diff --git a/.golangci.yaml b/.golangci.yaml index e7ede147..63c6b7bc 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -25,8 +25,6 @@ linters: - gocritic - gofmt - goheader - - gomoddirectives - - gomodguard - goprintffuncname - gosec - gosimple diff --git a/Makefile b/Makefile index b1a838aa..6c5aa126 100644 --- a/Makefile +++ b/Makefile @@ -60,8 +60,10 @@ MAKECMDGOALS ?= # binary may not be available in the PATH yet when the Makefiles are # evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 # and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) +host_os := $(shell uname -s | tr A-Z a-z) +host_arch := $(shell uname -m) +HOST_OS ?= $(host_os) +HOST_ARCH ?= $(host_arch) ifeq (x86_64, $(HOST_ARCH)) HOST_ARCH = amd64 @@ -74,7 +76,8 @@ endif # Git and versioning information # ################################## -VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +VERSION ?= $(git_version) IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) GITCOMMIT := $(shell git rev-parse HEAD) GITEPOCH := $(shell git show -s --format=%ct HEAD) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 6d51f05b..10d1279a 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -11,3 +11,4 @@ aliases: - irbekrm - sgtcodfish - inteon + - thatsmrtalbot diff --git a/klone.yaml b/klone.yaml index 5dc22258..279f63bd 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,65 +10,65 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/boilerplate - folder_name: cert-manager repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/cert-manager - folder_name: controller-gen repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/controller-gen - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/go - folder_name: helm repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/helm - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/help - folder_name: kind repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/kind - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/klone - folder_name: oci-build repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/oci-build - folder_name: oci-publish repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/oci-publish - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: c112512ba05d8a5b09ba5e997fd9db8cbb79f154 repo_path: modules/tools diff --git a/make/_shared/cert-manager/00_mod.mk b/make/_shared/cert-manager/00_mod.mk index 0a61381a..863508b4 100644 --- a/make/_shared/cert-manager/00_mod.mk +++ b/make/_shared/cert-manager/00_mod.mk @@ -15,14 +15,14 @@ images_amd64 ?= images_arm64 ?= -cert_manager_version := v1.14.4 +cert_manager_version := v1.14.5 -images_amd64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:f84edf06327f84ed2ca056776659aa144cf3cc982c5403650c24553c5a44b03d -images_amd64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:8267563833c31cc428b9ae460b890d079a1da09a4d8d00ec299a47dd613fbd24 -images_amd64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:ba5469d1a77b1cb04a703199b0e69bc25644a00498adc3694a0369c87375b4ca -images_amd64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:2a1545099cf6386ab08e979a58a6280fe123d091c69f8222bfb22c597003a3f0 +images_amd64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:f37f460aaa7598ba251ff1cbe7438012fd56c4acc94be64245e8a836203c5542 +images_amd64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:6d9ebced61371cc903f7934690923034382456f3ce6e0fe2b692c40dbd67d523 +images_amd64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:ac34b1905a2ff20789fde27115d3e1aa7b3d09f57efba4e91ae2ba1744de4ad2 +images_amd64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:5c74e4e37586dc5c35442515f43ecf222e961b65e954798428ac9239408bc0f3 -images_arm64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:39a6e9e699b3dacb8b92538efbaff85c16d4b30343ebeaaf2f35772ff3cebf53 -images_arm64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:956aac21371499fdcc8811b4b5fc8e2e0d6e552b15723c783fe56270347fc9e0 -images_arm64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:8ea8462c1daa7604f4f2e71e0cdeef3dd5d7e0f04341982a05dc296299766126 -images_arm64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:f4cd54540f8813e63a2f53b5b210454ae2a5fe0949b9f55d8f1270162ebad9a8 +images_arm64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:96668890d162a743407c0ef14d7769e970aa16655959b5f5cab0c595167148fa +images_arm64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:719aec5d99e86377829261451985592bc4129c5ca8dcb7f20b32170742f2b29b +images_arm64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:874da5701a98e352fa28d88470671eb792a472737a3cf2b7ce9966817e962de8 +images_arm64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:35d35b325b980cc702324e52b443cc7eb1df7211ce4e8e91d96da4eff4b6c894 diff --git a/make/_shared/go/.golangci.override.yaml b/make/_shared/go/.golangci.override.yaml index e569eff7..86c23375 100644 --- a/make/_shared/go/.golangci.override.yaml +++ b/make/_shared/go/.golangci.override.yaml @@ -25,8 +25,6 @@ linters: - gocritic - gofmt - goheader - - gomoddirectives - - gomodguard - goprintffuncname - gosec - gosimple diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index 70f576bf..0e4d4185 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -46,10 +46,11 @@ shared_generate_targets += generate-govulncheck # not want new vulnerabilities in existing code to block the merging of PRs. # Instead `make verify-govulnecheck` is intended to be run periodically by a CI job. verify-govulncheck: | $(NEEDS_GOVULNCHECK) - @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ - echo "Running 'GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(bin_dir)/tools/govulncheck ./...' in directory '$${d}'"; \ - pushd "$${d}" >/dev/null; \ + target=$$(dirname $${d}); \ + echo "Running 'GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(bin_dir)/tools/govulncheck ./...' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(GOVULNCHECK) ./... || exit; \ popd >/dev/null; \ echo ""; \ @@ -73,10 +74,11 @@ shared_generate_targets += generate-golangci-lint-config ## Verify all Go modules using golangci-lint ## @category [shared] Generate/ Verify verify-golangci-lint: | $(NEEDS_GO) $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch - @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ - echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config)' in directory '$${d}'"; \ - pushd "$${d}" >/dev/null; \ + target=$$(dirname $${d}); \ + echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config)' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ $(GOLANGCI-LINT) run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --timeout 4m || exit; \ popd >/dev/null; \ echo ""; \ @@ -87,18 +89,19 @@ shared_verify_targets_dirty += verify-golangci-lint .PHONY: fix-golangci-lint ## Fix all Go modules using golangci-lint ## @category [shared] Generate/ Verify -fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch - gci write \ +fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(NEEDS_GCI) $(bin_dir)/scratch + $(GCI) write \ -s "standard" \ -s "default" \ -s "prefix($(repo_name))" \ -s "blank" \ -s "dot" . - @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ - echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix' in directory '$${d}'"; \ - pushd "$${d}" >/dev/null; \ + target=$$(dirname $${d}); \ + echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ $(GOLANGCI-LINT) run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix || exit; \ popd >/dev/null; \ echo ""; \ diff --git a/make/_shared/kind/00_mod.mk b/make/_shared/kind/00_mod.mk index d271daac..0619ec58 100644 --- a/make/_shared/kind/00_mod.mk +++ b/make/_shared/kind/00_mod.mk @@ -15,14 +15,14 @@ images_amd64 ?= images_arm64 ?= -kind_k8s_version := v1.29.0 +kind_k8s_version := v1.29.2 # Goto https://github.com/kubernetes-sigs/kind/releases/tag/ and find the # multi-arch digest for the image you want to use. Then use crane to get the platform # specific digest. For example (digest is the multi-arch digest from the release page): -# digest="sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570" +# digest="sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245" # crane digest --platform=linux/amd64 docker.io/kindest/node@$digest # crane digest --platform=linux/arm64 docker.io/kindest/node@$digest -images_amd64 += docker.io/kindest/node:$(kind_k8s_version)@sha256:54a50c9354f11ce0aa56a85d2cacb1b950f85eab3fe1caf988826d1f89bf37eb -images_arm64 += docker.io/kindest/node:$(kind_k8s_version)@sha256:8ccbd8bc4d52c467f3c79eeeb434827c225600a1d7385a4b1c19d9e038c9e0c0 +images_amd64 += docker.io/kindest/node:$(kind_k8s_version)@sha256:acc9e82a5a5bd3dfccfd03117e9ef5f96b46108b55cd647fb5e7d0d1a35c9c6f +images_arm64 += docker.io/kindest/node:$(kind_k8s_version)@sha256:068aaa834c09ab60d925a8569c6b5f5b9cf46eccf670499176f3267f2ac3189c diff --git a/make/_shared/oci-build/00_mod.mk b/make/_shared/oci-build/00_mod.mk index dbfdd153..2eb10e24 100644 --- a/make/_shared/oci-build/00_mod.mk +++ b/make/_shared/oci-build/00_mod.mk @@ -15,11 +15,11 @@ oci_platforms ?= linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le # Use distroless as minimal base image to package the manager binary -# To get latest SHA run crane digest quay.io/jetstack/base-static:latest +# To get latest SHA run "crane digest quay.io/jetstack/base-static:latest" base_image_static := quay.io/jetstack/base-static@sha256:ba3cff0a4cacc5ae564e04c1f645000e8c9234c0f4b09534be1dee7874a42141 # Use custom apko-built image as minimal base image to package the manager binary -# To get latest SHA run crane digest quay.io/jetstack/base-static-csi:latest +# To get latest SHA run "crane digest quay.io/jetstack/base-static-csi:latest" base_image_csi-static := quay.io/jetstack/base-static-csi@sha256:54bacd13cccc385ef66730dbc7eb13bdb6a9ff8853e7f551d025ccb0e8c6bf83 # Utility functions diff --git a/make/_shared/oci-build/image_tool/append_layers.go b/make/_shared/oci-build/image_tool/append_layers.go index 04528292..3592c11c 100644 --- a/make/_shared/oci-build/image_tool/append_layers.go +++ b/make/_shared/oci-build/image_tool/append_layers.go @@ -30,6 +30,7 @@ import ( "github.com/google/go-containerregistry/pkg/v1/match" "github.com/google/go-containerregistry/pkg/v1/mutate" "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/google/go-containerregistry/pkg/v1/types" "github.com/spf13/cobra" ) @@ -45,16 +46,33 @@ var CommandAppendLayers = cobra.Command{ return } + path, err := layout.FromPath(oci) + must("could not load oci directory", err) + + index, err := path.ImageIndex() + must("could not load oci image index", err) + + indexMediaType, err := index.MediaType() + must("could not get image index media type", err) + + layerType := types.DockerLayer + if indexMediaType == types.OCIImageIndex { + layerType = types.OCILayer + } + layers := []v1.Layer{} for _, path := range extra { - layers = append(layers, loadLayerFromDirOrTarball(path)) + layers = append(layers, loadLayerFromDirOrTarball(path, layerType)) } - appendLayersToAllImages(oci, layers...) + index = appendLayersToImageIndex(index, layers) + + _, err = layout.Write(oci, index) + must("could not write image", err) }, } -func loadLayerFromDirOrTarball(path string) v1.Layer { +func loadLayerFromDirOrTarball(path string, mediaType types.MediaType) v1.Layer { stat, err := os.Stat(path) must("could not open directory or tarball", err) @@ -102,31 +120,24 @@ func loadLayerFromDirOrTarball(path string) v1.Layer { byts := buf.Bytes() - layer, err = tarball.LayerFromOpener(func() (io.ReadCloser, error) { - return io.NopCloser(bytes.NewReader(byts)), nil - }) + layer, err = tarball.LayerFromOpener( + func() (io.ReadCloser, error) { + return io.NopCloser(bytes.NewReader(byts)), nil + }, + tarball.WithMediaType(mediaType), + ) } else { - layer, err = tarball.LayerFromFile(path) + layer, err = tarball.LayerFromFile( + path, + tarball.WithMediaType(mediaType), + ) } must("could not open directory or tarball", err) return layer } -func appendLayersToAllImages(oci string, layers ...v1.Layer) { - path, err := layout.FromPath(oci) - must("could not load oci directory", err) - - index, err := path.ImageIndex() - must("could not load oci image index", err) - - index = appendLayersToImageIndex(index, layers) - - _, err = layout.Write(oci, index) - must("could not write image", err) -} - func appendLayersToImageIndex(index v1.ImageIndex, layers []v1.Layer) v1.ImageIndex { manifest, err := index.IndexManifest() must("could not load oci image manifest", err) @@ -145,11 +156,15 @@ func appendLayersToImageIndex(index v1.ImageIndex, layers []v1.Layer) v1.ImageIn digest, err := img.Digest() must("could not get image digest", err) + size, err := img.Size() + must("could not get image size", err) + slog.Info("appended layers to image", "old_digest", descriptor.Digest, "digest", digest, "platform", descriptor.Platform) index = mutate.RemoveManifests(index, match.Digests(descriptor.Digest)) descriptor.Digest = digest + descriptor.Size = size index = mutate.AppendManifests(index, mutate.IndexAddendum{ Add: img, Descriptor: descriptor, @@ -159,16 +174,20 @@ func appendLayersToImageIndex(index v1.ImageIndex, layers []v1.Layer) v1.ImageIn slog.Info("found image index", "digest", descriptor.Digest) child, err := index.ImageIndex(descriptor.Digest) - must("could not load oci image manifest", err) + must("could not load oci index manifest", err) child = appendLayersToImageIndex(child, layers) digest, err := child.Digest() - must("could not get image digest", err) + must("could not get index digest", err) + + size, err := child.Size() + must("could not get index size", err) index = mutate.RemoveManifests(index, match.Digests(descriptor.Digest)) descriptor.Digest = digest + descriptor.Size = size index = mutate.AppendManifests(index, mutate.IndexAddendum{ Add: child, Descriptor: descriptor, diff --git a/make/_shared/oci-publish/01_mod.mk b/make/_shared/oci-publish/01_mod.mk index 3294770b..348490c9 100644 --- a/make/_shared/oci-publish/01_mod.mk +++ b/make/_shared/oci-publish/01_mod.mk @@ -19,8 +19,8 @@ sanitize_target = $(subst :,-,$1) registry_for = $(firstword $(subst /, ,$1)) # Utility variables -current_makefile = $(lastword $(MAKEFILE_LIST)) -current_makefile_directory = $(dir $(current_makefile)) +current_makefile_directory := $(dir $(lastword $(MAKEFILE_LIST))) +image_exists_script := $(current_makefile_directory)/image-exists.sh # Validate globals that are required $(call fatal_if_undefined,bin_dir) @@ -78,10 +78,10 @@ $(call sanitize_target,oci-push-$2): oci-build-$1 | $(NEEDS_CRANE) .PHONY: $(call sanitize_target,oci-maybe-push-$2) $(call sanitize_target,oci-maybe-push-$2): oci-build-$1 | $(NEEDS_CRANE) - $$(CRANE) $(crane_flags_$1) manifest $2:$(call oci_image_tag_for,$1) > /dev/null 2>&1 || (\ - $$(CRANE) $(crane_flags_$1) push "$(oci_layout_path_$1)" "$2:$(call oci_image_tag_for,$1)" && \ - $(if $(filter true,$(oci_sign_on_push_$1)),$(MAKE) $(call sanitize_target,oci-sign-$2)) \ - ) + CRANE="$$(CRANE) $(crane_flags_$1)" \ + source $(image_exists_script) $2:$(call oci_image_tag_for,$1); \ + $$(CRANE) $(crane_flags_$1) push "$(oci_layout_path_$1)" "$2:$(call oci_image_tag_for,$1)"; \ + $(if $(filter true,$(oci_sign_on_push_$1)),$(MAKE) $(call sanitize_target,oci-sign-$2)) oci-push-$1: $(call sanitize_target,oci-push-$2) oci-maybe-push-$1: $(call sanitize_target,oci-maybe-push-$2) diff --git a/make/_shared/oci-publish/image-exists.sh b/make/_shared/oci-publish/image-exists.sh new file mode 100755 index 00000000..9ecbb61a --- /dev/null +++ b/make/_shared/oci-publish/image-exists.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash + +# Copyright 2022 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +# This script checks if a given image exists in the upstream registry, and if it +# does, whether it contains all the expected architectures. + +crane=${CRANE:-} + +FULL_IMAGE=${1:-} + +function print_usage() { + echo "usage: $0 [commands...]" +} + +if [[ -z $FULL_IMAGE ]]; then + print_usage + echo "Missing full-image" + exit 1 +fi + +if [[ -z $crane ]]; then + echo "CRANE environment variable must be set to the path of the crane binary" + exit 1 +fi + +shift 1 + +manifest=$(mktemp) +trap 'rm -f "$manifest"' EXIT SIGINT + +manifest_error=$(mktemp) +trap 'rm -f "$manifest_error"' EXIT SIGINT + +echo "+++ searching for $FULL_IMAGE in upstream registry" + +set +o errexit +$crane manifest "$FULL_IMAGE" > "$manifest" 2> "$manifest_error" +exit_code=$? +set -o errexit + +manifest_error_data=$(cat "$manifest_error") +if [[ $exit_code -eq 0 ]]; then + echo "+++ upstream registry appears to contain $FULL_IMAGE, exiting" + exit 0 + +elif [[ "$manifest_error_data" == *"MANIFEST_UNKNOWN"* ]]; then + echo "+++ upstream registry does not contain $FULL_IMAGE, will build and push" + # fall through to run the commands passed to this script + +else + echo "FATAL: upstream registry returned an unexpected error: $manifest_error_data, exiting" + exit 1 +fi diff --git a/make/_shared/repository-base/base/Makefile b/make/_shared/repository-base/base/Makefile index b1a838aa..6c5aa126 100644 --- a/make/_shared/repository-base/base/Makefile +++ b/make/_shared/repository-base/base/Makefile @@ -60,8 +60,10 @@ MAKECMDGOALS ?= # binary may not be available in the PATH yet when the Makefiles are # evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 # and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) +host_os := $(shell uname -s | tr A-Z a-z) +host_arch := $(shell uname -m) +HOST_OS ?= $(host_os) +HOST_ARCH ?= $(host_arch) ifeq (x86_64, $(HOST_ARCH)) HOST_ARCH = amd64 @@ -74,7 +76,8 @@ endif # Git and versioning information # ################################## -VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +VERSION ?