chore: update deps

Signed-off-by: Bence Csati <csatib02@gmail.com>

chore: update deps

Signed-off-by: Bence Csati <csatib02@gmail.com>

Author: csatib02

.github/workflows/ci.yaml

@@ -220,7 +220,7 @@ jobs:
     needs: [artifacts]
     strategy:
       matrix:
-        k8s_version: ["v1.24.15", "v1.25.11", "v1.26.6", "v1.27.3"]
+        k8s_version: ["v1.28.9", "v1.29.4", "v1.30.0"]
         operator_version: ["v1.22.1", "v1.22.2"] # First version that works with the generic webhook: v1.22.1
         webhook_version: ["v0.1.0"]
 

.golangci.yaml

@@ -12,16 +12,25 @@ linters-settings:
   misspell:
     locale: US
   nolintlint:
-    allow-leading-space: false  # require machine-readable nolint directives (with no leading space)
     allow-unused: false  # report any unused nolint directives
     require-specific: false  # don't require nolint directives to be specific about which linter is being skipped
   revive:
     confidence: 0
 
 linters:
   enable:
+    - bodyclose
+    - errcheck
     - gci
+    - gofmt
+    - gofumpt
     - goimports
+    - gosimple
+    - ineffassign
     - misspell
     - nolintlint
     - revive
+    - unconvert
+    - unparam
+    - unused
+    - whitespace

Dockerfile

@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx
 
-FROM --platform=$BUILDPLATFORM golang:1.22.3-alpine3.18@sha256:d1a601b64de09e2fa38c95e55838961811d5ca11062a8f4230a5c434b3ae2a34 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.23.1-alpine3.20@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06 AS builder
 
 COPY --from=xx / /
 

Makefile

@@ -1,20 +1,22 @@
 # A Self-Documenting Makefile: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
 
+export PATH := $(abspath bin/):${PATH}
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
 # Default values for environment variables used in the Makefile
 KUBECONFIG ?= $(HOME)/.kube/config
 TEST_KIND_CLUSTER ?= vault-secrets-reloader
 # Target image name
-IMG ?= ghcr.io/bank-vaults/vault-secrets-reloader:dev
+CONTAINER_IMAGE_REF = ghcr.io/bank-vaults/vault-secrets-reloader:dev
 
-# Operator image name
+# Operator and Webhook image name
 OPERATOR_VERSION ?= latest
 WEBHOOK_VERSION ?= latest
 
-# Setting SHELL to bash allows bash commands to be executed by recipes.
-# Options are set to exit when a recipe line exits non-zero or a piped command fails.
-SHELL = /usr/bin/env bash -o pipefail
-.SHELLFLAGS = -ec
-
 ##@ General
 
 # Targets commented with ## will be visible in "make help" info.
@@ -25,74 +27,25 @@ default: help
 help: ## Display this help
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "	\033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-##@ Checks
-
-.PHONY: license-check
-license-check: ## Run license check
-	$(LICENSEI) check
-	$(LICENSEI) header
-
-.PHONY: fmt
-fmt: ## Run go fmt against code
-	$(GOLANGCI_LINT) run --fix
-
-.PHONY: lint-go
-lint-go: # Run golang lint check
-	$(GOLANGCI_LINT) run $(if ${CI},--out-format github-actions,)
-
-.PHONY: lint-helm
-lint-helm: # Run helm lint check
-	$(HELM) lint deploy/charts/vault-secrets-reloader
-
-.PHONY: lint-yaml
-lint-yaml:
-	$(YAMLLINT) $(if ${CI},-f github,) --no-warnings .
-
-.PHONY: lint-docker
-lint-docker: # Run Dockerfile lint check
-	$(HADOLINT) Dockerfile
-
-.PHONY: lint
-lint: lint-go lint-helm lint-yaml lint-docker ## Run lint checks
-
-.PHONY: test
-test: ## Run tests
-	go clean -testcache
-	go test -race -v ./...
-
-.PHONY: test-e2e
-test-e2e: ## Run acceptance tests. If running on a local kind cluster, run "make import-test" before this
-	go clean -testcache
-	go test -race -v -timeout 900s -tags e2e ./e2e
-
-.PHONY: test-e2e-local
-test-e2e-local: container-image ## Run e2e tests locally
-	go clean -testcache
-	LOAD_IMAGE=${IMG} RELOADER_VERSION=dev OPERATOR_VERSION=$(OPERATOR_VERSION) WEBHOOK_VERSION=$(WEBHOOK_VERSION) LOG_VERBOSE=true ${MAKE} test-e2e
-
 ##@ Development
 
