From adb37501813c8fc1e5c3a58605506e22a215c130 Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Tue, 30 Jan 2024 13:17:46 +0100
Subject: [PATCH] feat(opa): Add version 0.61.0 (#538)

* feat(opa): Add version 0.61.0

* changelog
---
 CHANGELOG.md                  |  2 ++
 conf.py                       |  7 ++++
 opa/upload_new_opa_version.sh | 63 ++++++++++++++++++-----------------
 3 files changed, 41 insertions(+), 31 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4324836cf..72dc86326 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file.
 - testing-tools: Add krb5-user library for Kerberos tests ([#531]).
 - testing-tools: Add the Python library Beautiful Soup 4 ([#536]).
 - java-base: Add `openjdk-devel` package for tool such as `jps` or `jmap` ([#537]).
+- opa: Add version `0.61.0` ([#538]).
 
 ### Changed
 
@@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file.
 [#531]: https://github.com/stackabletech/docker-images/pull/531
 [#536]: https://github.com/stackabletech/docker-images/pull/536
 [#537]: https://github.com/stackabletech/docker-images/pull/537
+[#538]: https://github.com/stackabletech/docker-images/pull/538
 
 ## [23.11.0] - 2023-11-30
 
diff --git a/conf.py b/conf.py
index 27bbb79f3..8d3b161d7 100644
--- a/conf.py
+++ b/conf.py
@@ -241,6 +241,13 @@
                 "vector": "0.33.0",
                 "bundle_builder_version": "1.1.0",
             },
+            # 2024-01-30: We only added 0.61.0 to be able to write Rego rules v1.
+            # The regular product version update process must take care of removing unsupported versions and bumping vector
+            {
+                "product": "0.61.0",
+                "vector": "0.33.0",
+                "bundle_builder_version": "1.1.0",
+            },
         ],
     },
     {
diff --git a/opa/upload_new_opa_version.sh b/opa/upload_new_opa_version.sh
index dbcf0b458..ebe0dbe12 100755
--- a/opa/upload_new_opa_version.sh
+++ b/opa/upload_new_opa_version.sh
@@ -29,34 +29,35 @@ trap cleanup EXIT
 
 cd "$WORK_DIR" || exit
 
-bin_file=opa_linux_amd64_static
-download_url="https://openpolicyagent.org/downloads/v${VERSION}/${bin_file}"
-
-echo "Downloading OPA from ${download_url}"
-curl --fail -L -o "${bin_file}" "${download_url}"
-echo "Downloading OPA checksum from ${download_url}.sha256"
-curl --fail -L -o "${bin_file}".sha256 "${download_url}".sha256
-
-echo "Validating SHA256 Checksum"
-if ! (sha256sum "${bin_file}" | diff - "${bin_file}".sha256); then
-  echo "ERROR: One of the SHA256 sums does not match"
-  exit 1
-fi
-
-versioned_bin_file=${bin_file}_${VERSION}
-echo "Tag bin file and SHA with version ${bin_file} -> ${versioned_bin_file}"
-mv "${bin_file}" "${versioned_bin_file}"
-mv "${bin_file}".sha256 "${versioned_bin_file}".sha256
-
-echo "Uploading everything to Nexus"
-EXIT_STATUS=0
-curl --fail -u "$NEXUS_USER:$NEXUS_PASSWORD" --upload-file "${versioned_bin_file}" 'https://repo.stackable.tech/repository/packages/opa/' || EXIT_STATUS=$?
-curl --fail -u "$NEXUS_USER:$NEXUS_PASSWORD" --upload-file "${versioned_bin_file}".sha256 'https://repo.stackable.tech/repository/packages/opa/' || EXIT_STATUS=$?
-
-if [ $EXIT_STATUS -ne 0 ]; then
-  echo "ERROR: Upload failed"
-  exit 1
-fi
-
-echo "Successfully uploaded version $VERSION of OPA to Nexus"
-echo "https://repo.stackable.tech/service/rest/repository/browse/packages/opa/"
+for bin_file in opa_linux_amd64_static opa_linux_arm64_static; do
+  download_url="https://openpolicyagent.org/downloads/v${VERSION}/${bin_file}"
+
+  echo "Downloading OPA from ${download_url}"
+  curl --fail -L -o "${bin_file}" "${download_url}"
+  echo "Downloading OPA checksum from ${download_url}.sha256"
+  curl --fail -L -o "${bin_file}".sha256 "${download_url}".sha256
+
+  echo "Validating SHA256 Checksum"
+  if ! (sha256sum "${bin_file}" | diff - "${bin_file}".sha256); then
+    echo "ERROR: One of the SHA256 sums does not match"
+    exit 1
+  fi
+
+  versioned_bin_file=${bin_file}_${VERSION}
+  echo "Tag bin file and SHA with version ${bin_file} -> ${versioned_bin_file}"
+  mv "${bin_file}" "${versioned_bin_file}"
+  mv "${bin_file}".sha256 "${versioned_bin_file}".sha256
+
+  echo "Uploading everything to Nexus"
+  EXIT_STATUS=0
+  curl --fail -u "$NEXUS_USER:$NEXUS_PASSWORD" --upload-file "${versioned_bin_file}" 'https://repo.stackable.tech/repository/packages/opa/' || EXIT_STATUS=$?
+  curl --fail -u "$NEXUS_USER:$NEXUS_PASSWORD" --upload-file "${versioned_bin_file}".sha256 'https://repo.stackable.tech/repository/packages/opa/' || EXIT_STATUS=$?
+
+  if [ $EXIT_STATUS -ne 0 ]; then
+    echo "ERROR: Upload failed"
+    exit 1
+  fi
+
+  echo "Successfully uploaded version $VERSION of OPA to Nexus"
+  echo "https://repo.stackable.tech/service/rest/repository/browse/packages/opa/"
+done