From 209376699c48d3d1b08db3cae47508e5a3c4bae4 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Sat, 13 Dec 2025 21:51:11 +0300 Subject: [PATCH 01/13] update deps to fix vulns --- go.mod | 27 +++++++++++++++------------ go.sum | 56 ++++++++++++++++++++++++++++++++------------------------ 2 files changed, 47 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index df6a1243..5ea12c72 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/cloudflare/cloudflare-go v0.104.0 github.com/compose-spec/compose-go v1.20.2 github.com/disgoorg/disgo v0.18.5 - github.com/docker/docker v27.1.1+incompatible + github.com/docker/docker v28.5.2+incompatible github.com/fatih/color v1.18.0 github.com/go-delve/delve v1.25.2 github.com/go-git/go-billy/v5 v5.6.1 @@ -48,11 +48,11 @@ require ( github.com/valyala/fasttemplate v1.2.2 github.com/vektra/mockery/v2 v2.53.5 go.uber.org/atomic v1.11.0 - golang.org/x/crypto v0.41.0 + golang.org/x/crypto v0.46.0 golang.org/x/oauth2 v0.27.0 - golang.org/x/sync v0.16.0 - golang.org/x/term v0.34.0 - golang.org/x/text v0.28.0 + golang.org/x/sync v0.19.0 + golang.org/x/term v0.38.0 + golang.org/x/text v0.32.0 google.golang.org/api v0.223.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 @@ -157,6 +157,8 @@ require ( github.com/cloudflare/circl v1.6.1 // indirect github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect github.com/containerd/console v1.0.4 // indirect + github.com/containerd/errdefs v1.0.0 // indirect + github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/cosiner/argv v0.1.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect github.com/curioswitch/go-reassign v0.3.0 // indirect @@ -190,7 +192,7 @@ require ( github.com/go-errors/errors v1.5.1 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-jose/go-jose/v3 v3.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 // indirect + github.com/go-jose/go-jose/v4 v4.1.3 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect @@ -200,7 +202,7 @@ require ( github.com/go-toolsmith/astp v1.1.0 // indirect github.com/go-toolsmith/strparse v1.1.0 // indirect github.com/go-toolsmith/typep v1.1.0 // indirect - github.com/go-viper/mapstructure/v2 v2.2.1 // indirect + github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/go-xmlfmt/xmlfmt v1.1.3 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-json v0.10.3 // indirect @@ -299,6 +301,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/sys/atomicwriter v0.1.0 // indirect github.com/moricho/tparallel v0.3.2 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect @@ -423,12 +426,12 @@ require ( golang.org/x/arch v0.11.0 // indirect golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect golang.org/x/exp/typeparams v0.0.0-20250210185358-939b2ce775ac // indirect - golang.org/x/mod v0.27.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488 // indirect + golang.org/x/mod v0.30.0 // indirect + golang.org/x/net v0.47.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect golang.org/x/time v0.10.0 // indirect - golang.org/x/tools v0.36.0 // indirect + golang.org/x/tools v0.39.0 // indirect golang.org/x/tools/go/expect v0.1.1-deprecated // indirect golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect diff --git a/go.sum b/go.sum index 5ec674a9..08b8f060 100644 --- a/go.sum +++ b/go.sum @@ -293,6 +293,10 @@ github.com/compose-spec/compose-go v1.20.2 h1:u/yfZHn4EaHGdidrZycWpxXgFffjYULlTb github.com/compose-spec/compose-go v1.20.2/go.mod h1:+MdqXV4RA7wdFsahh/Kb8U0pAJqkg7mr4PM9tFKU8RM= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= +github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -334,8 +338,8 @@ github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY= -github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= +github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= @@ -403,8 +407,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY= github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= -github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= +github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -444,8 +448,8 @@ github.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQi github.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ= github.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus= github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig= -github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss= -github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= +github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= +github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/go-xmlfmt/xmlfmt v1.1.3 h1:t8Ey3Uy7jDSEisW2K3somuMKIpzktkWptA0iFCnRUWY= github.com/go-xmlfmt/xmlfmt v1.1.3/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -779,6 +783,10 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= +github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= +github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= +github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1186,8 +1194,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1234,8 +1242,8 @@ golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ= -golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1284,8 +1292,8 @@ golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1311,8 +1319,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1377,10 +1385,10 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488 h1:3doPGa+Gg4snce233aCWnbZVFsyFMo/dR40KK/6skyE= -golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -1392,8 +1400,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= -golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= +golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= +golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1407,8 +1415,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1474,8 +1482,8 @@ golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= -golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg= -golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= From 313fc2e33fe0aa4839bceb0808340777650da490 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Tue, 16 Dec 2025 16:23:12 +0300 Subject: [PATCH 02/13] fixing caddy volume name --- pkg/clouds/pulumi/kubernetes/caddy.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/clouds/pulumi/kubernetes/caddy.go b/pkg/clouds/pulumi/kubernetes/caddy.go index cda30d98..53eece68 100644 --- a/pkg/clouds/pulumi/kubernetes/caddy.go +++ b/pkg/clouds/pulumi/kubernetes/caddy.go @@ -73,6 +73,12 @@ func DeployCaddyService(ctx *sdk.Context, caddy CaddyDeployment, input api.Resou namespace := lo.If(caddy.Namespace != nil, lo.FromPtr(caddy.Namespace)).Else(deploymentName) caddyImage := lo.If(caddy.Image != nil, lo.FromPtr(caddy.Image)).Else(fmt.Sprintf("simplecontainer/caddy:%s", build.Version)) + // Generate volume names using the same logic as SimpleContainer to ensure consistency + // This fixes the volume mount name mismatch issue for custom stacks + parentEnv := input.StackParams.ParentEnv + stackEnv := input.StackParams.Environment + volumesCfgName := generateConfigVolumesName("caddy", stackEnv, parentEnv) + // Prepare Caddy volumes (embedded config) var caddyVolumes []k8s.SimpleTextVolume caddyVolumes, err = EmbedFSToTextVolumes(caddyVolumes, Caddyconfig, "embed/caddy", "/etc/caddy") @@ -125,7 +131,7 @@ func DeployCaddyService(ctx *sdk.Context, caddy CaddyDeployment, input api.Resou }, corev1.VolumeMountArgs{ MountPath: sdk.String("/etc/caddy/Caddyfile"), - Name: sdk.String(ToConfigVolumesName(deploymentName)), + Name: sdk.String(volumesCfgName), SubPath: sdk.String("Caddyfile"), }, }, From dfbd06b37ab368db6b52b6e0a582eb5ccb093ea1 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Tue, 16 Dec 2025 16:44:10 +0300 Subject: [PATCH 03/13] fixing caddy volume name, p2 --- pkg/clouds/pulumi/kubernetes/caddy.