Merge pull request #25 from kubewarden/renovate/all-minor-patch

Update deps and drop patched tinygo
kubewarden · Jun 24, 2024 · e9185d8 · e9185d8
2 parents e79d12e + 03ef928
commit e9185d8
Show file tree

Hide file tree

Showing 117 changed files with 25,412 additions and 512 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,12 +5,12 @@ on:
     tags:
       - "v*"
 
-name: Release policy - test
+name: Release policy
 
 jobs:
   test:
     name: run tests and linters
-    uses: ./.github/workflows/reusable-test-policy-go.yml
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.2.0
 
   release:
     needs: test
@@ -22,72 +22,6 @@ jobs:
       # Required by cosign keyless signing
       id-token: write
 
-    # TODO: go back to using the reusable workflow once we don't need the special tinygo build
-    #uses: kubewarden/github-actions/.github/workflows/[email protected]
-    #with:
-    #  oci-target: ghcr.io/${{ github.repository_owner }}/policies/rancher-project-quotas-namespace-validator
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install dependencies
-        uses: kubewarden/github-actions/[email protected]
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          # until https://github.com/actions/checkout/pull/579 is released
-          fetch-depth: 0
-      - name: Install patched tinygo
-        shell: bash
-        run: |
-          wget https://github.com/tinygo-org/tinygo/releases/download/v0.28.1/tinygo_0.28.1_amd64.deb
-          sudo dpkg -i tinygo_0.28.1_amd64.deb
-          wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-16/libclang_rt.builtins-wasm32-wasi-16.0.tar.gz
-          tar xvf libclang_rt.builtins-wasm32-wasi-16.0.tar.gz
-          sudo cp lib/wasi/libclang_rt.builtins-wasm32.a /usr/local/lib/tinygo/lib/wasi-libc/sysroot/lib/wasm32-wasi/
-          sudo cp wasi-gh-action.json /usr/local/lib/tinygo/targets/wasi.json
-      - id: calculate-version
-        if: ${{ inputs.artifacthub }}
-        # obtain latest tag. Here it must be the current release tag
-        run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
-        shell: bash
-      - name: Check that artifacthub-pkg.yml is up-to-date
-        if: ${{ inputs.artifacthub }}
-        uses: kubewarden/github-actions/[email protected]
-        with:
-          version: ${{ steps.calculate-version.outputs.version }}
-      - name: Build policy
-        run: |
-          tinygo build -o policy.wasm -target=wasi -no-debug .
-      - name: Generate the SBOM files
-        shell: bash
-        run: |
-          spdx-sbom-generator -f json
-
-          # SBOM files should have "sbom" in the name due the CLO monitor
-          # https://clomonitor.io/docs/topics/checks/#software-bill-of-materials-sbom
-          mv bom-go-mod.json policy-sbom.spdx.json
-      - name: Annotate Wasm module
-        shell: bash
-        run: |
-          make annotated-policy.wasm
-      - name: Sign BOM file
-        shell: bash
-        run: |
-          cosign sign-blob --yes --output-certificate policy-sbom.spdx.cert \
-            --output-signature policy-sbom.spdx.sig \
-            policy-sbom.spdx.json
-      - name: Upload policy SBOM files
-        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
-        with:
-          name: policy-sbom
-          path: |
-            policy-sbom.spdx.json
-            policy-sbom.spdx.cert
-            policy-sbom.spdx.sig
-      - name: Run e2e tests
-        run: |
-          make e2e-tests
-      - name: Release
-        uses: kubewarden/github-actions/[email protected]
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          oci-target: ghcr.io/${{ github.repository_owner }}/policies/rancher-project-quotas-namespace-validator
+    uses: kubewarden/github-actions/.github/workflows/[email protected]
+    with:
+      oci-target: ghcr.io/${{ github.repository_owner }}/policies/rancher-project-quotas-namespace-validator
diff --git a/.github/workflows/reusable-test-policy-go.yml b/.github/workflows/reusable-test-policy-go.yml
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,4 +3,4 @@ name: Continuous integration
 jobs:
   test:
     name: run tests and linters
-    uses: ./.github/workflows/reusable-test-policy-go.yml
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.2.0
diff --git a/Dockerfile b/Dockerfile
diff --git a/Makefile b/Makefile
@@ -1,14 +1,7 @@
 SOURCE_FILES := $(shell find . -type f -name '*.go')
 VERSION := $(shell git describe | cut -c2-)
 
