Update to go-1.24 and golangci-lint v2

.github/workflows/docker.yaml

@@ -31,16 +31,16 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
-    - name: Set up Go 1.23
+    - name: Set up Go 1.24
       uses: actions/setup-go@v5
       with:
-        go-version: '1.23'
+        go-version: '1.24'
         cache: false
 
     - name: Lint
-      uses: golangci/golangci-lint-action@v6
+      uses: golangci/golangci-lint-action@v7
       with:
-        args: --build-tags integration -p bugs -p unused --timeout=10m
+        args: --build-tags integration --timeout=10m
 
     - name: Make tag
       run: |
@@ -63,10 +63,10 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
-    - name: Set up Go 1.23
+    - name: Set up Go 1.24
       uses: actions/setup-go@v5
       with:
-        go-version: '1.23'
+        go-version: '1.24'
 
     - name: Test
       run: |

Dockerfile

@@ -1,5 +1,5 @@
 # Build the firewall-controller-manager binary
-FROM golang:1.23 AS builder
+FROM golang:1.24 AS builder
 
 WORKDIR /work
 COPY . .

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.21
 COPY bin/firewall-controller-manager /firewall-controller-manager
 USER 65534
 ENTRYPOINT ["/firewall-controller-manager"]

api/v2/helper/seed_access.go

@@ -15,7 +15,6 @@ import (
 	configv1 "k8s.io/client-go/tools/clientcmd/api/v1"
 
 	"k8s.io/apimachinery/pkg/runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
@@ -313,7 +312,7 @@ func GetAccessKubeconfig(c *AccessConfig) ([]byte, error) {
 			Namespace: c.Namespace,
 		},
 	}
-	err = cl.Get(c.Ctx, client.ObjectKeyFromObject(saSecret), saSecret, &client.GetOptions{})
+	err = cl.Get(c.Ctx, controllerclient.ObjectKeyFromObject(saSecret), saSecret, &controllerclient.GetOptions{})
 	if err != nil {
 		return nil, err
 	}

api/v2/helper/shoot_access.go

@@ -13,7 +13,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/rest"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	controllerclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	"k8s.io/client-go/tools/clientcmd"
@@ -22,7 +21,7 @@ import (
 )
 
 type ShootAccessHelper struct {
-	seed      client.Client
+	seed      controllerclient.Client
 	access    *v2.ShootAccess
 	tokenPath string
 
@@ -31,7 +30,7 @@ type ShootAccessHelper struct {
 
 // NewShootAccessHelper provides shoot access functions based on shoot access secrets,
 // i.e. Gardener's generic kubeconfig and token secret.
-func NewShootAccessHelper(seed client.Client, access *v2.ShootAccess) *ShootAccessHelper {
+func NewShootAccessHelper(seed controllerclient.Client, access *v2.ShootAccess) *ShootAccessHelper {
 	return &ShootAccessHelper{
 		seed:   seed,
 		access: access,
@@ -90,7 +89,7 @@ func (s *ShootAccessHelper) Config(ctx context.Context) (*configv1.Config, error
 		},
 	}
 
-	err := s.seed.Get(ctx, client.ObjectKeyFromObject(kubeconfigTemplate), kubeconfigTemplate)
+	err := s.seed.Get(ctx, controllerclient.ObjectKeyFromObject(kubeconfigTemplate), kubeconfigTemplate)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read generic kubeconfig secret: %w", err)
 	}
@@ -152,7 +151,7 @@ func (s *ShootAccessHelper) RESTConfig(ctx context.Context) (*rest.Config, error
 	return restConfig, nil
 }
 
-func (s *ShootAccessHelper) Client(ctx context.Context) (client.Client, error) {
+func (s *ShootAccessHelper) Client(ctx context.Context) (controllerclient.Client, error) {
 	var (
 		config *rest.Config
 		err    error
@@ -185,7 +184,7 @@ func (s *ShootAccessHelper) readTokenSecret(ctx context.Context) (string, error)
 		},
 	}
 