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/clouds/pulumi/kubernetes/caddy.go b/pkg/clouds/pulumi/kubernetes/caddy.go index 53eece68..057420b9 100644 --- a/pkg/clouds/pulumi/kubernetes/caddy.go +++ b/pkg/clouds/pulumi/kubernetes/caddy.go @@ -75,9 +75,11 @@ func DeployCaddyService(ctx *sdk.Context, caddy CaddyDeployment, input api.Resou // Generate volume names using the same logic as SimpleContainer to ensure consistency // This fixes the volume mount name mismatch issue for custom stacks + // Use the deploymentName (which includes environment suffix) as the service name parentEnv := input.StackParams.ParentEnv stackEnv := input.StackParams.Environment - volumesCfgName := generateConfigVolumesName("caddy", stackEnv, parentEnv) + serviceName := sanitizeK8sName(deploymentName) + volumesCfgName := generateConfigVolumesName(serviceName, stackEnv, parentEnv) // Prepare Caddy volumes (embedded config) var caddyVolumes []k8s.SimpleTextVolume From b45270751cb3c4bf01287ced863f3e383f92a68b Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Wed, 17 Dec 2025 11:13:55 +0300 Subject: [PATCH 04/13] fixing caddy patch, p1 --- pkg/clouds/pulumi/kubernetes/deployment_patch.go | 14 ++++++++++++++ pkg/clouds/pulumi/kubernetes/kube_run.go | 10 +++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index af7abcf2..51571467 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -12,6 +12,7 @@ type DeploymentPatchArgs struct { ServiceName string Namespace string Annotations map[string]sdk.StringOutput + Labels map[string]string Opts []sdk.ResourceOption } @@ -25,17 +26,30 @@ func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.Deplo // Combine SSA options with user-provided options allOpts := append(ssaOpts, args.Opts...) + // Ensure we have required labels for selector and template + labels := args.Labels + if labels == nil { + labels = map[string]string{ + "app": args.ServiceName, + } + } + return appsv1.NewDeploymentPatch(ctx, args.PatchName, &appsv1.DeploymentPatchArgs{ Metadata: &metav1.ObjectMetaPatchArgs{ Namespace: sdk.String(args.Namespace), Name: sdk.String(args.ServiceName), + Labels: sdk.ToStringMap(labels), Annotations: sdk.StringMap{ "pulumi.com/patchForce": sdk.String("true"), // Force SSA to resolve conflicts }, }, Spec: &appsv1.DeploymentSpecPatchArgs{ + Selector: &metav1.LabelSelectorPatchArgs{ + MatchLabels: sdk.ToStringMap(labels), + }, Template: &v1.PodTemplateSpecPatchArgs{ Metadata: &metav1.ObjectMetaPatchArgs{ + Labels: sdk.ToStringMap(labels), Annotations: sdk.ToStringMapOutput(args.Annotations), }, }, diff --git a/pkg/clouds/pulumi/kubernetes/kube_run.go b/pkg/clouds/pulumi/kubernetes/kube_run.go index 88ba6181..2ef4b1da 100644 --- a/pkg/clouds/pulumi/kubernetes/kube_run.go +++ b/pkg/clouds/pulumi/kubernetes/kube_run.go @@ -192,10 +192,18 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params if caddyConfig != nil { // Attempt to patch caddy deployment annotations (non-critical - skip if it fails) + caddyServiceName := input.ToResName("caddy") _, patchErr := PatchDeployment(ctx, &DeploymentPatchArgs{ PatchName: input.ToResName(stackName), - ServiceName: input.ToResName("caddy"), // Use helper to add environment suffix consistently + ServiceName: caddyServiceName, // Use helper to add environment suffix consistently Namespace: lo.If(caddyConfig.Namespace != nil, lo.FromPtr(caddyConfig.Namespace)).Else("caddy"), + Labels: map[string]string{ + LabelAppType: AppTypeSimpleContainer, + LabelAppName: caddyServiceName, + LabelScEnv: input.StackParams.Environment, + LabelParentEnv: input.StackParams.ParentEnv, + LabelCustomStack: stackName, + }, Annotations: map[string]sdk.StringOutput{ "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), From 6122fc15026db3057d98c2fad311e18defddf881 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Wed, 17 Dec 2025 11:27:58 +0300 Subject: [PATCH 05/13] fixing redis network, p1 --- pkg/clouds/gcloud/redis.go | 4 ++++ pkg/clouds/pulumi/gcp/redis.go | 16 ++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/pkg/clouds/gcloud/redis.go b/pkg/clouds/gcloud/redis.go index 5df36b41..aaac5b72 100644 --- a/pkg/clouds/gcloud/redis.go +++ b/pkg/clouds/gcloud/redis.go @@ -11,6 +11,10 @@ type RedisConfig struct { MemorySizeGb int `json:"memorySizeGb" yaml:"memorySizeGb"` RedisConfig map[string]string `json:"redisConfig" yaml:"redisConfig"` Region *string `json:"region" yaml:"region"` + + // VPC Network Configuration + AuthorizedNetwork *string `json:"authorizedNetwork,omitempty" yaml:"authorizedNetwork,omitempty"` // VPC network for Redis connectivity + // Resource adoption fields Adopt bool `json:"adopt,omitempty" yaml:"adopt,omitempty"` InstanceId string `json:"instanceId,omitempty" yaml:"instanceId,omitempty"` diff --git a/pkg/clouds/pulumi/gcp/redis.go b/pkg/clouds/pulumi/gcp/redis.go index f537e2c0..24016ff8 100644 --- a/pkg/clouds/pulumi/gcp/redis.go +++ b/pkg/clouds/pulumi/gcp/redis.go @@ -36,11 +36,23 @@ func Redis(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params pA } redisName := toRedisName(input, input.Descriptor.Name) - redisInstance, err := redis.NewInstance(ctx, redisName, &redis.InstanceArgs{ + + // Configure Redis instance arguments + redisArgs := &redis.InstanceArgs{ MemorySizeGb: sdk.Int(redisCfg.MemorySizeGb), RedisConfigs: sdk.ToStringMap(redisCfg.RedisConfig), Region: sdk.StringPtrFromPtr(lo.If(redisCfg.Region != nil, redisCfg.Region).Else(nil)), - }, sdk.Provider(params.Provider)) + } + + // Set VPC network if specified (for custom VPC connectivity) + if redisCfg.AuthorizedNetwork != nil && *redisCfg.AuthorizedNetwork != "" { + redisArgs.AuthorizedNetwork = sdk.String(*redisCfg.AuthorizedNetwork) + params.Log.Info(ctx.Context(), "🔗 Configuring Redis %q to use VPC network: %s", redisName, *redisCfg.AuthorizedNetwork) + } else { + params.Log.Info(ctx.Context(), "📡 Redis %q will use default VPC network", redisName) + } + + redisInstance, err := redis.NewInstance(ctx, redisName, redisArgs, sdk.Provider(params.Provider)) if err != nil { return nil, errors.Wrapf(err, "failed to provision redis instance %q", redisName) } From 0714ffb71d226aa7838cced01a76041b4908a1e0 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Wed, 17 Dec 2025 18:17:06 +0300 Subject: [PATCH 06/13] fixing caddy patch, p2 --- .../pulumi/kubernetes/deployment_patch.go | 20 ++++--------------- pkg/clouds/pulumi/kubernetes/kube_run.go | 7 ------- 2 files changed, 4 insertions(+), 23 deletions(-) diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index 51571467..af8abf4e 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -12,13 +12,12 @@ type DeploymentPatchArgs struct { ServiceName string Namespace string Annotations map[string]sdk.StringOutput - Labels map[string]string Opts []sdk.ResourceOption } func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.DeploymentPatch, error) { - // Add SSA options to handle field manager conflicts - // This forces Pulumi to take ownership of conflicting fields + // Use strategic merge patch to only update pod template annotations + // This avoids Kubernetes validation errors that require full deployment spec ssaOpts := []sdk.ResourceOption{ sdk.ReplaceOnChanges([]string{}), // Don't replace, just update } @@ -26,30 +25,19 @@ func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.Deplo // Combine SSA options with user-provided options allOpts := append(ssaOpts, args.Opts...) - // Ensure we have required labels for selector and template - labels := args.Labels - if labels == nil { - labels = map[string]string{ - "app": args.ServiceName, - } - } - + // Only patch the pod template annotations - this is the minimal patch needed + // to trigger a rolling restart without requiring selector/containers validation return