diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index ea70b8e3..9dc1cb9b 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -24,7 +24,7 @@ jobs: run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index c3487035..7f1b0bf2 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -38,7 +38,7 @@ jobs: run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ba432427..893b005e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: VERSION: ${{ github.ref_name }} jobs: - build_images: + build_and_push: runs-on: ubuntu-latest permissions: @@ -17,8 +17,6 @@ jobs: steps: - uses: actions/checkout@v4 - with: - fetch-depth: 0 - uses: ./.github/actions/repo_access with: @@ -28,40 +26,29 @@ jobs: run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 - with: - go-version: ${{ steps.go-version.outputs.result }} - - uses: docker/login-action@v3 with: registry: quay.io - username: ${{ secrets.QUAY_USER }} + username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} - - uses: docker/login-action@v3 + + - uses: actions/setup-go@v5 with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + go-version: ${{ steps.go-version.outputs.result }} - id: release - run: make -j release - - - uses: actions/upload-artifact@v4 - with: - name: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}-${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}.tgz - path: ${{ steps.release.outputs.RELEASE_HELM_CHART_TAR }} - if-no-files-found: error + run: make release outputs: RELEASE_OCI_PREFLIGHT_IMAGE: ${{ steps.release.outputs.RELEASE_OCI_PREFLIGHT_IMAGE }} RELEASE_OCI_PREFLIGHT_TAG: ${{ steps.release.outputs.RELEASE_OCI_PREFLIGHT_TAG }} - RELEASE_HELM_CHART_NAME: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }} + RELEASE_HELM_CHART_IMAGE: ${{ steps.release.outputs.RELEASE_HELM_CHART_IMAGE }} RELEASE_HELM_CHART_VERSION: ${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }} github_release: runs-on: ubuntu-latest - needs: build_images + needs: build_and_push permissions: contents: write # needed for creating a PR @@ -70,15 +57,10 @@ jobs: steps: - run: | touch .notes-file - echo "OCI_PREFLIGHT_IMAGE: ${{ needs.build_images.outputs.RELEASE_OCI_PREFLIGHT_IMAGE }}" >> .notes-file - echo "OCI_PREFLIGHT_TAG: ${{ needs.build_images.outputs.RELEASE_OCI_PREFLIGHT_TAG }}" >> .notes-file - echo "HELM_CHART_NAME: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}" >> .notes-file - echo "HELM_CHART_VERSION: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file - - - id: chart_download - uses: actions/download-artifact@v4 - with: - name: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz + echo "OCI_PREFLIGHT_IMAGE: ${{ needs.build_and_push.outputs.RELEASE_OCI_PREFLIGHT_IMAGE }}" >> .notes-file + echo "OCI_PREFLIGHT_TAG: ${{ needs.build_and_push.outputs.RELEASE_OCI_PREFLIGHT_TAG }}" >> .notes-file + echo "HELM_CHART_IMAGE: ${{ needs.build_and_push.outputs.RELEASE_HELM_CHART_IMAGE }}" >> .notes-file + echo "HELM_CHART_VERSION: ${{ needs.build_and_push.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file - env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -89,7 +71,3 @@ jobs: --draft \ --verify-tag \ --notes-file .notes-file - - gh release upload "$VERSION" \ - --repo="$GITHUB_REPOSITORY" \ - "${{ steps.chart_download.outputs.download-path }}/${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz" diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 10d1279a..672704c9 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -8,7 +8,7 @@ aliases: - wallrj - jakexks - maelvls - - irbekrm - sgtcodfish - inteon - thatsmrtalbot + - erikgb diff --git a/hack/e2e/test.sh b/hack/e2e/test.sh index ba9f5b91..aea48e22 100755 --- a/hack/e2e/test.sh +++ b/hack/e2e/test.sh @@ -68,7 +68,7 @@ make release \ OCI_SIGN_ON_PUSH=false \ oci_platforms=linux/amd64 \ oci_preflight_image_name=$OCI_BASE/images/venafi-agent \ - helm_chart_repo_base=oci://$OCI_BASE/charts \ + helm_chart_image_name=$OCI_BASE/charts/venafi-kubernetes-agent \ GITHUB_OUTPUT=release.env source release.env popd diff --git a/klone.yaml b/klone.yaml index bbedf264..4b6038be 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,50 +10,50 @@ targets: - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/go - folder_name: helm repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/helm - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/help - folder_name: kind repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/kind - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/klone - folder_name: oci-build repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/oci-build - folder_name: oci-publish repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/oci-publish - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: c775b91913708e2ea4816373d0b0b4b632b3b524 + repo_hash: fbd26411777b12c2574d05f146cee617c6c50b63 repo_path: modules/tools diff --git a/make/00_mod.mk b/make/00_mod.mk index 04f5e71c..39c3d039 100644 --- a/make/00_mod.mk +++ b/make/00_mod.mk @@ -5,9 +5,6 @@ kind_cluster_config := $(bin_dir)/scratch/kind_cluster.yaml build_names := preflight -goos:= -GOARCH:=$(shell go env GOARCH) - go_preflight_main_dir := . go_preflight_mod_dir := . go_preflight_ldflags := \ @@ -26,15 +23,10 @@ oci_preflight_image_name_development := jetstack.local/venafi-agent deploy_name := venafi-kubernetes-agent deploy_namespace := venafi -helm_chart_repo_base := oci://quay.io/jetstack/charts helm_chart_source_dir := deploy/charts/venafi-kubernetes-agent -helm_chart_name := venafi-kubernetes-agent -helm_chart_app_version := $(VERSION) -helm_chart_version := $(VERSION:v%=%) +helm_chart_image_name := quay.io/jetstack/charts/venafi-kubernetes-agent +helm_chart_version := $(VERSION) helm_labels_template_name := preflight.labels -helm_docs_use_helm_tool := 1 -helm_generate_schema := 1 -helm_verify_values := 1 # Allows us to replace the Helm values.yaml's image.repository and image.tag # with the right values. diff --git a/make/02_mod.mk b/make/02_mod.mk index 9a7b49ae..9ac846fe 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -4,15 +4,14 @@ GITHUB_OUTPUT ?= /dev/stderr .PHONY: release ## Publish all release artifacts (image + helm chart) ## @category [shared] Release -release: $(helm_chart_archive) +release: $(MAKE) oci-push-preflight - $(HELM) push "$(helm_chart_archive)" "$(helm_chart_repo_base)" + $(MAKE) helm-chart-oci-push - @echo "RELEASE_OCI_preflight_IMAGE=$(oci_preflight_image_name)" >> "$(GITHUB_OUTPUT)" - @echo "RELEASE_OCI_preflight_TAG=$(oci_preflight_image_tag)" >> "$(GITHUB_OUTPUT)" - @echo "RELEASE_HELM_CHART_NAME=$(helm_chart_name)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_OCI_PREFLIGHT_IMAGE=$(oci_preflight_image_name)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_OCI_PREFLIGHT_TAG=$(oci_preflight_image_tag)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_HELM_CHART_IMAGE=$(helm_chart_image_name)" >> "$(GITHUB_OUTPUT)" @echo "RELEASE_HELM_CHART_VERSION=$(helm_chart_version)" >> "$(GITHUB_OUTPUT)" - @echo "RELEASE_HELM_CHART_TAR=$(helm_chart_archive)" >> "$(GITHUB_OUTPUT)" @echo "Release complete!" diff --git a/make/_shared/go/base/.github/workflows/govulncheck.yaml b/make/_shared/go/base/.github/workflows/govulncheck.yaml index ea70b8e3..9dc1cb9b 100644 --- a/make/_shared/go/base/.github/workflows/govulncheck.yaml +++ b/make/_shared/go/base/.github/workflows/govulncheck.yaml @@ -24,7 +24,7 @@ jobs: run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/make/_shared/helm/crds.mk b/make/_shared/helm/crds.mk index bcc208ba..e5c4b636 100644 --- a/make/_shared/helm/crds.mk +++ b/make/_shared/helm/crds.mk @@ -37,6 +37,9 @@ ifeq ($(HOST_OS),darwin) sed_inplace := sed -i '' endif +crds_dir ?