Merge pull request #394 from cert-manager/self-upgrade-main

[CI] Merge self-upgrade-main into main

Author: cert-manager-prow[bot]

.github/workflows/renovate.yaml

@@ -50,7 +50,7 @@ jobs:
           go-version: ${{ steps.go-version.outputs.result }}
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@aec779d4f7845f8431ddf403cf9659d4702ddde0 # v43.0.18
+        uses: renovatebot/github-action@a3c115cd6676c8a5bc72f9715f108759e570daf5 # v43.0.19
         with:
           configurationFile: .github/renovate.json5
           token: ${{ steps.octo-sts.outputs.token }}

.golangci.yaml

@@ -45,6 +45,7 @@ linters:
     - makezero
     - mirror
     - misspell
+    - modernize
     - musttag
     - nakedret
     - nilerr
@@ -72,9 +73,10 @@ formatters:
       sections:
         - standard # Standard section: captures all standard packages.
         - default # Default section: contains all imports that could not be matched to another section type.
-        - prefix(github.com/cert-manager/csi-driver-spiffe) # Custom section: groups all imports with the specified Prefix.
+        - localmodule # Local module section: contains all local packages. This section is not present unless explicitly enabled.
         - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled.
         - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled.
+      custom-order: true
   exclusions:
     generated: lax
     paths: [third_party, builtin$, examples$]

internal/approver/evaluator/extensions_test.go

@@ -29,7 +29,7 @@ import (
 )
 
 var (
-	disallowedX509KeyUsages = []interface{}{
+	disallowedX509KeyUsages = []any{
 		x509.KeyUsageContentCommitment,
 		x509.KeyUsageDataEncipherment,
 		x509.KeyUsageKeyAgreement,
@@ -39,12 +39,12 @@ var (
 		x509.KeyUsageDecipherOnly,
 	}
 
-	allowedX509KeyUsages = []interface{}{
+	allowedX509KeyUsages = []any{
 		x509.KeyUsageDigitalSignature,
 		x509.KeyUsageKeyEncipherment,
 	}
 
-	disallowedX509ExtKeyUsages = []interface{}{
+	disallowedX509ExtKeyUsages = []any{
 		x509.ExtKeyUsageAny,
 		x509.ExtKeyUsageCodeSigning,
 		x509.ExtKeyUsageEmailProtection,
@@ -59,7 +59,7 @@ var (
 		x509.ExtKeyUsageMicrosoftKernelCodeSigning,
 	}
 
-	allowedX509ExtKeyUsages = []interface{}{
+	allowedX509ExtKeyUsages = []any{
 		x509.ExtKeyUsageServerAuth,
 		x509.ExtKeyUsageClientAuth,
 	}
@@ -301,13 +301,13 @@ func Test_validateKeyUsageExtension(t *testing.T) {
 }
 
 // Adapted from https://github.com/mxschmitt/golang-combinations
-func powerset(set []interface{}) (subsets [][]interface{}) {
+func powerset(set []any) (subsets [][]any) {
 	length := uint(len(set))
 
 	// Go through all possible combinations of objects
 	// from 1 (only first object in subset) to 2^length (all objects in subset)
 	for subsetBits := 1; subsetBits < (1 << length); subsetBits++ {
-		var subset []interface{}
+		var subset []any
 
 		for object := range length {
 			// checks if object is contained in subset

internal/csi/driver/driver.go

@@ -23,6 +23,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"maps"
 	"net/url"
 	"strings"
 	"sync"
@@ -437,19 +438,15 @@ func (d *Driver) Run(ctx context.Context) error {
 		d.driver.Stop()
 	}()
 
-	wg.Add(1)
-	go func() {
-		defer wg.Done()
+	wg.Go(func() {
 		updateRetryPeriod := time.Second * 5
 		d.camanager.run(ctx, updateRetryPeriod)
-	}()
+	})
 
 	if d.hasRuntimeConfiguration() {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
+		wg.Go(func() {
 			d.watchRuntimeConfigurationSource(ctx)
-		}()
+		})
 	}
 
 	wg.Add(1)
@@ -534,9 +531,7 @@ func (d *Driver) generateRequest(meta metadata.Metadata) (*manager.CertificateRe
 		annotations.SPIFFEIdentityAnnnotationKey: spiffeID,
 	}
 
