chore: pin go tools with hack/go.mod

Use go.mod & go.sum to pin the version and checksum for installed commands and their source dependencies. Modify hacks/for-each-module.sh to count found and skipped modules to avoid needing to hardcode multiple expected values. Modify `make container-image` to update the pinned version of hugo to match HUGO_VERSION in netlify.toml, instead of passing in the version as a build-arg. This should help reduce risk of importing newer dependency versions that haven't passed vulnerability checks. Disable abandoned linters to fix `make lint`.
kubernetes-sigs · Mar 20, 2024 · 1e73578 · 1e73578
1 parent a6ea3e2
commit 1e73578
Show file tree

Hide file tree

Showing 113 changed files with 4,018 additions and 1,690 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,7 +1,5 @@
 .github
 docs
 examples
-hack
-site
 travis
 *.md
diff --git a/.golangci.yml b/.golangci.yml
@@ -35,6 +35,10 @@ linters:
     - maintidx
     - nosnakecase
     - testpackage # it's better to keep tests in the same package for now because kustomize does open box testing
+    - structcheck # abandoned by author
+    - varcheck # abandoned by author
+    - maligned # abandoned by author
+    - interfacer # archived by author
 
 linters-settings:
   dupl:

diff --git a/Makefile b/Makefile
@@ -56,26 +56,22 @@ uninstall-local-tools:
 
 # Build from local source.
 $(MYGOBIN)/gorepomod:
-	cd cmd/gorepomod; \
-	go install .
+	cd cmd/gorepomod && go install .
 
 # Build from local source.
 $(MYGOBIN)/k8scopy:
-	cd cmd/k8scopy; \
-	go install .
+	cd cmd/k8scopy && go install .
 
 # Build from local source.
 $(MYGOBIN)/pluginator:
-	cd cmd/pluginator; \
-	go install .
+	cd cmd/pluginator && go install .
 
 
 # --- Build targets ---
 
 # Build from local source.
 $(MYGOBIN)/kustomize: build-kustomize-api
-	cd kustomize; \
-	go install -ldflags \
+	cd kustomize && go install -ldflags \
 	"-X sigs.k8s.io/kustomize/api/provenance.buildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
 	 -X sigs.k8s.io/kustomize/api/provenance.version=$(shell git describe --tags --always --dirty)" \
 	.
@@ -86,11 +82,11 @@ kustomize: $(MYGOBIN)/kustomize
 # plugin-to-api compatibility checks.
 .PHONY: build-kustomize-api
 build-kustomize-api: $(MYGOBIN)/goimports $(builtinplugins)
-	cd api; $(MAKE) build
+	cd api && $(MAKE) build
 
 .PHONY: generate-kustomize-api
 generate-kustomize-api:
-	cd api; $(MAKE) generate
+	cd api && $(MAKE) generate
 
 
 # --- Verification targets ---
@@ -132,12 +128,8 @@ lint: $(MYGOBIN)/golangci-lint $(MYGOBIN)/goimports $(builtinplugins)
 	./hack/for-each-module.sh "make lint"
 
 .PHONY: apidiff
-apidiff: go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
-	$(GOBIN)/go-apidiff master --compare-imports --print-compatible --repo-path=.
-
-.PHONY: go-apidiff
-go-apidiff:
-	go install github.com/joelanford/go-apidiff@v0.6.0
+apidiff: $(MYGOBIN)/go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
+	go-apidiff master --compare-imports --print-compatible --repo-path=.
 
 .PHONY: test-unit-all
 test-unit-all: \
@@ -147,14 +139,14 @@ test-unit-all: \
 # This target is used by our Github Actions CI to run unit tests for all non-plugin modules in multiple GOOS environments.
 .PHONY: test-unit-non-plugin
 test-unit-non-plugin:
-	./hack/for-each-module.sh "make test" "./plugin/*" 19
+	SKIP_MODULE_PATHS="./plugin/*" ./hack/for-each-module.sh "make test"
 
 .PHONY: build-non-plugin-all
 build-non-plugin-all:
-	./hack/for-each-module.sh "make build" "./plugin/*" 19
+	SKIP_MODULE_PATHS="./plugin/*" ./hack/for-each-module.sh "make build"
 
