Pin tool versions with hack/go.mod

This change centralizes the tracking of versions for tools used for development and testing. This way, the tools and all their dependencies have their checksums stored in hack/go.sum, which improves supply chain security.
kubernetes-sigs · Mar 21, 2024 · 7d59796 · 7d59796
1 parent d514df3
commit 7d59796
Show file tree

Hide file tree

Showing 12 changed files with 2,541 additions and 130 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,7 +1,6 @@
 .github
 docs
 examples
-hack
 site
 travis
 *.md
diff --git a/Makefile b/Makefile
@@ -56,26 +56,22 @@ uninstall-local-tools:
 
 # Build from local source.
 $(MYGOBIN)/gorepomod:
-	cd cmd/gorepomod; \
-	go install .
+	cd cmd/gorepomod && go install .
 
 # Build from local source.
 $(MYGOBIN)/k8scopy:
-	cd cmd/k8scopy; \
-	go install .
+	cd cmd/k8scopy && go install .
 
 # Build from local source.
 $(MYGOBIN)/pluginator:
-	cd cmd/pluginator; \
-	go install .
+	cd cmd/pluginator && go install .
 
 
 # --- Build targets ---
 
 # Build from local source.
 $(MYGOBIN)/kustomize: build-kustomize-api
-	cd kustomize; \
-	go install -ldflags \
+	cd kustomize && go install -ldflags \
 	"-X sigs.k8s.io/kustomize/api/provenance.buildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
 	 -X sigs.k8s.io/kustomize/api/provenance.version=$(shell git describe --tags --always --dirty)" \
 	.
@@ -86,11 +82,11 @@ kustomize: $(MYGOBIN)/kustomize
 # plugin-to-api compatibility checks.
 .PHONY: build-kustomize-api
 build-kustomize-api: $(MYGOBIN)/goimports $(builtinplugins)
-	cd api; $(MAKE) build
+	cd api && $(MAKE) build
 
 .PHONY: generate-kustomize-api
 generate-kustomize-api:
-	cd api; $(MAKE) generate
+	cd api && $(MAKE) generate
 
 
 # --- Verification targets ---
@@ -132,12 +128,8 @@ lint: $(MYGOBIN)/golangci-lint $(MYGOBIN)/goimports $(builtinplugins)
 	./hack/for-each-module.sh "make lint"
 
 .PHONY: apidiff
-apidiff: go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
-	$(GOBIN)/go-apidiff master --compare-imports --print-compatible --repo-path=.
-
-.PHONY: go-apidiff
-go-apidiff:
-	go install github.com/joelanford/go-apidiff@v0.6.0
+apidiff: $(MYGOBIN)/go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
+	go-apidiff master --compare-imports --print-compatible --repo-path=.
 
 .PHONY: test-unit-all
 test-unit-all: \
@@ -147,14 +139,14 @@ test-unit-all: \
 # This target is used by our Github Actions CI to run unit tests for all non-plugin modules in multiple GOOS environments.
 .PHONY: test-unit-non-plugin
 test-unit-non-plugin:
-	./hack/for-each-module.sh "make test" "./plugin/*" 19
+	./hack/for-each-module.sh "make test" "./plugin/*" 20
 
 .PHONY: build-non-plugin-all
 build-non-plugin-all:
-	./hack/for-each-module.sh "make build" "./plugin/*" 19
+	./hack/for-each-module.sh "make build" "./plugin/*" 20
 
 .PHONY: test-unit-kustomize-plugins
-test-unit-kustomize-plugins:
+test-unit-kustomize-plugins: build-kustomize-external-go-plugin
 	./hack/testUnitKustomizePlugins.sh
 
 .PHONY: functions-examples-all

diff --git a/Makefile-tools.mk b/Makefile-tools.mk
@@ -1,14 +1,16 @@
 # Copyright 2022 The Kubernetes Authors.
 # SPDX-License-Identifier: Apache-2.0
 
