[WIP] Road to version 9.0: Updated go version to 1.22 & Fixed Breaking Changes ✨

.github/workflows/auto-codespell.yml

@@ -18,7 +18,7 @@ jobs:
       with:
         check_filenames: true
         ignore_words_list: aks,ags,startin,NotIn
-        skip: "*.js,package-lock.json,*.lock,*/Font-Awesome/*,*.toml,*.svg,*assets/vendor/bootstrap*,cert-manager.crds.yaml,*/docs/*"
+        skip: "*.js,package-lock.json,*.lock,*/Font-Awesome/*,*.toml,*.svg,*assets/vendor/bootstrap*,cert-manager.crds.yaml,*/docs/*,go.sum"
   pre-commit:
     name: PreCommit
     runs-on: ubuntu-latest

.golangci.yml

@@ -28,13 +28,14 @@ linters:
     - loggercheck
     - misspell
     - nakedret
-    - prealloc
+    # - prealloc
     - staticcheck
     - typecheck
     - unconvert
     - unparam
     - unused
 output:
+  sort-results: true
   sort-order:
     - file
     - severity

Makefile

@@ -70,7 +70,7 @@ HAS_GOLINT := $(shell which $(PROJECT_DIR)/bin/golangci-lint)
 lint: ## Verifies `golint` passes
 	@echo "+ $@"
 ifndef HAS_GOLINT
-	GOBIN=$(PROJECT_DIR)/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
+	GOBIN=$(PROJECT_DIR)/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.0
 endif
 	@bin/golangci-lint run
 
@@ -112,11 +112,11 @@ HAS_HELM := $(shell command -v helm 2> /dev/null)
 helm: ## Download helm if it's not present, otherwise symlink
 	@echo "+ $@"
 ifeq ($(strip $(HAS_HELM)),)
-    mkdir -p $(PROJECT_DIR)/bin
-    curl -Lo $(PROJECT_DIR)/bin/helm.tar.gz https://get.helm.sh/helm-v$(HELM_VERSION)-$(PLATFORM)-amd64.tar.gz && tar xzfv $(PROJECT_DIR)/bin/helm.tar.gz -C $(PROJECT_DIR)/bin
-    mv $(PROJECT_DIR)/bin/$(PLATFORM)-amd64/helm $(PROJECT_DIR)/bin/helm
-    rm -rf $(PROJECT_DIR)/bin/$(PLATFORM)-amd64
-    rm -rf $(PROJECT_DIR)/bin/helm.tar.gz
+	mkdir -p $(PROJECT_DIR)/bin
+	curl -Lo $(PROJECT_DIR)/bin/helm.tar.gz https://get.helm.sh/helm-v$(HELM_VERSION)-$(PLATFORM)-amd64.tar.gz && tar xzfv $(PROJECT_DIR)/bin/helm.tar.gz -C $(PROJECT_DIR)/bin
+	mv $(PROJECT_DIR)/bin/$(PLATFORM)-amd64/helm $(PROJECT_DIR)/bin/helm
+	rm -rf $(PROJECT_DIR)/bin/$(PLATFORM)-amd64
+	rm -rf $(PROJECT_DIR)/bin/helm.tar.gz
 else
 	mkdir -p $(PROJECT_DIR)/bin
 	test -L $(PROJECT_DIR)/bin/helm || ln -sf $(shell command -v helm) $(PROJECT_DIR)/bin/helm
@@ -156,7 +156,7 @@ staticcheck: ## Verifies `staticcheck` passes
 	@echo "+ $@"
 ifndef HAS_STATICCHECK
 	$(eval TMP_DIR := $(shell mktemp -d))
-	wget -O $(TMP_DIR)/staticcheck_$(PLATFORM)_amd64.tar.gz https://github.com/dominikh/go-tools/releases/download/2020.1.3/staticcheck_$(PLATFORM)_amd64.tar.gz
+	wget -O $(TMP_DIR)/staticcheck_$(PLATFORM)_amd64.tar.gz https://github.com/dominikh/go-tools/releases/download/2023.1.7/staticcheck_$(PLATFORM)_amd64.tar.gz
 	tar zxvf $(TMP_DIR)/staticcheck_$(PLATFORM)_amd64.tar.gz -C $(TMP_DIR)
 	mkdir -p $(PROJECT_DIR)/bin
 	mv $(TMP_DIR)/staticcheck/staticcheck $(PROJECT_DIR)/bin
@@ -332,7 +332,7 @@ container-runtime-release: container-runtime-release-version container-runtime-r
 # so that the user can send e.g. ^C through.
 INTERACTIVE := $(shell [ -t 0 ] && echo 1 || echo 0)
 ifeq ($(INTERACTIVE), 1)
-    DOCKER_FLAGS += -t
+	DOCKER_FLAGS += -t
 endif
 