-# We cannot use the official tinygo container image until
-# this issue is closed: https://github.com/tinygo-org/tinygo/issues/3501
-CONTAINER_IMAGE = ghcr.io/kubewarden/tinygo/tinygo-dev:0.28.1-multi3_fix
-
-# TODO: drop this once we can use the official tinygo container image
-# see comment from above
-build-container:
-	DOCKER_BUILDKIT=1 docker build . -t $(CONTAINER_IMAGE)
+CONTAINER_IMAGE = "tinygo/tinygo:0.32.0"
 
 policy.wasm: $(SOURCE_FILES) go.mod go.sum
 	docker run \
@@ -17,7 +10,7 @@ policy.wasm: $(SOURCE_FILES) go.mod go.sum
 		-v ${PWD}:/src \
 		-w /src \
 		$(CONTAINER_IMAGE) \
-		tinygo build -o policy.wasm -target=wasi -no-debug .
+		tinygo build -o policy.wasm -target=wasip1 -no-debug .
 
 artifacthub-pkg.yml: metadata.yml go.mod
 	$(warning If you are updating the artifacthub-pkg.yml file for a release, \

diff --git a/go.mod b/go.mod
@@ -1,14 +1,23 @@
 module github.com/kubewarden/rancher-project-quotas-namespace-validator
 
-go 1.20
+go 1.22
+
+toolchain go1.22.4
 
 replace github.com/go-openapi/strfmt => github.com/kubewarden/strfmt v0.1.3
 
 require (
-	github.com/kubewarden/k8s-objects v1.27.0-kw4
-	github.com/kubewarden/policy-sdk-go v0.6.0
+	github.com/kubewarden/k8s-objects v1.29.0-kw1
+	github.com/kubewarden/policy-sdk-go v0.11.0
 	github.com/wapc/wapc-guest-tinygo v0.3.3
 	gopkg.in/inf.v0 v0.9.1
 )
 
