internal/task: add workflow to pre-announce x fixes

Similar to the minor release pre-announcement workflow, add a workflow
which allows us to pre-announce fixes to golang.org/x/ (or other)
modules. This lets us standardize the process, and send messages in the
same way we do for other security content.

Additionally, factor out the announcement email sending logic, which
was duplicated across announcement and pre-announcement workflows.

Change-Id: Id0bda3cb47b5107ab6b66da57a0d8641c4770db4
Reviewed-on: https://go-review.googlesource.com/c/build/+/642296
Auto-Submit: Roland Shoemaker <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

Author: rolandshoemaker

internal/relui/workflows.go

@@ -292,6 +292,22 @@ func RegisterReleaseWorkflows(ctx context.Context, h *DefinitionHolder, build *B
 		h.RegisterDefinition("pre-announce next minor release for Go "+strings.Join(names, " and "), wd)
 	}
 
+	// Register pre-announcement workflow for golang.org/x/ fixes.
+	{
+		wd := wf.New(wf.ACL{Groups: []string{groups.SecurityTeam}})
+
+		module := wf.Param(wd, wf.ParamDef[string]{Name: "Module path", ParamType: wf.BasicString})
+		pkgs := wf.Param(wd, wf.ParamDef[[]string]{Name: "Packages affected", ParamType: wf.SliceShort})
+		targetDate := wf.Param(wd, targetDateParam)
+		cves := wf.Param(wd, securityPreAnnCVEsParam)
+		coordinators := wf.Param(wd, releaseCoordinators)
+
+		sentMail := wf.Task5(wd, "mail-pre-announcement", comm.PreAnnounceXFix, module, pkgs, targetDate, cves, coordinators)
+		wf.Output(wd, "Pre-announcement URL", wf.Task1(wd, "await-pre-announcement", comm.AwaitAnnounceMail, sentMail))
+
+		h.RegisterDefinition("pre-announce golang.org/x security fix", wd)
+	}
+
 	// Register workflows for miscellaneous tasks that happen as part of the Go release cycle (go.dev/s/release).
 	{
 		// Register an "apply wait-release to CLs" workflow.

internal/task/announce.go

@@ -89,6 +89,25 @@ type releasePreAnnouncement struct {
 	Names []string
 }
 
+type golangOrgXPreAnnouncement struct {
+	// Target is the planned date for the release.
+	Target Date
+
+	// Module is the module the security fixes are in.
+	Module string
+
+	// Package is the package the security fix is in.
+	Packages []string
+
+	// CVEs is the list of CVEs for PRIVATE track fixes to
+	// be included in the release pre-announcement.
+	CVEs []string
+
+	// Names is an optional list of release coordinator names to
+	// include in the sign-off message.
+	Names []string
+}
+
 // A Date represents a single calendar day (year, month, day).
 //
 // This type does not include location information, and
@@ -156,42 +175,7 @@ func (t AnnounceMailTasks) AnnounceRelease(ctx *workflow.TaskContext, kind Relea
 		r.SecondaryVersion = published[1].Version
 	}
 
-	// Generate the announcement email.
-	m, err := announcementMail(r)
-	if err != nil {
-		return SentMail{}, err
-	}
-	ctx.Printf("announcement subject: %s\n\n", m.Subject)
-	ctx.Printf("announcement body HTML:\n%s\n", m.BodyHTML)
-	ctx.Printf("announcement body text:\n%s", m.BodyText)
-
-	// Before sending, check to see if this announcement already exists.
-	if threadURL, err := findGoogleGroupsThread(ctx, m.Subject); err != nil {
-		// Proceeding would risk sending a duplicate email, so error out instead.
-		return SentMail{}, fmt.Errorf("stopping early due to error checking for an existing Google Groups thread: %w", err)
-	} else if threadURL != "" {
-		// This should never happen since this task runs once per release.
-		// It can happen under unusual circumstances, for example if the task crashes after
-		// mailing but before completion, or if parts of the release workflow are restarted,
-		// or if a human mails the announcement email manually out of band.
-		//
-		// So if we see that the email exists, consider it as "task completed successfully"
-		// and pretend we were the ones that sent it, so the high level workflow can keep going.
-		ctx.Printf("a Google Groups thread with matching subject %q already exists at %q, so we'll consider that as it being sent successfully", m.Subject, threadURL)
-		return SentMail{m.Subject}, nil
-	}
-
-	// Send the announcement email to the destination mailing lists.
-	if t.SendMail == nil {
-		return SentMail{Subject: "[dry-run] " + m.Subject}, nil
-	}
-	ctx.DisableRetries()
-	err = t.SendMail(t.AnnounceMailHeader, m)
-	if err != nil {
-		return SentMail{}, err
-	}
-
-	return SentMail{m.Subject}, nil
+	return t.generateAndSendAnnouncementMail(ctx, r)
 }
 