-	for key, value := range d.certificateRequestAnnotations {
-		crAnnotations[key] = value
-	}
+	maps.Copy(crAnnotations, d.certificateRequestAnnotations)
 
 	return &manager.CertificateRequestBundle{
 		Request: &x509.CertificateRequest{

klone.yaml

@@ -10,70 +10,70 @@ targets:
     - folder_name: boilerplate
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/boilerplate
     - folder_name: cert-manager
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/cert-manager
     - folder_name: controller-gen
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/controller-gen
     - folder_name: generate-verify
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/generate-verify
     - folder_name: go
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/go
     - folder_name: helm
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/helm
     - folder_name: help
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/help
     - folder_name: kind
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/kind
     - folder_name: klone
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/klone
     - folder_name: licenses
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/licenses
     - folder_name: oci-build
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/oci-build
     - folder_name: oci-publish
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/oci-publish
     - folder_name: repository-base
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/repository-base
     - folder_name: tools
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 737c51c1bf36dea15a7ef2bc5c070d09845530a2
+      repo_hash: 2121d6bf1ec6440011bc03021015af1c18ec0eba
       repo_path: modules/tools

make/_shared/go/.golangci.override.yaml

@@ -45,6 +45,7 @@ linters:
     - makezero
     - mirror
     - misspell
+    - modernize
     - musttag
     - nakedret
     - nilerr
@@ -69,10 +70,11 @@ formatters:
   enable: [ gci, gofmt ]
   settings:
     gci:
+      custom-order: true
       sections:
         - standard # Standard section: captures all standard packages.
         - default # Default section: contains all imports that could not be matched to another section type.
-        - prefix({{REPO-NAME}}) # Custom section: groups all imports with the specified Prefix.
+        - localmodule # Local module section: contains all local packages. This section is not present unless explicitly enabled.
         - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled.
         - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled.
   exclusions:

make/_shared/go/01_mod.mk

@@ -117,7 +117,6 @@ generate-golangci-lint-config: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/s
 	cp $(golangci_lint_config) $(bin_dir)/scratch/golangci-lint.yaml.tmp
 	$(YQ) -i 'del(.linters.enable)' $(bin_dir)/scratch/golangci-lint.yaml.tmp
 	$(YQ) eval-all -i '. as $$item ireduce ({}; . * $$item)' $(bin_dir)/scratch/golangci-lint.yaml.tmp $(golangci_lint_override)
-	$(YQ) -i '(.. | select(tag == "!!str")) |= sub("{{REPO-NAME}}", "$(repo_name)")' $(bin_dir)/scratch/golangci-lint.yaml.tmp
 	mv $(bin_dir)/scratch/golangci-lint.yaml.tmp $(golangci_lint_config)
 
 shared_generate_targets += generate-golangci-lint-config
@@ -147,9 +146,9 @@ fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(NEEDS_GCI) $(bin_dir)/
 	@find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \
 		| while read d; do \
 				target=$$(dirname $${d}); \
-				echo "Running 'GOVERSION=$(VENDORED_GO_VERSION) $(bin_dir)/tools/golangci-lint fmt -c $(CURDIR)/$(golangci_lint_config)' in directory '$${target}'"; \
+				echo "Running 'GOVERSION=$(VENDORED_GO_VERSION) $(bin_dir)/tools/golangci-lint run --fix -c $(CURDIR)/$(golangci_lint_config) --timeout $(golangci_lint_timeout)' in directory '$${target}'"; \
 				pushd "$${target}" >/dev/null; \
-				GOVERSION=$(VENDORED_GO_VERSION) $(GOLANGCI-LINT) fmt -c $(CURDIR)/$(golangci_lint_config) || exit; \
+				GOVERSION=$(VENDORED_GO_VERSION) $(GOLANGCI-LINT) run --fix -c $(CURDIR)/$(golangci_lint_config) --timeout $(golangci_lint_timeout) || exit; \
 				popd >/dev/null; \
 				echo ""; \
 			done

