From 9cdc4b20864fd76c3489054fe3df5a88da0dff04 Mon Sep 17 00:00:00 2001 From: aantal Date: Tue, 27 Jan 2026 17:59:06 +0100 Subject: [PATCH] NO-ISSUE: bumping to to 1.25 in the backplane-2.9 branch --- .golangci.yml | 78 +++++++++++++++++++ Dockerfile | 2 +- Dockerfile.konflux | 2 +- Makefile | 8 +- cmd/manager/main.go | 4 +- cmd/server/main.go | 2 +- ...ive.openshift.io_imageclusterinstalls.yaml | 36 +++++++-- controllers/imageclusterinstall_controller.go | 7 +- .../imageclusterinstall_controller_test.go | 6 +- .../imageclusterinstall_monitor_test.go | 2 +- go.mod | 4 +- hack/golangci-lint.sh | 2 +- internal/credentials/credentials.go | 4 +- internal/filelock/filelock.go | 6 +- internal/installer/reinstall_test.go | 1 + internal/monitor/monitor.go | 6 +- 16 files changed, 141 insertions(+), 29 deletions(-) create mode 100644 .golangci.yml diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 000000000..8ce117dd5 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,78 @@ +version: "2" +run: + concurrency: 4 + timeout: 5m + issues-exit-code: 1 + tests: true +output: + print-issued-lines: true + print-linter-name: true +linters: + enable: + - staticcheck + - unused + - govet + - gocyclo + - gosec + - unconvert + settings: + govet: + enable: + - shadow + settings: + printf: + funcs: + - Infof + - Warnf + - Errorf + - Fatalf + gosec: + excludes: + - G107 + - G115 + - G401 + - G402 + - G501 + staticcheck: + checks: + - "all" + - "-ST1001" + - "-ST1003" + - "-ST1005" + - "-ST1008" + - "-ST1016" + - "-ST1019" + - "-ST1023" + - "-QF1001" + - "-QF1003" + - "-QF1011" + exclusions: + rules: + - linters: + - staticcheck + text: 'QF1008: could remove embedded field' + - linters: + - gosec + text: 'G306: Expect WriteFile permissions to be 0600 or less' + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - third_party$ + - builtin$ + - examples$ +issues: + uniq-by-line: true +formatters: + enable: + - gofmt + - goimports + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 992caa39e..eed2d49e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 as builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.21 as builder ARG TARGETOS ARG TARGETARCH diff --git a/Dockerfile.konflux b/Dockerfile.konflux index d6889da85..bc17130ad 100644 --- a/Dockerfile.konflux +++ b/Dockerfile.konflux @@ -1,4 +1,4 @@ -FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.24 as builder +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.25 as builder ARG TARGETOS ARG TARGETARCH diff --git a/Makefile b/Makefile index 885603875..16bdc9adc 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,10 @@ else GOBIN=$(shell go env GOBIN) endif +# Get the list of packages which have test files +TEST ?= $(shell go list -f '{{if or .TestGoFiles .XTestGoFiles}}{{.ImportPath}}{{end}}' ./...) + + PROJECT_DIR := $(shell dirname $(abspath $(firstword $(MAKEFILE_LIST)))) # Setting SHELL to bash allows bash commands to be executed by recipes. @@ -113,7 +117,7 @@ golangci-lint: ## Run golangci-lint against code. .PHONY: test test: manifests generate fmt vet ## Run tests. - go test ./... -coverprofile cover.out + go test $(TEST) -coverprofile cover.out .PHONY: deploy-integration-test deploy-integration-test: @@ -185,7 +189,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ## Tool Versions KUSTOMIZE_VERSION ?= v5.4.3 -CONTROLLER_TOOLS_VERSION ?= v0.16.2 +CONTROLLER_TOOLS_VERSION ?