patch: updates to modules and pipelines

* Update modules * Updated pipelines to support multi arch and OS builds as well as updating included actions * Updated chart and dogkat version
drewbernetes · Oct 30, 2024 · ebe0544 · ebe0544
1 parent 1c766b9
commit ebe0544
Show file tree

Hide file tree

Showing 8 changed files with 195 additions and 389 deletions.
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -32,7 +32,7 @@ jobs:
     needs: lint-chart
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4
 
       - name: Run helm-docs
         run: .github/helm-docs.sh
@@ -45,12 +45,12 @@ jobs:
       matrix:
         k8s:
           # from https://github.com/yannh/kubernetes-json-schema
-          - v1.26.9
-          - v1.27.8
-          - v1.28.4
+          - v1.29.9
+          - v1.30.6
+          - v1.31.2
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -61,12 +61,12 @@ jobs:
 
   lint-golang:
     name: Lint files
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.22.1'
+          go-version: '1.23.1'
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
@@ -75,25 +75,25 @@ jobs:
           args: --timeout=3m --skip-dirs=charts
   test-golang:
     name: Run tests
-    runs-on: 'ubuntu-22.04'
+    runs-on: ubuntu-24.04
     needs: lint-golang
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.22.1'
+          go-version: '1.23.1'
       - run: go test -v -cover ./...
 
   security-checks:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: test-golang
     permissions:
       contents: read
       packages: write
       id-token: write
     steps:
       - name: Build Local Container
-        uses: drewbernetes/container-security-action@v0.0.2
+        uses: drewbernetes/container-security-action@v0.1.0
         if: github.event_name != 'pull_request'
         id: build-and-scan
         with:
@@ -103,15 +103,16 @@ jobs:
           image-name: dogkat
           image-tag: ${{ github.ref_name }}
           check-severity: CRITICAL
-          trivyignore-from-s3: true
+          grypeignore-from-s3: true
           s3-endpoint: "https://api.s3.hudson-viles.uk"
           s3-access-key: ${{secrets.S3_ACCESS_KEY}}
           s3-secret-key: ${{secrets.S3_SECRET_KEY}}
-          s3-bucket: "trivyignores"
-          s3-path: "dogkat"
+          s3-bucket: "grypeignores"
+          s3-path: "dogkat.yaml"
           add-latest-tag: false
           publish-image: false
           cosign-private-key: ${{secrets.COSIGN_KEY}}
           cosign-password: ${{secrets.COSIGN_PASSWORD}}
           cosign-tlog: false
           dockerfile-path: docker
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -8,14 +8,14 @@ on:
 
 jobs:
   security-checks:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
       id-token: write
     steps:
       - name: Build Container
-        uses: drewbernetes/container-security-action@v0.0.2
+        uses: drewbernetes/container-security-action@v0.1.0
         if: github.event_name != 'pull_request'
         id: build-and-scan
         with:
@@ -25,22 +25,23 @@ jobs:
           image-name: dogkat
           image-tag: ${{ github.ref_name }}
           check-severity: CRITICAL
-          trivyignore-from-s3: true
+          grypeignore-from-s3: true
           s3-endpoint: "https://api.s3.hudson-viles.uk"
           s3-access-key: ${{secrets.S3_ACCESS_KEY}}
           s3-secret-key: ${{secrets.S3_SECRET_KEY}}
-          s3-bucket: "trivyignores"
-          s3-path: "dogkat"
+          s3-bucket: "grypeignores"
+          s3-path: "dogkat.yaml"
           add-latest-tag: true
           publish-image: true
           cosign-private-key: ${{secrets.COSIGN_KEY}}
           cosign-password: ${{secrets.COSIGN_PASSWORD}}
           cosign-tlog: true
           dockerfile-path: docker
+          github-token: ${{ secrets.GITHUB_TOKEN }}
 
   release:
     name: Create Release
-    runs-on: 'ubuntu-22.04'
+    runs-on: ubuntu-24.04
     needs: security-checks
     permissions:
       contents: write
@@ -53,20 +54,24 @@ jobs:
 
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.22.1'
+          go-version: '1.23.1'
 
-      - name: Get OS and arch info
+      - name: Build binaries
         run: |
-          GOARCH=amd64
-          GOOS=linux
-          BINARY_NAME=${{github.repository}}-$GOOS-$GOARCH
-          echo "BINARY_NAME=$BINARY_NAME" >> $GITHUB_ENV
-          echo "GOOS=$GOOS" >> $GITHUB_ENV
-          echo "GOARCH=$GOARCH" >> $GITHUB_ENV
+          for goos in darwin linux windows; do
+            for goarch in amd64 arm arm64; do
+              # Skip unsupported combinations
+              if [[ "$goos" == "darwin" && "$goarch" == "arm" ]]; then continue; fi
+              if [[ "$goos" == "windows" && ! "$goarch" == "amd64" ]]; then continue; fi
 