-GOLANGCI_LINT_VERSION=v1.51.2
-
+GOOS = $(shell go env GOOS)
+GOARCH = $(shell go env GOARCH)
 MYGOBIN = $(shell go env GOBIN)
 ifeq ($(MYGOBIN),)
 MYGOBIN = $(shell go env GOPATH)/bin
 endif
 export PATH := $(MYGOBIN):$(PATH)
 
+REPO_ROOT=$(shell git rev-parse --show-toplevel)
+
 # determines whether to run tests that only behave locally; can be overridden by override variable
 export IS_LOCAL = false
 
@@ -18,8 +20,7 @@ install-out-of-tree-tools: \
 	$(MYGOBIN)/golangci-lint \
 	$(MYGOBIN)/helmV3 \
 	$(MYGOBIN)/mdrip \
-	$(MYGOBIN)/stringer \
-	$(MYGOBIN)/goimports
+	$(MYGOBIN)/stringer
 
 .PHONY: uninstall-out-of-tree-tools
 uninstall-out-of-tree-tools:
@@ -29,67 +30,65 @@ uninstall-out-of-tree-tools:
 	rm -f $(MYGOBIN)/mdrip
 	rm -f $(MYGOBIN)/stringer
 
+.PHONY: $(MYGOBIN)/golangci-lint
 $(MYGOBIN)/golangci-lint:
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+	cd $(REPO_ROOT)/hack && go install github.com/golangci/golangci-lint/cmd/golangci-lint
 
+.PHONY: $(MYGOBIN)/mdrip
 $(MYGOBIN)/mdrip:
-	go install github.com/monopole/mdrip@v1.0.2
+	cd $(REPO_ROOT)/hack && go install github.com/monopole/mdrip
 
+.PHONY: $(MYGOBIN)/stringer
 $(MYGOBIN)/stringer:
-	go install golang.org/x/tools/cmd/stringer@latest
+	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/stringer
 
+.PHONY: $(MYGOBIN)/goimports
 $(MYGOBIN)/goimports:
-	go install golang.org/x/tools/cmd/goimports@latest
+	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/goimports
 
+.PHONY: $(MYGOBIN)/mdtogo
 $(MYGOBIN)/mdtogo:
-	go install sigs.k8s.io/kustomize/cmd/mdtogo@latest
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kustomize/cmd/mdtogo
 
+.PHONY: $(MYGOBIN)/addlicense
 $(MYGOBIN)/addlicense:
-	go install github.com/google/addlicense@latest
+	cd $(REPO_ROOT)/hack && go install github.com/google/addlicense
 
+.PHONY: $(MYGOBIN)/goreleaser
 $(MYGOBIN)/goreleaser:
-	go install github.com/goreleaser/goreleaser@v0.179.0 # https://github.com/kubernetes-sigs/kustomize/issues/4542
+	cd $(REPO_ROOT)/hack && go install github.com/goreleaser/goreleaser
 
+.PHONY: $(MYGOBIN)/kind
 $(MYGOBIN)/kind:
-	( \
-        set -e; \
-        d=$(shell mktemp -d); cd $$d; \
-        wget -O ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(GOOS)-$(GOARCH); \
-        chmod +x ./kind; \
-        mv ./kind $(MYGOBIN); \
-        rm -rf $$d; \
-	)
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kind
+
+.PHONY: $(MYGOBIN)/controller-gen
+$(MYGOBIN)/controller-gen:
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/controller-tools/cmd/controller-gen
 
