kubernetes
diff --git a/‎cmd/krel/cmd/announce_send.go‎
Lines changed: 27 additions & 63 deletions b/‎cmd/krel/cmd/announce_send.go‎
Lines changed: 27 additions & 63 deletions
diff --git a/‎docs/krel/README.md‎
Lines changed: 43 additions & 0 deletions b/‎docs/krel/README.md‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 0 additions & 2 deletions b/‎go.mod‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎go.sum‎
Lines changed: 0 additions & 4 deletions b/‎go.sum‎
Lines changed: 0 additions & 4 deletions
@@ -17,27 +17,23 @@ limitations under the License.
 package cmd
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
-	"sigs.k8s.io/release-utils/env"
 	"sigs.k8s.io/release-utils/helpers"
 	"sigs.k8s.io/release-utils/http"
 
 	"k8s.io/release/pkg/mail"
 	"k8s.io/release/pkg/release"
 )
 
-const (
-	sendgridAPIKeyEnvKey = "SENDGRID_API_KEY" //nolint:gosec // it's just the key
-	nameFlag             = "name"
-	emailFlag            = "email"
-)
+const noBrowserFlag = "no-browser"
 
-// announceCmd represents the subcommand for `krel announce`.
+// sendAnnounceCmd represents the subcommand for `krel announce send`.
 var sendAnnounceCmd = &cobra.Command{
 	Use:   "send",
 	Short: "Announce Kubernetes releases",
@@ -47,28 +43,26 @@ krel announce send can be used to mail an announcement of an already
 built Kubernetes release to the %q and %q Google Groups.
 
 By default the mail will be sent only to a test Google Group %q,
-ie: the announcement run will only be a mock run.  To do an
+ie: the announcement run will only be a mock run. To do an
 official announcement, use the --nomock flag.
 
-It is necessary to export the $%s environment variable. An API key can be created by
-registering a sendgrid.com account and adding the key here:
-
-https://app.sendgrid.com/settings/api_keys
+Email is sent via the Gmail API using Google OAuth. A browser window
+will open for authorization on each run. No additional setup is
+needed.
 
-Beside this, if the flags for a valid sender name (--%s,-n) and sender email
-address (--%s,-e) are not set, then it tries to retrieve those values directly
-from the Sendgrid API.
+Use --%s to print the authorization URL for manual copy/paste
+(useful in headless environments). After authorizing in the browser,
+the redirect will fail to load. Copy the full URL from the browser's
+address bar and paste it back into the terminal.
 
 Setting a valid Kubernetes tag (--%s,-t) is always necessary.
 
-If --%s,-p is given, then krel announce will only print the email content
-without doing anything else.`,
+If --%s,-p is given, then krel announce will only print the email
+content without doing anything else.`,
 		mail.KubernetesAnnounceGoogleGroup,
 		mail.KubernetesDevGoogleGroup,
 		mail.KubernetesAnnounceTestGoogleGroup,
-		sendgridAPIKeyEnvKey,
-		nameFlag,
-		emailFlag,
+		noBrowserFlag,
 		tagFlag,
 		printOnlyFlag,
 	),
@@ -80,30 +74,17 @@ without doing anything else.`,
 }
 
 type sendAnnounceOptions struct {
-	sendgridAPIKey string
-	name           string
-	email          string
+	noBrowser bool
 }
 
 var sendAnnounceOpts = &sendAnnounceOptions{}
 
 func init() {
-	sendAnnounceOpts.sendgridAPIKey = env.Default(sendgridAPIKeyEnvKey, "")
-
-	sendAnnounceCmd.PersistentFlags().StringVarP(
-		&sendAnnounceOpts.name,
-		nameFlag,
-		"n",
-		"",
-		"mail sender name",
-	)
-
-	sendAnnounceCmd.PersistentFlags().StringVarP(
-		&sendAnnounceOpts.email,
-		emailFlag,
-		"e",
-		"",
-		"email address",
+	sendAnnounceCmd.PersistentFlags().BoolVar(
+		&sendAnnounceOpts.noBrowser,
+		noBrowserFlag,
+		false,
+		"disable automatic browser opening for OAuth (manual URL copy/paste)",
 	)
 
 	announceCmd.AddCommand(sendAnnounceCmd)
@@ -126,7 +107,7 @@ func runAnnounce(opts *sendAnnounceOptions, announceRootOpts *announceOptions, r
 	content, err := http.NewAgent().Get(u)
 	if err != nil {
 		return fmt.Errorf(
-			"unable to retrieve release announcement form url: %s: %w", u, err,
+			"unable to retrieve release announcement from url: %s: %w", u, err,
 		)
 	}
 
@@ -137,26 +118,11 @@ func runAnnounce(opts *sendAnnounceOptions, announceRootOpts *announceOptions, r
 		return nil
 	}
 
-	if opts.sendgridAPIKey == "" {
-		return fmt.Errorf(
-			"$%s is not set", sendgridAPIKeyEnvKey,
-		)
-	}
-
-	logrus.Info("Preparing mail sender")
-
-	m := mail.NewSender(opts.sendgridAPIKey)
-
-	if opts.name != "" && opts.email != "" {
-		if err := m.SetSender(opts.name, opts.email); err != nil {
-			return fmt.Errorf("unable to set mail sender: %w", err)
-		}
-	} else {
-		logrus.Info("Retrieving default sender from sendgrid API")
+	logrus.Info("Starting Gmail OAuth flow")
 