 .PHONY: test-unit-kustomize-plugins
-test-unit-kustomize-plugins:
+test-unit-kustomize-plugins: build-kustomize-external-go-plugin
 	./hack/testUnitKustomizePlugins.sh
 
 .PHONY: functions-examples-all
@@ -190,7 +182,7 @@ test-examples-kustomize-against-latest-release: $(MYGOBIN)/mdrip
 .PHONY: workspace-sync
 workspace-sync:
 	go work sync
-	./hack/doGoMod.sh tidy
+	./hack/for-each-module.sh "go mod tidy -v"
 
 # --- Cleanup targets ---
 .PHONY: clean

diff --git a/Makefile-plugins.mk b/Makefile-plugins.mk
@@ -91,7 +91,7 @@ $(pGen)/%.go: $(MYGOBIN)/pluginator $(MYGOBIN)/goimports
 
 # Generate builtin plugins
 .PHONY: generate-kustomize-builtin-plugins
-generate-kustomize-builtin-plugins: $(builtplugins)
+generate-kustomize-builtin-plugins: $(builtplugins) $(MYGOBIN)/pluginator
 	for plugin in $(abspath $(wildcard $(pSrc)/*)); do \
 		echo "generating $${plugin} ..."; \
 		set -e; \
@@ -112,7 +112,7 @@ builtin-plugins-diff: $(builtplugins)
 	done
 
 .PHONY: build-kustomize-external-go-plugin
-build-kustomize-external-go-plugin:
+build-kustomize-external-go-plugin: generate-kustomize-builtin-plugins
 	./hack/buildExternalGoPlugins.sh ./plugin
 
 .PHONY: clean-kustomize-external-go-plugin

diff --git a/Makefile-tools.mk b/Makefile-tools.mk
@@ -1,14 +1,16 @@
 # Copyright 2022 The Kubernetes Authors.
 # SPDX-License-Identifier: Apache-2.0
 
-GOLANGCI_LINT_VERSION=v1.51.2
-
+GOOS = $(shell go env GOOS)
+GOARCH = $(shell go env GOARCH)
 MYGOBIN = $(shell go env GOBIN)
 ifeq ($(MYGOBIN),)
 MYGOBIN = $(shell go env GOPATH)/bin
 endif
 export PATH := $(MYGOBIN):$(PATH)
 
+REPO_ROOT=$(shell git rev-parse --show-toplevel)
+
 # determines whether to run tests that only behave locally; can be overridden by override variable
 export IS_LOCAL = false
 
@@ -18,8 +20,7 @@ install-out-of-tree-tools: \
 	$(MYGOBIN)/golangci-lint \
 	$(MYGOBIN)/helmV3 \
 	$(MYGOBIN)/mdrip \
-	$(MYGOBIN)/stringer \
-	$(MYGOBIN)/goimports
+	$(MYGOBIN)/stringer
 
 .PHONY: uninstall-out-of-tree-tools
 uninstall-out-of-tree-tools:
@@ -29,67 +30,65 @@ uninstall-out-of-tree-tools:
 	rm -f $(MYGOBIN)/mdrip
 	rm -f $(MYGOBIN)/stringer
 
+.PHONY: $(MYGOBIN)/golangci-lint
 $(MYGOBIN)/golangci-lint:
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+	cd $(REPO_ROOT)/hack && go install github.com/golangci/golangci-lint/cmd/golangci-lint
 
+.PHONY: $(MYGOBIN)/mdrip
 $(MYGOBIN)/mdrip:
-	go install github.com/monopole/mdrip@v1.0.2
+	cd $(REPO_ROOT)/hack && go install github.com/monopole/mdrip
 
+.PHONY: $(MYGOBIN)/stringer
 $(MYGOBIN)/stringer:
-	go install golang.org/x/tools/cmd/stringer@latest
+	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/stringer
 
+.PHONY: $(MYGOBIN)/goimports
 $(MYGOBIN)/goimports:
-	go install golang.org/x/tools/cmd/goimports@latest
+	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/goimports
 
+.PHONY: $(MYGOBIN)/mdtogo
 $(MYGOBIN)/mdtogo:
-	go install sigs.k8s.io/kustomize/cmd/mdtogo@latest
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kustomize/cmd/mdtogo
 