 // PreAnnounceRelease sends an email pre-announcing a Go release
@@ -232,34 +216,7 @@ func (t AnnounceMailTasks) PreAnnounceRelease(ctx *workflow.TaskContext, version
 		r.SecondaryVersion = versions[1]
 	}
 
-	// Generate the pre-announcement email.
-	m, err := announcementMail(r)
-	if err != nil {
-		return SentMail{}, err
-	}
-	ctx.Printf("pre-announcement subject: %s\n\n", m.Subject)
-	ctx.Printf("pre-announcement body HTML:\n%s\n", m.BodyHTML)
-	ctx.Printf("pre-announcement body text:\n%s", m.BodyText)
-
-	// Before sending, check to see if this pre-announcement already exists.
-	if threadURL, err := findGoogleGroupsThread(ctx, m.Subject); err != nil {
-		return SentMail{}, fmt.Errorf("stopping early due to error checking for an existing Google Groups thread: %w", err)
-	} else if threadURL != "" {
-		ctx.Printf("a Google Groups thread with matching subject %q already exists at %q, so we'll consider that as it being sent successfully", m.Subject, threadURL)
-		return SentMail{m.Subject}, nil
-	}
-
-	// Send the pre-announcement email to the destination mailing lists.
-	if t.SendMail == nil {
-		return SentMail{Subject: "[dry-run] " + m.Subject}, nil
-	}
-	ctx.DisableRetries()
-	err = t.SendMail(t.AnnounceMailHeader, m)
-	if err != nil {
-		return SentMail{}, err
-	}
-
-	return SentMail{m.Subject}, nil
+	return t.generateAndSendAnnouncementMail(ctx, r)
 }
 
 func coordinatorFirstNames(users []string) ([]string, error) {
@@ -269,6 +226,40 @@ func coordinatorFirstNames(users []string) ([]string, error) {
 	})
 }
 
+func (t AnnounceMailTasks) PreAnnounceXFix(ctx *workflow.TaskContext, module string, pkgs []string, target Date, cves []string, users []string) (SentMail, error) {
+	if deadline, ok := ctx.Deadline(); ok && time.Until(deadline) < time.Minute {
+		return SentMail{}, fmt.Errorf("insufficient time for pre-announce release task; a minimum of a minute left on context is required")
+	}
+	now := time.Now().UTC()
+	if t.testHookNow != nil {
+		now = t.testHookNow()
+	}
+	for _, p := range pkgs {
+		if !strings.HasPrefix(p, module) {
+			return SentMail{}, fmt.Errorf("package %q is not inside module %q", p, module)
+		}
+	}
+	if !target.After(now.Year(), now.Month(), now.Day()) { // A very simple check. Improve as needed.
+		return SentMail{}, fmt.Errorf("target release date is not in the future")
+	}
+	if len(cves) == 0 {
+		return SentMail{}, errors.New("CVEs are not specified")
+	}
+	names, err := coordinatorFirstNames(users)
+	if err != nil {
+		return SentMail{}, err
+	}
+	r := golangOrgXPreAnnouncement{
+		Target:   target,
+		Module:   module,
+		Packages: pkgs,
+		CVEs:     cves,
+		Names:    names,
+	}
+
+	return t.generateAndSendAnnouncementMail(ctx, r)
+}
+
 func coordinatorEmails(users []string) ([]string, error) {
 	return mapCoordinators(users, func(p *gophers.Person) string {
 		return p.Gerrit
@@ -337,6 +328,8 @@ type MailContent struct {
 // which must be one of these types:
 //   - releaseAnnouncement for a release announcement
 //   - releasePreAnnouncement for a release pre-announcement
+//   - golangOrgXPreAnnouncement for a golang.org/x (or other Go module) security
+//     release pre-announcement
 //   - goplsPrereleaseAnnouncement for a gopls pre-announcement
 func announcementMail(data any) (MailContent, error) {
 	// Select the appropriate template name.
@@ -368,6 +361,8 @@ func announcementMail(data any) (MailContent, error) {
 		}
 	case releasePreAnnouncement:
 		name = "pre-announce-minor.md"
+	case golangOrgXPreAnnouncement:
+		name = "pre-announce-x.md"
 	case goplsReleaseAnnouncement:
 		name = "gopls-announce.md"
 	case goplsPrereleaseAnnouncement:
@@ -482,6 +477,7 @@ var announceTmpl = template.Must(template.New("").Funcs(template.FuncMap{
 }).ParseFS(tmplDir,
 	"template/announce-*.md",
 	"template/pre-announce-minor.md",
+	"template/pre-announce-x.md",
 	// Gopls release announcements.
 	"template/gopls-announce.md",
 	"template/gopls-pre-announce.md",
@@ -786,3 +782,41 @@ func (markdownToTextRenderer) Render(w io.Writer, source []byte, n ast.Node) err
 	return ast.Walk(n, walk)
 }
 func (markdownToTextRenderer) AddOptions(...renderer.Option) {}
+
+func (t AnnounceMailTasks) generateAndSendAnnouncementMail(ctx *workflow.TaskContext, data any) (SentMail, error) {
+	// Generate the announcement email.
+	m, err := announcementMail(data)
+	if err != nil {
+		return SentMail{}, err
+	}
+	ctx.Printf("announcement subject: %s\n\n", m.Subject)
+	ctx.Printf("announcement body HTML:\n%s\n", m.BodyHTML)
+	ctx.Printf("announcement body text:\n%s", m.BodyText)
+
+	// Before sending, check to see if this announcement already exists.
+	if threadURL, err := findGoogleGroupsThread(ctx, m.Subject); err != nil {
+		return SentMail{}, fmt.Errorf("stopping early due to error checking for an existing Google Groups thread: %w", err)
+	} else if threadURL != "" {
+		// This should never happen since this task runs once per release.
+		// It can happen under unusual circumstances, for example if the task crashes after
+		// mailing but before completion, or if parts of the release workflow are restarted,
+		// or if a human mails the announcement email manually out of band.
+		//
+		// So if we see that the email exists, consider it as "task completed successfully"
+		// and pretend we were the ones that sent it, so the high level workflow can keep going.
+		ctx.Printf("a Google Groups thread with matching subject %q already exists at %q, so we'll consider that as it being sent successfully", m.Subject, threadURL)
+		return SentMail{m.Subject}, nil
+	}
+
+	// Send the announcement email to the destination mailing lists.
+	if t.SendMail == nil {
+		return SentMail{Subject: "[dry-run] " + m.Subject}, nil
+	}
+	ctx.DisableRetries()
+	err = t.SendMail(t.AnnounceMailHeader, m)
+	if err != nil {
+		return SentMail{}, err
+	}
+
+	return SentMail{m.Subject}, nil
+}

