diff --stat +git --no-pager grep -n "<OLD>" -- charts kubernetes +git --no-pager grep -n "win-<OLD>" -- charts kubernetes +``` + +Remaining matches are acceptable **only** in: +- Older `ReleaseNotes.md` entries (anywhere outside the new entry). +- Test fixtures, scripts, or comments that intentionally pin `<OLD>`. + +If anything else still references `<OLD>` under `charts/` or `kubernetes/`, fix it before committing. + +## Commit, push, PR + +**One commit.** Message: + +``` +<NEW> release notes and chart update + +Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> +``` + +Use the auto-created session branch (do not create a new branch manually). Push and open the PR against `ci_prod`: + +```powershell +git add charts kubernetes ReleaseNotes.md +git commit -m "<NEW> release notes and chart update`n`nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>" +git push 2>&1 | Select-Object -Last 5 +``` + +Open the PR with the `create_pull_request` tool (or `gh pr create`): +- **Title:** `<NEW> Release notes` +- **Base:** `ci_prod` +- **Body:** brief summary mirroring the prior release PR — call out (1) image tag bump `<OLD> → <NEW>` across charts/manifests/Dockerfiles, (2) the release notes entry with dep changes, (3) which components are unchanged this cycle (e.g. MDSD, Windows AMA). Reference the previous release PR as the template. +- **Not** a draft. + +## Iteration: moving PRs between sections + +Reviewers will often ask to reclassify or rename a PR entry after the initial PR is open. Make one focused commit per move/rename: + +``` +fix(release-notes): move #<num> <short title> to <Common|Infra> section +``` + +or + +``` +fix(release-notes): rename #<num> to "<new title>" +``` + +Always re-grep the file to make sure each PR appears in exactly one section after the move. + +## Important rules + +- **Never** invent dependency versions. Pull them from the chart values files or the container. +- **Never** bump MDSD or Windows AMA versions unless the user explicitly says so — they are tracked in `agentVersion` / `winAgentVersion` and are decoupled from the ciprod tag. +- **Never** modify unrelated files (CI yamls, source code, RBAC rules) inside this skill's PR. Other PRs already in the release brought those changes — this PR is *only* the tag bump and the notes. +- **Never** mark the PR as draft. +- Keep edits idempotent: re-running the skill against the same OLD/NEW must not produce a second diff.