tv2 · Michael Vittrup Larsen (michaelvl) · Jan 3, 2025 · Dec 30, 2024 · Dec 30, 2024 · Jan 2, 2025
@@ -115,7 +115,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # tag=v3.1.2
+    - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # tag=v3.7.0
 
     - name: Sign container
       run: cosign sign --yes ${{ needs.release.outputs.image }}
@@ -126,7 +126,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # tag=v3.1.2
+    - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # tag=v3.7.0
 
     - name: Verify signature
       run: cosign verify --certificate-identity-regexp 'https://github.com/${{ github.repository }}/.github/workflows/build-release.yaml@refs/.*' --certificate-oidc-issuer https://token.actions.githubusercontent.com ${{ needs.release.outputs.image }}
@@ -26,7 +26,7 @@ jobs:
 
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # tag=v2.6.1
         with:
           version: v3.7.1
 

@@ -72,7 +72,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # tag=v3.1.2
+    - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # tag=v3.7.0
 
     - name: Sign chart
       run: cosign sign --yes -a "chartVersion=${{ needs.release-helm.outputs.chartVersion }}" ${{ needs.release-helm.outputs.chart }}
@@ -82,7 +82,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # tag=v3.1.2
+    - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # tag=v3.7.0
 
     - name: Verify signature
       run: cosign verify --certificate-identity-regexp 'https://github.com/${{ github.repository }}/.github/workflows/chart-publish.yaml@refs/.*' --certificate-oidc-issuer https://token.actions.githubusercontent.com ${{ needs.release-helm.outputs.chart }}
@@ -12,27 +12,12 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "go.mod"
-          cache: true
-
-      - name: Install KIND
-        uses: helm/kind-action@v1.8.0
-        with:
-          install_only: true
-
-      - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@v5
-        with:
-          version: latest
-          install-only: true
+      - uses: jetify-com/devbox-install-action@a03caf5813591bc882139eba6ae947930a83a427 # tag=v0.11.0
 
       - name: Setup getting-started usecase
         run: |
-          make setup-getting-started
+          devbox run -- make setup-getting-started
 
       - name: Verify getting-started usecase
         run: |
-          make wait-ready-getting-started-usecase  tryout-getting-started-usecase
+          devbox run -- make wait-ready-getting-started-usecase tryout-getting-started-usecase
@@ -12,15 +12,11 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "go.mod"
-          cache: true
+      - uses: jetify-com/devbox-install-action@a03caf5813591bc882139eba6ae947930a83a427 # tag=v0.11.0
 
       - name: Run tests
         run: |
-          make test
+          devbox run -- make test
 
       # Build release manifests - not to release these, but to force a failure
       # below if repo does not already contain updated manifests
@@ -39,16 +35,11 @@ jobs:
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-go@v4
-        with:
-          go-version-file: "go.mod"
-          cache: true
+      - uses: jetify-com/devbox-install-action@a03caf5813591bc882139eba6ae947930a83a427 # tag=v0.11.0
 
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.50.1
-          args: --timeout 3m --verbose
+      - name: Run golangci-lint
+        run:
+          devbox run -- make lint
 
   # This is PR builds but does not push to a registry
   build-pr:
@@ -63,11 +54,7 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "go.mod"
-          cache: true
+      - uses: jetify-com/devbox-install-action@a03caf5813591bc882139eba6ae947930a83a427 # tag=v0.11.0
 
       # Use goreleaser snapshot builds for PR builds to avoid duplication
       # This is a bit convoluted - see also goreleaser nightly builds feature
@@ -82,10 +69,8 @@ jobs:
           git rev-parse --short "${{ github.event.pull_request.head.sha }}" >>${GITHUB_ENV}
 
       - name: Make PR build
-        uses: goreleaser/goreleaser-action@v5
-        with:
-          version: latest
-          args: release --clean --snapshot
+        run:
+          devbox run -- goreleaser release --clean --snapshot
 