= $(git_version) IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) GITCOMMIT := $(shell git rev-parse HEAD) GITEPOCH := $(shell git show -s --format=%ct HEAD) diff --git a/make/_shared/repository-base/base/OWNERS_ALIASES b/make/_shared/repository-base/base/OWNERS_ALIASES index 6d51f05b..10d1279a 100644 --- a/make/_shared/repository-base/base/OWNERS_ALIASES +++ b/make/_shared/repository-base/base/OWNERS_ALIASES @@ -11,3 +11,4 @@ aliases: - irbekrm - sgtcodfish - inteon + - thatsmrtalbot diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 34441df2..ada7c784 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -44,110 +44,113 @@ export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) CTR=docker -TOOLS := +tools := # https://github.com/helm/helm/releases -TOOLS += helm=v3.14.0 +tools += helm=v3.14.4 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl -TOOLS += kubectl=v1.29.1 +tools += kubectl=v1.30.0 # https://github.com/kubernetes-sigs/kind/releases -TOOLS += kind=v0.20.0 +tools += kind=v0.22.0 # https://www.vaultproject.io/downloads -TOOLS += vault=1.15.4 +tools += vault=1.16.2 # https://github.com/Azure/azure-workload-identity/releases -TOOLS += azwi=v1.2.0 +tools += azwi=v1.2.2 # https://github.com/kyverno/kyverno/releases -TOOLS += kyverno=v1.11.3 +tools += kyverno=v1.12.1 # https://github.com/mikefarah/yq/releases -TOOLS += yq=v4.43.1 +tools += yq=v4.43.1 # https://github.com/ko-build/ko/releases -TOOLS += ko=0.15.1 +tools += ko=0.15.2 # https://github.com/protocolbuffers/protobuf/releases -TOOLS += protoc=25.2 +tools += protoc=26.1 # https://github.com/aquasecurity/trivy/releases -TOOLS += trivy=v0.45.0 +tools += trivy=v0.50.4 # https://github.com/vmware-tanzu/carvel-ytt/releases -TOOLS += ytt=v0.45.4 +tools += ytt=v0.49.0 # https://github.com/rclone/rclone/releases -TOOLS += rclone=v1.64.0 +tools += rclone=v1.66.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions -TOOLS += controller-gen=v0.14.0 +tools += controller-gen=v0.14.0 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions -TOOLS += goimports=v0.17.0 +tools += goimports=v0.20.0 # https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions -TOOLS += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 +tools += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 # https://pkg.go.dev/gotest.tools/gotestsum?tab=versions -TOOLS += gotestsum=v1.11.0 +tools += gotestsum=v1.11.0 # https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions -TOOLS += kustomize=v4.5.7 +tools += kustomize=v4.5.7 # https://pkg.go.dev/github.com/itchyny/gojq?tab=versions -TOOLS += gojq=v0.12.14 +tools += gojq=v0.12.15 # https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions -TOOLS += crane=v0.18.0 +tools += crane=v0.19.1 # https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions -TOOLS += protoc-gen-go=v1.32.0 +tools += protoc-gen-go=v1.34.0 # https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions -TOOLS += helm-docs=v1.12.0 +tools += helm-docs=v1.13.1 # https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions -TOOLS += cosign=v2.2.2 +tools += cosign=v2.2.4 # https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions -TOOLS += boilersuite=v0.1.0 +tools += boilersuite=v0.1.0 # https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions -TOOLS += gomarkdoc=v1.1.0 +tools += gomarkdoc=v1.1.0 # https://pkg.go.dev/oras.land/oras/cmd/oras?tab=versions -TOOLS += oras=v1.1.0 +tools += oras=v1.1.0 # https://pkg.go.dev/github.com/onsi/ginkgo/v2/ginkgo?tab=versions # The gingko version should be kept in sync with the version used in code. # If there is no go.mod file (which is only the case for the makefile-modules # repo), then we default to a version that we know exists. We have to do this # because otherwise the awk failure renders the whole makefile unusable. -TOOLS += ginkgo=$(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +detected_ginkgo_version := $(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +tools += ginkgo=$(detected_ginkgo_version) # https://pkg.go.dev/github.com/cert-manager/klone?tab=versions -TOOLS += klone=v0.0.4 +tools += klone=v0.0.5 # https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions -TOOLS += goreleaser=v1.23.0 +tools += goreleaser=v1.25.1 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions -TOOLS += syft=v0.100.0 +tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool -TOOLS += helm-tool=v0.4.2 +tools += helm-tool=v0.4.2 # https://github.com/cert-manager/cmctl -TOOLS += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca +tools += cmctl=v2.0.0 # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -TOOLS += cmrel=84daedb44d61d25582e22eca48352012e899d1b2 +tools += cmrel=e4c3a4dc07df5c7c0379d334c5bb00e172462551 # https://github.com/golangci/golangci-lint/releases -TOOLS += golangci-lint=v1.57.1 +tools += golangci-lint=v1.57.2 # https://pkg.go.dev/golang.org/x/vuln?tab=versions -TOOLS += govulncheck=v1.0.4 +tools += govulncheck=v1.1.0 # https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions -TOOLS += operator-sdk=v1.34.1 +tools += operator-sdk=v1.34.1 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions -TOOLS += gh=v2.47.0 +tools += gh=v2.49.0 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases -TOOLS += preflight=1.9.2 +tools += preflight=1.9.2 +# https://github.com/daixiang0/gci/releases/ +tools += gci=v0.13.4 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions -K8S_CODEGEN_VERSION=v0.29.1 -TOOLS += client-gen=$(K8S_CODEGEN_VERSION) -TOOLS += deepcopy-gen=$(K8S_CODEGEN_VERSION) -TOOLS += informer-gen=$(K8S_CODEGEN_VERSION) -TOOLS += lister-gen=$(K8S_CODEGEN_VERSION) -TOOLS += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) -TOOLS += openapi-gen=$(K8S_CODEGEN_VERSION) -TOOLS += defaulter-gen=$(K8S_CODEGEN_VERSION) -TOOLS += conversion-gen=$(K8S_CODEGEN_VERSION) +K8S_CODEGEN_VERSION := v0.29.3 +tools += client-gen=$(K8S_CODEGEN_VERSION) +tools += deepcopy-gen=$(K8S_CODEGEN_VERSION) +tools += informer-gen=$(K8S_CODEGEN_VERSION) +tools += lister-gen=$(K8S_CODEGEN_VERSION) +tools += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) +tools += openapi-gen=$(K8S_CODEGEN_VERSION) +tools += defaulter-gen=$(K8S_CODEGEN_VERSION) +tools += conversion-gen=$(K8S_CODEGEN_VERSION) # https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -KUBEBUILDER_ASSETS_VERSION=1.29.0 -TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION) -TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) +KUBEBUILDER_ASSETS_VERSION := 1.30.0 +tools += etcd=$(KUBEBUILDER_ASSETS_VERSION) +tools += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) # Additional tools can be defined to reuse the tooling in this file ADDITIONAL_TOOLS ?