appsv1.NewDeploymentPatch(ctx, args.PatchName, &appsv1.DeploymentPatchArgs{ Metadata: &metav1.ObjectMetaPatchArgs{ Namespace: sdk.String(args.Namespace), Name: sdk.String(args.ServiceName), - Labels: sdk.ToStringMap(labels), Annotations: sdk.StringMap{ "pulumi.com/patchForce": sdk.String("true"), // Force SSA to resolve conflicts }, }, Spec: &appsv1.DeploymentSpecPatchArgs{ - Selector: &metav1.LabelSelectorPatchArgs{ - MatchLabels: sdk.ToStringMap(labels), - }, Template: &v1.PodTemplateSpecPatchArgs{ Metadata: &metav1.ObjectMetaPatchArgs{ - Labels: sdk.ToStringMap(labels), Annotations: sdk.ToStringMapOutput(args.Annotations), }, }, diff --git a/pkg/clouds/pulumi/kubernetes/kube_run.go b/pkg/clouds/pulumi/kubernetes/kube_run.go index 2ef4b1da..b62750e1 100644 --- a/pkg/clouds/pulumi/kubernetes/kube_run.go +++ b/pkg/clouds/pulumi/kubernetes/kube_run.go @@ -197,13 +197,6 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params PatchName: input.ToResName(stackName), ServiceName: caddyServiceName, // Use helper to add environment suffix consistently Namespace: lo.If(caddyConfig.Namespace != nil, lo.FromPtr(caddyConfig.Namespace)).Else("caddy"), - Labels: map[string]string{ - LabelAppType: AppTypeSimpleContainer, - LabelAppName: caddyServiceName, - LabelScEnv: input.StackParams.Environment, - LabelParentEnv: input.StackParams.ParentEnv, - LabelCustomStack: stackName, - }, Annotations: map[string]sdk.StringOutput{ "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), From e239cc454eda068764e36d244e8597afb5c903d3 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Sun, 21 Dec 2025 15:22:42 +0300 Subject: [PATCH 07/13] fixing caddy patch, p3 --- pkg/clouds/pulumi/gcp/gke_autopilot_stack.go | 11 ++-- .../pulumi/kubernetes/deployment_patch.go | 50 +++++++++++++++---- pkg/clouds/pulumi/kubernetes/kube_run.go | 44 +++++++++------- 3 files changed, 73 insertions(+), 32 deletions(-) diff --git a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go index b5c50073..7d01c0f9 100644 --- a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go +++ b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go @@ -212,10 +212,13 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu deploymentName := lo.If(caddyCfg.DeploymentName != nil, lo.FromPtr(caddyCfg.DeploymentName)).Else(input.ToResName("caddy")) namespace := lo.If(caddyCfg.Namespace != nil, lo.FromPtr(caddyCfg.Namespace)).Else("caddy") + kubeConfigOutput := sdk.String(kubeConfig).ToStringOutput() _, patchErr := kubernetes.PatchDeployment(ctx, &kubernetes.DeploymentPatchArgs{ - PatchName: input.ToResName(stackName), - ServiceName: deploymentName, - Namespace: namespace, + PatchName: input.ToResName(stackName), + ServiceName: deploymentName, + Namespace: namespace, + KubeProvider: kubeProvider, + Kubeconfig: &kubeConfigOutput, Annotations: map[string]sdk.StringOutput{ "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), @@ -224,7 +227,7 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu return hex.EncodeToString(sum[:]) }).(sdk.StringOutput), }, - Opts: []sdk.ResourceOption{sdk.Provider(kubeProvider), sdk.DependsOn([]sdk.Resource{sc.Service})}, + Opts: []sdk.ResourceOption{sdk.DependsOn([]sdk.Resource{sc.Service})}, }) if patchErr != nil { // Log warning but continue - caddy annotation patch is not critical for deployment diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index af8abf4e..ed5f65bc 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -1,6 +1,9 @@ package kubernetes import ( + "fmt" + + sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" appsv1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apps/v1" v1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1" metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1" @@ -8,25 +11,50 @@ import ( ) type DeploymentPatchArgs struct { - PatchName string - ServiceName string - Namespace string - Annotations map[string]sdk.StringOutput - Opts []sdk.ResourceOption + PatchName string + ServiceName string + Namespace string + Annotations map[string]sdk.StringOutput + KubeProvider *sdkK8s.Provider // Main Kubernetes provider (for dependencies) + Kubeconfig *sdk.StringOutput // Optional: Kubeconfig for creating patch-specific provider + Opts []sdk.ResourceOption } func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.DeploymentPatch, error) { - // Use strategic merge patch to only update pod template annotations - // This avoids Kubernetes validation errors that require full deployment spec - ssaOpts := []sdk.ResourceOption{ + var patchProvider sdk.ProviderResource + + // If Kubeconfig is provided, create a dedicated SSA-enabled provider for patches + // This isolates patch resources from regular resources + if args.Kubeconfig != nil { + patchProviderName := fmt.Sprintf("%s-patch-provider", args.PatchName) + dedicatedProvider, err := sdkK8s.NewProvider(ctx, patchProviderName, &sdkK8s.ProviderArgs{ + Kubeconfig: *args.Kubeconfig, + EnableServerSideApply: sdk.BoolPtr(true), // Required for DeploymentPatch resources + }, sdk.Parent(args.KubeProvider)) // Make it a child of the main provider + if err != nil { + return nil, err + } + patchProvider = dedicatedProvider + } else { + // Use the existing provider (assumes SSA is already enabled or will be enabled) + patchProvider = args.KubeProvider + } + + // NOTE: DeploymentPatch requires Server-Side Apply mode + // SSA allows partial updates without requiring the complete deployment spec + patchOpts := []sdk.ResourceOption{ + sdk.Provider(patchProvider), // Use dedicated or existing provider + sdk.RetainOnDelete(true), // Don't delete the deployment if patch is removed sdk.ReplaceOnChanges([]string{}), // Don't replace, just update + sdk.DeleteBeforeReplace(false), // Never delete before replacing } - // Combine SSA options with user-provided options - allOpts := append(ssaOpts, args.Opts...) + // Combine patch options with user-provided options + // Note: Provider option is set first, so if user provides another provider it will be ignored + allOpts := append(patchOpts, args.Opts...) // Only patch the pod template annotations - this is the minimal patch needed - // to trigger a rolling restart without requiring selector/containers validation + // to trigger a rolling restart. SSA mode allows this without full spec validation. return appsv1.NewDeploymentPatch(ctx, args.PatchName, &appsv1.DeploymentPatchArgs{ Metadata: &metav1.ObjectMetaPatchArgs{ Namespace: sdk.String(args.Namespace), diff --git a/pkg/clouds/pulumi/kubernetes/kube_run.go b/pkg/clouds/pulumi/kubernetes/kube_run.go index b62750e1..0db82eb0 100644 --- a/pkg/clouds/pulumi/kubernetes/kube_run.go +++ b/pkg/clouds/pulumi/kubernetes/kube_run.go @@ -9,6 +9,7 @@ import ( "github.com/pkg/errors" "github.com/samber/lo" + sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" sdk "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/simple-container-com/api/pkg/api" @@ -193,23 +194,32 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params if caddyConfig != nil { // Attempt to patch caddy deployment annotations (non-critical - skip if it fails) caddyServiceName := input.ToResName("caddy") - _, patchErr := PatchDeployment(ctx, &DeploymentPatchArgs{ - PatchName: input.ToResName(stackName), - ServiceName: caddyServiceName, // Use helper to add environment suffix consistently - Namespace: lo.If(caddyConfig.Namespace != nil, lo.FromPtr(caddyConfig.Namespace)).Else("caddy"), - Annotations: map[string]sdk.StringOutput{ - "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), - "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), - "simple-container.com/caddy-update-hash": sdk.All(sc.CaddyfileEntry).ApplyT(func(entry []any) string { - sum := md5.Sum([]byte(entry[0].(string))) - return hex.EncodeToString(sum[:]) - }).