= deploy/crds +crds_dir_readme := $(dir $(lastword $(MAKEFILE_LIST)))/crds_dir.README.md + .PHONY: generate-crds ## Generate CRD manifests. ## @category [shared] Generate/ Verify @@ -51,7 +54,7 @@ generate-crds: | $(NEEDS_CONTROLLER-GEN) $(NEEDS_YQ) $(directories:%=paths=./%...) \ output:crd:artifacts:config=$(crds_gen_temp) - echo "Updating CRDs with helm templating, writing to $(helm_chart_source_dir)/templates" + @echo "Updating CRDs with helm templating, writing to $(helm_chart_source_dir)/templates" @for i in $$(ls $(crds_gen_temp)); do \ crd_name=$$($(YQ) eval '.metadata.name' $(crds_gen_temp)/$$i); \ @@ -63,4 +66,9 @@ generate-crds: | $(NEEDS_CONTROLLER-GEN) $(NEEDS_YQ) cat $(crd_template_footer) >> $(helm_chart_source_dir)/templates/crd-$$i; \ done + @if [ -n "$$(ls $(crds_gen_temp) 2>/dev/null)" ]; then \ + cp -Tr $(crds_gen_temp) $(crds_dir); \ + cp $(crds_dir_readme) $(crds_dir)/README.md; \ + fi + shared_generate_targets += generate-crds diff --git a/make/_shared/helm/crds_dir.README.md b/make/_shared/helm/crds_dir.README.md new file mode 100644 index 00000000..fba79fed --- /dev/null +++ b/make/_shared/helm/crds_dir.README.md @@ -0,0 +1,8 @@ +# CRDs source directory + +> **WARNING**: if you are an end-user, you probably should NOT need to use the +> files in this directory. These files are for **reference, development and testing purposes only**. + +This directory contains 'source code' used to build our CustomResourceDefinition +resources consumed by our officially supported deployment methods (e.g. the Helm chart). +The CRDs in this directory might be incomplete, and should **NOT** be used to provision the operator. \ No newline at end of file diff --git a/make/_shared/helm/helm.mk b/make/_shared/helm/helm.mk index d0bf94e7..097dc6ed 100644 --- a/make/_shared/helm/helm.mk +++ b/make/_shared/helm/helm.mk @@ -24,17 +24,15 @@ ifndef helm_chart_source_dir $(error helm_chart_source_dir is not set) endif -ifndef helm_chart_name -$(error helm_chart_name is not set) +ifndef helm_chart_image_name +$(error helm_chart_image_name is not set) endif ifndef helm_chart_version $(error helm_chart_version is not set) endif - -ifndef helm_chart_app_version -# Default to the same as the chart version -helm_chart_app_version = $(helm_chart_version) +ifneq ($(helm_chart_version:v%=v),v) +$(error helm_chart_version "$(helm_chart_version)" should start with a "v") endif ifndef helm_values_mutation_function @@ -43,6 +41,9 @@ endif ########################################## +helm_chart_name := $(notdir $(helm_chart_image_name)) +helm_chart_image_registry := $(dir $(helm_chart_image_name)) +helm_chart_image_tag := $(helm_chart_version) helm_chart_sources := $(shell find $(helm_chart_source_dir) -maxdepth 1 -type f) $(shell find $(helm_chart_source_dir)/templates -type f) helm_chart_archive := $(bin_dir)/scratch/image/$(helm_chart_name)-$(helm_chart_version).tgz @@ -64,17 +65,23 @@ $(helm_chart_archive): $(helm_chart_sources) | $(NEEDS_HELM) $(NEEDS_YQ) $(bin_d mkdir -p $(dir $@) $(HELM) package $(helm_chart_source_dir_versioned) \ - --app-version $(helm_chart_app_version) \ + --app-version $(helm_chart_version) \ --version $(helm_chart_version) \ --destination $(dir $@) +.PHONY: helm-chart-oci-push +## Create and push Helm chart to OCI registry. +## Will also create a non-v-prefixed tag for the OCI image. +## @category [shared] Publish +helm-chart-oci-push: $(helm_chart_archive) | $(NEEDS_HELM) $(NEEDS_CRANE) + $(HELM) push "$(helm_chart_archive)" "oci://$(helm_chart_image_registry)" + $(CRANE) copy "$(helm_chart_image_name):$(helm_chart_image_tag)" "$(helm_chart_image_name):$(helm_chart_image_tag:v%=%)" + .PHONY: helm-chart ## Create a helm chart ## @category [shared] Helm Chart helm-chart: $(helm_chart_archive) -ifdef helm_docs_use_helm_tool - helm_tool_header_search ?