internal/task/announce_test.go

@@ -349,9 +349,9 @@ func TestPreAnnounceRelease(t *testing.T) {
 			cves:         []string{"cve-2022-1234", "cve-2023-1234"},
 			coordinators: []string{"tatiana"},
 			want:         SentMail{Subject: "[security] Go 1.18.4 and Go 1.17.11 pre-announcement"},
-			wantLog: `pre-announcement subject: [security] Go 1.18.4 and Go 1.17.11 pre-announcement
+			wantLog: `announcement subject: [security] Go 1.18.4 and Go 1.17.11 pre-announcement
 
-pre-announcement body HTML:
+announcement body HTML:
 <p>Hello gophers,</p>
 <p>We plan to issue Go 1.18.4 and Go 1.17.11 during US business hours on Tuesday, July 12.</p>
 <p>These minor releases include PRIVATE security fixes to the standard library, covering the following CVEs:</p>
@@ -363,7 +363,7 @@ pre-announcement body HTML:
 <p>Thanks,<br>
 Tatiana for the Go team</p>
 
-pre-announcement body text:
+announcement body text:
 Hello gophers,
 
 We plan to issue Go 1.18.4 and Go 1.17.11 during US business hours on Tuesday, July 12.
@@ -406,6 +406,123 @@ Tatiana for the Go team` + "\n",
 	}
 }
 
