From 8552b37fae92148e07212fb013c558feb030bf8c Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Thu, 6 Mar 2025 18:16:54 -0800 Subject: [PATCH 1/6] Update outdated GitHub Actions --- .github/workflows/build.yml | 109 ++++++++++++++------- .golangci.yaml | 24 ++++- cmd/kube-rbac-proxy/app/options/options.go | 2 +- scripts/check_license.sh | 9 +- scripts/tools.go | 5 +- 5 files changed, 106 insertions(+), 43 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4e69bcddf..4d51823da 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,71 +1,110 @@ name: Go + on: [push, pull_request] + env: QUAY_PATH: quay.io/brancz/kube-rbac-proxy - go-version: '1.25' - kind-version: 'v0.30.0' + kind-version: v0.30.0 + +defaults: + run: + shell: bash + +concurrency: + group: ${{ github.ref_name }}-go + cancel-in-progress: true + jobs: check-license: runs-on: ubuntu-latest name: Check license steps: - - uses: actions/checkout@v2 - - run: make check-license + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Check license + run: make check-license + generate: runs-on: ubuntu-latest name: Generate steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Setup Golang Environment + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: ${{ env.go-version }} - - run: make generate && git diff --exit-code + go-version: stable + + - name: Generate + run: make generate && git diff --exit-code + lint: runs-on: ubuntu-latest name: Lint steps: - - uses: actions/checkout@v2 - - name: golangci-lint - uses: golangci/golangci-lint-action@v2 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Lint Go + uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0 with: version: latest - args: --timeout=5m + build: runs-on: ubuntu-latest name: Build steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Setup Golang Environment + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: ${{ env.go-version }} - - run: make build + go-version: stable + + - name: Build + run: make build + unit-tests: runs-on: ubuntu-latest name: Unit tests steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Setup Golang Environment + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: ${{ env.go-version }} - - run: make test-unit + go-version: stable + + - name: Run unit tests + run: make test-unit + e2e-tests: runs-on: ubuntu-latest name: E2E tests steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Setup Golang Environment + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + with: + go-version: stable + - name: Start kind & create cluster - uses: engineerd/setup-kind@v0.6.2 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 with: version: ${{ env.kind-version }} config: test/e2e/kind-config/kind-config.yaml + cluster_name: kind wait: 300s + - name: Wait for cluster to finish bootstraping run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s - - name: Setup golang for make test-e2e - uses: actions/setup-go@v2 - with: - go-version: ${{ env.go-version }} + - name: Create container & run tests run: | VERSION=local VERSION_SEMVER=$(cat ./VERSION) make container @@ -75,10 +114,11 @@ jobs: sleep 1 done make test-e2e + publish: runs-on: ubuntu-latest name: Publish container image to Quay - if: github.event_name == 'push' + if: ${{ github.event.repository.fork == false && github.event_name == 'push' }} needs: - check-license - generate @@ -86,17 +126,20 @@ jobs: - unit-tests - e2e-tests steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Setup golang for building - uses: actions/setup-go@v2 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Setup Golang Environment + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: ${{ env.go-version }} + go-version: stable + - name: Login to Quay.io - uses: docker/login-action@v1 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} + - name: Build images and push run: ./scripts/publish.sh diff --git a/.golangci.yaml b/.golangci.yaml index 472842c5b..aa74c8a1e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,3 +1,21 @@ -run: - skip-dirs: - - test/ +version: "2" +linters: + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - test/ + - third_party$ + - builtin$ + - examples$ +formatters: + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/cmd/kube-rbac-proxy/app/options/options.go b/cmd/kube-rbac-proxy/app/options/options.go index af46d72a8..9025f60a1 100644 --- a/cmd/kube-rbac-proxy/app/options/options.go +++ b/cmd/kube-rbac-proxy/app/options/options.go @@ -144,7 +144,7 @@ func (o *ProxyRunOptions) Flags() k8sapiflag.NamedFlagSets { func (o *ProxyRunOptions) Validate() error { var errs []error - hasCerts := !