Add makefile-modules

Author: paulwilljones

.github/workflows/govulncheck.yaml

@@ -0,0 +1,35 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead.
+
+# Run govulncheck at midnight every night on the main branch,
+# to alert us to recent vulnerabilities which affect the Go code in this
+# project.
+name: govulncheck
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        # Adding `fetch-depth: 0` makes sure tags are also fetched. We need
+        # the tags so `git describe` returns a valid version.
+        # see https://github.com/actions/checkout/issues/701 for extra info about this option
+        with: { fetch-depth: 0 }
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: make verify-govulncheck

.gitignore

@@ -1,3 +1,5 @@
 /bin
 coverage.out
 .debug
+_bin
+.vscode

.golangci.yaml

@@ -0,0 +1,85 @@
+version: "2"
+linters:
+  default: none
+  exclusions:
+    generated: lax
+    presets: [comments, common-false-positives, legacy, std-error-handling]
+    rules:
+      - linters:
+          - gomoddirectives
+          - promlinter
+        text: .*
+    paths: [third_party$, builtin$, examples$]
+    warn-unused: true
+  settings:
+    staticcheck:
+      checks: ["all", "-ST1000", "-ST1001", "-ST1003", "-ST1005", "-ST1012", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-QF1001", "-QF1003", "-QF1008"]
+  enable:
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - canonicalheader
+    - contextcheck
+    - copyloopvar
+    - decorder
+    - dogsled
+    - dupword
+    - durationcheck
+    - errcheck
+    - errchkjson
+    - errname
+    - exhaustive
+    - exptostd
+    - forbidigo
+    - ginkgolinter
+    - gocheckcompilerdirectives
+    - gochecksumtype
+    - gocritic
+    - goheader
+    - goprintffuncname
+    - gosec
+    - gosmopolitan
+    - govet
+    - grouper
+    - importas
+    - ineffassign
+    - interfacebloat
+    - intrange
+    - loggercheck
+    - makezero
+    - mirror
+    - misspell
+    - musttag
+    - nakedret
+    - nilerr
+    - nilnil
+    - noctx
+    - nosprintfhostport
+    - predeclared
+    - promlinter
+    - protogetter
+    - reassign
+    - sloglint
+    - staticcheck
+    - tagalign
+    - testableexamples
+    - unconvert
+    - unparam
+    - unused
+    - usestdlibvars
+    - usetesting
+    - wastedassign
+formatters:
+  enable: [gci, gofmt]
+  settings:
+    gci:
+      sections:
+        - standard # Standard section: captures all standard packages.
+        - default # Default section: contains all imports that could not be matched to another section type.
+        - prefix(github.com/jetstack/version-checker) # Custom section: groups all imports with the specified Prefix.
+        - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled.
+        - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled.
+  exclusions:
+    generated: lax
+    paths: [third_party$, builtin$, examples$]

Makefile

@@ -30,7 +30,7 @@
 ##################################
 
 # Some modules build their dependencies from variables, we want these to be 
-# evalutated at the last possible moment. For this we use second expansion to 
+# evaluated at the last possible moment. For this we use second expansion to 
 # re-evaluate the generate and verify targets a second time.
 #
 # See https://www.gnu.org/software/make/manual/html_node/Secondary-Expansion.html
@@ -52,10 +52,6 @@ noop: # do nothing
 # warning from happening when running make without arguments
 MAKECMDGOALS ?=
 
-image: ## build docker image
-	GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/.
-	docker build -t quay.io/jetstack/version-checker:v0.9.0 .
-
 ##################################
 # Host OS and architecture setup #
 ##################################

deploy/charts/version-checker/values.linter.exceptions

@@ -40,14 +40,17 @@ require (
 	github.com/google/go-github/v70 v70.0.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/jarcoal/httpmock v1.3.1
+	github.com/onsi/ginkgo/v2 v2.22.0
+	github.com/onsi/gomega v1.36.1
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.10.0
 	sigs.k8s.io/controller-runtime v0.20.4
-	github.com/onsi/ginkgo/v2 v2.19.0
-	github.com/onsi/gomega v1.33.1
 )
 
-require github.com/itchyny/timefmt-go v0.1.6 // indirect
+require (
+	github.com/itchyny/timefmt-go v0.1.6 // indirect
+	golang.org/x/tools v0.29.0 // indirect
+)
 