 .PHONY: container-runtime-run
@@ -538,8 +538,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.9.2
+KUSTOMIZE_VERSION ?= v5.3.0
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize

api/v1alpha2/jenkins_webhook.go

@@ -21,7 +21,6 @@ import (
 	"encoding/json"
 	"errors"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"time"
@@ -271,7 +270,7 @@ func (in *SecurityValidator) download() error {
 	}
 	defer func() {
 		if err := out.Close(); err != nil {
-			jenkinslog.V(log.VDebug).Info("Failed to close file", "error", err)
+			jenkinslog.V(log.VDebug).Info("Failed to close SecurityValidator.download io", "error", err)
 		}
 	}()
 
@@ -290,10 +289,10 @@ func (in *SecurityValidator) download() error {
 		return err
 	}
 
-	defer response.Body.Close()
+	defer httpResponseCloser(response)
 
 	if err := out.Close(); err != nil {
-		jenkinslog.V(log.VDebug).Info("Failed to send file", err)
+		jenkinslog.V(log.VDebug).Info("Failed to send file", "error", err.Error())
 	}
 
 	_, err = io.Copy(out, response.Body)
@@ -306,18 +305,32 @@ func (in *SecurityValidator) extract() error {
 	if err != nil {
 		return err
 	}
-	defer reader.Close()
+	defer func() {
+		if err := reader.Close(); err != nil {
+			log.Log.Error(err, "failed to close SecurityValidator.extract.reader ")
+		}
+	}()
+
 	archive, err := gzip.NewReader(reader)
 	if err != nil {
 		return err
 	}
 
-	defer archive.Close()
+	defer func() {
+		if err := archive.Close(); err != nil {
+			log.Log.Error(err, "failed to close SecurityValidator.extract.archive ")
+		}
+	}()
 	writer, err := os.Create(PluginDataFile)
 	if err != nil {
 		return err
 	}
-	defer writer.Close()
+
+	defer func() {
+		if err := writer.Close(); err != nil {
+			log.Log.Error(err, "failed to close SecurityValidator.extract.writer")
+		}
+	}()
 
 	_, err = io.Copy(writer, archive)
 	return err
@@ -329,8 +342,12 @@ func (in *SecurityValidator) cache() error {
 	if err != nil {
 		return err
 	}
-	defer jsonFile.Close()
-	byteValue, err := ioutil.ReadAll(jsonFile)
+	defer func() {
+		if err := jsonFile.Close(); err != nil {
+			log.Log.Error(err, "failed to close SecurityValidator.cache.jsonFile")
+		}
+	}()
+	byteValue, err := io.ReadAll(jsonFile)
 	if err != nil {
 		return err
 	}
@@ -356,3 +373,9 @@ func compareVersions(firstVersion string, lastVersion string, pluginVersion stri
 	}
 	return true
 }
+
+func httpResponseCloser(response *http.Response) {
+	if err := response.Body.Close(); err != nil {
+		log.Log.Error(err, "failed to close http response body")
+	}
+}

api/v1alpha2/jenkins_webhook_test.go

@@ -79,7 +79,7 @@ func TestValidate(t *testing.T) {
 	t.Run("Validating when plugins data file is not fetched", func(t *testing.T) {
 		userplugins := []Plugin{{Name: "script-security", Version: "1.77"}, {Name: "git-client", Version: "3.9"}, {Name: "git", Version: "4.8.1"}, {Name: "plain-credentials", Version: "1.7"}}
 		jenkinscr := *createJenkinsCR(userplugins, true)
-		got := jenkinscr.ValidateCreate()
+		_, got := jenkinscr.ValidateCreate()
 		assert.Equal(t, got, errors.New("plugins data has not been fetched"))
 	})
 
