Merge branch 'master' into acpana/syncsets-rt-r

acpana · Oct 12, 2023 · a1e153f · a1e153f
2 parents 6a260a3 + 7ff27dd
commit a1e153f
Show file tree

Hide file tree

Showing 26 changed files with 93 additions and 83 deletions.
diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml
@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -17,20 +17,20 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
       - name: Checkout repository
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9
+        uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9
+        uses: github/codeql-action/autobuild@fdcae64e1484d349b3366718cdfef3d404390e85
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9
+        uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85
diff --git a/.github/workflows/dapr-pubsub.yaml b/.github/workflows/dapr-pubsub.yaml
@@ -22,11 +22,6 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
-    - name: Set up Go 1.20
-      uses: actions/setup-go@v4
-      with:
-        go-version: 1.20
-
     - name: Bootstrap e2e
       run: |
         mkdir -p $GITHUB_WORKSPACE/bin

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml
@@ -23,14 +23,14 @@ jobs:
       contents: read
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2

diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml
@@ -19,7 +19,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml
@@ -18,14 +18,14 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Set release version and target branch for vNext
         if: github.event_name == 'push'

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -27,17 +27,17 @@ jobs:
             docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base"
 
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Get tag
         id: get_version

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -71,6 +71,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+        uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/upgrade.yaml b/.github/workflows/upgrade.yaml
@@ -25,7 +25,7 @@ jobs:
         HELM_VERSION: ["3.7.2"]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml
@@ -25,7 +25,7 @@ jobs:
         working-directory: website
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -32,14 +32,14 @@ jobs:
     timeout-minutes: 7
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
@@ -57,14 +57,14 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
@@ -85,16 +85,16 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2
-      - name: Set up Go 1.20
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - name: Check go.mod and manifests
         run: |
           # there should be no additional manifest or go.mod changes
@@ -109,14 +109,14 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
@@ -136,20 +136,20 @@ jobs:
     timeout-minutes: 15
     strategy:
       matrix:
-        KUBERNETES_VERSION: ["1.24.12", "1.25.8", "1.26.3", "1.27.1"]
+        KUBERNETES_VERSION: ["1.25.8", "1.26.3", "1.27.1", "1.28.0"]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
-      - name: Set up Go 1.20
+      - name: Set up Go
         uses: actions/setup-go@v4 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Bootstrap e2e
         run: |
@@ -197,7 +197,7 @@ jobs:
         GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
@@ -259,17 +259,17 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
       with:
         egress-policy: audit
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
-    - name: Set up Go 1.20
+    - name: Set up Go
       uses: actions/setup-go@v4 # v4.0.1
       with:
-        go-version: "1.20"
+        go-version: "1.21"
 
     - name: Bootstrap e2e
       run: |
@@ -317,7 +317,7 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.20.0
+1.21.0
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -22,7 +22,7 @@ linters-settings:
     locale: US
   staticcheck:
     # Select the Go version to target. The default is '1.13'.
-    go: "1.20"
+    go: "1.21"
 
 linters:
   disable-all: true

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 ARG BUILDPLATFORM="linux/amd64"
-ARG BUILDERIMAGE="golang:1.20-bullseye"
+ARG BUILDERIMAGE="golang:1.21-bullseye"
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 ARG BASEIMAGE="gcr.io/distroless/static:nonroot"

diff --git a/Makefile b/Makefile
@@ -17,8 +17,7 @@ VERSION := v3.14.0-beta.0
 
 KIND_VERSION ?= 0.17.0
 # note: k8s version pinned since KIND image availability lags k8s releases
-KUBERNETES_VERSION ?= 1.27.1
-CRD_KUBECTL_VERSION ?= 1.27.1
+KUBERNETES_VERSION ?= 1.28.0
 KUSTOMIZE_VERSION ?= 3.8.9
 BATS_VERSION ?= 1.8.2
 ORAS_VERSION ?= 0.16.0
@@ -384,7 +383,6 @@ docker-buildx-crds: build-crds docker-buildx-builder
 	docker buildx build \
 		$(_ATTESTATIONS) \
 		--build-arg LDFLAGS=${LDFLAGS} \
-		--build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \
 		--platform="$(PLATFORM)" \
 		--output=$(OUTPUT_TYPE) \
 		-t $(CRD_IMG) \
@@ -403,7 +401,6 @@ docker-buildx-crds-dev: build-crds docker-buildx-builder
 	docker buildx build \
 		$(_ATTESTATIONS) \
 		--build-arg LDFLAGS=${LDFLAGS} \
-		--build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \
 		--platform="$(PLATFORM)" \
 		--output=$(OUTPUT_TYPE) \
 		-t $(CRD_REPOSITORY):$(DEV_TAG) \
@@ -422,7 +419,6 @@ docker-buildx-crds-release: build-crds docker-buildx-builder
 	docker buildx build \
 		$(_ATTESTATIONS) \
 		--build-arg LDFLAGS=${LDFLAGS}\
-		--build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \
 		--platform="$(PLATFORM)" \
 		--output=$(OUTPUT_TYPE) \
 		-t $(CRD_REPOSITORY):$(VERSION) \

diff --git a/Tiltfile b/Tiltfile
@@ -17,7 +17,7 @@ if settings.get("trigger_mode", "auto").lower() == "manual":
     trigger_mode(TRIGGER_MODE_MANUAL)
 
 TILT_DOCKERFILE = """
-FROM golang:1.20-bullseye as tilt-helper
+FROM golang:1.21-bullseye as tilt-helper
 # Support live reloading with Tilt
 RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/restart.sh && \
     wget --output-document /start.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/start.sh && \
@@ -71,7 +71,7 @@ def build_crds():
         context=".staging/crds/",
         target="build",
         only="crds",
-        build_args={"KUBE_VERSION": "1.27.1"},
+        build_args={"KUBE_VERSION": "1.28.0"},
         live_update=[
             sync(".staging/crds/", "/crds"),
         ],

diff --git a/build/tooling/Dockerfile b/build/tooling/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-bullseye@sha256:02f350d8452d3f9693a450586659ecdc6e40e9be8f8dfc6d402300d87223fdfa
+FROM golang:1.21-bullseye@sha256:23ad9fe7915fab922c85c8ab34768c5fb58f10c20fdcce3c5b700cbffdb2ae78
 
 RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/[email protected]
 RUN GO111MODULE=on go install k8s.io/code-generator/cmd/[email protected]

diff --git a/crd.Dockerfile b/crd.Dockerfile
@@ -1,15 +1,11 @@
-FROM alpine as builder
+FROM --platform=$TARGETPLATFORM registry.k8s.io/kubectl:v1.28.1 as builder
 
+ARG TARGETPLATFORM
 ARG TARGETOS
 ARG TARGETARCH
-ARG KUBE_VERSION
-
-RUN apk add --no-cache curl && \
-    curl -LO https://dl.k8s.io/release/v${KUBE_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl && \
-    chmod +x kubectl
 
 FROM scratch as build
 USER 65532:65532
 COPY --chown=65532:65532 * /crds/
-COPY --from=builder /kubectl /kubectl
+COPY --from=builder /bin/kubectl /kubectl
 ENTRYPOINT ["/kubectl"]