Create go module for the CRD

[davidor]

What does this PR do?

Creates a new go module for the CRD.
This will allow other projects like the datadog-operator to rely on that go mod instead of the root go mod of the project.
This will reduce the dependencies required and hopefully create less conflicts when upgrading kubernetes libraries.

Describe your test plan

I don't think there's anything specific apart from verifying that this simplifies the process when we need to upgrade the kubernetes libraries in the datadog-operator.

[github-actions]

This pull request does not contain a valid label. Please add one of the following labels: bug, enhancement, documentation, tooling

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.75%. Comparing base (f0c8877) to head (13fd935).
Report is 13 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #196       +/-   ##
===========================================
- Coverage   63.10%   43.75%   -19.36%     
===========================================
  Files          41       65       +24     
  Lines        3098     4939     +1841     
===========================================
+ Hits         1955     2161      +206     
- Misses       1023     2651     +1628     
- Partials      120      127        +7     

Flag	Coverage Δ
unittests	43.75% <ø> (-19.36%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 39 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aa85235...13fd935. Read the comment docs.

[datadog-datadog-prod-us1]

🔴 Library Vulnerability

golang.org/x/net → 0.28.0

View all suggested fixes

Suggested change

	golang.org/x/net v0.28.0 // indirect
	golang.org/x/net vv0.34.0// indirect

Suggested change

	golang.org/x/net v0.28.0 // indirect
	golang.org/x/net vv0.33.0// indirect

Non-linear parsing of case-insensitive content in golang.org/x/net/html (...read more)

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

    

[datadog-datadog-prod-us1]

🔴 Library Vulnerability

golang.org/x/net → 0.28.0

View all suggested fixes

Suggested change

	golang.org/x/net v0.28.0 // indirect
	golang.org/x/net vv0.34.0// indirect

Suggested change

	golang.org/x/net v0.28.0 // indirect
	golang.org/x/net vv0.33.0// indirect

Non-linear parsing of case-insensitive content in golang.org/x/net/html (...read more)

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

    

[datadog-datadog-prod-us1]

🟠 Code Vulnerability

Workflow depends on a GitHub actions pinned by tag (...read more)

When using a third party action, one needs to provide its GitHub path (owner/project) and can eventually pin it to a Git ref (a branch name, a Git tag, or a commit hash).

No pinned Git ref means the action uses the latest commit of the default branch each time it runs, eventually running newer versions of the code that were not audited by Datadog. Specifying a Git tag is better, but since they are not immutable, using a full length hash is recommended to make sure the action content is actually frozen to some reviewed state.

Be careful however, as even pinning an action by hash can be circumvented by attackers still. For instance, if an action relies on a Docker image which is itself not pinned to a digest, it becomes possible to alter its behaviour through the Docker image without actually changing its hash. You can learn more about this kind of attacks in Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows. Pinning actions by hash is still a good first line of defense against supply chain attacks.

Additionally, pinning by hash or tag means the action won’t benefit from newer version updates if any, including eventual security patches. Make sure to regularly check if newer versions for an action you use are available. For actions coming from a very trustworthy source, it can make sense to use a laxer pinning policy to benefit from updates as soon as possible.

    

[davidor]

Rebased on main

[davidor]

/merge

[dd-devflow]

Devflow running: /merge

View all feedbacks in Devflow UI.

---

2025-01-08 19:03:59 UTC ℹ️ MergeQueue: pull request added to the queue

The median merge time in main is 0s.

---

2025-01-08 19:17:28 UTC 🚨 MergeQueue: This merge request is in error

mergequeue build completed successfully, but the github api returned an error while merging the pr

Details

Error: PUT https://api.github.com/repos/DataDog/extendeddaemonset/pulls/196/merge: 405 Merge commits are not allowed on this repository. []

FullStacktrace:
activity error (type: github.GithubService_MergePullRequest, scheduledEventID: 41, startedEventID: 42, identity: 1@github-worker-54f6759d5b-8b5sf@): PUT https://api.github.com/repos/DataDog/extendeddaemonset/pulls/196/merge: 405 Merge commits are not allowed on this repository. [] (type: GitFailure, retryable: false): PUT https://api.github.com/repos/DataDog/extendeddaemonset/pulls/196/merge: 405 Merge commits are not allowed on this repository. [] (type: ErrorResponse, retryable: true)