= v0.17.0 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize diff --git a/cmd/manager/main.go b/cmd/manager/main.go index c57f27a68..8dad85b69 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -21,7 +21,7 @@ import ( "flag" "fmt" "net/http" - _ "net/http/pprof" + _ "net/http/pprof" //nolint:gosec // G108: pprof is only enabled via --start-pprof flag and runs on localhost:6060 "net/url" "os" "time" @@ -137,7 +137,7 @@ func main() { } controllerOptions := &controllers.ImageClusterInstallReconcilerOptions{} - if err := envconfig.Process("image-based-install-operator", controllerOptions); err != nil { + if err = envconfig.Process("image-based-install-operator", controllerOptions); err != nil { setupLog.Error(err, "unable to process envconfig") os.Exit(1) } diff --git a/cmd/server/main.go b/cmd/server/main.go index 375f8b458..9b884d1a3 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -41,7 +41,7 @@ func main() { ConfigsDir: filepath.Join(Options.DataDir, "namespaces"), } http.Handle("/images/", s) - server := &http.Server{ + server := &http.Server{ //nolint:gosec // G112: ReadHeaderTimeout not set Addr: fmt.Sprintf(":%s", Options.Port), } diff --git a/config/crd/bases/extensions.hive.openshift.io_imageclusterinstalls.yaml b/config/crd/bases/extensions.hive.openshift.io_imageclusterinstalls.yaml index 5165ad866..cb9c76449 100644 --- a/config/crd/bases/extensions.hive.openshift.io_imageclusterinstalls.yaml +++ b/config/crd/bases/extensions.hive.openshift.io_imageclusterinstalls.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.17.0 name: imageclusterinstalls.extensions.hive.openshift.io spec: group: extensions.hive.openshift.io @@ -150,8 +150,27 @@ spec: during installation and used for tagging/naming resources in cloud providers. type: string + metadataJSONSecretRef: + description: |- + MetadataJSONSecretRef references the secret containing the metadata.json emitted by the + installer, potentially scrubbed for sensitive data. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic platform: - description: Platform holds platform-specific cluster metadata + description: |- + Platform holds platform-specific cluster metadata. + Deprecated. Use the Secret referenced by MetadataJSONSecretRef instead. We may stop + populating this section in the future. properties: aws: description: AWS holds AWS-specific cluster metadata @@ -160,14 +179,18 @@ spec: description: |- HostedZoneRole is the role to assume when performing operations on a hosted zone owned by another account. + Deprecated. Use the Secret referenced by ClusterMetadata.MetadataJSONSecretRef instead. We + may stop populating this section in the future. type: string type: object azure: description: Azure holds azure-specific cluster metadata properties: resourceGroupName: - description: ResourceGroupName is the name of the resource - group in which the cluster resources were created. + description: |- + ResourceGroupName is the name of the resource group in which the cluster resources were created. + Deprecated. Use the Secret referenced by ClusterMetadata.MetadataJSONSecretRef instead. We + may stop populating this section in the future. type: string required: - resourceGroupName @@ -176,7 +199,10 @@ spec: description: GCP holds GCP-specific cluster metadata properties: networkProjectID: - description: NetworkProjectID is used for shared VPC setups + description: |- + NetworkProjectID is used for shared VPC setups + Deprecated. Use the Secret referenced by ClusterMetadata.MetadataJSONSecretRef instead. We + may stop populating this section in the future. type: string type: object type: object diff --git a/controllers/imageclusterinstall_controller.go b/controllers/imageclusterinstall_controller.go index 51bf19686..203d3c600 100644 --- a/controllers/imageclusterinstall_controller.go +++ b/controllers/imageclusterinstall_controller.go @@ -202,7 +202,7 @@ func (r *ImageClusterInstallReconciler) Reconcile(ctx context.Context, req ctrl. return res, err } - if err := r.setClusterInstallMetadata(ctx, log, ici, cd); err != nil { + if err = r.setClusterInstallMetadata(ctx, log, ici, cd); err != nil { cond.Message = "failed to set ClusterMetaData in ImageClusterInstall" log.Error(err) return ctrl.Result{}, err @@ -602,7 +602,7 @@ func (r *ImageClusterInstallReconciler) updateBMHProvisioningState(ctx context.C if bmh.Status.Provisioning.State != bmh_v1alpha1.StateAvailable && bmh.Status.Provisioning.State != bmh_v1alpha1.StateExternallyProvisioned { return nil } - log.Infof("BareMetalHost %s/%s PoweredOn status is: %s", bmh.Namespace, bmh.Name, bmh.Status.PoweredOn) + log.Infof("BareMetalHost %s/%s PoweredOn status is: %t", bmh.Namespace, bmh.Name, bmh.Status.PoweredOn) if !bmh.Spec.Online { bmh.Spec.Online = true log.Infof("Setting BareMetalHost (%s/%s) spec.Online to true", bmh.Namespace, bmh.Name) @@ -1036,6 +1036,9 @@ func (r *ImageClusterInstallReconciler) writeImageBaseConfig(ctx context.Context return err } releaseRegistry, err := r.imageSetRegistry(ctx, ici) + if err != nil { + return err + } return installer.WriteImageBaseConfig(ctx, ici, releaseRegistry, nmstate, file) } diff --git a/controllers/imageclusterinstall_controller_test.go b/controllers/imageclusterinstall_controller_test.go index 7dbe91916..a0de6db51 100644 --- a/controllers/imageclusterinstall_controller_test.go +++ b/controllers/imageclusterinstall_controller_test.go @@ -164,7 +164,7 @@ var _ = Describe("Reconcile", func() { clusterDeployment *hivev1.ClusterDeployment pullSecret *corev1.Secret installerMock *installer.MockInstaller - testPullSecretVal = `{"auths":{"cloud.openshift.com":{"auth":"dXNlcjpwYXNzd29yZAo=","email":"r@r.com"}}}` + testPullSecretVal = `{"auths":{"cloud.openshift.com":{"auth":"dXNlcjpwYXNzd29yZAo=","email":"r@r.com"}}}` //nolint:gosec // G101: fake credentials for testing ) BeforeEach(func() { @@ -426,7 +426,7 @@ var _ = Describe("Reconcile", func() { clusterInstall.Spec.Hostname = "thing" clusterInstall.Spec.SSHKey = "my ssh key" Expect(c.Create(ctx, clusterInstall)).To(Succeed()) - r.initializeConditions(ctx, clusterInstall) + Expect(r.initializeConditions(ctx, clusterInstall)).To(Succeed()) cond := findCondition(clusterInstall.Status.Conditions, hivev1.ClusterInstallCompleted) cond.Status = corev1.ConditionTrue setClusterInstallCondition(&clusterInstall.Status.Conditions, *cond) @@ -1855,7 +1855,7 @@ var _ = Describe("Reconcile with DataImageCoolDownPeriod set to 1 second", func( clusterDeployment *hivev1.ClusterDeployment pullSecret *corev1.Secret installerMock *installer.MockInstaller - testPullSecretVal = `{"auths":{"cloud.openshift.com":{"auth":"dXNlcjpwYXNzd29yZAo=","email":"r@r.com"}}}` + testPullSecretVal = `{"auths":{"cloud.openshift.com":{"auth":"dXNlcjpwYXNzd29yZAo=","email":"r@r.com"}}}` //nolint:gosec // G101: fake credentials for testing ) installerSuccess := func() { diff --git a/controllers/imageclusterinstall_monitor_test.go b/controllers/imageclusterinstall_monitor_test.go index 59db5f3fe..b0f0ba245 100644 --- a/controllers/imageclusterinstall_monitor_test.go +++ b/controllers/imageclusterinstall_monitor_test.go @@ -39,7 +39,7 @@ var _ = Describe("Monitor", func() { clusterDeployment *hivev1.ClusterDeployment bmh *bmh_v1alpha1.BareMetalHost pullSecret *corev1.Secret - testPullSecretVal = `{"auths":{"cloud.openshift.com":{"auth":"dXNlcjpwYXNzd29yZAo=","email":"r@r.com"}}}` + testPullSecretVal = `{"auths":{"cloud.openshift.com":{"auth":"dXNlcjpwYXNzd29yZAo=","email":"r@r.com"}}}` //nolint:gosec // G101: fake credentials for testing ) BeforeEach(func() { diff --git a/go.mod b/go.mod index bfb1a77f0..c626b3910 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module github.com/openshift/image-based-install-operator -go 1.24.0 +go 1.25.0 -toolchain go1.24.10 +toolchain go1.25.5 require ( github.com/containers/image/v5 v5.31.0 diff --git a/hack/golangci-lint.sh b/hack/golangci-lint.sh index da155d338..8ea7c7857 100755 --- a/hack/golangci-lint.sh +++ b/hack/golangci-lint.sh @@ -1,6 +1,6 @@ #!