-	err := s.seed.Get(ctx, client.ObjectKeyFromObject(tokenSecret), tokenSecret)
+	err := s.seed.Get(ctx, controllerclient.ObjectKeyFromObject(tokenSecret), tokenSecret)
 	if err != nil {
 		return "", fmt.Errorf("unable to read token secret: %w", err)
 	}

controllers/firewall/status.go

@@ -161,10 +161,10 @@ func SetFirewallStatusFromMonitor(fw *v2.Firewall, mon *v2.FirewallMonitor) {
 		cond := v2.NewCondition(v2.FirewallControllerConnected, v2.ConditionFalse, "NotConnected", "Controller has not yet connected to shoot.")
 		fw.Status.Conditions.Set(cond)
 	} else if time.Since(connection.Updated.Time) > 5*time.Minute {
-		cond := v2.NewCondition(v2.FirewallControllerConnected, v2.ConditionFalse, "StoppedReconciling", fmt.Sprintf("Controller has stopped reconciling since %s to shoot.", connection.Updated.Time.String()))
+		cond := v2.NewCondition(v2.FirewallControllerConnected, v2.ConditionFalse, "StoppedReconciling", fmt.Sprintf("Controller has stopped reconciling since %s to shoot.", connection.Updated.String()))
 		fw.Status.Conditions.Set(cond)
 	} else {
-		cond := v2.NewCondition(v2.FirewallControllerConnected, v2.ConditionTrue, "Connected", fmt.Sprintf("Controller reconciled shoot at %s.", connection.Updated.Time.String()))
+		cond := v2.NewCondition(v2.FirewallControllerConnected, v2.ConditionTrue, "Connected", fmt.Sprintf("Controller reconciled shoot at %s.", connection.Updated.String()))
 		fw.Status.Conditions.Set(cond)
 	}
 
@@ -173,10 +173,10 @@ func SetFirewallStatusFromMonitor(fw *v2.Firewall, mon *v2.FirewallMonitor) {
 		cond := v2.NewCondition(v2.FirewallControllerSeedConnected, v2.ConditionFalse, "NotConnected", "Controller has not yet connected to seed.")
 		fw.Status.Conditions.Set(cond)
 	} else if time.Since(connection.SeedUpdated.Time) > 5*time.Minute {
-		cond := v2.NewCondition(v2.FirewallControllerSeedConnected, v2.ConditionFalse, "StoppedReconciling", fmt.Sprintf("Controller has stopped reconciling since %s to seed.", connection.SeedUpdated.Time.String()))
+		cond := v2.NewCondition(v2.FirewallControllerSeedConnected, v2.ConditionFalse, "StoppedReconciling", fmt.Sprintf("Controller has stopped reconciling since %s to seed.", connection.SeedUpdated.String()))
 		fw.Status.Conditions.Set(cond)
 	} else {
-		cond := v2.NewCondition(v2.FirewallControllerSeedConnected, v2.ConditionTrue, "Connected", fmt.Sprintf("Controller reconciled firewall at %s.", connection.SeedUpdated.Time.String()))
+		cond := v2.NewCondition(v2.FirewallControllerSeedConnected, v2.ConditionTrue, "Connected", fmt.Sprintf("Controller reconciled firewall at %s.", connection.SeedUpdated.String()))
 		fw.Status.Conditions.Set(cond)
 	}
 

controllers/generic_controller.go

@@ -161,8 +161,6 @@ func (g GenericController[O]) Reconcile(ctx context.Context, req ctrl.Request) (
 			if statusErr != nil {
 				log.Error(statusErr, "status could not be updated")
 			}
-
-			return
 		}()
 	}
 

controllers/set/controller_test.go

@@ -101,7 +101,7 @@ var _ = Context("firewall set controller", Ordered, func() {
 			for _, fw := range fws.Items {
 				fw := fw
 
