Skip to content

chore(deps): align node-agent main with the three-forks pin (fixes build)#28

Merged
entlein merged 2 commits intomainfrom
chore/align-deps-to-three-forks
Apr 24, 2026
Merged

chore(deps): align node-agent main with the three-forks pin (fixes build)#28
entlein merged 2 commits intomainfrom
chore/align-deps-to-three-forks

Conversation

@entlein
Copy link
Copy Markdown

@entlein entlein commented Apr 24, 2026

Summary

Cherry-picks two commits from `feat/zero-alloc-wildcards` (node-agent's last known-green state, 2026-04-22) onto `main`:

  • f4232ec — `chore(deps): pin node-agent to our three forks`

    • `replace inspektor-gadget => k8sstormcenter/inspektor-gadget` (drops the stale matthyx fork)
    • `replace storage => k8sstormcenter/storage` at the feat/zero-alloc-wildcards tip
    • Drops the direct `github.com/moby/moby v28.5.2+incompatible` pin (the new IG pulls `moby/moby/client v0.3.0` only; the old pin caused an ambiguous-import when both modules coexisted)
    • Bumps `k8s-interface` to v0.0.206

  • d8489b4 — `tests(component): rename to Related{Kind,Name,Namespace}MetadataKey`

    • k8s-interface v0.0.206 renamed `KindMetadataKey` → `RelatedKindMetadataKey` (and the Name/Namespace equivalents). This updates the three test-file callers.

Why main is broken today

The main-branch build (cascade from storage#16 merge, run 24889813076) failed in three distinct ways that all resolve under the same three-forks alignment:

  1. `helpersv1.CloudAccountIdentifierMetadataKey` undefined — needs k8s-interface v0.0.206.
  2. `containerd@v1.7.30/oci/spec_opts.go: cannot use limit (int64) as *int64` — caused by runtime-spec being pushed to v1.3.0. MVS pushes it up because some graph path requires v1.3.0; the aligned graph keeps everything on v1.2.1.
  3. `stereoscope internal/docker/client.go: undefined: client.PingOptions, client.New` — the moby/moby vs moby/moby/client ambiguous-import issue fixed by dropping the direct moby/moby pin.

Verification

Local build (same target the CI Dockerfile uses):

```
go version go1.25.8
go build -o /tmp/na-fixed ./cmd/main.go # OK — 273MB binary produced
```

Out of scope

The storage pin on this branch points at `k8sstormcenter/storage v0.0.240-0.20260422124404-e030700404ef` (the feat/zero-alloc-wildcards tip). The `upstream-pr/analyzer-zero-alloc` branch pins a different storage SHA (897fcbcd) which has syft bumped to v1.42.3 — that rewrites the same three issues back into the graph. The regression test against upstream-pr will still fail until that storage pin gets syft downgraded to v1.32.0; noted as a separate follow-up (needs a human commit per the upstream-pr workflow).

Test plan

  • Merge
  • Confirm the main-push `build-image` cascade (triggered by any subsequent storage main push or manual dispatch) goes green on node-agent
  • Once green, revisit the upstream-pr/analyzer-zero-alloc regression separately (syft downgrade on the storage side)

Entlein and others added 2 commits April 24, 2026 14:56
@claude
chore(deps): pin node-agent to our three forks
f0697f4 
- inspektor-gadget → k8sstormcenter/inspektor-gadget
  (carries 6 matthyx patches atop upstream main: datasource pooling,
   disable kallsyms, dummy LostSampleCount, host-network flag,
   oras-target release, trace_capabilities map-size reduction).
- kubescape/storage → k8sstormcenter/storage
  (feat/zero-alloc-wildcards, with syft downgraded to v1.32.0 for
   node-agent compatibility).
- Drops matthyx/inspektor-gadget replace (stale, patches now carried
  on our own fork instead).
- Drops direct github.com/moby/moby v28.5.2+incompatible pin (the new
  IG pulls in github.com/moby/moby/client v0.3.0 only; the old pin
  caused an ambiguous-import when both modules were present).

Full unit test run: 50 packages green; 4 failures isolated to
pkg/containerwatcher/v2/tracers are environmental (eBPF MEMLOCK
limit in OrbStack), not code failures.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
tests(component): rename to Related{Kind,Name,Namespace}MetadataKey
d8489b4 
kubescape/k8s-interface renamed KindMetadataKey → RelatedKindMetadataKey
(and Name / Namespace variants) between v0.0.204 and v0.0.206. Our
Test_28 (UserDefinedNetworkNeighborhood) and Test_30 (TamperedSigned
Profiles) still referenced the old names, so with the v0.0.206 helpers
pulled in by upstream go.mod the full component_test.go failed to
compile. Unit tests pass with -short because they skip these full-
cluster tests.

5 occurrences renamed. No semantic change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@entlein entlein merged commit 21f2a8a into main Apr 24, 2026
3 of 4 checks passed
entlein pushed a commit that referenced this pull request Apr 26, 2026
@claude
Merge upstream/main into main
de73fe9 
Brings in 9 upstream commits: rule-manager hot-path perf (kubescape#794),
CEL constant folding + set membership optimizers (kubescape#789),
iouring CO-RE relocation fix for kernel 6.8+ (kubescape#741),
go-ntlmssp v0.1.1 bump (kubescape#790), and matthyx fork validation (kubescape#786).

Conflict resolution:
- go.mod replaces: kept our k8sstormcenter/{inspektor-gadget,storage}
  pin (the three-forks alignment from #28); dropped upstream's
  experimental matthyx/inspektor-gadget and matthyx/ebpf replaces
  (those are temporary upstream test forks for NAUT-1252 memory work,
  not relevant to our fork stack).
- go.sum: regenerated via go mod tidy.

Build clean. Unit suite: 92 packages pass; only TestRandomxFields
fails (stale tracers.tar — explicitly ignored per prior decision).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@entlein