= ^ helm_tool_footer_search ?= ^ @@ -83,17 +90,9 @@ helm_tool_footer_search ?= ^ ## @category [shared] Generate/ Verify generate-helm-docs: | $(NEEDS_HELM-TOOL) $(HELM-TOOL) inject -i $(helm_chart_source_dir)/values.yaml -o $(helm_chart_source_dir)/README.md --header-search "$(helm_tool_header_search)" --footer-search "$(helm_tool_footer_search)" -else -.PHONY: generate-helm-docs -## Generate Helm chart documentation. -## @category [shared] Generate/ Verify -generate-helm-docs: | $(NEEDS_HELM-DOCS) - $(HELM-DOCS) $(helm_chart_source_dir)/ -endif shared_generate_targets += generate-helm-docs -ifdef helm_generate_schema .PHONY: generate-helm-schema ## Generate Helm chart schema. ## @category [shared] Generate/ Verify @@ -101,9 +100,7 @@ generate-helm-schema: | $(NEEDS_HELM-TOOL) $(NEEDS_GOJQ) $(HELM-TOOL) schema -i $(helm_chart_source_dir)/values.yaml | $(GOJQ) > $(helm_chart_source_dir)/values.schema.json shared_generate_targets += generate-helm-schema -endif -ifdef helm_verify_values .PHONY: verify-helm-values ## Verify Helm chart values using helm-tool. ## @category [shared] Generate/ Verify @@ -111,7 +108,6 @@ verify-helm-values: | $(NEEDS_HELM-TOOL) $(NEEDS_GOJQ) $(HELM-TOOL) lint -i $(helm_chart_source_dir)/values.yaml -d $(helm_chart_source_dir)/templates -e $(helm_chart_source_dir)/values.linter.exceptions shared_verify_targets += verify-helm-values -endif .PHONY: verify-pod-security-standards ## Verify that the Helm chart complies with the pod security standards. diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index c3487035..7f1b0bf2 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -38,7 +38,7 @@ jobs: run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/make/_shared/repository-base/base/OWNERS_ALIASES b/make/_shared/repository-base/base/OWNERS_ALIASES index 10d1279a..672704c9 100644 --- a/make/_shared/repository-base/base/OWNERS_ALIASES +++ b/make/_shared/repository-base/base/OWNERS_ALIASES @@ -8,7 +8,7 @@ aliases: - wallrj - jakexks - maelvls - - irbekrm - sgtcodfish - inteon - thatsmrtalbot + - erikgb diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 43cbc6b7..b939f583 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -75,6 +75,8 @@ tools += trivy=v0.54.1 tools += ytt=v0.50.0 # https://github.com/rclone/rclone/releases tools += rclone=v1.67.0 +# https://github.com/istio/istio/releases +tools += istioctl=1.24.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions @@ -93,8 +95,6 @@ tools += gojq=v0.12.16 tools += crane=v0.20.2 # https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions tools += protoc-gen-go=v1.34.2 -# https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions -tools += helm-docs=v1.14.2 # https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions tools += cosign=v2.4.0 # https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions @@ -114,28 +114,30 @@ tools += ginkgo=$(detected_ginkgo_version) tools += klone=v0.1.0 # https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions tools += goreleaser=v1.26.2 -# https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions +# https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions. We are still +# using an old version (0.100.0, Jan 2024) because all of the latest versions +# use a replace statement, and thus cannot be installed using `go build`. tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool tools += helm-tool=v0.5.3 # https://github.com/cert-manager/cmctl -tools += cmctl=v2.1.0 +tools += cmctl=v2.1.1 # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -tools += cmrel=e4c3a4dc07df5c7c0379d334c5bb00e172462551 +tools += cmrel=e3cbe5171488deda000145003e22567bdce622ea # https://github.com/golangci/golangci-lint/releases -tools += golangci-lint=v1.61.0 +tools += golangci-lint=v1.62.2 # https://pkg.go.dev/golang.org/x/vuln?tab=versions tools += govulncheck=v1.1.3 # https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions -tools += operator-sdk=v1.36.1 +tools += operator-sdk=v1.38.0 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions -tools += gh=v2.54.0 +tools += gh=v2.63.1 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases -tools += preflight=1.10.0 +tools += preflight=1.10.2 # https://github.com/daixiang0/gci/releases -tools += gci=v0.13.4 +tools += gci=v0.13.5 # https://github.com/google/yamlfmt/releases -tools += yamlfmt=v0.13.0 +tools += yamlfmt=v0.14.0 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions K8S_CODEGEN_VERSION := v0.31.0 @@ -159,7 +161,7 @@ ADDITIONAL_TOOLS ?= tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.23.3 +VENDORED_GO_VERSION := 1.23.4 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -320,7 +322,6 @@ go_dependencies += kustomize=sigs.k8s.io/kustomize/kustomize/v4 go_dependencies += gojq=github.com/itchyny/gojq/cmd/gojq go_dependencies += crane=github.com/google/go-containerregistry/cmd/crane go_dependencies += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go -go_dependencies += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs go_dependencies += cosign=github.com/sigstore/cosign/v2/cmd/cosign go_dependencies += boilersuite=github.com/cert-manager/boilersuite go_dependencies += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc @@ -378,10 +379,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=a0afb9744c00648bafb1b90b4aba5bdb86f424f02f9275399ce0c20b93a2c3a8 -go_linux_arm64_SHA256SUM=1f7cbd7f668ea32a107ecd41b6488aaee1f5d77a66efd885b175494439d4e1ce -go_darwin_amd64_SHA256SUM=c7e024d5c0bc81845070f23598caf02f05b8ae88fd4ad2cd3e236ddbea833ad2 -go_darwin_arm64_SHA256SUM=31e119fe9bde6e105407a32558d5b5fa6ca11e2bd17f8b7b2f8a06aba16a0632 +go_linux_amd64_SHA256SUM=6924efde5de86fe277676e929dc9917d466efa02fb934197bc2eba35d5680971 +go_linux_arm64_SHA256SUM=16e5017863a7f6071363782b1b8042eb12c6ca4f4cd71528b2123f0a1275b13e +go_darwin_amd64_SHA256SUM=6700067389a53a1607d30aa8d6e01d198230397029faa0b109e89bc871ab5a0e +go_darwin_arm64_SHA256SUM=87d2bb0ad4fe24d2a0685a55df321e0efe4296419a9b3de03369dbe60b8acd3a .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @@ -580,8 +581,24 @@ $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN chmod +x $(outfile); \ rm -f $(outfile).zip -preflight_linux_amd64_SHA256SUM=97750df31f31200f073e3b2844628a0a3681a403648c76d12319f83c80666104 -preflight_linux_arm64_SHA256SUM=e12b2afe063c07ee75f69f285f8cc56be99b85e2abac99cbef5fb22b91ef0cb7 +istioctl_linux_amd64_SHA256SUM=b6a07dfb3112f24b174c92bb23b71ba2373114d04e70f079b45cf7c46943ca7e +istioctl_linux_arm64_SHA256SUM=25b44d36f91337545cddd342e4ccc5686dd8f283916d4eaf0d9efdfe84bd057f +istioctl_darwin_amd64_SHA256SUM=00b0f321c1e300465a10584e6f4ffa362ff4b11ee655e94dd8985d61c808a16f +istioctl_darwin_arm64_SHA256SUM=21ece4d2882decccc2ed3f14df078f1fc9fccc3048a7e65371a84d7aabce1912 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/istioctl@$(ISTIOCTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/istioctl@$(ISTIOCTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst darwin,osx,$(HOST_OS))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/istio/istio/releases/download/$(ISTIOCTL_VERSION)/istio-$(ISTIOCTL_VERSION)-$(OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(istioctl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz istio-$(ISTIOCTL_VERSION)/bin/istioctl > $(outfile); \ + chmod +x $(outfile); \ + rm $(outfile).tar.gz + +preflight_linux_amd64_SHA256SUM=776d04669304d3185c40522bed9a6dc1aa9cd80014a203fe01552b98bfa9554b +preflight_linux_arm64_SHA256SUM=dd7b0a144892ce6fc47d1bc44e344130fa9ff997bf2c39de3016873d8bd3fac5 # Currently there are no official releases for darwin, you cannot submit results # on non-official binaries, but we can still run tests.