-      - name: Build
-        run: |
-          CGO_ENABLED=0 go build -o "$BINARY_NAME" cmd/dogkat/main.go
+              output_file="${{github.repository}}-$goos-$goarch"
+              if [[ "$goos" == "windows" ]]; then output_file="$output_file.exe"; fi
+
+              GOOS=$goos GOARCH=$goarch CGO_ENABLED=0 go build -o $output_file cmd/dogkat/main.go
+              files="$files\n$output_file"
+            done
+          done
+          echo "files=$files" >> $GITHUB_ENV
 
       - name: Release Notes
         run: |
@@ -77,7 +82,7 @@ jobs:
         with:
           body_path: ".github/RELEASE-TEMPLATE.md"
           draft: false
-          files: ${{env.BINARY_NAME}}
+          files: ${{ env.files }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@ repos:
       - id: end-of-file-fixer
       - id: check-added-large-files
   - repo: https://github.com/norwoodj/helm-docs.git
-    rev: v1.13.1
+    rev: v1.14.2
     hooks:
       - id: helm-docs
         args:
@@ -41,21 +41,21 @@ repos:
           - ./docker/Dockerfile
           - --context
           - .
-  - repo: https://github.com/drewbernetes/pre-commits.git
-    rev: v0.1.0
-    hooks:
-      - id: trivy
-        args:
-          - fs
-          - .
-  - repo: https://github.com/drewbernetes/pre-commits.git
-    rev: v0.1.0
-    hooks:
-      - id: trivy
-        args:
-          - image
-          - --severity
-          - HIGH,CRITICAL
-          - --ignorefile
-          - .trivyignore
-          - local/dogkat:0.0.0
+#  - repo: https://github.com/drewbernetes/pre-commits.git
+#    rev: v0.1.0
+#    hooks:
+#      - id: trivy
+#        args:
+#          - fs
+#          - .
+#  - repo: https://github.com/drewbernetes/pre-commits.git
+#    rev: v0.1.0
+#    hooks:
+#      - id: trivy
+#        args:
+#          - image
+#          - --severity
+#          - HIGH,CRITICAL
+#          - --ignorefile
+#          - .trivyignore
+#          - local/dogkat:0.0.0
diff --git a/charts/dogkat/Chart.yaml b/charts/dogkat/Chart.yaml
@@ -2,8 +2,8 @@
 
 apiVersion: v2
 name: dogkat
-version: 0.1.11
-appVersion: 0.1.11
+version: 0.1.13
+appVersion: 0.1.13
 type: application
 maintainers:
   - name: drew-viles

diff --git a/charts/dogkat/README.md b/charts/dogkat/README.md
@@ -1,6 +1,6 @@
 # dogkat
 
-![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.11](https://img.shields.io/badge/AppVersion-0.1.11-informational?style=flat-square)
+![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.13](https://img.shields.io/badge/AppVersion-0.1.13-informational?style=flat-square)
 
 End-2-End testing for GPUs and some core resources
 

diff --git a/go.mod b/go.mod
@@ -11,11 +11,11 @@ require (
 	go.uber.org/mock v0.5.0
 	golang.org/x/net v0.30.0
 	helm.sh/helm/v3 v3.16.2
-	k8s.io/api v0.31.1
-	k8s.io/apimachinery v0.31.1
-	k8s.io/cli-runtime v0.31.1
-	k8s.io/client-go v0.31.1
-	k8s.io/kubectl v0.31.1
+	k8s.io/api v0.31.2
+	k8s.io/apimachinery v0.31.2
+	k8s.io/cli-runtime v0.31.2
+	k8s.io/client-go v0.31.2
+	k8s.io/kubectl v0.31.2
 )
 
 require (
@@ -29,24 +29,24 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.28.0 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.41 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.28.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.22 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
 	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -68,7 +68,7 @@ require (
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.17.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -129,7 +129,7 @@ require (
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.60.0 // indirect
+	github.com/prometheus/common v0.60.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.7.0 // indirect
@@ -152,7 +152,6 @@ require (
 	go.opentelemetry.io/otel v1.31.0 // indirect
 	go.opentelemetry.io/otel/metric v1.31.0 // indirect
 	go.opentelemetry.io/otel/trace v1.31.0 // indirect
-	go.starlark.net v0.0.0-20240925182052-1207426daebd // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
@@ -162,17 +161,17 @@ require (
 	golang.org/x/term v0.25.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.31.1 // indirect
-	k8s.io/apiserver v0.31.1 // indirect
-	k8s.io/component-base v0.31.1 // indirect
+	k8s.io/apiextensions-apiserver v0.31.2 // indirect
+	k8s.io/apiserver v0.31.2 // indirect
+	k8s.io/component-base v0.31.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 // indirect
 	k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect