diff --git a/.github/workflows/dapr-pubsub.yaml b/.github/workflows/dapr-pubsub.yaml index f3b08335271..5f74ffd9cb7 100644 --- a/.github/workflows/dapr-pubsub.yaml +++ b/.github/workflows/dapr-pubsub.yaml @@ -22,11 +22,6 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 - uses: actions/setup-go@v4 - with: - go-version: 1.20 - - name: Bootstrap e2e run: | mkdir -p $GITHUB_WORKSPACE/bin diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml index 0220366d5f4..5a9dcd8b463 100644 --- a/.github/workflows/license-lint.yaml +++ b/.github/workflows/license-lint.yaml @@ -27,10 +27,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index eaac5467287..6024bff084b 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -22,10 +22,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Set release version and target branch for vNext if: github.event_name == 'push' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 86ecd33a557..ba4c5875fa1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,10 +34,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Get tag id: get_version diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index be8dd62c9f8..848706b3eaa 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -36,10 +36,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 @@ -61,10 +61,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 @@ -90,11 +90,11 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 - - name: Set up Go 1.20 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check go.mod and manifests run: | # there should be no additional manifest or go.mod changes @@ -113,10 +113,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 @@ -136,7 +136,7 @@ jobs: timeout-minutes: 15 strategy: matrix: - KUBERNETES_VERSION: ["1.24.12", "1.25.8", "1.26.3", "1.27.1"] + KUBERNETES_VERSION: ["1.25.8", "1.26.3", "1.27.1", "1.28.0"] steps: - name: Harden Runner uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 @@ -146,10 +146,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Bootstrap e2e run: | @@ -266,10 +266,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Bootstrap e2e run: | diff --git a/.go-version b/.go-version index 39893559155..3500250a4b0 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.20.0 +1.21.0 diff --git a/.golangci.yaml b/.golangci.yaml index 2d9ae4e0de1..45f97871159 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -22,7 +22,7 @@ linters-settings: locale: US staticcheck: # Select the Go version to target. The default is '1.13'. - go: "1.20" + go: "1.21" linters: disable-all: true diff --git a/Dockerfile b/Dockerfile index 80a3b0948e0..d4db5c85f79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/Makefile b/Makefile index c7480e8c916..3ecc2294a88 100644 --- a/Makefile +++ b/Makefile @@ -17,8 +17,7 @@ VERSION := v3.14.0-beta.0 KIND_VERSION ?= 0.17.0 # note: k8s version pinned since KIND image availability lags k8s releases -KUBERNETES_VERSION ?= 1.27.1 -CRD_KUBECTL_VERSION ?= 1.27.1 +KUBERNETES_VERSION ?= 1.28.0 KUSTOMIZE_VERSION ?= 3.8.9 BATS_VERSION ?= 1.8.2 ORAS_VERSION ?= 0.16.0 @@ -384,7 +383,6 @@ docker-buildx-crds: build-crds docker-buildx-builder docker buildx build \ $(_ATTESTATIONS) \ --build-arg LDFLAGS=${LDFLAGS} \ - --build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \ --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_IMG) \ @@ -403,7 +401,6 @@ docker-buildx-crds-dev: build-crds docker-buildx-builder docker buildx build \ $(_ATTESTATIONS) \ --build-arg LDFLAGS=${LDFLAGS} \ - --build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \ --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_REPOSITORY):$(DEV_TAG) \ @@ -422,7 +419,6 @@ docker-buildx-crds-release: build-crds docker-buildx-builder docker buildx build \ $(_ATTESTATIONS) \ --build-arg LDFLAGS=${LDFLAGS}\ - --build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \ --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_REPOSITORY):$(VERSION) \ diff --git a/Tiltfile b/Tiltfile index 88262e866e7..a141bec7557 100644 --- a/Tiltfile +++ b/Tiltfile @@ -17,7 +17,7 @@ if settings.get("trigger_mode", "auto").lower() == "manual": trigger_mode(TRIGGER_MODE_MANUAL) TILT_DOCKERFILE = """ -FROM golang:1.20-bullseye as tilt-helper +FROM golang:1.21-bullseye as tilt-helper # Support live reloading with Tilt RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/restart.sh && \ wget --output-document /start.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/start.sh && \ @@ -71,7 +71,7 @@ def build_crds(): context=".staging/crds/", target="build", only="crds", - build_args={"KUBE_VERSION": "1.27.1"}, + build_args={"KUBE_VERSION": "1.28.0"}, live_update=[ sync(".staging/crds/", "/crds"), ], diff --git a/crd.Dockerfile b/crd.Dockerfile index cbfc685df12..db9c7c360e4 100644 --- a/crd.Dockerfile +++ b/crd.Dockerfile @@ -1,15 +1,11 @@ -FROM alpine as builder +FROM --platform=$TARGETPLATFORM registry.k8s.io/kubectl:v1.28.1 as builder +ARG TARGETPLATFORM ARG TARGETOS ARG TARGETARCH -ARG KUBE_VERSION - -RUN apk add --no-cache curl && \ - curl -LO https://dl.k8s.io/release/v${KUBE_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl && \ - chmod +x kubectl FROM scratch as build USER 65532:65532 COPY --chown=65532:65532 * /crds/ -COPY --from=builder /kubectl /kubectl +COPY --from=builder /bin/kubectl /kubectl ENTRYPOINT ["/kubectl"] diff --git a/gator.Dockerfile b/gator.Dockerfile index 0da745f86ac..907c1b8f528 100644 --- a/gator.Dockerfile +++ b/gator.Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/test/externaldata/dummy-provider/Dockerfile b/test/externaldata/dummy-provider/Dockerfile index 17bf0bdc746..001880610c9 100644 --- a/test/externaldata/dummy-provider/Dockerfile +++ b/test/externaldata/dummy-provider/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder diff --git a/test/pubsub/fake-subscriber/Dockerfile b/test/pubsub/fake-subscriber/Dockerfile index 30f7c1f7a65..fa389e7c05d 100644 --- a/test/pubsub/fake-subscriber/Dockerfile +++ b/test/pubsub/fake-subscriber/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder @@ -28,7 +28,7 @@ FROM $BASEIMAGE WORKDIR / -COPY --from=builder /go/src/github.com/open-policy-agent/gatekeeper/test/pubsub/fake-subscriber/main . +COPY --from=builder /go/src/github.com/open-policy-agent/gatekeeper/test/pubsub/fake-subscriber/main . USER 65532:65532