(o.TLS.CertFile == "") && !(o.TLS.KeyFile == "") + hasCerts := (o.TLS.CertFile != "") && (o.TLS.KeyFile != "") hasInsecureListenAddress := o.InsecureListenAddress != "" if !hasCerts || hasInsecureListenAddress { klog.Warning(` diff --git a/scripts/check_license.sh b/scripts/check_license.sh index 07b14db8e..78f33db13 100755 --- a/scripts/check_license.sh +++ b/scripts/check_license.sh @@ -1,10 +1,11 @@ #!/bin/sh licRes=$( -for file in $(find . -type f -iname '*.go' ! -path '*/vendor/*'); do - head -n3 "${file}" | grep -Eq "(Copyright|generated|GENERATED)" || echo -e " ${file}" -done;) + for file in $(find . -type f -iname '*.go' ! -path '*/vendor/*'); do + head -n5 "${file}" | grep -Eq "(Copyright|generated|GENERATED)" || printf " %s\n" "${file}" + done +) if [ -n "${licRes}" ]; then - echo -e "license header checking failed:\n${licRes}" + printf "license header checking failed:\n%s\n" "${licRes}" exit 255 fi diff --git a/scripts/tools.go b/scripts/tools.go index 132565426..4be053332 100644 --- a/scripts/tools.go +++ b/scripts/tools.go @@ -1,3 +1,6 @@ +//go:build tools +// +build tools + /* Copyright 2020 Frederic Branczyk All rights reserved. @@ -14,8 +17,6 @@ See the License for the specific language governing permissions and limitations under the License. */ -//+build tools - package tools import ( From 2cc5e0e9f725da4150fa8feb9ec21d12e76153be Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Thu, 25 Sep 2025 07:57:25 +0200 Subject: [PATCH 2/6] .github/workflows: set go var version. go version set to stable ver --- .github/workflows/build.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4d51823da..f6edfa580 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,7 +4,8 @@ on: [push, pull_request] env: QUAY_PATH: quay.io/brancz/kube-rbac-proxy - kind-version: v0.30.0 + kind-version: v0.27.0 + go-version: 1.25 defaults: run: @@ -35,7 +36,7 @@ jobs: - name: Setup Golang Environment uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: stable + go-version: ${{ env.go-version }} - name: Generate run: make generate && git diff --exit-code @@ -62,7 +63,7 @@ jobs: - name: Setup Golang Environment uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: stable + go-version: ${{ env.go-version }} - name: Build run: make build @@ -77,7 +78,7 @@ jobs: - name: Setup Golang Environment uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: stable + go-version: ${{ env.go-version }} - name: Run unit tests run: make test-unit @@ -92,7 +93,7 @@ jobs: - name: Setup Golang Environment uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: stable + go-version: ${{ env.go-version }} - name: Start kind & create cluster uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 @@ -132,7 +133,7 @@ jobs: - name: Setup Golang Environment uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: - go-version: stable + go-version: ${{ env.go-version }} - name: Login to Quay.io uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 From 66bba116024d94d8deb4d169e2d98a4b15fefc6f Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Thu, 25 Sep 2025 11:26:13 +0200 Subject: [PATCH 3/6] .github/workflows: add versioned ubuntu, add timeouts --- .github/workflows/build.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f6edfa580..d45362af8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,8 +17,9 @@ concurrency: jobs: check-license: - runs-on: ubuntu-latest name: Check license + runs-on: ubuntu-24.04 + timeout-minutes: 3 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -27,8 +28,9 @@ jobs: run: make check-license generate: - runs-on: ubuntu-latest name: Generate + runs-on: ubuntu-24.04 + timeout-minutes: 5 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -42,8 +44,9 @@ jobs: run: make generate && git diff --exit-code lint: - runs-on: ubuntu-latest name: Lint + runs-on: ubuntu-24.04 + timeout-minutes: 5 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -54,8 +57,9 @@ jobs: version: latest build: - runs-on: ubuntu-latest name: Build + runs-on: ubuntu-24.04 + timeout-minutes: 5 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -69,8 +73,9 @@ jobs: run: make build unit-tests: - runs-on: ubuntu-latest name: Unit tests + runs-on: ubuntu-24.04 + timeout-minutes: 5 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -84,8 +89,9 @@ jobs: run: make test-unit e2e-tests: - runs-on: ubuntu-latest name: E2E tests + runs-on: ubuntu-24.04 + timeout-minutes: 15 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -117,8 +123,9 @@ jobs: make test-e2e publish: - runs-on: ubuntu-latest name: Publish container image to Quay + runs-on: ubuntu-24.04 + timeout-minutes: 15 if: ${{ github.event.repository.fork == false && github.event_name == 'push' }} needs: - check-license From 242dd2c7630e1db05606a73035e25ba1cf0dc30e Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Thu, 25 Sep 2025 12:13:41 +0200 Subject: [PATCH 4/6] .github/workflows: don't hardcore action --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d45362af8..03ab3c1e4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ defaults: shell: bash concurrency: - group: ${{ github.ref_name }}-go + group: ${{ github.ref_name }}-${{ github.ref }} cancel-in-progress: true jobs: From 279f26f65f84af9453be82ded5eaecce9d7da4c3 Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Thu, 25 Sep 2025 12:21:32 +0200 Subject: [PATCH 5/6] .github/workflows: bump all deps, verify hashes Note: - For some reason the golangci/golangci-lint-actions dev is not signing his commits. - The setup-go actions account signing account looks shallow. But signs and releases for over a year. --- .github/workflows/build.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 03ab3c1e4..b2e96d41f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,7 +4,7 @@ on: [push, pull_request] env: QUAY_PATH: quay.io/brancz/kube-rbac-proxy - kind-version: v0.27.0 + kind-version: v0.30.0 go-version: 1.25 defaults: @@ -22,7 +22,7 @@ jobs: timeout-minutes: 3 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Check license run: make check-license @@ -33,10 +33,10 @@ jobs: timeout-minutes: 5 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Setup Golang Environment - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ env.go-version }} @@ -49,10 +49,10 @@ jobs: timeout-minutes: 5 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Lint Go - uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0 + uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 with: version: latest @@ -62,10 +62,10 @@ jobs: timeout-minutes: 5 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Setup Golang Environment - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ env.go-version }} @@ -78,10 +78,10 @@ jobs: timeout-minutes: 5 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Setup Golang Environment - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ env.go-version }} @@ -94,10 +94,10 @@ jobs: timeout-minutes: 15 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Setup Golang Environment - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ env.go-version }} @@ -135,15 +135,15 @@ jobs: - e2e-tests steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Setup Golang Environment - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ env.go-version }} - name: Login to Quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} From 2ba0293bb9403488ff06e6e6980bc17acfe42b2c Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Thu, 25 Sep 2025 14:24:52 +0200 Subject: [PATCH 6/6] .github/workflows: increase timer --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b2e96d41f..703f24098 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -75,7 +75,7 @@ jobs: unit-tests: name: Unit tests runs-on: ubuntu-24.04 - timeout-minutes: 5 + timeout-minutes: 10 steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 @@ -91,7 +91,7 @@ jobs: e2e-tests: name: E2E tests runs-on: ubuntu-24.04 - timeout-minutes: 15 + timeout-minutes: 30 steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 @@ -125,7 +125,7 @@ jobs: publish: name: Publish container image to Quay runs-on: ubuntu-24.04 - timeout-minutes: 15 + timeout-minutes: 20 if: ${{ github.event.repository.fork == false && github.event_name == 'push' }} needs: - check-license