-				fmt.Fprintf(GinkgoWriter, "Having %s with creation timestamp: %s\n", fw.Name, fw.CreationTimestamp.String())
+				_, _ = fmt.Fprintf(GinkgoWriter, "Having %s with creation timestamp: %s\n", fw.Name, fw.CreationTimestamp.String())
 
 				if newest == nil {
 					newest = &fw
@@ -112,7 +112,7 @@ var _ = Context("firewall set controller", Ordered, func() {
 			}
 
 			Expect(newest).NotTo(BeNil())
-			fmt.Fprintf(GinkgoWriter, "The latest firewall is: %s\n", newest.Name)
+			_, _ = fmt.Fprintf(GinkgoWriter, "The latest firewall is: %s\n", newest.Name)
 
 			Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(set), set)).To(Succeed())
 			set.Spec.Replicas = 1

controllers/update/reconcile_test.go

@@ -220,7 +220,7 @@ func Test_controller_autoUpdateOS(t *testing.T) {
 			var ownedFirewalls []v2.Firewall
 			for _, existingFw := range tt.existingFws {
 				ownedFirewall := existingFw.DeepCopy()
-				ownedFirewall.ObjectMeta.OwnerReferences = []metav1.OwnerReference{
+				ownedFirewall.OwnerReferences = []metav1.OwnerReference{
 					*metav1.NewControllerRef(&latestSet, v2.GroupVersion.WithKind("FirewallSet")),
 				}
 				ownedFirewalls = append(ownedFirewalls, *ownedFirewall)

go.mod

@@ -1,23 +1,25 @@
 module github.com/metal-stack/firewall-controller-manager
 
-go 1.23
+go 1.24
+
+toolchain go1.24.2
 
 require (
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/flatcar/container-linux-config-transpiler v0.9.4
 	github.com/go-logr/logr v1.4.2
 	github.com/go-openapi/strfmt v0.23.0
-	github.com/google/go-cmp v0.6.0
+	github.com/google/go-cmp v0.7.0
 	github.com/google/uuid v1.6.0
-	github.com/metal-stack/metal-go v0.39.7
-	github.com/metal-stack/metal-lib v0.19.1
+	github.com/metal-stack/metal-go v0.41.0
+	github.com/metal-stack/metal-lib v0.21.0
 	github.com/metal-stack/v v1.0.3
-	github.com/onsi/ginkgo/v2 v2.22.2
-	github.com/onsi/gomega v1.36.2
-	github.com/prometheus/client_golang v1.20.5
+	github.com/onsi/ginkgo/v2 v2.23.4
+	github.com/onsi/gomega v1.37.0
+	github.com/prometheus/client_golang v1.22.0
 	github.com/stretchr/testify v1.10.0
 	k8s.io/api v0.29.3
-	k8s.io/apimachinery v0.31.0
+	k8s.io/apimachinery v0.32.3
 	k8s.io/client-go v0.29.3
 	sigs.k8s.io/controller-runtime v0.16.5
 )
@@ -30,18 +32,18 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/coreos/go-oidc/v3 v3.12.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.13.0 // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.8.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/flatcar/ignition v0.36.2 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
@@ -53,34 +55,32 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
-	github.com/goccy/go-yaml v1.12.0 // indirect
+	github.com/goccy/go-yaml v1.16.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20250202011525-fc3143867406 // indirect
+	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.6 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/jwx/v2 v2.1.3 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/magiconair/properties v1.8.9 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/metal-stack/security v0.9.2 // indirect
+	github.com/metal-stack/security v0.9.3 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -96,47 +96,45 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
-	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/afero v1.14.0 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/cobra v1.8.1 // indirect
+	github.com/spf13/cobra v1.9.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
-	github.com/spf13/viper v1.19.0 // indirect
+	github.com/spf13/viper v1.20.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/vincent-petithory/dataurl v1.0.0 // indirect
 	go.mongodb.org/mongo-driver v1.17.2 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.26.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/term v0.29.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
-	golang.org/x/time v0.10.0 // indirect
-	golang.org/x/tools v0.29.0 // indirect
-	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/oauth2 v0.29.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	golang.org/x/tools v0.32.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.4 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
 	k8s.io/component-base v0.29.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )