chore: pin go tools with hack/go.mod

Use go.mod & go.sum to pin the version and checksum for installed commands and their source dependencies. Modify hacks/for-each-module.sh to count found and skipped modules to avoid needing to hardcode multiple expected values. Modify `make container-image` to update the pinned version of hugo to match HUGO_VERSION in netlify.toml, instead of passing in the version as a build-arg. This should help reduce risk of importing newer dependency versions that haven't passed vulnerability checks. Update Go to 1.21 (required by some tools). Disable abandoned linters to fix `make lint`.
kubernetes-sigs · Feb 13, 2024 · 96c3bca · 96c3bca
1 parent b154361
commit 96c3bca
Show file tree

Hide file tree

Showing 113 changed files with 4,839 additions and 2,185 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,7 +1,5 @@
 .github
 docs
 examples
-hack
-site
 travis
 *.md
diff --git a/.golangci.yml b/.golangci.yml
@@ -35,6 +35,10 @@ linters:
     - maintidx
     - nosnakecase
     - testpackage # it's better to keep tests in the same package for now because kustomize does open box testing
+    - structcheck # abandoned by author
+    - varcheck # abandoned by author
+    - maligned # abandoned by author
+    - interfacer # archived by author
 
 linters-settings:
   dupl:

diff --git a/Makefile b/Makefile
@@ -56,26 +56,22 @@ uninstall-local-tools:
 
 # Build from local source.
 $(MYGOBIN)/gorepomod:
-	cd cmd/gorepomod; \
-	go install .
+	cd cmd/gorepomod && go install .
 
 # Build from local source.
 $(MYGOBIN)/k8scopy:
-	cd cmd/k8scopy; \
-	go install .
+	cd cmd/k8scopy && go install .
 
 # Build from local source.
 $(MYGOBIN)/pluginator:
-	cd cmd/pluginator; \
-	go install .
+	cd cmd/pluginator && go install .
 
 
 # --- Build targets ---
 
 # Build from local source.
 $(MYGOBIN)/kustomize: build-kustomize-api
-	cd kustomize; \
-	go install -ldflags \
+	cd kustomize && go install -ldflags \
 	"-X sigs.k8s.io/kustomize/api/provenance.buildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
 	 -X sigs.k8s.io/kustomize/api/provenance.version=$(shell git describe --tags --always --dirty)" \
 	.
@@ -86,11 +82,11 @@ kustomize: $(MYGOBIN)/kustomize
 # plugin-to-api compatibility checks.
 .PHONY: build-kustomize-api
 build-kustomize-api: $(MYGOBIN)/goimports $(builtinplugins)
-	cd api; $(MAKE) build
+	cd api && $(MAKE) build
 
 .PHONY: generate-kustomize-api
 generate-kustomize-api:
-	cd api; $(MAKE) generate
+	cd api && $(MAKE) generate
 
 
 # --- Verification targets ---
@@ -132,12 +128,8 @@ lint: $(MYGOBIN)/golangci-lint $(MYGOBIN)/goimports $(builtinplugins)
 	./hack/for-each-module.sh "make lint"
 
 .PHONY: apidiff
-apidiff: go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
-	$(GOBIN)/go-apidiff master --compare-imports --print-compatible --repo-path=.
-
-.PHONY: go-apidiff
-go-apidiff:
-	go install github.com/joelanford/go-apidiff@v0.6.0
+apidiff: $(MYGOBIN)/go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
+	go-apidiff master --compare-imports --print-compatible --repo-path=.
 
 .PHONY: test-unit-all
 test-unit-all: \
@@ -147,14 +139,14 @@ test-unit-all: \
 # This target is used by our Github Actions CI to run unit tests for all non-plugin modules in multiple GOOS environments.
 .PHONY: test-unit-non-plugin
 test-unit-non-plugin:
-	./hack/for-each-module.sh "make test" "./plugin/*" 19
+	SKIP_MODULE_PATHS="./plugin/*" ./hack/for-each-module.sh "make test"
 
 .PHONY: build-non-plugin-all
 build-non-plugin-all:
-	./hack/for-each-module.sh "make build" "./plugin/*" 19
+	SKIP_MODULE_PATHS="./plugin/*" ./hack/for-each-module.sh "make build"
 