+.PHONY: $(MYGOBIN)/addlicense
 $(MYGOBIN)/addlicense:
-	go install github.com/google/addlicense@latest
+	cd $(REPO_ROOT)/hack && go install github.com/google/addlicense
 
+.PHONY: $(MYGOBIN)/goreleaser
 $(MYGOBIN)/goreleaser:
-	go install github.com/goreleaser/goreleaser@v0.179.0 # https://github.com/kubernetes-sigs/kustomize/issues/4542
+	cd $(REPO_ROOT)/hack && go install github.com/goreleaser/goreleaser
 
+.PHONY: $(MYGOBIN)/kind
 $(MYGOBIN)/kind:
-	( \
-        set -e; \
-        d=$(shell mktemp -d); cd $$d; \
-        wget -O ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(GOOS)-$(GOARCH); \
-        chmod +x ./kind; \
-        mv ./kind $(MYGOBIN); \
-        rm -rf $$d; \
-	)
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kind
+
+.PHONY: $(MYGOBIN)/controller-gen
+$(MYGOBIN)/controller-gen:
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/controller-tools/cmd/controller-gen
 
-# linux only.
+.PHONY: $(MYGOBIN)/embedmd
+$(MYGOBIN)/embedmd:
+	cd $(REPO_ROOT)/hack && go install github.com/campoy/embedmd
+
+.PHONY: $(MYGOBIN)/go-bindata
+$(MYGOBIN)/go-bindata:
+	cd $(REPO_ROOT)/hack && go install github.com/go-bindata/go-bindata/v3/go-bindata
+
+.PHONY: $(MYGOBIN)/go-apidiff
+$(MYGOBIN)/go-apidiff:
+	cd $(REPO_ROOT)/hack && go install github.com/joelanford/go-apidiff
+
+.PHONY: $(MYGOBIN)/gh
 $(MYGOBIN)/gh:
-	( \
-		set -e; \
-		d=$(shell mktemp -d); cd $$d; \
-		tgzFile=gh_1.0.0_$(GOOS)_$(GOARCH).tar.gz; \
-		wget https://github.com/cli/cli/releases/download/v1.0.0/$$tgzFile; \
-		tar -xvzf $$tgzFile; \
-		mv gh_1.0.0_$(GOOS)_$(GOARCH)/bin/gh  $(MYGOBIN)/gh; \
-		rm -rf $$d \
-	)
+	cd $(REPO_ROOT)/hack && go install github.com/cli/cli/cmd/gh
 
-# linux only.
-# This is for testing an example plugin that
-# uses kubeval for validation.
-# Don't want to add a hard dependence in go.mod file
-# to github.com/instrumenta/kubeval.
-# Instead, download the binary.
+.PHONY: $(MYGOBIN)/kubeval
 $(MYGOBIN)/kubeval:
-	( \
-		set -e; \
-		d=$(shell mktemp -d); cd $$d; \
-		wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-$(GOOS)-$(GOARCH).tar.gz; \
-		tar xf kubeval-$(GOOS)-$(GOARCH).tar.gz; \
-		mv kubeval $(MYGOBIN); \
-		rm -rf $$d; \
-	)
+	cd $(REPO_ROOT)/hack && go install github.com/instrumenta/kubeval
 
 # Helm V3 differs from helm V2; downloading it to provide coverage for the
 # chart inflator plugin under helm v3.
+.PHONY: $(MYGOBIN)/helmV3
 $(MYGOBIN)/helmV3:
 	( \
 		set -e; \

diff --git a/api/go.mod b/api/go.mod
@@ -10,7 +10,7 @@ require (
 	go.uber.org/goleak v1.3.0
 	gopkg.in/evanphx/json-patch.v4 v4.12.0
 	k8s.io/klog v1.0.0
-	k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
 	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/yaml v1.4.0
 )
@@ -19,20 +19,18 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

diff --git a/api/go.sum b/api/go.sum
@@ -15,16 +15,18 @@ github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
 github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -48,10 +50,10 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
@@ -70,8 +72,8 @@ go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0H
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
@@ -90,8 +92,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961 h1:pqRVJGQJz6oeZby8qmPKXYIBjyrcv7EHCe/33UkZMYA=
-k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961/go.mod h1:l8HTwL5fqnlns4jOveW1L75eo7R9KFHxiE0bsPGy428=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=