-# linux only.
+.PHONY: $(MYGOBIN)/embedmd
+$(MYGOBIN)/embedmd:
+	cd $(REPO_ROOT)/hack && go install github.com/campoy/embedmd
+
+.PHONY: $(MYGOBIN)/go-bindata
+$(MYGOBIN)/go-bindata:
+	cd $(REPO_ROOT)/hack && go install github.com/go-bindata/go-bindata/v3/go-bindata
+
+.PHONY: $(MYGOBIN)/go-apidiff
+$(MYGOBIN)/go-apidiff:
+	cd $(REPO_ROOT)/hack && go install github.com/joelanford/go-apidiff
+
+.PHONY: $(MYGOBIN)/gh
 $(MYGOBIN)/gh:
-	( \
-		set -e; \
-		d=$(shell mktemp -d); cd $$d; \
-		tgzFile=gh_1.0.0_$(GOOS)_$(GOARCH).tar.gz; \
-		wget https://github.com/cli/cli/releases/download/v1.0.0/$$tgzFile; \
-		tar -xvzf $$tgzFile; \
-		mv gh_1.0.0_$(GOOS)_$(GOARCH)/bin/gh  $(MYGOBIN)/gh; \
-		rm -rf $$d \
-	)
+	cd $(REPO_ROOT)/hack && go install github.com/cli/cli/cmd/gh
 
-# linux only.
-# This is for testing an example plugin that
-# uses kubeval for validation.
-# Don't want to add a hard dependence in go.mod file
-# to github.com/instrumenta/kubeval.
-# Instead, download the binary.
+.PHONY: $(MYGOBIN)/kubeval
 $(MYGOBIN)/kubeval:
-	( \
-		set -e; \
-		d=$(shell mktemp -d); cd $$d; \
-		wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-$(GOOS)-$(GOARCH).tar.gz; \
-		tar xf kubeval-$(GOOS)-$(GOARCH).tar.gz; \
-		mv kubeval $(MYGOBIN); \
-		rm -rf $$d; \
-	)
+	cd $(REPO_ROOT)/hack && go install github.com/instrumenta/kubeval
 
 # Helm V3 differs from helm V2; downloading it to provide coverage for the
 # chart inflator plugin under helm v3.
+.PHONY: $(MYGOBIN)/helmV3
 $(MYGOBIN)/helmV3:
 	( \
 		set -e; \

diff --git a/functions/examples/fn-framework-application/Makefile b/functions/examples/fn-framework-application/Makefile
@@ -1,25 +1,16 @@
 export KUSTOMIZE_ROOT ?= $(shell pwd | sed -E 's|(.*\/kustomize)/(.*)|\1|')
 include $(KUSTOMIZE_ROOT)/Makefile-modules.mk
 
-CONTROLLER_GEN_VERSION=v0.11.3
-
 generate: $(MYGOBIN)/controller-gen $(MYGOBIN)/embedmd
 	go generate ./...
 	embedmd -w README.md
 
 build: generate
 	go build -v -o $(MYGOBIN)/app-fn cmd/main.go
 
-$(MYGOBIN)/controller-gen:
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION)
-
-$(MYGOBIN)/embedmd:
-	go install github.com/campoy/embedmd@v1.0.0
-
 .PHONY: example
 example: build
 	$(MYGOBIN)/app-fn pkg/exampleapp/testdata/success/basic/config.yaml
 
-
 test: generate
 	go test -v -timeout 45m -cover ./...
diff --git a/...es/fn-framework-application/pkg/exampleapp/v1alpha1/platform.example.com_exampleapps.yaml b/...es/fn-framework-application/pkg/exampleapp/v1alpha1/platform.example.com_exampleapps.yaml
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.3
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: exampleapps.platform.example.com
 spec:
   group: platform.example.com
@@ -21,9 +20,11 @@ spec:
         additionalProperties: false
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           appImage:
             type: string
@@ -40,9 +41,12 @@ spec:
             - development
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

diff --git a/go.work b/go.work
@@ -18,6 +18,7 @@ use (
 	./functions/examples/template-go-nginx/image
 	./functions/examples/validator-kubeval/image
 	./functions/examples/validator-resource-requests/image
+	./hack
 	./kustomize
 	./kyaml
 	./plugin/builtin/annotationstransformer