-		if err := m.SetDefaultSender(); err != nil {
-			return fmt.Errorf("setting default sender: %w", err)
-		}
+	sender, err := mail.NewGmailSender(context.Background(), opts.noBrowser)
+	if err != nil {
+		return fmt.Errorf("creating Gmail sender: %w", err)
 	}
 
 	groups := []mail.GoogleGroup{mail.KubernetesAnnounceTestGoogleGroup}
@@ -169,9 +135,7 @@ func runAnnounce(opts *sendAnnounceOptions, announceRootOpts *announceOptions, r
 
 	logrus.Infof("Using Google Groups as announcement target: %v", groups)
 
-	if err := m.SetGoogleGroupRecipients(groups...); err != nil {
-		return fmt.Errorf("unable to set mail recipients: %w", err)
-	}
+	sender.SetGoogleGroupRecipients(groups...)
 
 	logrus.Info("Sending mail")
 
@@ -187,7 +151,7 @@ func runAnnounce(opts *sendAnnounceOptions, announceRootOpts *announceOptions, r
 	}
 
 	if yes {
-		if err := m.Send(string(content), subject); err != nil {
+		if err := sender.Send(string(content), subject); err != nil {
 			return fmt.Errorf("unable to send mail: %w", err)
 		}
 	}
 
@@ -54,6 +54,49 @@ krel has several subcommands that perform various tasks during the release lifec
 | stage                               | Stage a new Kubernetes version                                                              |
 | testgridshot                        | Take a screenshot of the testgrid dashboards                                                |
 
+## Sending Release Announcements
+
+The `krel announce send` command sends release announcement emails via the
+Gmail API using Google OAuth. No additional setup is required — a browser
+window will open for authorization on each run.
+
+In mock mode (default), emails are sent to
+[kubernetes-announce-test](https://groups.google.com/g/kubernetes-announce-test).
+In production mode (`--nomock`), emails are sent to
+[kubernetes-announce](https://groups.google.com/g/kubernetes-announce) and
+[dev@kubernetes.io](https://groups.google.com/a/kubernetes.io/g/dev).
+
+```shell
+# Mock run (sends to kubernetes-announce-test only):
+krel announce send --tag v1.35.1
+
+# Production run (sends to kubernetes-announce and dev):
+krel announce send --tag v1.35.1 --nomock
+
+# Print announcement content without sending:
+krel announce send --tag v1.35.1 --print-only
+```
+
+### Headless environments (`--no-browser`)
+
+If you are running `krel` in a headless environment (e.g. SSH session), use the
+`--no-browser` flag:
+
+```shell
+krel announce send --tag v1.35.1 --no-browser
+```
+
+This prints the OAuth authorization URL to the terminal instead of opening a
+browser. Open the URL in any browser (can be on another machine), authorize the
+application, and the browser will redirect to `http://localhost?code=...`. Since
+no local server is listening, the page will fail to load — this is expected.
+Copy the full URL from the browser's address bar and paste it back into the
+terminal to complete authentication.
+
+The OAuth app is managed in the
+[k8s-release](https://console.cloud.google.com/auth/clients?project=k8s-release)
+Google Cloud project.
+
 ## Important Notes
 
 Some of the krel subcommands are under development and their usage may already differ from these docs.
@@ -21,8 +21,6 @@ require (
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481
 	github.com/psampaz/go-mod-outdated v0.9.0
 	github.com/saschagrunert/go-modiff v1.3.5
-	github.com/sendgrid/rest v2.6.9+incompatible
-	github.com/sendgrid/sendgrid-go v3.16.1+incompatible
 	github.com/sergi/go-diff v1.4.0
 	github.com/shirou/gopsutil/v3 v3.24.5
 	github.com/shurcooL/githubv4 v0.0.0-20220115235240-a14260e6f8a2
 
@@ -801,10 +801,6 @@ github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL
 github.com/secure-systems-lab/go-securesystemslib v0.9.1/go.mod h1:np53YzT0zXGMv6x4iEWc9Z59uR+x+ndLwCLqPYpLXVU=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
-github.com/sendgrid/rest v2.6.9+incompatible h1:1EyIcsNdn9KIisLW50MKwmSRSK+ekueiEMJ7NEoxJo0=
-github.com/sendgrid/rest v2.6.9+incompatible/go.mod h1:kXX7q3jZtJXK5c5qK83bSGMdV6tsOE70KbHoqJls4lE=
-github.com/sendgrid/sendgrid-go v3.16.1+incompatible h1:zWhTmB0Y8XCDzeWIm2/BIt1GjJohAA0p6hVEaDtHWWs=
-github.com/sendgrid/sendgrid-go v3.16.1+incompatible/go.mod h1:QRQt+LX/NmgVEvmdRw0VT/QgUn499+iza2FnDca9fg8=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
 github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=