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
@@ -91,13 +94,12 @@ require (
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
+	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/itchyny/gojq v0.12.16
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect

go.mod

@@ -0,0 +1,59 @@
+# This klone.yaml file describes the Makefile modules and versions that are
+# cloned into the "make/_shared" folder. These modules are dynamically imported
+# by the root Makefile. The "make upgrade-klone" target can be used to pull
+# the latest version from the upstream repositories (using the repo_ref value).
+#
+# More info can be found here: https://github.com/cert-manager/makefile-modules
+
+targets:
+  make/_shared:
+    - folder_name: generate-verify
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/generate-verify
+    - folder_name: go
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/go
+    - folder_name: helm
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/helm
+    - folder_name: help
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/help
+    - folder_name: kind
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/kind
+    - folder_name: klone
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/klone
+    - folder_name: oci-build
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/oci-build
+    - folder_name: oci-publish
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/oci-publish
+    - folder_name: repository-base
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/repository-base
+    - folder_name: tools
+      repo_url: https://github.com/cert-manager/makefile-modules.git
+      repo_ref: main
+      repo_hash: 9c9f116938e082201a6bae0aedc7c7cf525fd8bf
+      repo_path: modules/tools

klone.yaml

@@ -32,7 +32,7 @@ deploy_name := version-checker
 deploy_namespace := version-checker
 
 helm_chart_source_dir := deploy/charts/version-checker
-helm_chart_name := version-checker
+helm_chart_image_name := version-checker
 helm_chart_version := $(VERSION)
 helm_labels_template_name := version-checker.labels
 helm_docs_use_helm_tool := 1

make/00_mod.mk

@@ -0,0 +1,18 @@
+# Copyright 2023 The cert-manager Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+shared_generate_targets ?=
+shared_generate_targets_dirty ?=
+shared_verify_targets ?=
+shared_verify_targets_dirty ?=

make/_shared/generate-verify/00_mod.mk

@@ -0,0 +1,39 @@
+# Copyright 2023 The cert-manager Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+.PHONY: generate
+## Generate all generate targets.
+## @category [shared] Generate/ Verify
+generate: $$(shared_generate_targets)
+	@echo "The following targets cannot be run simultaneously with each other or other generate scripts:"
+	$(foreach TARGET,$(shared_generate_targets_dirty), $(MAKE) $(TARGET))
+
+verify_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/verify.sh
+
+# Run the supplied make target argument in a temporary workspace and diff the results.
+verify-%: FORCE
+	+$(verify_script) $(MAKE) $*
+
+verify_generated_targets = $(shared_generate_targets:%=verify-%)
+verify_generated_targets_dirty = $(shared_generate_targets_dirty:%=verify-%)
+
+verify_targets = $(sort $(verify_generated_targets) $(shared_verify_targets))
+verify_targets_dirty = $(sort $(verify_generated_targets_dirty) $(shared_verify_targets_dirty))
+
+.PHONY: verify
+## Verify code and generate targets.
+## @category [shared] Generate/ Verify
+verify: $$(verify_targets)
+	@echo "The following targets create temporary files in the current directory, that is why they have to be run last:"
+	$(foreach TARGET,$(verify_targets_dirty), $(MAKE) $(TARGET))

make/_shared/generate-verify/02_mod.mk

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+# Copyright 2023 The cert-manager Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Verify that the supplied command does not make any changes to the repository.
+#
+# This is called from the Makefile to verify that all code generation scripts
+# have been run and that their changes have been committed to the repository.
+#
+# Runs any of the scripts or Make targets in this repository, after making a
+# copy of the repository, then reports any changes to the files in the copy.
+
+# For example:
+#
+#  make verify-helm-chart-update || \
+#    make helm-chart-update
+#
+set -o errexit
+set -o nounset
+set -o pipefail
+
+projectdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../../.." && pwd )"
+
+cd "${projectdir}"
+
+# Use short form arguments here to support BSD/macOS. `-d` instructs
+# it to make a directory, `-t` provides a prefix to use for the directory name.
+tmp="$(mktemp -d /tmp/verify.sh.XXXXXXXX)"
+
+cleanup() {
+    rm -rf "${tmp}"
+}
+trap "cleanup" EXIT SIGINT
+
+# Why not just "cp" to the tmp dir?
+# A dumb "cp" will fail sometimes since _bin can get changed while it's being copied if targets are run in parallel,
+# and cp doesn't have some universal "exclude" option to ignore "_bin"
+#
+# We previously used "rsync" here, but:
+# 1. That's another tool we need to depend on
+# 2. rsync on macOS 15.4 and newer is actually openrsync, which has different permissions and throws errors when copying git objects
+#
+# So, we use find to list all files except _bin, and then copy each in turn
+find . -maxdepth 1 -not \( -path "./_bin" \) -not \( -path "." \) | xargs -I% cp -af "${projectdir}/%" "${tmp}/"
+
+pushd "${tmp}" >/dev/null
+
+"$@"
+
+popd >/dev/null
+
+if ! diff \
+    --exclude=".git" \
+    --exclude="_bin" \
+    --new-file --unified --show-c-function --recursive "${projectdir}" "${tmp}"
+then
+    echo
+    echo "Project '${projectdir}' is out of date."
+    echo "Please run '${*}' or apply the above diffs"
+    exit 1
+fi