make/_shared/repository-base/base/.github/workflows/renovate.yaml

@@ -50,7 +50,7 @@ jobs:
           go-version: ${{ steps.go-version.outputs.result }}
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@aec779d4f7845f8431ddf403cf9659d4702ddde0 # v43.0.18
+        uses: renovatebot/github-action@a3c115cd6676c8a5bc72f9715f108759e570daf5 # v43.0.19
         with:
           configurationFile: .github/renovate.json5
           token: ${{ steps.octo-sts.outputs.token }}

make/_shared/tools/00_mod.mk

@@ -86,7 +86,7 @@ tools += yq=v4.48.1
 tools += ko=0.18.0
 # https://github.com/protocolbuffers/protobuf/releases
 # renovate: datasource=github-releases packageName=protocolbuffers/protobuf
-tools += protoc=v32.1
+tools += protoc=v33.0
 # https://github.com/aquasecurity/trivy/releases
 # renovate: datasource=github-releases packageName=aquasecurity/trivy
 tools += trivy=v0.67.2
@@ -167,7 +167,7 @@ tools += cmctl=v2.3.0
 tools += cmrel=v1.12.15-0.20241121151736-e3cbe5171488
 # https://pkg.go.dev/github.com/golangci/golangci-lint/v2/cmd/golangci-lint?tab=versions
 # renovate: datasource=go packageName=github.com/golangci/golangci-lint/v2
-tools += golangci-lint=v2.5.0
+tools += golangci-lint=v2.6.0
 # https://pkg.go.dev/golang.org/x/vuln?tab=versions
 # renovate: datasource=go packageName=golang.org/x/vuln
 tools += govulncheck=v1.1.4
@@ -499,7 +499,7 @@ $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLO
 	@source $(lock_script) $@; \
 		$(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION:v%=%)/vault_$(VAULT_VERSION:v%=%)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \
 		$(checkhash_script) $(outfile).zip $(vault_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
-		unzip -qq -c $(outfile).zip > $(outfile); \
+		unzip -p $(outfile).zip vault > $(outfile); \
 		chmod +x $(outfile); \
 		rm -f $(outfile).zip
 
@@ -580,10 +580,10 @@ $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR
 		chmod +x $(outfile); \
 		rm -f $(outfile).tar.gz
 
-protoc_linux_amd64_SHA256SUM=e9c129c176bb7df02546c4cd6185126ca53c89e7d2f09511e209319704b5dd7e
-protoc_linux_arm64_SHA256SUM=4a802ed23d70f7bad7eb19e5a3e724b3aa967250d572cadfd537c1ba939aee6a
-protoc_darwin_amd64_SHA256SUM=f9caa5b4d0b537acffb0ffd7d53225511a5574ef903fca550ea9e7600987f13b
-protoc_darwin_arm64_SHA256SUM=a7b51b2113862690fa52c62f8891a6037bafb9db88d4f9924c486de9d9bb89d5
+protoc_linux_amd64_SHA256SUM=d99c011b799e9e412064244f0be417e5d76c9b6ace13a2ac735330fa7d57ad8f
+protoc_linux_arm64_SHA256SUM=4b96bc91f8b54d829b8c3ca2207ff1ceb774843321e4fa5a68502faece584272
+protoc_darwin_amd64_SHA256SUM=e4e50a703147a92d1a5a2d3a34c9e41717f67ade67d4be72b9a466eb8f22fe87
+protoc_darwin_arm64_SHA256SUM=3cf55dd47118bd2efda9cd26b74f8bbbfcf5beb1bf606bc56ad4c001b543f6d3
 
 .PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH)
 $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
@@ -593,7 +593,7 @@ $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN
 	@source $(lock_script) $@; \
 		$(CURL) https://github.com/protocolbuffers/protobuf/releases/download/$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION:v%=%)-$(OS)-$(ARCH).zip -o $(outfile).zip; \
 		$(checkhash_script) $(outfile).zip $(protoc_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
-		unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \
+		unzip -p $(outfile).zip bin/protoc > $(outfile); \
 		chmod +x $(outfile); \
 		rm -f $(outfile).zip
 

test/e2e/e2e_test.go

@@ -26,7 +26,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 
 	"github.com/cert-manager/csi-driver-spiffe/test/e2e/framework/config"
-
 	_ "github.com/cert-manager/csi-driver-spiffe/test/e2e/suite"
 )