       - name: List PR images
         run: |

@@ -18,12 +18,21 @@ linters-settings:
   nolintlint:
     require-explanation: true
     require-specific: true
+  revive:
+    rules:
+    - name: dot-imports
+      arguments:
+      - allowedPackages:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega 
+  gosec:
+    excludes:
+    - G115
 
 linters:
   disable-all: true
   enable:
     - bodyclose
-    - depguard
     - dogsled
     - dupl
     - errcheck
@@ -55,5 +64,6 @@ linters:
 
 run:
   issues-exit-code: 1
-  skip-dirs:
+issues:
+  exclude-dirs:
     - test
@@ -32,7 +32,7 @@ include Makefile.local
 # Image URL to use all building/pushing image targets
 IMG ?= ghcr.io/tv2-oss/bifrost-gateway-controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.25.0
+ENVTEST_K8S_VERSION = 1.30.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -197,7 +197,8 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v4.5.5
-CONTROLLER_TOOLS_VERSION ?= v0.9.2
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
+ENVTEST_VERSION ?= release-0.19
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
@@ -213,11 +214,11 @@ $(CONTROLLER_GEN): $(LOCALBIN)
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(ENVTEST_VERSION)
 
 .PHONY: lint
 lint:
-	docker run --rm -v $$(pwd):/app -w /app golangci/golangci-lint:v1.50.1 golangci-lint run -v  --timeout 10m
+	golangci-lint run -v  --timeout 10m
 
 ##@ Helm-docs
 .PHONY: helm-docs

@@ -43,34 +43,29 @@ wait-ready-external-dns-test:
 	until kubectl wait pods -l app.kubernetes.io/instance=external-dns --for condition=Ready --timeout=120s     ; do echo "."; sleep 1; done
 
 #################
-GATEWAY_API_VERSION ?= v0.7.1
+GATEWAY_API_VERSION ?= v1.2.1
 
 .PHONY: gateway-api-upstream-get
 gateway-api-upstream-get:
-	mkdir -p upstream-gateway-api/crds upstream-gateway-api/webhook
-	kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=$(GATEWAY_API_VERSION)" > upstream-gateway-api/crds/crds.yaml
-	#kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=$(GATEWAY_API_VERSION)" > upstream-gateway-api-crds/crds.yaml
-	(cd upstream-gateway-api/webhook && for manifestfile in 0-namespace.yaml admission_webhook.yaml certificate_config.yaml; do curl -sL -O https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/$(GATEWAY_API_VERSION)/config/webhook/$$manifestfile; done)
+	mkdir upstream-gateway-api
+	curl -sL https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml > upstream-gateway-api/crds.yaml
 
 .PHONY: deploy-gateway-api
 deploy-gateway-api:
-	kubectl apply -f upstream-gateway-api/crds
-	kubectl apply -f upstream-gateway-api/webhook
-	echo "Waiting for gateway-api admission server to be ready"
-	kubectl -ngateway-system wait --for=condition=Available --timeout=120s deploy gateway-api-admission-server
+	kubectl apply -f upstream-gateway-api/
 
 #################
 .PHONY: create-cluster
 create-cluster:
-	cat test-data/kind-config.yaml_tpl | k8s_ver=1.25.3 envsubst > test-data/kind-config.yaml
+	cat test-data/kind-config.yaml_tpl | k8s_ver=1.32.0 envsubst > test-data/kind-config.yaml
 	kind create cluster --name kind-gwc-dev-cluster --config test-data/kind-config.yaml
 
 .PHONY: delete-cluster
 delete-cluster:
 	kind delete cluster --name kind-gwc-dev-cluster
 
 #################
-ISTIO_VERSION ?= 1.18.0
+ISTIO_VERSION ?= 1.24.2
 
 .PHONY: deploy-istio
 deploy-istio:
@@ -89,7 +84,7 @@ cluster-load-controller-image:
 #################
 .PHONY: deploy-etcd
 deploy-etcd:
-	helm upgrade -i --repo https://charts.bitnami.com/bitnami etcd-test-only etcd --version 8.6.0 --set auth.rbac.create=false
+	helm upgrade -i --repo https://charts.bitnami.com/bitnami etcd-test-only etcd --version 10.5.1 --set auth.rbac.create=false
 