-.PHONY: run
-run: ## Run manager from your host
-	go run main.go -log-level=debug -collector-sync-period=30s -reloader-run-period=1m
+.PHONY: up-kind
+up-kind: create-kind up ## Start kind development environment
 
 .PHONY: create-kind
 create-kind: ## Create kind cluster
-	$(KIND) create cluster --name $(TEST_KIND_CLUSTER)
-
-.PHONY: up-kind
-up-kind: create-kind up ## Start kind development environment
+	$(KIND_BIN) create cluster --name $(TEST_KIND_CLUSTER)
 
 .PHONY: up
 up: ## Start development environment
-	$(HELM) upgrade --install vault-operator oci://ghcr.io/bank-vaults/helm-charts/vault-operator \
+	$(HELM_BIN) upgrade --install vault-operator oci://ghcr.io/bank-vaults/helm-charts/vault-operator \
 		--set image.tag=latest \
 		--set image.bankVaultsTag=latest \
 		--wait
-	$(KUBECTL) create namespace bank-vaults-infra --dry-run=client -o yaml | $(KUBECTL) apply -f -
-	$(KUBECTL) apply -f $(shell pwd)/e2e/deploy/vault/
+	kubectl create namespace bank-vaults-infra --dry-run=client -o yaml | kubectl apply -f -
+	kubectl apply -f $(shell pwd)/e2e/deploy/vault/
 	sleep 60
-	$(HELM) upgrade --install secrets-webhook oci://ghcr.io/bank-vaults/helm-charts/secrets-webhook \
+	$(HELM_BIN) upgrade --install secrets-webhook oci://ghcr.io/bank-vaults/helm-charts/secrets-webhook \
 		--set replicaCount=1 \
 		--set image.tag=latest \
 		--set image.pullPolicy=IfNotPresent \
@@ -102,42 +55,101 @@ up: ## Start development environment
 
 .PHONY: down
 down: ## Destroy kind development environment
-	$(KIND) delete cluster --name $(TEST_KIND_CLUSTER)
+	$(KIND_BIN) delete cluster --name $(TEST_KIND_CLUSTER)
 
-##@ Build
+.PHONY: run
+run: ## Run manager from your host
+	go run main.go -log-level=debug -collector-sync-period=30s -reloader-run-period=1m
 
-.PHONY: artifacts
-artifacts: build container-image helm-chart ## Build artifacts
+##@ Build
 
 .PHONY: build
 build: ## Build manager binary
 	@mkdir -p build
 	go build -race -o build/vault-secrets-reloader .
 
+.PHONY: artifacts
+artifacts: container-image helm-chart ## Build artifacts
+
 .PHONY: container-image
 container-image: ## Build docker image
-	docker build -t ${IMG} .
+	docker build -t ${CONTAINER_IMAGE_REF} .
 
 .PHONY: helm-chart
 helm-chart: ## Build Helm chart
 	@mkdir -p build
 	helm package -d build/ deploy/charts/vault-secrets-reloader
 