-require github.com/go-openapi/strfmt v0.21.5 // indirect
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-openapi/strfmt v0.21.5 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/stretchr/testify v1.9.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -1,25 +1,22 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/kubewarden/k8s-objects v1.27.0-kw2 h1:6ZA72SFtDSbCupwxlIyJimUzN0nSweMCUx5jUEnoxkw=
-github.com/kubewarden/k8s-objects v1.27.0-kw2/go.mod h1:wVx4Rg1HKml8yewPwAHUWp1wYSAtBlKV/tsmteDuK1g=
-github.com/kubewarden/k8s-objects v1.27.0-kw3 h1:3a5icCAl4gRDFcDhHk/rkHeocrjSzg/gAlfhrLReqWU=
-github.com/kubewarden/k8s-objects v1.27.0-kw3/go.mod h1:EMF+Hr26oDR4yQkWJAQpl0M0Ek5ioNXlCswjGZO0G2U=
-github.com/kubewarden/k8s-objects v1.27.0-kw4 h1:az1qJLD5f5Pcx9ur1oRMhWqZi1AL5MLJoXXgRjCeuQY=
-github.com/kubewarden/k8s-objects v1.27.0-kw4/go.mod h1:EMF+Hr26oDR4yQkWJAQpl0M0Ek5ioNXlCswjGZO0G2U=
-github.com/kubewarden/policy-sdk-go v0.5.0 h1:JnSRf5pHjFzTNNp6jJbSP5a4cwzFzkUBjLujqJd+Z+w=
-github.com/kubewarden/policy-sdk-go v0.5.0/go.mod h1:1IZXauwI5iCuOZj7tU58nE/SZFb/HsCmj3ZpDVStVQs=
-github.com/kubewarden/policy-sdk-go v0.5.1 h1:O2C1NuGtGo5/d7c5iiijV3zheGDfwvBOkphfgl19crE=
-github.com/kubewarden/policy-sdk-go v0.5.1/go.mod h1:C8sUX4FYhbP69cvQfPLmIvAJhVHQyg1qaq9EynOn8a0=
-github.com/kubewarden/policy-sdk-go v0.5.2 h1:GCIXmqNBVG3ADvoH9L9KkBYHM+Npa2G2HZu2Khsyvt8=
-github.com/kubewarden/policy-sdk-go v0.5.2/go.mod h1:C8sUX4FYhbP69cvQfPLmIvAJhVHQyg1qaq9EynOn8a0=
-github.com/kubewarden/policy-sdk-go v0.6.0 h1:f7RL+hkcjt1g5/4JmUU+itzsdMNs5rFJT7ISJtSAB9g=
-github.com/kubewarden/policy-sdk-go v0.6.0/go.mod h1:C8sUX4FYhbP69cvQfPLmIvAJhVHQyg1qaq9EynOn8a0=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kubewarden/k8s-objects v1.29.0-kw1 h1:bVQ2WL1ROqApYmHQJ/yxrs3tssfzzalblE2txChcHxY=
+github.com/kubewarden/k8s-objects v1.29.0-kw1/go.mod h1:EMF+Hr26oDR4yQkWJAQpl0M0Ek5ioNXlCswjGZO0G2U=
+github.com/kubewarden/policy-sdk-go v0.11.0 h1:qW2UqARixH2r8KyitSistiAg0Ex0LA+HJr/xaBwiDcg=
+github.com/kubewarden/policy-sdk-go v0.11.0/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY=
 github.com/kubewarden/strfmt v0.1.3 h1:bb+2rbotioROjCkziSt+hqnHXzOlumN94NxDKdV2kPI=
 github.com/kubewarden/strfmt v0.1.3/go.mod h1:DXoaaIYwqW1LyyRoMeyxfHUU+VUSTNFdj38juCXfRzs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/wapc/wapc-guest-tinygo v0.3.3 h1:jLebiwjVSHLGnS+BRabQ6+XOV7oihVWAc05Hf1SbeR0=
 github.com/wapc/wapc-guest-tinygo v0.3.3/go.mod h1:mzM3CnsdSYktfPkaBdZ8v88ZlfUDEy5Jh5XBOV3fYcw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/host_context_native.go b/host_context_native.go
diff --git a/host_context_wasi.go b/host_context_wasi.go
diff --git a/settings.sample.json b/settings.sample.json
diff --git a/validate.go b/validate.go
@@ -1,13 +1,14 @@
 package main
 
 import (
+	"encoding/json"
 	"fmt"
 	"strings"
-  "encoding/json"
 
 	corev1 "github.com/kubewarden/k8s-objects/api/core/v1"
 	meta_v1 "github.com/kubewarden/k8s-objects/apimachinery/pkg/apis/meta/v1"
 	kubewarden "github.com/kubewarden/policy-sdk-go"
+	"github.com/kubewarden/policy-sdk-go/pkg/capabilities"
 	"github.com/kubewarden/policy-sdk-go/pkg/capabilities/kubernetes"
 	kubewarden_protocol "github.com/kubewarden/policy-sdk-go/protocol"
 )
@@ -30,6 +31,8 @@ const (
 	RancherProjectKind = "Project"
 )
 
+var host = capabilities.NewHost()
+
 func validate(payload []byte) ([]byte, error) {
 	// Create a ValidationRequest instance from the incoming payload
 	validationRequest := kubewarden_protocol.ValidationRequest{}
@@ -115,11 +118,10 @@ func findProject(projectID, projectNamespace string) (Project, *LookupError) {
 		APIVersion:   RancherProjectAPIVersion,
 		Kind:         RancherProjectKind,
 		Name:         projectID,
-		Namespace:    projectNamespace,
+		Namespace:    &projectNamespace,
 		DisableCache: true,
 	}
 
-	host := getWapcHost()
 	projectRaw, err := kubernetes.GetResource(&host, findPrjReq)
 
 	if err != nil {