 .PHONY: test-unit-kustomize-plugins
-test-unit-kustomize-plugins:
+test-unit-kustomize-plugins: build-kustomize-external-go-plugin
 	./hack/testUnitKustomizePlugins.sh
 
 .PHONY: functions-examples-all
@@ -190,7 +182,7 @@ test-examples-kustomize-against-latest-release: $(MYGOBIN)/mdrip
 .PHONY: workspace-sync
 workspace-sync:
 	go work sync
-	./hack/doGoMod.sh tidy
+	./hack/for-each-module.sh "go mod tidy -v"
 
 # --- Cleanup targets ---
 .PHONY: clean

diff --git a/Makefile-plugins.mk b/Makefile-plugins.mk
@@ -91,12 +91,12 @@ $(pGen)/%.go: $(MYGOBIN)/pluginator $(MYGOBIN)/goimports
 
 # Generate builtin plugins
 .PHONY: generate-kustomize-builtin-plugins
-generate-kustomize-builtin-plugins: $(builtplugins)
+generate-kustomize-builtin-plugins: $(builtplugins) $(MYGOBIN)/pluginator
 	for plugin in $(abspath $(wildcard $(pSrc)/*)); do \
 		echo "generating $${plugin} ..."; \
 		set -e; \
 		cd $${plugin}; \
-		go generate pluginator .; \
+		go generate ./...; \
 	done
 
 # Check for diff by comparing current revision of generated plugins on HEAD and newly generated plugins on local branch, 
@@ -112,7 +112,7 @@ builtin-plugins-diff: $(builtplugins)
 	done
 
 .PHONY: build-kustomize-external-go-plugin
-build-kustomize-external-go-plugin:
+build-kustomize-external-go-plugin: generate-kustomize-builtin-plugins
 	./hack/buildExternalGoPlugins.sh ./plugin
 
 .PHONY: clean-kustomize-external-go-plugin

diff --git a/Makefile-tools.mk b/Makefile-tools.mk
@@ -1,14 +1,16 @@
 # Copyright 2022 The Kubernetes Authors.
 # SPDX-License-Identifier: Apache-2.0
 
-GOLANGCI_LINT_VERSION=v1.51.2
-
+GOOS = $(shell go env GOOS)
+GOARCH = $(shell go env GOARCH)
 MYGOBIN = $(shell go env GOBIN)
 ifeq ($(MYGOBIN),)
 MYGOBIN = $(shell go env GOPATH)/bin
 endif
 export PATH := $(MYGOBIN):$(PATH)
 
+REPO_ROOT=$(shell git rev-parse --show-toplevel)
+
 # determines whether to run tests that only behave locally; can be overridden by override variable
 export IS_LOCAL = false
 
@@ -18,8 +20,7 @@ install-out-of-tree-tools: \
 	$(MYGOBIN)/golangci-lint \
 	$(MYGOBIN)/helmV3 \
 	$(MYGOBIN)/mdrip \
-	$(MYGOBIN)/stringer \
-	$(MYGOBIN)/goimports
+	$(MYGOBIN)/stringer
 
 .PHONY: uninstall-out-of-tree-tools
 uninstall-out-of-tree-tools:
@@ -29,67 +30,65 @@ uninstall-out-of-tree-tools:
 	rm -f $(MYGOBIN)/mdrip
 	rm -f $(MYGOBIN)/stringer
 
+.PHONY: $(MYGOBIN)/golangci-lint
 $(MYGOBIN)/golangci-lint:
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+	cd $(REPO_ROOT)/hack && go install github.com/golangci/golangci-lint/cmd/golangci-lint
 
+.PHONY: $(MYGOBIN)/mdrip
 $(MYGOBIN)/mdrip:
-	go install github.com/monopole/mdrip@v1.0.2
+	cd $(REPO_ROOT)/hack && go install github.com/monopole/mdrip
 
+.PHONY: $(MYGOBIN)/stringer
 $(MYGOBIN)/stringer:
-	go install golang.org/x/tools/cmd/stringer@latest
+	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/stringer
 