-##@ Autogeneration
+##@ Checks
 
-.PHONY: gen-helm-docs
-gen-helm-docs: ## Generate Helm chart documentation
-	$(HELM_DOCS) -s file -c deploy/charts/ -t README.md.gotmpl
+.PHONY: check
+check: test lint ## Run lint checks and tests
+
+.PHONY: test
+test: ## Run tests
+	go clean -testcache
+	go test -race -v ./...
+
+.PHONY: test-e2e
+test-e2e: ## Run e2e tests
+	go clean -testcache
+	go test -race -v -timeout 900s -tags e2e ./e2e
+
+.PHONY: test-e2e-local
+test-e2e-local: container-image ## Run e2e tests locally
+	go clean -testcache
+	LOAD_IMAGE=${CONTAINER_IMAGE_REF} RELOADER_VERSION=dev OPERATOR_VERSION=$(OPERATOR_VERSION) WEBHOOK_VERSION=$(WEBHOOK_VERSION) LOG_VERBOSE=true ${MAKE} test-e2e
+
+.PHONY: lint
+lint: lint-go lint-helm lint-docker lint-yaml ## Run lint checks
+
+.PHONY: lint-go
+lint-go: # Run golang lint check
+	$(GOLANGCI_LINT_BIN) run $(if ${CI},--out-format colored-line-number,)
+
+.PHONY: lint-helm
+lint-helm: # Run helm lint check
+	$(HELM_BIN) lint deploy/charts/vault-secrets-reloader
+
+.PHONY: lint-docker
+lint-docker: # Run Dockerfile lint check
+	$(HADOLINT_BIN) Dockerfile
+
+.PHONY: lint-yaml
+lint-yaml:
+	$(YAMLLINT_BIN) $(if ${CI},-f github,) --no-warnings .
+
+.PHONY: fmt
+fmt: ## Run go fmt against code
+	$(GOLANGCI_LINT_BIN) run --fix
+
+.PHONY: license-check
+license-check: ## Run license check
+	$(LICENSEI_BIN) check
+	$(LICENSEI_BIN) header
+
+##@ Autogeneration
 
 .PHONY: generate
 generate: gen-helm-docs ## Generate manifests, code, and docs resources
 
+.PHONY: gen-helm-docs
+gen-helm-docs: ## Generate Helm chart documentation
+	$(HELM_DOCS_BIN) -s file -c deploy/charts/ -t README.md.gotmpl
+
 ##@ Deployment
 
+.PHONY: deploy-kind
+deploy-kind: upload-kind deploy ## Deploy Reloder controller resources to the kind cluster
+
+.PHONY: upload-kind
+upload-kind:
+	$(KIND_BIN) load docker-image ${CONTAINER_IMAGE_REF} --name $(TEST_KIND_CLUSTER) ## Load docker image to kind cluster
+
 .PHONY: deploy
 deploy: ## Deploy Reloader controller resources to the K8s cluster
-	$(KUBECTL) create namespace bank-vaults-infra --dry-run=client -o yaml | $(KUBECTL) apply -f -
-	$(HELM) upgrade --install vault-secrets-reloader deploy/charts/vault-secrets-reloader \
+	kubectl create namespace bank-vaults-infra --dry-run=client -o yaml | kubectl apply -f -
+	$(HELM_BIN) upgrade --install vault-secrets-reloader deploy/charts/vault-secrets-reloader \
 		--set image.tag=dev \
 		--set collectorSyncPeriod=30s \
 		--set reloaderRunPeriod=1m \
@@ -147,71 +159,59 @@ deploy: ## Deploy Reloader controller resources to the K8s cluster
 		--set env.VAULT_TLS_SECRET_NS=bank-vaults-infra \
 		--namespace bank-vaults-infra
 
-.PHONY: upload-kind
-upload-kind:
-	$(KIND) load docker-image $(IMG) --name $(TEST_KIND_CLUSTER) ## Load docker image to kind cluster
-
-.PHONY: deploy-kind
-deploy-kind: upload-kind deploy ## Deploy Reloder controller resources to the kind cluster
-
 .PHONY: undeploy
 undeploy: ## Clean manager resources from the K8s cluster.
-	$(HELM) uninstall vault-secrets-reloader --namespace bank-vaults-infra
+	$(HELM_BIN) uninstall vault-secrets-reloader --namespace bank-vaults-infra
 
