From 7012fdb80ab00b46a63d5ca41c0cb225586a7b49 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 09:57:03 -0700 Subject: [PATCH 1/6] chore: bump golang from `02f350d` to `4369695` in /build/tooling (#2997) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- build/tooling/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/tooling/Dockerfile b/build/tooling/Dockerfile index 5d05bfc1288..813466bfb42 100644 --- a/build/tooling/Dockerfile +++ b/build/tooling/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-bullseye@sha256:02f350d8452d3f9693a450586659ecdc6e40e9be8f8dfc6d402300d87223fdfa +FROM golang:1.21-bullseye@sha256:23ad9fe7915fab922c85c8ab34768c5fb58f10c20fdcce3c5b700cbffdb2ae78 RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0 RUN GO111MODULE=on go install k8s.io/code-generator/cmd/conversion-gen@v0.25.4 From c37f405126a2ed63cf2359e73a71bb926b441a77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 09:57:28 -0700 Subject: [PATCH 2/6] chore: bump golang from `02f350d` to `4369695` in /test/image (#2996) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- test/image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/image/Dockerfile b/test/image/Dockerfile index 34db32e5ab5..0258218ebae 100644 --- a/test/image/Dockerfile +++ b/test/image/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-bullseye@sha256:02f350d8452d3f9693a450586659ecdc6e40e9be8f8dfc6d402300d87223fdfa as builder +FROM golang:1.21-bullseye@sha256:23ad9fe7915fab922c85c8ab34768c5fb58f10c20fdcce3c5b700cbffdb2ae78 as builder ARG BATS_VERSION ARG ORAS_VERSION From 061a69c4f08809da367427c465e30227052cd545 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 09:58:03 -0700 Subject: [PATCH 3/6] chore: bump the all group with 3 updates (#3051) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- .github/workflows/benchmark.yaml | 2 +- .github/workflows/codeql.yaml | 8 ++++---- .github/workflows/dependency-review.yml | 2 +- .github/workflows/license-lint.yaml | 2 +- .github/workflows/pre-release.yaml | 2 +- .github/workflows/release-pr.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scorecards.yml | 6 +++--- .github/workflows/upgrade.yaml | 2 +- .github/workflows/website.yaml | 2 +- .github/workflows/workflow.yaml | 16 ++++++++-------- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml index ad556955241..40203bff4ce 100644 --- a/.github/workflows/benchmark.yaml +++ b/.github/workflows/benchmark.yaml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f62cdf2c656..4b410e173dd 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -17,7 +17,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -25,12 +25,12 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Initialize CodeQL - uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 + uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 + uses: github/codeql-action/autobuild@fdcae64e1484d349b3366718cdfef3d404390e85 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 + uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ec2b06f1278..48a9079fa9b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml index 77bb2192e62..0220366d5f4 100644 --- a/.github/workflows/license-lint.yaml +++ b/.github/workflows/license-lint.yaml @@ -23,7 +23,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index 5bce6c558f9..7046a31c0e3 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -19,7 +19,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index e2228c1c1ff..eaac5467287 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c983caa2371..86ecd33a557 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base" - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f37881f91c4..303791cfb9e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 with: results_file: results.sarif results_format: sarif @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9 + uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade.yaml b/.github/workflows/upgrade.yaml index 8d35cd50316..1e0f5bcbbca 100644 --- a/.github/workflows/upgrade.yaml +++ b/.github/workflows/upgrade.yaml @@ -25,7 +25,7 @@ jobs: HELM_VERSION: ["3.7.2"] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml index 47d165a2cf0..90b8f5d7b45 100644 --- a/.github/workflows/website.yaml +++ b/.github/workflows/website.yaml @@ -25,7 +25,7 @@ jobs: working-directory: website steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 5553861d8e4..be8dd62c9f8 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -32,7 +32,7 @@ jobs: timeout-minutes: 7 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -57,7 +57,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -85,7 +85,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -109,7 +109,7 @@ jobs: timeout-minutes: 5 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -139,7 +139,7 @@ jobs: KUBERNETES_VERSION: ["1.24.12", "1.25.8", "1.26.3", "1.27.1"] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -197,7 +197,7 @@ jobs: GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -259,7 +259,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit @@ -317,7 +317,7 @@ jobs: timeout-minutes: 15 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit From c2d133bdd4be9b6ec5f7cbe9f0174c514a1f168d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 09:59:09 -0700 Subject: [PATCH 4/6] chore: bump postcss from 8.4.14 to 8.4.31 in /website (#3041) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- website/yarn.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/website/yarn.lock b/website/yarn.lock index f338fbc8b5e..184c48b8ddb 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -5370,10 +5370,10 @@ multicast-dns@^7.2.4: dns-packet "^5.2.2" thunky "^1.0.2" -nanoid@^3.3.4: - version "3.3.4" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab" - integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw== +nanoid@^3.3.6: + version "3.3.6" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c" + integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA== negotiator@0.6.3: version "0.6.3" @@ -6034,11 +6034,11 @@ postcss-zindex@^5.1.0: integrity sha512-fgFMf0OtVSBR1va1JNHYgMxYk73yhn/qb4uQDq1DLGYolz8gHCyr/sesEuGUaYs58E3ZJRcpoGuPVoB7Meiq9A== postcss@^8.3.11, postcss@^8.4.13, postcss@^8.4.14, postcss@^8.4.7: - version "8.4.14" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.14.tgz#ee9274d5622b4858c1007a74d76e42e56fd21caf" - integrity sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig== + version "8.4.31" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" + integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: - nanoid "^3.3.4" + nanoid "^3.3.6" picocolors "^1.0.0" source-map-js "^1.0.2" From d916017d5e12a383454bcab1185e77675cfc64b6 Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Tue, 10 Oct 2023 12:11:53 -0700 Subject: [PATCH 5/6] fix:enh: protect agg against empty gvks (#3040) Signed-off-by: Alex Pana <8968914+acpana@users.noreply.github.com> --- pkg/cachemanager/aggregator/aggregator.go | 13 ++++++++++--- pkg/cachemanager/aggregator/aggregator_test.go | 18 +++++++++++++++++- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/pkg/cachemanager/aggregator/aggregator.go b/pkg/cachemanager/aggregator/aggregator.go index 5b0b78aec63..b36b3cada13 100644 --- a/pkg/cachemanager/aggregator/aggregator.go +++ b/pkg/cachemanager/aggregator/aggregator.go @@ -85,10 +85,15 @@ func (b *GVKAgreggator) Upsert(k Key, gvks []schema.GroupVersionKind) error { } } - b.store[k] = makeSet(gvks) + // protect against empty inputs + gvksSet := makeSet(gvks) + if len(gvksSet) == 0 { + return nil + } + b.store[k] = gvksSet // add reverse links - for _, gvk := range gvks { + for gvk := range gvksSet { if _, found := b.reverseStore[gvk]; !found { b.reverseStore[gvk] = make(map[Key]struct{}) } @@ -148,7 +153,9 @@ func (b *GVKAgreggator) pruneReverseStore(gvks map[schema.GroupVersionKind]struc func makeSet(gvks []schema.GroupVersionKind) map[schema.GroupVersionKind]struct{} { gvkSet := make(map[schema.GroupVersionKind]struct{}) for _, gvk := range gvks { - gvkSet[gvk] = struct{}{} + if !gvk.Empty() { + gvkSet[gvk] = struct{}{} + } } return gvkSet diff --git a/pkg/cachemanager/aggregator/aggregator_test.go b/pkg/cachemanager/aggregator/aggregator_test.go index 5c579c40c89..22dec711065 100644 --- a/pkg/cachemanager/aggregator/aggregator_test.go +++ b/pkg/cachemanager/aggregator/aggregator_test.go @@ -16,6 +16,8 @@ const ( var ( // test gvks. + emptyGVK = schema.GroupVersionKind{Group: "", Version: "", Kind: ""} + g1v1k1 = schema.GroupVersionKind{Group: "group1", Version: "v1", Kind: "Kind1"} g1v1k2 = schema.GroupVersionKind{Group: "group1", Version: "v1", Kind: "Kind2"} @@ -46,6 +48,20 @@ func Test_GVKAggregator_Upsert(t *testing.T) { expectData map[Key]map[schema.GroupVersionKind]struct{} expectRev map[schema.GroupVersionKind]map[Key]struct{} }{ + { + name: "empty GVKs", + keyGVKs: []upsertKeyGVKs{ + { + key: Key{ + Source: syncset, + ID: "foo", + }, + gvks: []schema.GroupVersionKind{emptyGVK, emptyGVK}, + }, + }, + expectData: map[Key]map[schema.GroupVersionKind]struct{}{}, + expectRev: map[schema.GroupVersionKind]map[Key]struct{}{}, + }, { name: "add one key and GVKs", keyGVKs: []upsertKeyGVKs{ @@ -54,7 +70,7 @@ func Test_GVKAggregator_Upsert(t *testing.T) { Source: syncset, ID: "foo", }, - gvks: []schema.GroupVersionKind{g1v1k1, g1v1k2}, + gvks: []schema.GroupVersionKind{g1v1k1, g1v1k2, emptyGVK}, }, }, expectData: map[Key]map[schema.GroupVersionKind]struct{}{ From 7ff27ddfca5993951ef48131b81bff5990fd548f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Serta=C3=A7=20=C3=96zercan?= <852750+sozercan@users.noreply.github.com> Date: Tue, 10 Oct 2023 14:52:35 -0700 Subject: [PATCH 6/6] chore: bump to go 1.21 and k8s 1.28 (#2979) Signed-off-by: Sertac Ozercan --- .github/workflows/dapr-pubsub.yaml | 5 ---- .github/workflows/license-lint.yaml | 4 +-- .github/workflows/release-pr.yaml | 4 +-- .github/workflows/release.yaml | 4 +-- .github/workflows/workflow.yaml | 28 ++++++++++----------- .go-version | 2 +- .golangci.yaml | 2 +- Dockerfile | 2 +- Makefile | 6 +---- Tiltfile | 4 +-- crd.Dockerfile | 10 +++----- gator.Dockerfile | 2 +- test/externaldata/dummy-provider/Dockerfile | 2 +- test/pubsub/fake-subscriber/Dockerfile | 4 +-- 14 files changed, 33 insertions(+), 46 deletions(-) diff --git a/.github/workflows/dapr-pubsub.yaml b/.github/workflows/dapr-pubsub.yaml index f3b08335271..5f74ffd9cb7 100644 --- a/.github/workflows/dapr-pubsub.yaml +++ b/.github/workflows/dapr-pubsub.yaml @@ -22,11 +22,6 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 - uses: actions/setup-go@v4 - with: - go-version: 1.20 - - name: Bootstrap e2e run: | mkdir -p $GITHUB_WORKSPACE/bin diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml index 0220366d5f4..5a9dcd8b463 100644 --- a/.github/workflows/license-lint.yaml +++ b/.github/workflows/license-lint.yaml @@ -27,10 +27,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index eaac5467287..6024bff084b 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -22,10 +22,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Set release version and target branch for vNext if: github.event_name == 'push' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 86ecd33a557..ba4c5875fa1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,10 +34,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Get tag id: get_version diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index be8dd62c9f8..848706b3eaa 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -36,10 +36,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 @@ -61,10 +61,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 @@ -90,11 +90,11 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 - - name: Set up Go 1.20 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check go.mod and manifests run: | # there should be no additional manifest or go.mod changes @@ -113,10 +113,10 @@ jobs: with: egress-policy: audit - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 @@ -136,7 +136,7 @@ jobs: timeout-minutes: 15 strategy: matrix: - KUBERNETES_VERSION: ["1.24.12", "1.25.8", "1.26.3", "1.27.1"] + KUBERNETES_VERSION: ["1.25.8", "1.26.3", "1.27.1", "1.28.0"] steps: - name: Harden Runner uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 @@ -146,10 +146,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Bootstrap e2e run: | @@ -266,10 +266,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: Set up Go 1.20 + - name: Set up Go uses: actions/setup-go@v4 # v4.0.1 with: - go-version: "1.20" + go-version: "1.21" - name: Bootstrap e2e run: | diff --git a/.go-version b/.go-version index 39893559155..3500250a4b0 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.20.0 +1.21.0 diff --git a/.golangci.yaml b/.golangci.yaml index 2d9ae4e0de1..45f97871159 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -22,7 +22,7 @@ linters-settings: locale: US staticcheck: # Select the Go version to target. The default is '1.13'. - go: "1.20" + go: "1.21" linters: disable-all: true diff --git a/Dockerfile b/Dockerfile index 80a3b0948e0..d4db5c85f79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/Makefile b/Makefile index c7480e8c916..3ecc2294a88 100644 --- a/Makefile +++ b/Makefile @@ -17,8 +17,7 @@ VERSION := v3.14.0-beta.0 KIND_VERSION ?