(sdk.StringOutput), - }, - Opts: []sdk.ResourceOption{sdk.Provider(params.Provider), sdk.DependsOn([]sdk.Resource{sc.Service})}, - }) - if patchErr != nil { - // Log warning but continue - caddy annotation patch is not critical for deployment - params.Log.Warn(ctx.Context(), "⚠️ Failed to patch caddy deployment annotations (non-critical): %v", patchErr) + + // Cast params.Provider to Kubernetes provider for patch operations + kubeProvider, ok := params.Provider.(*sdkK8s.Provider) + if !ok { + params.Log.Warn(ctx.Context(), "⚠️ Failed to cast provider to Kubernetes provider for caddy patch") + } else { + _, patchErr := PatchDeployment(ctx, &DeploymentPatchArgs{ + PatchName: input.ToResName(stackName), + ServiceName: caddyServiceName, // Use helper to add environment suffix consistently + Namespace: lo.If(caddyConfig.Namespace != nil, lo.FromPtr(caddyConfig.Namespace)).Else("caddy"), + KubeProvider: kubeProvider, + Kubeconfig: nil, // No kubeconfig available in this context, will use existing provider + Annotations: map[string]sdk.StringOutput{ + "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), + "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), + "simple-container.com/caddy-update-hash": sdk.All(sc.CaddyfileEntry).ApplyT(func(entry []any) string { + sum := md5.Sum([]byte(entry[0].(string))) + return hex.EncodeToString(sum[:]) + }).(sdk.StringOutput), + }, + Opts: []sdk.ResourceOption{sdk.DependsOn([]sdk.Resource{sc.Service})}, + }) + if patchErr != nil { + // Log warning but continue - caddy annotation patch is not critical for deployment + params.Log.Warn(ctx.Context(), "⚠️ Failed to patch caddy deployment annotations (non-critical): %v", patchErr) + } } } From 81e4dbf2a66e08537a8001a6a2fc95728aa5bc7c Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Sun, 21 Dec 2025 15:33:13 +0300 Subject: [PATCH 08/13] fixing caddy patch, p4 --- pkg/clouds/pulumi/gcp/gke_autopilot_stack.go | 3 ++- pkg/clouds/pulumi/kubernetes/provider.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go index 7d01c0f9..e0f88a61 100644 --- a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go +++ b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go @@ -84,7 +84,8 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu out := &GkeAutopilotOutput{} kubeProvider, err := sdkK8s.NewProvider(ctx, input.ToResName(stackName), &sdkK8s.ProviderArgs{ - Kubeconfig: sdk.String(kubeConfig), + Kubeconfig: sdk.String(kubeConfig), + EnableServerSideApply: sdk.BoolPtr(true), // Required for DeploymentPatch resources }) if err != nil { return nil, errors.Wrapf(err, "failed to provision kubeconfig provider for %q/%q in %q", stackName, input.Descriptor.Name, environment) diff --git a/pkg/clouds/pulumi/kubernetes/provider.go b/pkg/clouds/pulumi/kubernetes/provider.go index 0953d27a..649e90ec 100644 --- a/pkg/clouds/pulumi/kubernetes/provider.go +++ b/pkg/clouds/pulumi/kubernetes/provider.go @@ -19,7 +19,8 @@ func Provider(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params creds := pcfg.CredentialsValue() provider, err := kubernetes.NewProvider(ctx, input.ToResName(input.Descriptor.Name), &kubernetes.ProviderArgs{ - Kubeconfig: sdk.String(creds), + Kubeconfig: sdk.String(creds), + EnableServerSideApply: sdk.BoolPtr(true), // Required for DeploymentPatch resources }) return &api.ResourceOutput{ From 961761d3d9e251ea495cf4cdced709f7579968ca Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Sun, 21 Dec 2025 15:42:40 +0300 Subject: [PATCH 09/13] fixing caddy patch, p5 --- .../pulumi/kubernetes/deployment_patch.go | 35 +++++++++++-------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index ed5f65bc..1e61de7b 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -5,8 +5,6 @@ import ( sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" appsv1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apps/v1" - v1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1" - metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1" sdk "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) @@ -53,22 +51,31 @@ func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.Deplo // Note: Provider option is set first, so if user provides another provider it will be ignored allOpts := append(patchOpts, args.Opts...) - // Only patch the pod template annotations - this is the minimal patch needed - // to trigger a rolling restart. SSA mode allows this without full spec validation. - return appsv1.NewDeploymentPatch(ctx, args.PatchName, &appsv1.DeploymentPatchArgs{ - Metadata: &metav1.ObjectMetaPatchArgs{ - Namespace: sdk.String(args.Namespace), - Name: sdk.String(args.ServiceName), - Annotations: sdk.StringMap{ + // Use untyped Map instead of DeploymentPatchArgs to bypass client-side validation + // This allows true partial patches with SSA without requiring selector, labels, containers, etc. + patchData := sdk.Map{ + "metadata": sdk.Map{ + "namespace": sdk.String(args.Namespace), + "name": sdk.String(args.ServiceName), + "annotations": sdk.StringMap{ "pulumi.com/patchForce": sdk.String("true"), // Force SSA to resolve conflicts }, }, - Spec: &appsv1.DeploymentSpecPatchArgs{ - Template: &v1.PodTemplateSpecPatchArgs{ - Metadata: &metav1.ObjectMetaPatchArgs{ - Annotations: sdk.ToStringMapOutput(args.Annotations), + "spec": sdk.Map{ + "template": sdk.Map{ + "metadata": sdk.Map{ + "annotations": sdk.ToStringMapOutput(args.Annotations), }, }, }, - }, allOpts...) + } + + // Register the resource directly to avoid typed struct validation + var patch appsv1.DeploymentPatch + err := ctx.RegisterResource("kubernetes:apps/v1:DeploymentPatch", args.PatchName, patchData, &patch, allOpts...) + if err != nil { + return nil, err + } + + return &patch, nil } From ccb4634a8215b76583ec3bb611882ec826ba6e9e Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Sun, 21 Dec 2025 15:55:09 +0300 Subject: [PATCH 10/13] fixing caddy patch, p6 --- pkg/clouds/pulumi/kubernetes/deployment_patch.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index 1e61de7b..573a6bae 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -54,6 +54,8 @@ func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.Deplo // Use untyped Map instead of DeploymentPatchArgs to bypass client-side validation // This allows true partial patches with SSA without requiring selector, labels, containers, etc. patchData := sdk.Map{ + "apiVersion": sdk.String("apps/v1"), + "kind": sdk.String("Deployment"), "metadata": sdk.Map{ "namespace": sdk.String(args.Namespace), "name": sdk.String(args.ServiceName), From 6d8a43aec08b5ecf3f0f1d8cd8bb784eca0b7728 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Sun, 21 Dec 2025 16:11:22 +0300 Subject: [PATCH 11/13] fixing caddy patch, p7 --- .../pulumi/kubernetes/deployment_patch.go | 49 +++++++++---------- 1 file changed, 23 insertions(+), 26 deletions(-) diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index 573a6bae..ad7d8d4f 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -4,7 +4,8 @@ import ( "fmt" sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" - appsv1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apps/v1" + "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apiextensions" + metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1" sdk "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) @@ -18,7 +19,7 @@ type DeploymentPatchArgs struct { Opts []sdk.ResourceOption } -func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.DeploymentPatch, error) { +func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*apiextensions.CustomResource, error) { var patchProvider sdk.ProviderResource // If Kubeconfig is provided, create a dedicated SSA-enabled provider for patches @@ -51,33 +52,29 @@ func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*appsv1.Deplo // Note: Provider option is set first, so if user provides another provider it will be ignored allOpts := append(patchOpts, args.Opts...) - // Use untyped Map instead of DeploymentPatchArgs to bypass client-side validation - // This allows true partial patches with SSA without requiring selector, labels, containers, etc. - patchData := sdk.Map{ - "apiVersion": sdk.String("apps/v1"), - "kind": sdk.String("Deployment"), - "metadata": sdk.Map{ - "namespace": sdk.String(args.Namespace), - "name": sdk.String(args.ServiceName), - "annotations": sdk.StringMap{ - "pulumi.com/patchForce": sdk.String("true"), // Force SSA to resolve conflicts - }, - }, - "spec": sdk.Map{ - "template": sdk.Map{ - "metadata": sdk.Map{ - "annotations": sdk.ToStringMapOutput(args.Annotations), + // Use CustomResource with OtherFields to bypass DeploymentPatch validation logic + // This forces Pulumi to send a raw PATCH request to Kubernetes without schema validation + // The OtherFields map is sent directly to the API with SSA enabled + otherFields := map[string]interface{}{ + "spec": map[string]interface{}{ + "template": map[string]interface{}{ + "metadata": map[string]interface{}{ + "annotations": args.Annotations, }, }, }, } - // Register the resource directly to avoid typed struct validation - var patch appsv1.DeploymentPatch - err := ctx.RegisterResource("kubernetes:apps/v1:DeploymentPatch", args.PatchName, patchData, &patch, allOpts...) - if err != nil { - return nil, err - } - - return &patch, nil + return apiextensions.NewCustomResource(ctx, args.PatchName, &apiextensions.CustomResourceArgs{ + ApiVersion: sdk.String("apps/v1"), + Kind: sdk.String("Deployment"), + Metadata: &metav1.ObjectMetaArgs{ + Namespace: sdk.String(args.Namespace), + Name: sdk.String(args.ServiceName), + Annotations: sdk.StringMap{ + "pulumi.com/patchForce": sdk.String("true"), // Force SSA to resolve conflicts + }, + }, + OtherFields: otherFields, + }, allOpts...) } From 97819aa7e1389ff442694c9dc1686b38c1d31d4e Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Mon, 22 Dec 2025 10:31:21 +0300 Subject: [PATCH 12/13] fixing caddy patch, p8 --- go.mod | 46 ++++-- go.sum | 93 +++++++++--- pkg/clouds/pulumi/gcp/gke_autopilot_stack.go | 12 +- .../pulumi/kubernetes/deployment_patch.go | 140 ++++++++++++------ pkg/clouds/pulumi/kubernetes/kube_run.go | 15 +- 5 files changed, 222 insertions(+), 84 deletions(-) diff --git a/go.mod b/go.mod index 5ea12c72..ee65d6d8 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/simple-container-com/api -go 1.24.0 - -toolchain go1.24.6 +go 1.25.0 require ( cloud.google.com/go/storage v1.49.0 @@ -24,7 +22,7 @@ require ( github.com/google/uuid v1.6.0 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef github.com/mitchellh/go-homedir v1.1.0 - github.com/onsi/gomega v1.36.2 + github.com/onsi/gomega v1.38.2 github.com/otiai10/copy v1.14.0 github.com/peterh/liner v1.2.2 github.com/philippgille/chromem-go v0.7.0 @@ -43,19 +41,22 @@ require ( github.com/samber/lo v1.38.1 github.com/spf13/afero v1.14.0 github.com/spf13/cobra v1.9.1 - github.com/stretchr/testify v1.10.0 + github.com/stretchr/testify v1.11.1 github.com/tmc/langchaingo v0.1.13 github.com/valyala/fasttemplate v1.2.2 github.com/vektra/mockery/v2 v2.53.5 go.uber.org/atomic v1.11.0 golang.org/x/crypto v0.46.0 - golang.org/x/oauth2 v0.27.0 + golang.org/x/oauth2 v0.30.0 golang.org/x/sync v0.19.0 golang.org/x/term v0.38.0 golang.org/x/text v0.32.0 google.golang.org/api v0.223.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 + k8s.io/apimachinery v0.35.0 + k8s.io/client-go v0.35.0 + k8s.io/utils v0.0.0-20251220205832-9d40a56c1308 mvdan.cc/gofumpt v0.9.1 ) @@ -95,7 +96,7 @@ require ( github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect - github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/OpenPeeDeeP/depguard/v2 v2.2.1 // indirect github.com/ProtonMail/go-crypto v1.1.3 // indirect @@ -177,6 +178,7 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/edsrzf/mmap-go v1.1.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect @@ -185,6 +187,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/firefart/nonamedreturns v1.0.5 // indirect github.com/fsnotify/fsnotify v1.8.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect github.com/ghostiam/protogetter v0.3.9 // indirect github.com/go-critic/go-critic v0.12.0 // indirect @@ -193,8 +196,11 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-jose/go-jose/v3 v3.0.4 // indirect github.com/go-jose/go-jose/v4 v4.1.3 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect github.com/go-toolsmith/astcopy v1.1.0 // indirect github.com/go-toolsmith/astequal v1.2.0 // indirect @@ -222,6 +228,7 @@ require ( github.com/golangci/plugin-module-register v0.1.1 // indirect github.com/golangci/revgrep v0.8.0 // indirect github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed // indirect + github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-dap v0.12.0 // indirect github.com/google/go-querystring v1.1.0 // indirect @@ -265,6 +272,8 @@ require ( github.com/jjti/go-spancheck v0.6.4 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jonboulle/clockwork v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect github.com/julz/importas v0.2.0 // indirect github.com/karamaru-alpha/copyloopvar v1.2.1 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect @@ -284,6 +293,7 @@ require ( github.com/lib/pq v1.10.9 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/macabu/inamedparam v0.1.3 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/maratori/testableexamples v1.0.0 // indirect github.com/maratori/testpackage v1.1.1 // indirect github.com/matoous/godox v1.1.0 // indirect @@ -302,11 +312,14 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/sys/atomicwriter v0.1.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/moricho/tparallel v0.3.2 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect github.com/muesli/reflow v0.3.0 // indirect github.com/muesli/termenv v0.15.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/natefinch/atomic v1.0.1 // indirect github.com/nishanths/exhaustive v0.12.0 // indirect @@ -372,7 +385,7 @@ require ( github.com/sourcegraph/conc v0.3.0 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/cast v1.7.1 // indirect - github.com/spf13/pflag v1.0.6 // indirect + github.com/spf13/pflag v1.0.9 // indirect github.com/spf13/viper v1.20.0 // indirect github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect @@ -393,6 +406,7 @@ require ( github.com/uudashr/gocognit v1.2.0 // indirect github.com/uudashr/iface v1.3.1 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect @@ -421,6 +435,8 @@ require ( go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect gocloud.dev v0.37.0 // indirect gocloud.dev/secrets/hashivault v0.37.0 // indirect golang.org/x/arch v0.11.0 // indirect @@ -433,16 +449,24 @@ require ( golang.org/x/time v0.10.0 // indirect golang.org/x/tools v0.39.0 // indirect golang.org/x/tools/go/expect v0.1.1-deprecated // indirect - golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 // indirect google.golang.org/grpc v1.72.1 // indirect - google.golang.org/protobuf v1.36.6 // indirect + google.golang.org/protobuf v1.36.8 // indirect + gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect honnef.co/go/tools v0.6.1 // indirect + k8s.io/api v0.35.