= -TOOLS += $(ADDITIONAL_TOOLS) +tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.22.2 +VENDORED_GO_VERSION := 1.22.3 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -165,7 +168,7 @@ $(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch # --location = follow redirects from the server # --retry = the number of times to retry a failed attempt to connect # --retry-connrefused = retry even if the initial connection was refused -CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefused +CURL := curl --silent --show-error --fail --location --retry 10 --retry-connrefused # LN is expected to be an atomic action, meaning that two Make processes # can run the "link $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) @@ -173,12 +176,17 @@ CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefus # will perform the action and the second time the link will be overwritten). LN := ln -fs -UC = $(shell echo '$1' | tr a-z A-Z) -LC = $(shell echo '$1' | tr A-Z a-z) +upper_map := a:A b:B c:C d:D e:E f:F g:G h:H i:I j:J k:K l:L m:M n:N o:O p:P q:Q r:R s:S t:T u:U v:V w:W x:X y:Y z:Z +uc = $(strip \ + $(eval __upper := $1) \ + $(foreach p,$(upper_map), \ + $(eval __upper := $(subst $(word 1,$(subst :, ,$p)),$(word 2,$(subst :, ,$p)),$(__upper))) \ + ) \ + )$(__upper) -TOOL_NAMES := +tool_names := -# for each item `xxx` in the TOOLS variable: +# for each item `xxx` in the tools variable: # - a $(XXX_VERSION) variable is generated # -> this variable contains the version of the tool # - a $(NEEDS_XXX) variable is generated @@ -196,20 +204,20 @@ TOOL_NAMES := # creates a link to the corresponding versioned target: # $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) define tool_defs -TOOL_NAMES += $1 +tool_names += $1 -$(call UC,$1)_VERSION ?= $2 -NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1 -$(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 +$(call uc,$1)_VERSION ?= $2 +NEEDS_$(call uc,$1) := $$(bin_dir)/tools/$1 +$(call uc,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 -$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools +$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call uc,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call uc,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools @cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) @touch $$@ # making sure the target of the symlink is newer than *_VERSION endef -$(foreach TOOL,$(TOOLS),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(TOOL))),$(word 2,$(subst =, ,$(TOOL)))))) +$(foreach tool,$(tools),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(tool))),$(word 2,$(subst =, ,$(tool)))))) -TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) +tools_paths := $(tool_names:%=$(bin_dir)/tools/%) ###### # Go # @@ -225,13 +233,18 @@ TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) # or when "make vendor-go" was previously run, in which case $(NEEDS_GO) is set # to $(bin_dir)/tools/go, since $(bin_dir)/tools/go is a prerequisite of # any target depending on Go when "make vendor-go" was run. -export NEEDS_GO ?= $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,) -ifeq ($(NEEDS_GO),) + +detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes) +export VENDOR_GO ?= $(detected_vendoring) + +ifeq ($(VENDOR_GO),) GO := go +NEEDS_GO := # else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) GO := $(CURDIR)/$(bin_dir)/tools/go +NEEDS_GO := $(bin_dir)/tools/go MAKE := $(MAKE) vendor-go endif @@ -279,158 +292,159 @@ $(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot: | $(DO # go dependencies # ################### -GO_DEPENDENCIES := -GO_DEPENDENCIES += ginkgo=github.com/onsi/ginkgo/v2/ginkgo -GO_DEPENDENCIES += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen -GO_DEPENDENCIES += goimports=golang.org/x/tools/cmd/goimports -GO_DEPENDENCIES += go-licenses=github.com/google/go-licenses -GO_DEPENDENCIES += gotestsum=gotest.tools/gotestsum -GO_DEPENDENCIES += kustomize=sigs.k8s.io/kustomize/kustomize/v4 -GO_DEPENDENCIES += gojq=github.com/itchyny/gojq/cmd/gojq -GO_DEPENDENCIES += crane=github.com/google/go-containerregistry/cmd/crane -GO_DEPENDENCIES += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go -GO_DEPENDENCIES += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs -GO_DEPENDENCIES += cosign=github.com/sigstore/cosign/v2/cmd/cosign -GO_DEPENDENCIES += boilersuite=github.com/cert-manager/boilersuite -GO_DEPENDENCIES += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc -GO_DEPENDENCIES += oras=oras.land/oras/cmd/oras -GO_DEPENDENCIES += klone=github.com/cert-manager/klone -GO_DEPENDENCIES += goreleaser=github.com/goreleaser/goreleaser -GO_DEPENDENCIES += syft=github.com/anchore/syft/cmd/syft -GO_DEPENDENCIES += client-gen=k8s.io/code-generator/cmd/client-gen -GO_DEPENDENCIES += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen -GO_DEPENDENCIES += informer-gen=k8s.io/code-generator/cmd/informer-gen -GO_DEPENDENCIES += lister-gen=k8s.io/code-generator/cmd/lister-gen -GO_DEPENDENCIES += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen -GO_DEPENDENCIES += openapi-gen=k8s.io/code-generator/cmd/openapi-gen -GO_DEPENDENCIES += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen -GO_DEPENDENCIES += conversion-gen=k8s.io/code-generator/cmd/conversion-gen -GO_DEPENDENCIES += helm-tool=github.com/cert-manager/helm-tool -GO_DEPENDENCIES += cmctl=github.com/cert-manager/cmctl/v2 -GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel -GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint -GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck -GO_DEPENDENCIES += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk -GO_DEPENDENCIES += gh=github.com/cli/cli/v2/cmd/gh +go_dependencies := +go_dependencies += ginkgo=github.com/onsi/ginkgo/v2/ginkgo +go_dependencies += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen +go_dependencies += goimports=golang.org/x/tools/cmd/goimports +go_dependencies += go-licenses=github.com/google/go-licenses +go_dependencies += gotestsum=gotest.tools/gotestsum +go_dependencies += kustomize=sigs.k8s.io/kustomize/kustomize/v4 +go_dependencies += gojq=github.com/itchyny/gojq/cmd/gojq +go_dependencies += crane=github.com/google/go-containerregistry/cmd/crane +go_dependencies += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go +go_dependencies += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs +go_dependencies += cosign=github.com/sigstore/cosign/v2/cmd/cosign +go_dependencies += boilersuite=github.com/cert-manager/boilersuite +go_dependencies += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc +go_dependencies += oras=oras.land/oras/cmd/oras +go_dependencies += klone=github.com/cert-manager/klone +go_dependencies += goreleaser=github.com/goreleaser/goreleaser +go_dependencies += syft=github.com/anchore/syft/cmd/syft +go_dependencies += client-gen=k8s.io/code-generator/cmd/client-gen +go_dependencies += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen +go_dependencies += informer-gen=k8s.io/code-generator/cmd/informer-gen +go_dependencies += lister-gen=k8s.io/code-generator/cmd/lister-gen +go_dependencies += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen +go_dependencies += openapi-gen=k8s.io/code-generator/cmd/openapi-gen +go_dependencies += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen +go_dependencies += conversion-gen=k8s.io/code-generator/cmd/conversion-gen +go_dependencies += helm-tool=github.com/cert-manager/helm-tool +go_dependencies += cmctl=github.com/cert-manager/cmctl/v2 +go_dependencies += cmrel=github.com/cert-manager/release/cmd/cmrel +go_dependencies += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint +go_dependencies += govulncheck=golang.org/x/vuln/cmd/govulncheck +go_dependencies += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk +go_dependencies += gh=github.com/cli/cli/v2/cmd/gh +go_dependencies += gci=github.com/daixiang0/gci ################# # go build tags # ################# -GO_TAGS := +go_tags := # Additional Go dependencies can be defined to re-use the tooling in this file ADDITIONAL_GO_DEPENDENCIES ?= ADDITIONAL_GO_TAGS ?= -GO_DEPENDENCIES += $(ADDITIONAL_GO_DEPENDENCIES) -GO_TAGS += $(ADDITIONAL_GO_TAGS) +go_dependencies += $(ADDITIONAL_GO_DEPENDENCIES) +go_tags += $(ADDITIONAL_GO_TAGS) go_tags_init = go_tags_$1 := -$(call for_each_kv,go_tags_init,$(GO_DEPENDENCIES)) +$(call for_each_kv,go_tags_init,$(go_dependencies)) go_tags_defs = go_tags_$1 += $2 -$(call for_each_kv,go_tags_defs,$(GO_TAGS)) +$(call for_each_kv,go_tags_defs,$(go_tags)) define go_dependency -$$(DOWNLOAD_DIR)/tools/$1@$($(call UC,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools +$$(DOWNLOAD_DIR)/tools/$1@$($(call uc,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools @source $$(lock_script) $$@; \ mkdir -p $$(outfile).dir; \ - GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION); \ + GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call uc,$1)_VERSION); \ mv $$(outfile).dir/$1 $$(outfile); \ rm -rf $$(outfile).dir endef -$(call for_each_kv,go_dependency,$(GO_DEPENDENCIES)) +$(call for_each_kv,go_dependency,$(go_dependencies)) ################## # File downloads # ################## -GO_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17 -GO_linux_arm64_SHA256SUM=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc -GO_darwin_amd64_SHA256SUM=c0599a349b8d4a1afa3a1721478bb21136ab96c0d75b5f0a0b5fdc9e3b736880 -GO_darwin_arm64_SHA256SUM=3411600bd7596c57ae29cfdb4978e5d45cafa3f428a44a526ad5a2d5ad870506 +go_linux_amd64_SHA256SUM=8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36 +go_linux_arm64_SHA256SUM=6c33e52a5b26e7aa021b94475587fce80043a727a54ceb0eee2f9fc160646434 +go_darwin_amd64_SHA256SUM=dd5b9303f612379caebfd12eb19e6cadee653b300443eac3a5aca341b05ad7e9 +go_darwin_arm64_SHA256SUM=58d2838f28631038ed5583c5aefb73ea4e5b13040983df21c647880f4f7dd381 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ - $(checkhash_script) $(outfile) $(GO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) + $(checkhash_script) $(outfile) $(go_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) -HELM_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 -HELM_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 -HELM_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 -HELM_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d +helm_linux_amd64_SHA256SUM=a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259 +helm_linux_arm64_SHA256SUM=113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2 +helm_darwin_amd64_SHA256SUM=73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9 +helm_darwin_arm64_SHA256SUM=61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c .PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(HELM_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(helm_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz $(HOST_OS)-$(HOST_ARCH)/helm > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).tar.gz -KUBECTL_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f -KUBECTL_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b -KUBECTL_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c -KUBECTL_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 +kubectl_linux_amd64_SHA256SUM=7c3807c0f5c1b30110a2ff1e55da1d112a6d0096201f1beb81b269f582b5d1c5 +kubectl_linux_arm64_SHA256SUM=669af0cf520757298ea60a8b6eb6b719ba443a9c7d35f36d3fb2fd7513e8c7d2 +kubectl_darwin_amd64_SHA256SUM=bcfa57d020b8d07d0ea77235ce8012c2c28fefdfd7cb9738f33674a7b16cef08 +kubectl_darwin_arm64_SHA256SUM=45cfa208151320153742062824398f22bb6bfb5a142bf6238476d55dacbd1bdd .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(HOST_OS)/$(HOST_ARCH)/kubectl -o $(outfile); \ - $(checkhash_script) $(outfile) $(KUBECTL_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(kubectl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded -KIND_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 -KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad -KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf +kind_linux_amd64_SHA256SUM=e4264d7ee07ca642fe52818d7c0ed188b193c214889dd055c929dbcb968d1f62 +kind_linux_arm64_SHA256SUM=4431805115da3b54290e3e976fe2db9a7e703f116177aace6735dfa1d8a4f3fe +kind_darwin_amd64_SHA256SUM=28a9f7ad7fd77922c639e21c034d0f989b33402693f4f842099cd9185b144d20 +kind_darwin_arm64_SHA256SUM=c8dd3b287965150ae4db668294edc48229116e95d94620c306d8fae932ee633f .PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH) -$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools $(bin_dir)/tools +$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(KIND_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(kind_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -VAULT_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b -VAULT_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb -VAULT_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c -VAULT_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 +vault_linux_amd64_SHA256SUM=688ce462b70cb674f84fddb731f75bb710db5ad9e4e5a17659e90e1283a8b4b7 +vault_linux_arm64_SHA256SUM=d5bd42227d295b1dcc4a5889c37e6a8ca945ece4795819718eaf54db87aa6d4f +vault_darwin_amd64_SHA256SUM=e4886d22273dedc579dc2382e114e7be29341049a48592f8f7be8a0020310731 +vault_darwin_arm64_SHA256SUM=ca59c85e7e3d67e25b6bfa505f7e7717b418452e8bfcd602a2a717bc06d5b1ee .PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \ - $(checkhash_script) $(outfile).zip $(VAULT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).zip $(vault_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ unzip -qq -c $(outfile).zip > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip -AZWI_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 -AZWI_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df -AZWI_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 -AZWI_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c +azwi_linux_amd64_SHA256SUM=d33aaedbcbcc0ef61d845b3704ab336deaafc192c854e887896e163b99097871 +azwi_linux_arm64_SHA256SUM=7c4b55ef83e62f4b597885e66fbbdf0720cf0e2be3f1a16212f9b41d4b61b454 +azwi_darwin_amd64_SHA256SUM=47a9e99a7e02e531967d1c9a8abf12e73134f88ce3363007f411ba9b83497fd0 +azwi_darwin_arm64_SHA256SUM=19c5cf9fe4e1a7394bc01456d5e314fd898162d2d360c585fc72e46dae930659 .PRECIOUS: $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(AZWI_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(azwi_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ rm -f $(outfile).tar.gz -KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb -KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e -KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f -KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 +kubebuilder_tools_linux_amd64_SHA256SUM=d51dae845397b7548444157903f2d573493afb6f90ce9417c0f5c61d4b1f908d +kubebuilder_tools_linux_arm64_SHA256SUM=83123010f603390ee0f417ad1cf2a715f5bff335c5841dcd4221764e52732336 +kubebuilder_tools_darwin_amd64_SHA256SUM=46f5a680f28b6db9fdaaab4659dee68a1f2e04a0d9a39f9b0176562a9e95167b +kubebuilder_tools_darwin_arm64_SHA256SUM=ce37b6fcd7678d78a610da1ae5e8e68777025b2bf046558820f967fe7a8f0dfd .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ - $(checkhash_script) $(outfile) $(KUBEBUILDER_TOOLS_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) + $(checkhash_script) $(outfile) $(kubebuilder_tools_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) $(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ @@ -440,10 +454,10 @@ $(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$( @source $(lock_script) $@; \ tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile) -KYVERNO_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 -KYVERNO_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc -KYVERNO_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 -KYVERNO_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e +kyverno_linux_amd64_SHA256SUM=a5f6e9070c17acc47168c8ce4db78e45258376551b8bf68ad2d5ed27454cf666 +kyverno_linux_arm64_SHA256SUM=007e828d622e73614365f5f7e8e107e36ae686e97e8982b1eeb53511fb2363c3 +kyverno_darwin_amd64_SHA256SUM=20786eebf45238e8b4a35f4146c3f8dfea35968cf8ef6ca6d6727559f5c0156e +kyverno_darwin_arm64_SHA256SUM=3a454fb0b2bfbca6225d46ff4cc0b702fd4a63e978718c50225472b9631a8015 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -451,27 +465,27 @@ $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DO @source $(lock_script) $@; \ $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(HOST_OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(KYVERNO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(kyverno_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz kyverno > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).tar.gz -YQ_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 -YQ_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 -YQ_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed -YQ_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 +yq_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 +yq_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 +yq_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed +yq_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 .PRECIOUS: $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(HOST_OS)_$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(YQ_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(yq_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -KO_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 -KO_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 -KO_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 -KO_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 +ko_linux_amd64_SHA256SUM=d11f03f23261d16f9e7802291e9d098e84f5daecc7931e8573bece9025b6a2c5 +ko_linux_arm64_SHA256SUM=8294849c0f12138006cd149dd02bb580c0eea41a6031473705cbf825e021a688 +ko_darwin_amd64_SHA256SUM=314c33154de941bfc4ede5e7283eb182028459bac36eb4223859e0b778254936 +ko_darwin_arm64_SHA256SUM=b6ecd62eb4f9238a0ed0512d7a34648b881aea0774c3830e3e5159370eb6834f .PRECIOUS: $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -480,15 +494,15 @@ $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR @source $(lock_script) $@; \ $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(KO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(ko_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz ko > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).tar.gz -PROTOC_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 -PROTOC_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b -PROTOC_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 -PROTOC_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 +protoc_linux_amd64_SHA256SUM=a7be2928c0454f132c599e25b79b7ad1b57663f2337d7f7e468a1d59b98ec1b0 +protoc_linux_arm64_SHA256SUM=64a3b3b5f7dac0c8f9cf1cb85b2b1a237eb628644f6bcb0fb8f23db6e0d66181 +protoc_darwin_amd64_SHA256SUM=febd8821c3a2a23f72f4641471e0ab6486f4fb07b68111490a27a31681465b3c +protoc_darwin_arm64_SHA256SUM=26a29befa8891ecc48809958c909d284f2b9539a2eb47f22cadc631fe6abe8fd .PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -497,15 +511,15 @@ $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN @source $(lock_script) $@; \ $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(OS)-$(ARCH).zip -o $(outfile).zip; \ - $(checkhash_script) $(outfile).zip $(PROTOC_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).zip $(protoc_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip -TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d -TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b -TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 -TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 +trivy_linux_amd64_SHA256SUM=b0d135815867246baba52f608f4af84beca90cfeb17a9ce407a21acca760ace1 +trivy_linux_arm64_SHA256SUM=1be1dee3a5e013528374f25391d6ba84e2a10fda59f4e98431e30d9c4975762b +trivy_darwin_amd64_SHA256SUM=744f5e8c5c09c1e5ec6ec6a0570f779d89964c0a91ab60b4e59b284cdd3e1576 +trivy_darwin_arm64_SHA256SUM=e78a0db86f6364e756d5e058316c7815a747fc7fd8e8e984e3baf5830166ec63 .PRECIOUS: $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -514,27 +528,27 @@ $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLO @source $(lock_script) $@; \ $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(OS)-$(ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(TRIVY_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(trivy_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz trivy > $(outfile); \ chmod +x $(outfile); \ rm $(outfile).tar.gz -YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 -YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b -YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 -YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 +ytt_linux_amd64_SHA256SUM=357ec754446b1eda29dd529e088f617e85809726c686598ab03cfc1c79f43b56 +ytt_linux_arm64_SHA256SUM=a2d195b058884c0e36a918936076965b8efb426f7e00f6b7d7b99b82737c7299 +ytt_darwin_amd64_SHA256SUM=71b5ea38bfc7a9748c35ce0735fd6f806dce46bd5c9039d527050c7682e62a70 +ytt_darwin_arm64_SHA256SUM=0658db4af8263ca091ca31e4b599cb40c324b75934660a4c0ed98ad9b701f7e9 .PRECIOUS: $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(YTT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(ytt_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 -RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 -RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 -RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a +rclone_linux_amd64_SHA256SUM=b4d304b1dc76001b1d3bb820ae8d1ae60a072afbd3296be904a3ee00b3d4fab9 +rclone_linux_arm64_SHA256SUM=c50a3ab93082f21788f9244393b19f2426edeeb896eec2e3e05ffb2e8727e075 +rclone_darwin_amd64_SHA256SUM=5adb4c5fe0675627461000a63156001301ec7cade966c55c8c4ebcfaeb62c5ae +rclone_darwin_arm64_SHA256SUM=b5f4c4d06ff3d426aee99870ad437276c9ddaad55442f2df6a58b918115fe4cf .PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -542,15 +556,15 @@ $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN @source $(lock_script) $@; \ $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH).zip -o $(outfile).zip; \ - $(checkhash_script) $(outfile).zip $(RCLONE_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).zip $(rclone_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ unzip -p $(outfile).zip rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH)/rclone > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip -PREFLIGHT_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd -PREFLIGHT_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe +preflight_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd +preflight_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe -# Currently there are no offical releases for darwin, you cannot submit results +# Currently there are no offical releases for darwin, you cannot submit results # on non-official binaries, but we can still run tests. # # Once https://github.com/redhat-openshift-ecosystem/openshift-preflight/pull/942 is merged @@ -567,7 +581,7 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH): | $(DO $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$(PREFLIGHT_VERSION)/preflight-linux-$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(PREFLIGHT_linux_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(preflight_linux_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) ################# @@ -583,21 +597,21 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOW # about go being missing even though abc itself depends on vendor-go! # That means we need to pass vendor-go at the top level if go is not installed (i.e. "make vendor-go abc") -MISSING=$(shell (command -v curl >/dev/null || echo curl) \ +missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ && (command -v rsync >/dev/null || echo rsync) \ && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) -ifneq ($(MISSING),) -$(error Missing required tools: $(MISSING)) +ifneq ($(missing),) +$(error Missing required tools: $(missing)) endif .PHONY: tools ## Download and setup all tools ## @category [shared] Tools -tools: $(TOOLS_PATHS) +tools: $(tools_paths) self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk @@ -614,7 +628,7 @@ tools-learn-sha: | $(bin_dir) HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools - + HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go diff --git a/make/_shared/tools/util/lock.sh b/make/_shared/tools/util/lock.sh index d3c437ef..22564f7c 100755 --- a/make/_shared/tools/util/lock.sh +++ b/make/_shared/tools/util/lock.sh @@ -28,8 +28,6 @@ set -o pipefail finalfile="$1" lockfile="$finalfile.lock" -# Timeout in seconds. -timeout=60 # On OSX, flock is not installed, we just skip locking in that case, # this means that running verify in parallel without downloading all @@ -42,8 +40,8 @@ if [[ "$flock_installed" == "yes" ]]; then exec {FD}<>"$lockfile" # wait for the file to be unlocked - if ! flock -x -w $timeout $FD; then - echo "Failed to obtain a lock for $lockfile within $timeout seconds" + if ! flock -x $FD; then + echo "Failed to obtain a lock for $lockfile" exit 1 fi fi