= 0.17.0 # note: k8s version pinned since KIND image availability lags k8s releases -KUBERNETES_VERSION ?= 1.27.1 -CRD_KUBECTL_VERSION ?= 1.27.1 +KUBERNETES_VERSION ?= 1.28.0 KUSTOMIZE_VERSION ?= 3.8.9 BATS_VERSION ?= 1.8.2 ORAS_VERSION ?= 0.16.0 @@ -384,7 +383,6 @@ docker-buildx-crds: build-crds docker-buildx-builder docker buildx build \ $(_ATTESTATIONS) \ --build-arg LDFLAGS=${LDFLAGS} \ - --build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \ --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_IMG) \ @@ -403,7 +401,6 @@ docker-buildx-crds-dev: build-crds docker-buildx-builder docker buildx build \ $(_ATTESTATIONS) \ --build-arg LDFLAGS=${LDFLAGS} \ - --build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \ --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_REPOSITORY):$(DEV_TAG) \ @@ -422,7 +419,6 @@ docker-buildx-crds-release: build-crds docker-buildx-builder docker buildx build \ $(_ATTESTATIONS) \ --build-arg LDFLAGS=${LDFLAGS}\ - --build-arg KUBE_VERSION=${CRD_KUBECTL_VERSION} \ --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_REPOSITORY):$(VERSION) \ diff --git a/Tiltfile b/Tiltfile index 88262e866e7..a141bec7557 100644 --- a/Tiltfile +++ b/Tiltfile @@ -17,7 +17,7 @@ if settings.get("trigger_mode", "auto").lower() == "manual": trigger_mode(TRIGGER_MODE_MANUAL) TILT_DOCKERFILE = """ -FROM golang:1.20-bullseye as tilt-helper +FROM golang:1.21-bullseye as tilt-helper # Support live reloading with Tilt RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/restart.sh && \ wget --output-document /start.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/start.sh && \ @@ -71,7 +71,7 @@ def build_crds(): context=".staging/crds/", target="build", only="crds", - build_args={"KUBE_VERSION": "1.27.1"}, + build_args={"KUBE_VERSION": "1.28.0"}, live_update=[ sync(".staging/crds/", "/crds"), ], diff --git a/crd.Dockerfile b/crd.Dockerfile index cbfc685df12..db9c7c360e4 100644 --- a/crd.Dockerfile +++ b/crd.Dockerfile @@ -1,15 +1,11 @@ -FROM alpine as builder +FROM --platform=$TARGETPLATFORM registry.k8s.io/kubectl:v1.28.1 as builder +ARG TARGETPLATFORM ARG TARGETOS ARG TARGETARCH -ARG KUBE_VERSION - -RUN apk add --no-cache curl && \ - curl -LO https://dl.k8s.io/release/v${KUBE_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl && \ - chmod +x kubectl FROM scratch as build USER 65532:65532 COPY --chown=65532:65532 * /crds/ -COPY --from=builder /kubectl /kubectl +COPY --from=builder /bin/kubectl /kubectl ENTRYPOINT ["/kubectl"] diff --git a/gator.Dockerfile b/gator.Dockerfile index 0da745f86ac..907c1b8f528 100644 --- a/gator.Dockerfile +++ b/gator.Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/test/externaldata/dummy-provider/Dockerfile b/test/externaldata/dummy-provider/Dockerfile index 17bf0bdc746..001880610c9 100644 --- a/test/externaldata/dummy-provider/Dockerfile +++ b/test/externaldata/dummy-provider/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder diff --git a/test/pubsub/fake-subscriber/Dockerfile b/test/pubsub/fake-subscriber/Dockerfile index 30f7c1f7a65..fa389e7c05d 100644 --- a/test/pubsub/fake-subscriber/Dockerfile +++ b/test/pubsub/fake-subscriber/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.20-bullseye" +ARG BUILDERIMAGE="golang:1.21-bullseye" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder @@ -28,7 +28,7 @@ FROM $BASEIMAGE WORKDIR / -COPY --from=builder /go/src/github.com/open-policy-agent/gatekeeper/test/pubsub/fake-subscriber/main . +COPY --from=builder /go/src/github.com/open-policy-agent/gatekeeper/test/pubsub/fake-subscriber/main . USER 65532:65532