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect lukechampine.com/frand v1.4.2 // indirect mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/go.sum b/go.sum index 08b8f060..9b594857 100644 --- a/go.sum +++ b/go.sum @@ -123,8 +123,8 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/MShekow/directory-checksum v1.4.9 h1:olzWbrq9ylwfi7afuoivzHM8AV2z2KOaT7FJ6Ri2ppU= github.com/MShekow/directory-checksum v1.4.9/go.mod h1:LhNeWmPftlKTlc3TNurdihPK/whw9j76VnLaTRu2SkU= -github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= -github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= @@ -304,6 +304,7 @@ github.com/cosiner/argv v0.1.0 h1:BVDiEL32lwHukgJKP87btEPenzrrHUjajs/8yzaqcXg= github.com/cosiner/argv v0.1.0/go.mod h1:EusR6TucWKX+zFgtdUsKT2Cvg45K5rtpCcWz4hK06d8= github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/creack/pty v1.1.20 h1:VIPb/a2s17qNeQgDnkfZC35RScx+blkKF8GV68n80J4= github.com/creack/pty v1.1.20/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -350,6 +351,8 @@ github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ= github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= +github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= +github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -380,6 +383,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo= github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA= github.com/ghostiam/protogetter v0.3.9 h1:j+zlLLWzqLay22Cz/aYwTHKQ88GE2DQ6GkWSYFOI4lQ= @@ -418,10 +423,18 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -522,6 +535,8 @@ github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed h1:IURFTjxeTfNF github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed/go.mod h1:XLXN8bNw4CGRPaqgl3bv/lhz7bsGPh4/xSaMTbo2vkQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= +github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -559,8 +574,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= -github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= @@ -671,10 +686,13 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= @@ -701,6 +719,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -733,6 +752,8 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/macabu/inamedparam v0.1.3 h1:2tk/phHkMlEL/1GNe/Yf6kkR/hkcUdAEY3L0hjYV1Mk= github.com/macabu/inamedparam v0.1.3/go.mod h1:93FLICAIk/quk7eaPPQvbzihUdn/QkGDwIZEoLtpH6I= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/maratori/testableexamples v1.0.0 h1:dU5alXRrD8WKSjOUnmJZuzdxWOEQ57+7s93SLMxb2vI= github.com/maratori/testableexamples v1.0.0/go.mod h1:4rhjL1n20TUTT4vdh3RDqSizKLyXp7K2u6HgraZCGzE= github.com/maratori/testpackage v1.1.1 h1:S58XVV5AD7HADMmD0fNnziNHqKvSdDuEKdPD1rNTU04= @@ -790,10 +811,13 @@ github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiT github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/moricho/tparallel v0.3.2 h1:odr8aZVFA3NZrNybggMkYO3rgPRcqjeQUlBBFVxKHTI= github.com/moricho/tparallel v0.3.2/go.mod h1:OQ+K3b4Ln3l2TZveGCywybl68glfLEwFGqvnjok8b+U= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= @@ -806,6 +830,8 @@ github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxschmitt/golang-combinations v1.0.0 h1:NFoO7CSP8MUcFlHpe1YdewKwMa15dgDbaqkVLC5DUPI= @@ -824,10 +850,10 @@ github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= -github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= -github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= -github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= +github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= +github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= +github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -1026,8 +1052,9 @@ github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cA github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY= github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= @@ -1053,8 +1080,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/tdakkota/asciicheck v0.4.1 h1:bm0tbcmi0jezRA2b5kg4ozmMuGAFotKI3RZfrhfovg8= @@ -1095,6 +1122,8 @@ github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQ github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= github.com/vektra/mockery/v2 v2.53.5 h1:iktAY68pNiMvLoHxKqlSNSv/1py0QF/17UGrrAMYDI8= github.com/vektra/mockery/v2 v2.53.5/go.mod h1:hIFFb3CvzPdDJJiU7J4zLRblUMv7OuezWsHPmswriwo= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -1175,6 +1204,10 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= gocloud.dev v0.37.0 h1:XF1rN6R0qZI/9DYjN16Uy0durAmSlf58DHOcb28GPro= gocloud.dev v0.37.0/go.mod h1:7/O4kqdInCNsc6LqgmuFnS0GRew4XNNYWpA44yQnwco= gocloud.dev/secrets/hashivault v0.37.0 h1:5ehGtUBP29DFAgAs6bPw7fVSgqQ3TxaoK2xVcLp1x+c= @@ -1301,8 +1334,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= -golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1580,8 +1613,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= +google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1589,6 +1622,10 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo= +gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= @@ -1615,6 +1652,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.6.1 h1:R094WgE8K4JirYjBaOpz/AvTyUu/3wbmAoskKN/pxTI= honnef.co/go/tools v0.6.1/go.mod h1:3puzxxljPCe8RGJX7BIy1plGbxEOZni5mR2aXe3/uk4= +k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= +k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= +k8s.io/apimachinery v0.35.0 h1:Z2L3IHvPVv/MJ7xRxHEtk6GoJElaAqDCCU0S6ncYok8= +k8s.io/apimachinery v0.35.0/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= +k8s.io/client-go v0.35.0 h1:IAW0ifFbfQQwQmga0UdoH0yvdqrbwMdq9vIFEhRpxBE= +k8s.io/client-go v0.35.0/go.mod h1:q2E5AAyqcbeLGPdoRB+Nxe3KYTfPce1Dnu1myQdqz9o= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= +k8s.io/utils v0.0.0-20251220205832-9d40a56c1308 h1:rk+D2uTO79bbNsICltOdVoA6mcJb0NpvBcts+ACymBQ= +k8s.io/utils v0.0.0-20251220205832-9d40a56c1308/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= mvdan.cc/gofumpt v0.9.1 h1:p5YT2NfFWsYyTieYgwcQ8aKV3xRvFH4uuN/zB2gBbMQ= @@ -1626,5 +1675,11 @@ pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go index e0f88a61..6ca79cfc 100644 --- a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go +++ b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go @@ -9,6 +9,7 @@ import ( "os" "os/exec" "strings" + "time" auth "golang.org/x/oauth2/google" @@ -214,7 +215,7 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu namespace := lo.If(caddyCfg.Namespace != nil, lo.FromPtr(caddyCfg.Namespace)).Else("caddy") kubeConfigOutput := sdk.String(kubeConfig).ToStringOutput() - _, patchErr := kubernetes.PatchDeployment(ctx, &kubernetes.DeploymentPatchArgs{ + patchResult, patchErr := kubernetes.PatchDeployment(ctx, &kubernetes.DeploymentPatchArgs{ PatchName: input.ToResName(stackName), ServiceName: deploymentName, Namespace: namespace, @@ -222,7 +223,7 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu Kubeconfig: &kubeConfigOutput, Annotations: map[string]sdk.StringOutput{ "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), - "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), + "simple-container.com/caddy-updated-at": sdk.String(time.Now().UTC().Format(time.RFC3339)).ToStringOutput(), "simple-container.com/caddy-update-hash": sdk.All(sc.CaddyfileEntry).ApplyT(func(entry []any) string { sum := md5.Sum([]byte(entry[0].