+.PHONY: $(MYGOBIN)/goimports
 $(MYGOBIN)/goimports:
-	go install golang.org/x/tools/cmd/goimports@latest
+	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/goimports
 
+.PHONY: $(MYGOBIN)/mdtogo
 $(MYGOBIN)/mdtogo:
-	go install sigs.k8s.io/kustomize/cmd/mdtogo@latest
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kustomize/cmd/mdtogo
 
+.PHONY: $(MYGOBIN)/addlicense
 $(MYGOBIN)/addlicense:
-	go install github.com/google/addlicense@latest
+	cd $(REPO_ROOT)/hack && go install github.com/google/addlicense
 
+.PHONY: $(MYGOBIN)/goreleaser
 $(MYGOBIN)/goreleaser:
-	go install github.com/goreleaser/goreleaser@v0.179.0 # https://github.com/kubernetes-sigs/kustomize/issues/4542
+	cd $(REPO_ROOT)/hack && go install github.com/goreleaser/goreleaser
 
+.PHONY: $(MYGOBIN)/kind
 $(MYGOBIN)/kind:
-	( \
-        set -e; \
-        d=$(shell mktemp -d); cd $$d; \
-        wget -O ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(GOOS)-$(GOARCH); \
-        chmod +x ./kind; \
-        mv ./kind $(MYGOBIN); \
-        rm -rf $$d; \
-	)
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kind
+
+.PHONY: $(MYGOBIN)/controller-gen
+$(MYGOBIN)/controller-gen:
+	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/controller-tools/cmd/controller-gen
 
-# linux only.
+.PHONY: $(MYGOBIN)/embedmd
+$(MYGOBIN)/embedmd:
+	cd $(REPO_ROOT)/hack && go install github.com/campoy/embedmd
+
+.PHONY: $(MYGOBIN)/go-bindata
+$(MYGOBIN)/go-bindata:
+	cd $(REPO_ROOT)/hack && go install github.com/go-bindata/go-bindata/v3/go-bindata
+
+.PHONY: $(MYGOBIN)/go-apidiff
+$(MYGOBIN)/go-apidiff:
+	cd $(REPO_ROOT)/hack && go install github.com/joelanford/go-apidiff
+
+.PHONY: $(MYGOBIN)/gh
 $(MYGOBIN)/gh:
-	( \
-		set -e; \
-		d=$(shell mktemp -d); cd $$d; \
-		tgzFile=gh_1.0.0_$(GOOS)_$(GOARCH).tar.gz; \
-		wget https://github.com/cli/cli/releases/download/v1.0.0/$$tgzFile; \
-		tar -xvzf $$tgzFile; \
-		mv gh_1.0.0_$(GOOS)_$(GOARCH)/bin/gh  $(MYGOBIN)/gh; \
-		rm -rf $$d \
-	)
+	cd $(REPO_ROOT)/hack && go install github.com/cli/cli/cmd/gh
 
-# linux only.
-# This is for testing an example plugin that
-# uses kubeval for validation.
-# Don't want to add a hard dependence in go.mod file
-# to github.com/instrumenta/kubeval.
-# Instead, download the binary.
+.PHONY: $(MYGOBIN)/kubeval
 $(MYGOBIN)/kubeval:
-	( \
-		set -e; \
-		d=$(shell mktemp -d); cd $$d; \
-		wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-$(GOOS)-$(GOARCH).tar.gz; \
-		tar xf kubeval-$(GOOS)-$(GOARCH).tar.gz; \
-		mv kubeval $(MYGOBIN); \
-		rm -rf $$d; \
-	)
+	cd $(REPO_ROOT)/hack && go install github.com/instrumenta/kubeval
 
 # Helm V3 differs from helm V2; downloading it to provide coverage for the
 # chart inflator plugin under helm v3.
+.PHONY: $(MYGOBIN)/helmV3
 $(MYGOBIN)/helmV3:
 	( \
 		set -e; \

diff --git a/api/go.mod b/api/go.mod
@@ -3,36 +3,34 @@ module sigs.k8s.io/kustomize/api
 go 1.20
 
 require (
+	github.com/blang/semver/v4 v4.0.0
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-errors/errors v1.4.2
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.4
 	go.uber.org/goleak v1.3.0
-	k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
 	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )