diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ca5421cf..68a7ce50 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,24 +10,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v2 - - uses: arnested/go-version-action@v1 - id: go-version + uses: actions/checkout@v3 - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@v4 with: - go-version: ${{ steps.go-version.outputs.minimal }} + go-version-file: "go.mod" - name: Run lint run: make lint build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: arnested/go-version-action@v1 - id: go-version - - name: Install Go ${{ steps.go-version.outputs.minimal }} - uses: actions/setup-go@v2 + - name: Check out code + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 with: - go-version: ${{ steps.go-version.outputs.minimal }} + go-version-file: "go.mod" - name: Run unit test run: make test diff --git a/.golangci.yml b/.golangci.yml index f7dde84e..2dec8fb3 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -76,8 +76,6 @@ linters: disable-all: true enable: - bodyclose - - deadcode - - depguard - dogsled - dupl - errcheck @@ -104,11 +102,9 @@ linters: - nolintlint - rowserrcheck - staticcheck - - structcheck - stylecheck - typecheck - unconvert - unparam - unused - - varcheck - whitespace diff --git a/go.mod b/go.mod index dc65f3ed..ec5dfdfc 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/qinqon/kube-admission-webhook -go 1.17 +go 1.19 require ( github.com/github-release/github-release v0.10.0 diff --git a/hack/lint.sh b/hack/lint.sh index fe206bab..0232faf2 100755 --- a/hack/lint.sh +++ b/hack/lint.sh @@ -1,6 +1,6 @@ #!/bin/bash -xe -version=v1.42.1 +version=v1.53.3 timeout=5m go run github.com/golangci/golangci-lint/cmd/golangci-lint@$version run --timeout $timeout diff --git a/pkg/certificate/client.go b/pkg/certificate/client.go index 8c3c769b..bc0948dd 100644 --- a/pkg/certificate/client.go +++ b/pkg/certificate/client.go @@ -22,6 +22,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" + "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" ) diff --git a/pkg/certificate/manager.go b/pkg/certificate/manager.go index ff5fbf6a..f1a8c0a4 100644 --- a/pkg/certificate/manager.go +++ b/pkg/certificate/manager.go @@ -85,15 +85,17 @@ type Manager struct { // It will also starts at cert manager [1] that will update them if they expire. // The generate certificate include the following fields: // DNSNames (for every service the webhook refers too): -// - ${service.Name} -// - ${service.Name}.${service.namespace} -// - ${service.Name}.${service.namespace}.svc +// - ${service.Name} +// - ${service.Name}.${service.namespace} +// - ${service.Name}.${service.namespace}.svc +// // Subject: -// - CN: ${webhookName} +// - CN: ${webhookName} +// // Usages: -// - UsageDigitalSignature -// - UsageKeyEncipherment -// - UsageServerAuth +// - UsageDigitalSignature +// - UsageKeyEncipherment +// - UsageServerAuth // // It will also update the webhook caBundle field with the cluster CA cert and // approve the generated cert/key with k8s certification approval mechanism @@ -307,7 +309,7 @@ func (m *Manager) nextRotationDeadlineForCert(certificate *x509.Certificate, ove } func (m *Manager) elapsedToRotateCAFromLastDeadline() time.Duration { - deadline := m.now() + deadline := m.now() //nolint:staticcheck // lint mark it as unused // If deadline was previously calculated return it, else do the // calculations @@ -323,7 +325,7 @@ func (m *Manager) elapsedToRotateCAFromLastDeadline() time.Duration { } func (m *Manager) elapsedToRotateServicesFromLastDeadline() time.Duration { - deadline := m.now() + deadline := m.now() //nolint:staticcheck // lint mark it as unused // If deadline was previously calculated return it, else do the // calculations diff --git a/pkg/certificate/secret.go b/pkg/certificate/secret.go index e930b63f..35f64bc5 100644 --- a/pkg/certificate/secret.go +++ b/pkg/certificate/secret.go @@ -278,7 +278,7 @@ func (m *Manager) getTLSCerts(secretKey types.NamespacedName) ([]*x509.Certifica return certs, nil } -//FIXME: Is this default/webhookname good key for ca secret +// FIXME: Is this default/webhookname good key for ca secret func (m *Manager) caSecretKey() types.NamespacedName { return types.NamespacedName{Namespace: m.namespace, Name: m.webhookName + "-ca"} } diff --git a/pkg/webhook/internal/metrics/metrics.go b/pkg/webhook/internal/metrics/metrics.go index 68d8f985..4c36b824 100644 --- a/pkg/webhook/internal/metrics/metrics.go +++ b/pkg/webhook/internal/metrics/metrics.go @@ -59,7 +59,7 @@ var ( }() ) -func init() { // nolint:gochecknoinits +func init() { //nolint:gochecknoinits metrics.Registry.MustRegister(RequestLatency, RequestTotal, RequestInFlight) } diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go index 193d4d7d..7ea37f8a 100644 --- a/pkg/webhook/server.go +++ b/pkg/webhook/server.go @@ -21,7 +21,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "io/ioutil" "net" "net/http" "os" @@ -295,7 +294,7 @@ func (s *Server) Start(ctx context.Context) error { if s.ClientCAName != "" { certPool := x509.NewCertPool() var clientCABytes []byte - clientCABytes, err = ioutil.ReadFile(filepath.Join(s.CertDir, s.ClientCAName)) + clientCABytes, err = os.ReadFile(filepath.Join(s.CertDir, s.ClientCAName)) if err != nil { return fmt.Errorf("failed to read client CA cert: %v", err) } @@ -346,7 +345,7 @@ func (s *Server) Start(ctx context.Context) error { // server has been started. func (s *Server) StartedChecker() healthz.Checker { config := &tls.Config{ - InsecureSkipVerify: true, // nolint:gosec // config is used to connect to our own webhook port. + InsecureSkipVerify: true, //nolint:gosec // config is used to connect to our own webhook port. } return func(req *http.Request) error { s.mu.Lock() diff --git a/pkg/webhook/server_test.go b/pkg/webhook/server_test.go index 5d8903a3..341b4a19 100644 --- a/pkg/webhook/server_test.go +++ b/pkg/webhook/server_test.go @@ -19,7 +19,7 @@ package webhook_test import ( "context" "fmt" - "io/ioutil" + "io" "net" "net/http" @@ -123,7 +123,7 @@ var _ = Describe("Webhook Server", func() { resp, err := client.Get(fmt.Sprintf("https://%s/somepath", testHostPort)) Expect(err).NotTo(HaveOccurred()) defer resp.Body.Close() - return ioutil.ReadAll(resp.Body) + return io.ReadAll(resp.Body) }).Should(Equal([]byte("gadzooks!"))) Expect(server.StartedChecker()(nil)).To(Succeed()) @@ -163,7 +163,7 @@ var _ = Describe("Webhook Server", func() { Expect(err).NotTo(HaveOccurred()) defer resp.Body.Close() - Expect(ioutil.ReadAll(resp.Body)).To(Equal([]byte("gadzooks!"))) + Expect(io.ReadAll(resp.Body)).To(Equal([]byte("gadzooks!"))) }) It("should inject dependencies, if an inject func has been provided already", func() { @@ -188,7 +188,7 @@ var _ = Describe("Webhook Server", func() { resp, err := client.Get(fmt.Sprintf("https://%s/somepath", testHostPort)) Expect(err).NotTo(HaveOccurred()) defer resp.Body.Close() - return ioutil.ReadAll(resp.Body) + return io.ReadAll(resp.Body) }).Should(Equal([]byte("gadzooks!"))) ctxCancel()