(string))) return hex.EncodeToString(sum[:]) @@ -232,7 +233,12 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu }) if patchErr != nil { // Log warning but continue - caddy annotation patch is not critical for deployment - params.Log.Warn(ctx.Context(), "⚠️ Failed to patch caddy deployment annotations (non-critical): %v", patchErr) + params.Log.Warn(ctx.Context(), " Failed to patch caddy deployment annotations (non-critical): %v", patchErr) + } else if patchResult != nil { + patchResult.ApplyT(func(msg string) string { + params.Log.Info(ctx.Context(), "✅ Caddy deployment patched: %s", msg) + return msg + }) } } diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index ad7d8d4f..cc651afa 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -1,12 +1,18 @@ package kubernetes import ( + "context" + "encoding/json" "fmt" + "time" sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" - "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apiextensions" - metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1" sdk "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + "k8s.io/utils/ptr" ) type DeploymentPatchArgs struct { @@ -19,62 +25,100 @@ type DeploymentPatchArgs struct { Opts []sdk.ResourceOption } -func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*apiextensions.CustomResource, error) { - var patchProvider sdk.ProviderResource - - // If Kubeconfig is provided, create a dedicated SSA-enabled provider for patches - // This isolates patch resources from regular resources - if args.Kubeconfig != nil { - patchProviderName := fmt.Sprintf("%s-patch-provider", args.PatchName) - dedicatedProvider, err := sdkK8s.NewProvider(ctx, patchProviderName, &sdkK8s.ProviderArgs{ - Kubeconfig: *args.Kubeconfig, - EnableServerSideApply: sdk.BoolPtr(true), // Required for DeploymentPatch resources - }, sdk.Parent(args.KubeProvider)) // Make it a child of the main provider - if err != nil { - return nil, err - } - patchProvider = dedicatedProvider - } else { - // Use the existing provider (assumes SSA is already enabled or will be enabled) - patchProvider = args.KubeProvider - } +type deploymentPatchInputs struct { + Kubeconfig string + Namespace string + ServiceName string + Annotations map[string]string +} - // NOTE: DeploymentPatch requires Server-Side Apply mode - // SSA allows partial updates without requiring the complete deployment spec - patchOpts := []sdk.ResourceOption{ - sdk.Provider(patchProvider), // Use dedicated or existing provider - sdk.RetainOnDelete(true), // Don't delete the deployment if patch is removed - sdk.ReplaceOnChanges([]string{}), // Don't replace, just update - sdk.DeleteBeforeReplace(false), // Never delete before replacing +func patchDeploymentWithK8sClient(ctx context.Context, inputs deploymentPatchInputs) error { + // Create Kubernetes client from kubeconfig + config, err := clientcmd.RESTConfigFromKubeConfig([]byte(inputs.Kubeconfig)) + if err != nil { + return fmt.Errorf("failed to create REST config: %w", err) } - // Combine patch options with user-provided options - // Note: Provider option is set first, so if user provides another provider it will be ignored - allOpts := append(patchOpts, args.Opts...) + clientSet, err := kubernetes.NewForConfig(config) + if err != nil { + return fmt.Errorf("failed to create Kubernetes client: %w", err) + } - // Use CustomResource with OtherFields to bypass DeploymentPatch validation logic - // This forces Pulumi to send a raw PATCH request to Kubernetes without schema validation - // The OtherFields map is sent directly to the API with SSA enabled - otherFields := map[string]interface{}{ + // Build the patch payload - only the annotations we want to update + patch := map[string]interface{}{ "spec": map[string]interface{}{ "template": map[string]interface{}{ "metadata": map[string]interface{}{ - "annotations": args.Annotations, + "annotations": inputs.Annotations, }, }, }, } - return apiextensions.NewCustomResource(ctx, args.PatchName, &apiextensions.CustomResourceArgs{ - ApiVersion: sdk.String("apps/v1"), - Kind: sdk.String("Deployment"), - Metadata: &metav1.ObjectMetaArgs{ - Namespace: sdk.String(args.Namespace), - Name: sdk.String(args.ServiceName), - Annotations: sdk.StringMap{ - "pulumi.com/patchForce": sdk.String("true"), // Force SSA to resolve conflicts - }, - }, - OtherFields: otherFields, - }, allOpts...) + // Marshal to JSON + patchBytes, err := json.Marshal(patch) + if err != nil { + return fmt.Errorf("failed to marshal patch: %w", err) + } + + // Apply the patch using Strategic Merge Patch + // This is a true partial update that doesn't require full deployment spec + patchOptions := metav1.PatchOptions{ + FieldManager: "simple-container", + Force: ptr.To(true), // Force ownership of fields + } + + _, err = clientSet.AppsV1().Deployments(inputs.Namespace).Patch( + ctx, + inputs.ServiceName, + types.StrategicMergePatchType, + patchBytes, + patchOptions, + ) + if err != nil { + return fmt.Errorf("failed to patch deployment %s/%s: %w", inputs.Namespace, inputs.ServiceName, err) + } + + return nil +} + +func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*sdk.StringOutput, error) { + // Use Pulumi's Apply to execute the native Kubernetes client patch + // This bypasses Pulumi's DeploymentPatch validation entirely + + // Convert map[string]StringOutput to StringMapOutput for proper resolution + annotationsOutput := sdk.ToStringMapOutput(args.Annotations) + + // Apply the patch when all outputs are resolved + // Use ApplyTWithContext to get access to Pulumi's context + result := sdk.All(args.Kubeconfig, annotationsOutput).ApplyTWithContext(ctx.Context(), func(goCtx context.Context, vals []interface{}) (string, error) { + kubeconfigStr, ok := vals[0].(string) + if !ok || kubeconfigStr == "" { + return "", fmt.Errorf("kubeconfig is required for native Kubernetes client patching") + } + + annotations, ok := vals[1].(map[string]string) + if !ok { + return "", fmt.Errorf("failed to resolve annotations: got type %T", vals[1]) + } + + inputs := deploymentPatchInputs{ + Kubeconfig: kubeconfigStr, + Namespace: args.Namespace, + ServiceName: args.ServiceName, + Annotations: annotations, + } + + // Use Pulumi's context with timeout to respect cancellation and prevent hanging + patchCtx, cancel := context.WithTimeout(goCtx, 30*time.Second) + defer cancel() + + if err := patchDeploymentWithK8sClient(patchCtx, inputs); err != nil { + return "", err + } + + return fmt.Sprintf("%s/%s patched", args.Namespace, args.ServiceName), nil + }).(sdk.StringOutput) + + return &result, nil } diff --git a/pkg/clouds/pulumi/kubernetes/kube_run.go b/pkg/clouds/pulumi/kubernetes/kube_run.go index 0db82eb0..a99cefb9 100644 --- a/pkg/clouds/pulumi/kubernetes/kube_run.go +++ b/pkg/clouds/pulumi/kubernetes/kube_run.go @@ -5,6 +5,7 @@ import ( "encoding/hex" "encoding/json" "fmt" + "time" "github.com/pkg/errors" "github.com/samber/lo" @@ -101,6 +102,8 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params useSSL := kubeRunInput.UseSSL == nil || *kubeRunInput.UseSSL + kubeconfig := kubeRunInput.Kubeconfig + var nodeSelector map[string]string params.Log.Info(ctx.Context(), "🔍 DEBUG: kubeRunInput.Deployment.StackConfig.CloudExtras: %+v", kubeRunInput.Deployment.StackConfig.CloudExtras) if kubeRunInput.Deployment.StackConfig.CloudExtras != nil { @@ -200,15 +203,16 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params if !ok { params.Log.Warn(ctx.Context(), "⚠️ Failed to cast provider to Kubernetes provider for caddy patch") } else { - _, patchErr := PatchDeployment(ctx, &DeploymentPatchArgs{ + kubeconfigOutput := sdk.String(kubeconfig).ToStringOutput() + patchResult, patchErr := PatchDeployment(ctx, &DeploymentPatchArgs{ PatchName: input.ToResName(stackName), ServiceName: caddyServiceName, // Use helper to add environment suffix consistently Namespace: lo.If(caddyConfig.Namespace != nil, lo.FromPtr(caddyConfig.Namespace)).Else("caddy"), KubeProvider: kubeProvider, - Kubeconfig: nil, // No kubeconfig available in this context, will use existing provider + Kubeconfig: &kubeconfigOutput, Annotations: map[string]sdk.StringOutput{ "simple-container.com/caddy-updated-by": sdk.String(stackName).ToStringOutput(), - "simple-container.com/caddy-updated-at": sdk.String("latest").ToStringOutput(), + "simple-container.com/caddy-updated-at": sdk.String(time.Now().UTC().Format(time.RFC3339)).ToStringOutput(), "simple-container.com/caddy-update-hash": sdk.All(sc.CaddyfileEntry).ApplyT(func(entry []any) string { sum := md5.Sum([]byte(entry[0].