 #################
 .PHONY: deploy-coredns
@@ -130,22 +125,23 @@ deploy-kube-state-metrics:
 # https://kind.sigs.k8s.io/docs/user/loadbalancer/
 .PHONY: deploy-metallb
 deploy-metallb:
-	kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml
+	kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml
+	sleep 5
 	kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s
 	scripts/kind-metallb-configure.sh
 
 #################
 .PHONY: deploy-contour
 deploy-contour:
-	helm upgrade -i --repo https://charts.bitnami.com/bitnami contour contour -n projectcontour --version 11.0.0 --create-namespace
+	helm upgrade -i --repo https://charts.bitnami.com/bitnami contour contour -n projectcontour --version 19.2.0 --create-namespace
 
 # To allow contour to provision from gateway resources
 .PHONY: deploy-contour-provisioner
 deploy-contour-provisioner:
-	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.24/examples/gateway-provisioner/00-common.yaml
-	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.24/examples/gateway-provisioner/01-roles.yaml
-	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.24/examples/gateway-provisioner/02-rolebindings.yaml
-	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.24/examples/gateway-provisioner/03-gateway-provisioner.yaml
+	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/00-common.yaml
+	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/01-roles.yaml
+	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/02-rolebindings.yaml
+	kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/03-gateway-provisioner.yaml
 	kubectl apply -f test-data/contour-gatewayclass.yaml
 
 #################
@@ -308,7 +304,8 @@ deploy-namespace-gatewayclassconfig:
 
 .PHONY: wait-ready-getting-started-usecase
 wait-ready-getting-started-usecase:
-	scripts/waitfor.sh scripts/curl.sh -s --connect-timeout 1 --fail --resolve foo.example.com:80:127.0.0.1 http://foo.example.com/site
+	$(eval GATEWAY_IP=$(shell kubectl -n foo-infra get gateway foo-gateway -o jsonpath='{.status.addresses[0].value}'))
+	scripts/waitfor.sh scripts/curl.sh -s --connect-timeout 1 --fail --resolve foo.example.com:80:$(GATEWAY_IP) http://foo.example.com/site
 
 .PHONY: tryout-getting-started-usecase
 tryout-getting-started-usecase:

@@ -39,7 +39,7 @@ import (
 type GatewayClassConfigSpec struct {
 	TemplateValues `json:",inline"`
 
-	TargetRef gatewayv1a2.PolicyTargetReference `json:"targetRef"`
+	TargetRef gatewayv1a2.NamespacedPolicyTargetReference `json:"targetRef"`
 }
 
 type GatewayClassConfigStatus struct {

@@ -39,7 +39,7 @@ import (
 type GatewayConfigSpec struct {
 	TemplateValues `json:",inline"`
 
-	TargetRef gatewayv1a2.PolicyTargetReference `json:"targetRef"`
+	TargetRef gatewayv1a2.NamespacedPolicyTargetReference `json:"targetRef"`
 }
 
 type GatewayConfigStatus struct {

@@ -2,6 +2,7 @@
 
 ## [UNRELEASED]
 
+- Re-generated crds using new tooling versions (cause reformatting of `description` fields).
 - Example text, add your PR info according to example below below this line. Do not bump chart version in Chart.yaml unless a chart release will be made following your PR.
 
 ## [0.1.9]

@@ -2,5 +2,5 @@ apiVersion: v2
 name: bifrost-gateway-controller-helm
 description: Gateway API driven management of network infrastructure across Kubernetes and cloud infrastructure
 type: application
-version: 0.1.9
+version: 0.1.10
 appVersion: "0.0.21"
@@ -1,6 +1,6 @@
 # bifrost-gateway-controller-helm
 
-![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.21](https://img.shields.io/badge/AppVersion-0.0.21-informational?style=flat-square)
+![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.21](https://img.shields.io/badge/AppVersion-0.0.21-informational?style=flat-square)
 
 Gateway API driven management of network infrastructure across Kubernetes and cloud infrastructure