/bin/bash -VERSION="1.55.2" +VERSION="2.8.0" rootdir=$(git rev-parse --show-toplevel) if [ -z "${rootdir}" ]; then diff --git a/internal/credentials/credentials.go b/internal/credentials/credentials.go index b16c2aa21..0ba425ee4 100644 --- a/internal/credentials/credentials.go +++ b/internal/credentials/credentials.go @@ -23,7 +23,7 @@ import ( ) const ( - SecretResourceLabel = "image-based-installed.openshift.io/created" + SecretResourceLabel = "image-based-installed.openshift.io/created" //nolint:gosec SecretResourceValue = "true" DefaultUser = "kubeadmin" Kubeconfig = "kubeconfig" @@ -31,7 +31,7 @@ const ( kubeAdminKey = "password" SeedReconfigurationFileName = "manifest.json" - secretPreservationLabel = "siteconfig.open-cluster-management.io/preserve" + secretPreservationLabel = "siteconfig.open-cluster-management.io/preserve" //nolint:gosec secretPreservationValue = "cluster-identity" ) diff --git a/internal/filelock/filelock.go b/internal/filelock/filelock.go index 1fcdbf284..a6f4414f4 100644 --- a/internal/filelock/filelock.go +++ b/internal/filelock/filelock.go @@ -13,7 +13,7 @@ func lockForDir(dir string) (*flock.Flock, error) { p := filepath.Join(dir, lockFileName) _, err := os.Stat(p) if os.IsNotExist(err) { - if err := os.WriteFile(p, []byte{}, 0600); err != nil { + if err = os.WriteFile(p, []byte{}, 0600); err != nil { return nil, err } } else if err != nil { @@ -38,7 +38,7 @@ func WithWriteLock(dir string, f func() error) (bool, error, error) { if !locked { return false, nil, nil } - defer lock.Unlock() + defer lock.Unlock() //nolint:errcheck // ignore error return true, nil, f() } @@ -58,7 +58,7 @@ func WithReadLock(dir string, f func() error) (bool, error, error) { if !locked { return false, nil, nil } - defer lock.Unlock() + defer lock.Unlock() //nolint:errcheck // ignore error return true, nil, f() } diff --git a/internal/installer/reinstall_test.go b/internal/installer/reinstall_test.go index ef8ed29fd..e251d1064 100644 --- a/internal/installer/reinstall_test.go +++ b/internal/installer/reinstall_test.go @@ -46,6 +46,7 @@ platform: pullSecret: '{"auths":{"quay.io":{"auth":"dXNlcjpwYXNzCg=="}}}' ` +//nolint:gosec // G101: fake credentials for testing const secretSeedReconfig = ` { "api_version": 1, diff --git a/internal/monitor/monitor.go b/internal/monitor/monitor.go index 4ab779500..010208128 100644 --- a/internal/monitor/monitor.go +++ b/internal/monitor/monitor.go @@ -85,7 +85,7 @@ func clusterVersionStatus(ctx context.Context, log logrus.FieldLogger, c client. for _, cond := range cv.Status.Conditions { if cond.Type == configv1.OperatorAvailable { if !didCVOStarted(log, cv, reconfigurationStartTime) { - log.Infof(clusterVersionNotAvailableMessage) + log.Info(clusterVersionNotAvailableMessage) return false, clusterVersionNotAvailableMessage, nil } if cond.Status == configv1.ConditionTrue { @@ -93,7 +93,7 @@ func clusterVersionStatus(ctx context.Context, log logrus.FieldLogger, c client. } if cond.Type == configv1.OperatorAvailable { message := fmt.Sprintf("ClusterVersion is not yet available because %s: %s", cond.Reason, cond.Message) - log.Infof(message) + log.Info(message) return false, message, nil } } @@ -134,7 +134,7 @@ func nodesStatus(ctx context.Context, log logrus.FieldLogger, c client.Client) ( if cond.Type == corev1.NodeReady { if cond.Status != corev1.ConditionTrue { message := fmt.Sprintf("Node %s is not yet ready because %s: %s", node.Name, cond.Reason, cond.Message) - log.Infof(message) + log.Info(message) messages = append(messages, message) nodesReady = false }