(string))) return hex.EncodeToString(sum[:]) @@ -219,6 +223,11 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params if patchErr != nil { // Log warning but continue - caddy annotation patch is not critical for deployment params.Log.Warn(ctx.Context(), "⚠️ Failed to patch caddy deployment annotations (non-critical): %v", patchErr) + } else if patchResult != nil { + patchResult.ApplyT(func(msg string) string { + params.Log.Info(ctx.Context(), "✅ Caddy deployment patched: %s", msg) + return msg + }) } } } From 00bfa4e333f760a691a03affbe4f628cbe09cdb4 Mon Sep 17 00:00:00 2001 From: Universe Ops Date: Mon, 22 Dec 2025 22:41:10 +0300 Subject: [PATCH 13/13] fixing caddy patch, p9 --- go.mod | 2 +- pkg/clouds/pulumi/gcp/gke_autopilot_stack.go | 6 +++-- pkg/clouds/pulumi/kubernetes/caddy.go | 5 ++-- .../pulumi/kubernetes/deployment_patch.go | 24 ++++++++++++++----- pkg/clouds/pulumi/kubernetes/kube_run.go | 5 +++- pkg/clouds/pulumi/kubernetes/naming.go | 11 +++++++++ 6 files changed, 41 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index ee65d6d8..cd1ba72c 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,6 @@ require ( gopkg.in/yaml.v3 v3.0.1 k8s.io/apimachinery v0.35.0 k8s.io/client-go v0.35.0 - k8s.io/utils v0.0.0-20251220205832-9d40a56c1308 mvdan.cc/gofumpt v0.9.1 ) @@ -463,6 +462,7 @@ require ( k8s.io/api v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect + k8s.io/utils v0.0.0-20251220205832-9d40a56c1308 // indirect lukechampine.com/frand v1.4.2 // indirect mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect diff --git a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go index 6ca79cfc..7aba37dc 100644 --- a/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go +++ b/pkg/clouds/pulumi/gcp/gke_autopilot_stack.go @@ -210,8 +210,10 @@ func GkeAutopilotStack(ctx *sdk.Context, stack api.Stack, input api.ResourceInpu } // Attempt to patch caddy deployment annotations (non-critical - skip if it fails) - // Use deployment name override if specified, otherwise fall back to default - deploymentName := lo.If(caddyCfg.DeploymentName != nil, lo.FromPtr(caddyCfg.DeploymentName)).Else(input.ToResName("caddy")) + // Use deployment name override if specified, otherwise generate using single-dash convention + // to match the actual Caddy deployment naming (e.g., "caddy-staging" not "caddy--staging") + defaultDeploymentName := kubernetes.GenerateCaddyDeploymentName(input.StackParams.Environment) + deploymentName := lo.If(caddyCfg.DeploymentName != nil, lo.FromPtr(caddyCfg.DeploymentName)).Else(defaultDeploymentName) namespace := lo.If(caddyCfg.Namespace != nil, lo.FromPtr(caddyCfg.Namespace)).Else("caddy") kubeConfigOutput := sdk.String(kubeConfig).ToStringOutput() diff --git a/pkg/clouds/pulumi/kubernetes/caddy.go b/pkg/clouds/pulumi/kubernetes/caddy.go index 057420b9..940f4486 100644 --- a/pkg/clouds/pulumi/kubernetes/caddy.go +++ b/pkg/clouds/pulumi/kubernetes/caddy.go @@ -69,8 +69,9 @@ func DeployCaddyService(ctx *sdk.Context, caddy CaddyDeployment, input api.Resou return nil, errors.Wrapf(err, "failed to provision kubeconfig provider for %q/%q in %q", input.StackParams.StackName, input.Descriptor.Name, input.StackParams.Environment) } - deploymentName := input.ToResName("caddy") - namespace := lo.If(caddy.Namespace != nil, lo.FromPtr(caddy.Namespace)).Else(deploymentName) + // Use the same naming convention as the patch operation for consistency + deploymentName := GenerateCaddyDeploymentName(input.StackParams.Environment) + namespace := lo.If(caddy.Namespace != nil, lo.FromPtr(caddy.Namespace)).Else("caddy") caddyImage := lo.If(caddy.Image != nil, lo.FromPtr(caddy.Image)).Else(fmt.Sprintf("simplecontainer/caddy:%s", build.Version)) // Generate volume names using the same logic as SimpleContainer to ensure consistency diff --git a/pkg/clouds/pulumi/kubernetes/deployment_patch.go b/pkg/clouds/pulumi/kubernetes/deployment_patch.go index cc651afa..76af3e1a 100644 --- a/pkg/clouds/pulumi/kubernetes/deployment_patch.go +++ b/pkg/clouds/pulumi/kubernetes/deployment_patch.go @@ -4,15 +4,16 @@ import ( "context" "encoding/json" "fmt" + "os" "time" - sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" - sdk "github.com/pulumi/pulumi/sdk/v3/go/pulumi" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" - "k8s.io/utils/ptr" + + sdkK8s "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes" + sdk "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) type DeploymentPatchArgs struct { @@ -65,7 +66,6 @@ func patchDeploymentWithK8sClient(ctx context.Context, inputs deploymentPatchInp // This is a true partial update that doesn't require full deployment spec patchOptions := metav1.PatchOptions{ FieldManager: "simple-container", - Force: ptr.To(true), // Force ownership of fields } _, err = clientSet.AppsV1().Deployments(inputs.Namespace).Patch( @@ -76,6 +76,8 @@ func patchDeploymentWithK8sClient(ctx context.Context, inputs deploymentPatchInp patchOptions, ) if err != nil { + // Log detailed error information for debugging + _, _ = fmt.Fprintf(os.Stderr, "❌ PATCH ERROR: failed to patch deployment %s/%s: %v\n", inputs.Namespace, inputs.ServiceName, err) return fmt.Errorf("failed to patch deployment %s/%s: %w", inputs.Namespace, inputs.ServiceName, err) } @@ -109,10 +111,20 @@ func PatchDeployment(ctx *sdk.Context, args *DeploymentPatchArgs) (*sdk.StringOu Annotations: annotations, } - // Use Pulumi's context with timeout to respect cancellation and prevent hanging - patchCtx, cancel := context.WithTimeout(goCtx, 30*time.Second) + // Create a context that respects parent cancellation but allows extra time for patch to complete + // We use a channel to listen for parent context cancellation, then give the patch operation + // additional time (5 seconds) to complete before actually cancelling + patchCtx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() + // Monitor parent context for cancellation + go func() { + <-goCtx.Done() + // Parent context was cancelled, but give patch 5 more seconds to complete + time.Sleep(5 * time.Second) + cancel() + }() + if err := patchDeploymentWithK8sClient(patchCtx, inputs); err != nil { return "", err } diff --git a/pkg/clouds/pulumi/kubernetes/kube_run.go b/pkg/clouds/pulumi/kubernetes/kube_run.go index a99cefb9..9cdee466 100644 --- a/pkg/clouds/pulumi/kubernetes/kube_run.go +++ b/pkg/clouds/pulumi/kubernetes/kube_run.go @@ -196,7 +196,10 @@ func KubeRun(ctx *sdk.Context, stack api.Stack, input api.ResourceInput, params if caddyConfig != nil { // Attempt to patch caddy deployment annotations (non-critical - skip if it fails) - caddyServiceName := input.ToResName("caddy") + // Use deployment name override if specified, otherwise generate using single-dash convention + // to match the actual Caddy deployment naming (e.g., "caddy-staging" not "caddy--staging") + defaultCaddyName := GenerateCaddyDeploymentName(input.StackParams.Environment) + caddyServiceName := lo.If(caddyConfig.DeploymentName != nil, lo.FromPtr(caddyConfig.DeploymentName)).Else(defaultCaddyName) // Cast params.Provider to Kubernetes provider for patch operations kubeProvider, ok := params.Provider.(*sdkK8s.Provider) diff --git a/pkg/clouds/pulumi/kubernetes/naming.go b/pkg/clouds/pulumi/kubernetes/naming.go index e31b680b..3947d66c 100644 --- a/pkg/clouds/pulumi/kubernetes/naming.go +++ b/pkg/clouds/pulumi/kubernetes/naming.go @@ -70,3 +70,14 @@ func generateImagePullSecretName(serviceName, stackEnv, parentEnv string) string func isCustomStack(stackEnv, parentEnv string) bool { return parentEnv != "" && parentEnv != stackEnv } + +// GenerateCaddyDeploymentName creates the Caddy deployment name with environment suffix +// Caddy deployments always include the environment suffix for backwards compatibility +// This is exported so it can be used by both kubernetes and gcp packages for consistency +func GenerateCaddyDeploymentName(stackEnv string) string { + // Always add environment suffix for Caddy deployments (backwards compatibility) + if stackEnv != "" { + return fmt.Sprintf("caddy-%s", stackEnv) + } + return "caddy" +}