@@ -95,7 +95,7 @@ func TestValidate(t *testing.T) {
 			{Name: "plain-credentials"}}}
 		userplugins := []Plugin{{Name: "script-security", Version: "1.77"}, {Name: "git-client", Version: "3.9"}, {Name: "git", Version: "4.8.1"}, {Name: "plain-credentials", Version: "1.7"}}
 		jenkinscr := *createJenkinsCR(userplugins, true)
-		got := jenkinscr.ValidateCreate()
+		_, got := jenkinscr.ValidateCreate()
 		assert.Nil(t, got)
 	})
 
@@ -113,7 +113,7 @@ func TestValidate(t *testing.T) {
 		}}
 		userplugins := []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
 		jenkinscr := *createJenkinsCR(userplugins, true)
-		got := jenkinscr.ValidateCreate()
+		_, got := jenkinscr.ValidateCreate()
 		assert.Equal(t, got, errors.New("security vulnerabilities detected in the following user-defined plugins: \nworkflow-cps:2.59\ngoogle-login:1.2\nmailer:1.1"))
 	})
 
@@ -136,19 +136,19 @@ func TestValidate(t *testing.T) {
 
 		userplugins = []Plugin{{Name: "handy-uri-templates-2-api", Version: "2.1.8-1.0"}, {Name: "resource-disposer", Version: "0.8"}, {Name: "jjwt-api", Version: "0.11.2-9.c8b45b8bb173"}, {Name: "blueocean-github-pipeline", Version: "1.2.0-beta-3"}, {Name: "ghprb", Version: "1.39"}}
 		newjenkinscr := *createJenkinsCR(userplugins, true)
-		got := newjenkinscr.ValidateUpdate(&oldjenkinscr)
+		_, got := newjenkinscr.ValidateUpdate(&oldjenkinscr)
 		assert.Equal(t, got, errors.New("security vulnerabilities detected in the following user-defined plugins: \nhandy-uri-templates-2-api:2.1.8-1.0\nresource-disposer:0.8\nblueocean-github-pipeline:1.2.0-beta-3\nghprb:1.39"))
 	})
 
 	t.Run("Validation is turned off", func(t *testing.T) {
 		userplugins := []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
 		jenkinscr := *createJenkinsCR(userplugins, false)
-		got := jenkinscr.ValidateCreate()
+		_, got := jenkinscr.ValidateCreate()
 		assert.Nil(t, got)
 
 		userplugins = []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
 		newjenkinscr := *createJenkinsCR(userplugins, false)
-		got = newjenkinscr.ValidateUpdate(&jenkinscr)
+		_, got = newjenkinscr.ValidateUpdate(&jenkinscr)
 		assert.Nil(t, got)
 	})
 }

cmd/main.go

@@ -40,7 +40,10 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
+	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -126,14 +129,23 @@ func main() {
 		fatal(errors.Wrap(err, "failed to get config"), *debug)
 	}
 
+	cacheNamespace := map[string]cache.Config{}
+	cacheNamespace[namespace] = cache.Config{}
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme:                 scheme,
-		MetricsBindAddress:     fmt.Sprintf("%s:%d", metricsHost, metricsPort),
-		Port:                   9443,
+		// MetricsBindAddress:      fmt.Sprintf("%s:%d", metricsHost, metricsPort),
+		Metrics: server.Options{
+			BindAddress: fmt.Sprintf("%s:%d", metricsHost, metricsPort),
+		},
+		Scheme: scheme,
+		// Port:                    9443,
+		WebhookServer: webhook.NewServer(webhook.Options{
+			Port: 9443,
+		}),
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "c674355f.jenkins.io",
-		Namespace:              namespace,
+		// Namespace:              namespace,
+		Cache: cache.Options{DefaultNamespaces: cacheNamespace},
 	})
 	if err != nil {
 		fatal(errors.Wrap(err, "unable to start manager"), *debug)

config.base.env

@@ -3,7 +3,7 @@ API_VERSION_NEXT="v1alpha3"
 API_VERSION="v1alpha2"
 CLUSTER_DOMAIN="cluster.local"
 GEN_CRD_API="gen-crd-api-reference-docs"
-GO_VERSION="1.21.12"
+GO_VERSION="1.22"
 HELM_VERSION="3.12.3"
 IMAGE_PULL_MODE="local"
 KIND_CLUSTER_NAME="jenkins"