 ##@ Dependencies
 
-# Dependency tool chain
-GOLANGCI_VERSION = 1.53.3
-LICENSEI_VERSION = 0.8.0
-KIND_VERSION = 0.20.0
-KUBECTL_VERSION = 1.28.3
-HELM_DOCS_VERSION = 1.11.0
-
-## Location to install dependencies to
-LOCALBIN ?= $(shell pwd)/bin
-$(LOCALBIN):
-	mkdir -p $(LOCALBIN)
-
-ENVTEST ?= $(or $(shell which setup-envtest),$(LOCALBIN)/setup-envtest)
-$(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
-
-GOLANGCI_LINT ?= $(or $(shell which golangci-lint),$(LOCALBIN)/golangci-lint)
-$(GOLANGCI_LINT): $(LOCALBIN)
-	test -s $(LOCALBIN)/golangci-lint || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_VERSION}
-
-HELM ?= $(or $(shell which helm),$(LOCALBIN)/helm)
-$(HELM): $(LOCALBIN)
-	test -s $(LOCALBIN)/helm || curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO=false HELM_INSTALL_DIR=$(LOCALBIN) bash
-
-HELM_DOCS ?= $(or $(shell which helm-docs),$(LOCALBIN)/helm-docs)
-$(HELM_DOCS): $(LOCALBIN)
-	@if [ ! -s "$(LOCALBIN)/helm-docs" ]; then \
-		curl -L https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_$(shell uname)_x86_64.tar.gz | tar -zOxf - helm-docs > ./bin/helm-docs; \
-		chmod +x $(LOCALBIN)/helm-docs; \
-	fi
-
-KIND ?= $(or $(shell which kind),$(LOCALBIN)/kind)
-$(KIND): $(LOCALBIN)
-	@if [ ! -s "$(LOCALBIN)/kind" ]; then \
-		curl -Lo $(LOCALBIN)/kind https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-$(shell uname -s | tr '[:upper:]' '[:lower:]')-$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/"); \
-		chmod +x $(LOCALBIN)/kind; \
-	fi
-
-KUBECTL ?= $(or $(shell which kubectl),$(LOCALBIN)/kubectl)
-$(KUBECTL): $(LOCALBIN)
-	@if [ ! -s "$(LOCALBIN)/kubectl" ]; then \
-		curl -Lo $(LOCALBIN)/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/$(shell uname -s | tr '[:upper:]' '[:lower:]')/$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/")/kubectl; \
-		chmod +x $(LOCALBIN)/kubectl; \
-	fi
-
-LICENSEI ?= $(or $(shell which licensei),$(LOCALBIN)/licensei)
-$(LICENSEI): $(LOCALBIN)
-	test -s $(LOCALBIN)/licensei || curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s -- v${LICENSEI_VERSION}
+deps: bin/golangci-lint bin/licensei bin/kind bin/helm bin/helm-docs
+deps: ## Install dependencies
 
-# TODO: add support for hadolint and yamllint dependencies
-HADOLINT ?= hadolint
-YAMLLINT ?= yamllint
+# Dependency versions
+GOLANGCI_LINT_VERSION = 1.61.0
+LICENSEI_VERSION = 0.9.0
+KIND_VERSION = 0.24.0
+HELM_VERSION = 3.16.1
+HELM_DOCS_VERSION = 1.14.2
+
+# Dependency binaries
+GOLANGCI_LINT_BIN := golangci-lint
+LICENSEI_BIN := licensei
+KIND_BIN := kind
+HELM_BIN := helm
+HELM_DOCS_BIN := helm-docs
 
-.PHONY: deps
-deps: $(ENVTEST) $(GOLANGCI_LINT) $(HELM) $(HELM_DOCS) $(KIND) $(KUBECTL) $(LICENSEI) ## Download and install dependencies
+# TODO: add support for hadolint and yamllint dependencies
+HADOLINT_BIN := hadolint
+YAMLLINT_BIN := yamllint
+# If we have "bin" dir, use those binaries instead
+ifneq ($(wildcard ./bin/.),)
+	GOLANGCI_LINT_BIN := bin/$(GOLANGCI_LINT_BIN)
+	LICENSEI_BIN := bin/$(LICENSEI_BIN)
+	KIND_BIN := bin/$(KIND_BIN)
+	HELM_BIN := bin/$(HELM_BIN)
+	HELM_DOCS_BIN := bin/$(HELM_DOCS_BIN)
+endif
+
+bin/golangci-lint:
+	@mkdir -p bin
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_LINT_VERSION}
+
+bin/licensei:
+	@mkdir -p bin
+	curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s -- v${LICENSEI_VERSION}
+bin/kind:
+	@mkdir -p bin
+	curl -Lo bin/kind https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-$(shell uname -s | tr '[:upper:]' '[:lower:]')-$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/")
+	@chmod +x bin/kind
+
+bin/helm:
+	@mkdir -p bin
+	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO=false HELM_INSTALL_DIR=bin DESIRED_VERSION=v$(HELM_VERSION) bash
+	@chmod +x bin/helm
+
+bin/helm-docs:
+	@mkdir -p bin
+	curl -L https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_$(shell uname)_x86_64.tar.gz | tar -zOxf - helm-docs > ./bin/helm-docs
+	@chmod +x bin/helm-docs