+func TestPreAnnounceXFix(t *testing.T) {
+	if testing.Short() {
+		t.Skip("not running test that uses internet in short mode")
+	}
+
+	tests := [...]struct {
+		name         string
+		target       Date
+		module       string
+		packages     []string
+		cves         []string
+		coordinators []string
+		want         SentMail
+		wantLog      string
+	}{
+		{
+			name:         "x fix, single package",
+			target:       Date{2022, time.July, 12},
+			module:       "golang.org/x/crypto",
+			packages:     []string{"golang.org/x/crypto/ssh"},
+			cves:         []string{"CVE-2025-1234", "CVE-2025-1235"},
+			coordinators: []string{"roland"},
+			want:         SentMail{Subject: "[security] golang.org/x/crypto fix pre-announcement"},
+			wantLog: `announcement subject: [security] golang.org/x/crypto fix pre-announcement
+
+announcement body HTML:
+<p>Hello gophers,</p>
+<p>We plan to issue a security fix for the package golang.org/x/crypto/ssh in the golang.org/x/crypto module during US business hours on Tuesday, July 12.</p>
+<p>This will cover the following CVEs:</p>
+<ul>
+<li>CVE-2025-1234</li>
+<li>CVE-2025-1235</li>
+</ul>
+<p>Following our security policy, this is the pre-announcement of the fix.</p>
+<p>Thanks,<br>
+Roland for the Go team</p>
+
+announcement body text:
+Hello gophers,
+
+We plan to issue a security fix for the package golang.org/x/crypto/ssh in the golang.org/x/crypto module during US business hours on Tuesday, July 12.
+
+This will cover the following CVEs:
+
+-	CVE-2025-1234
+
+-	CVE-2025-1235
+
+Following our security policy, this is the pre-announcement of the fix.
+
+Thanks,
+Roland for the Go team` + "\n",
+		},
+		{
+			name:         "x fix, multiple packages",
+			target:       Date{2022, time.July, 12},
+			module:       "golang.org/x/crypto",
+			packages:     []string{"golang.org/x/crypto/ssh", "golang.org/x/crypto/ocsp", "golang.org/x/crypto/xts"},
+			cves:         []string{"CVE-2025-1234", "CVE-2025-1235"},
+			coordinators: []string{"roland"},
+			want:         SentMail{Subject: "[security] golang.org/x/crypto fix pre-announcement"},
+			wantLog: `announcement subject: [security] golang.org/x/crypto fix pre-announcement
+
+announcement body HTML:
+<p>Hello gophers,</p>
+<p>We plan to issue a security fix for the packages golang.org/x/crypto/ssh, golang.org/x/crypto/ocsp, and golang.org/x/crypto/xts in the golang.org/x/crypto module during US business hours on Tuesday, July 12.</p>
+<p>This will cover the following CVEs:</p>
+<ul>
+<li>CVE-2025-1234</li>
+<li>CVE-2025-1235</li>
+</ul>
+<p>Following our security policy, this is the pre-announcement of the fix.</p>
+<p>Thanks,<br>
+Roland for the Go team</p>
+
+announcement body text:
+Hello gophers,
+
+We plan to issue a security fix for the packages golang.org/x/crypto/ssh, golang.org/x/crypto/ocsp, and golang.org/x/crypto/xts in the golang.org/x/crypto module during US business hours on Tuesday, July 12.
+
+This will cover the following CVEs:
+
+-	CVE-2025-1234
+
+-	CVE-2025-1235
+
+Following our security policy, this is the pre-announcement of the fix.
+
+Thanks,
+Roland for the Go team` + "\n",
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			tasks := AnnounceMailTasks{
+				SendMail:    func(h MailHeader, c MailContent) error { return nil },
+				testHookNow: func() time.Time { return time.Date(2022, time.July, 7, 0, 0, 0, 0, time.UTC) },
+			}
+			var buf bytes.Buffer
+			ctx := &workflow.TaskContext{Context: context.Background(), Logger: fmtWriter{&buf}}
+			sentMail, err := tasks.PreAnnounceXFix(ctx, tc.module, tc.packages, tc.target, tc.cves, tc.coordinators)
+			if err != nil {
+				if fe := (fetchError{}); errors.As(err, &fe) && fe.PossiblyRetryable {
+					t.Skip("test run produced no actionable signal due to a transient network error:", err) // See go.dev/issue/60541.
+				}
+				t.Fatal("task function returned non-nil error:", err)
+			}
+			if diff := cmp.Diff(tc.want, sentMail); diff != "" {
+				t.Errorf("sent mail mismatch (-want +got):\n%s", diff)
+			}
+			if diff := cmp.Diff(tc.wantLog, buf.String()); diff != "" {
+				t.Errorf("log mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
+
 func TestFindGoogleGroupsThread(t *testing.T) {
 	if testing.Short() {
 		t.Skip("not running test that uses internet in short mode")

internal/task/template/pre-announce-x.md

@@ -0,0 +1,15 @@
+Subject: [security] {{.Module}} fix pre-announcement
+
+Hello gophers,
+
+We plan to issue a security fix for the package{{$numPkgs := len .Packages}}{{if gt $numPkgs 1}}s{{end}} {{join .Packages}} in the {{.Module}} module during US business hours on {{.Target.Format "Monday, January 2"}}.
+
+This will cover the following CVEs:
+
+{{range .CVEs}}- {{.}}
+{{end}}
+
+Following our security policy, this is the pre-announcement of the fix.
+
+Thanks,
+{{with .Names}}{{join .}} for the{{else}}The{{end}} Go team