chore(deps): update tinygo version to v0.32.0.

Updates the tinygo version used in the policy to the latest version with
the patched required by this policy applied. The version in use now is
v0.32.0.

Signed-off-by: José Guilherme Vanz <[email protected]>

.github/workflows/release.yml

@@ -5,12 +5,12 @@ on:
     tags:
       - "v*"
 
-name: Release policy - test
+name: Release policy
 
 jobs:
   test:
     name: run tests and linters
-    uses: ./.github/workflows/reusable-test-policy-go.yml
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.3.0
 
   release:
     needs: test
@@ -22,86 +22,6 @@ jobs:
       # Required by cosign keyless signing
       id-token: write
 
-    # TODO: go back to using the reusable workflow once we don't need the special tinygo build
-    #uses: kubewarden/github-actions/.github/workflows/[email protected]
-    #with:
-    #  oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install dependencies
-        uses: kubewarden/github-actions/[email protected]
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          # until https://github.com/actions/checkout/pull/579 is released
-          fetch-depth: 0
-      - name: Install patched tinygo
-        shell: bash
-        run: |
-          wget https://github.com/tinygo-org/tinygo/releases/download/v0.31.1/tinygo_0.31.1_amd64.deb
-          sudo dpkg -i tinygo_0.31.1_amd64.deb
-          wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-16/libclang_rt.builtins-wasm32-wasi-16.0.tar.gz
-          tar xvf libclang_rt.builtins-wasm32-wasi-16.0.tar.gz
-          sudo cp lib/wasi/libclang_rt.builtins-wasm32.a /usr/local/lib/tinygo/lib/wasi-libc/sysroot/lib/wasm32-wasi/
-          sudo cp wasi-gh-action.json /usr/local/lib/tinygo/targets/wasi.json
-      - id: calculate-version
-        if: ${{ inputs.artifacthub }}
-        # obtain latest tag. Here it must be the current release tag
-        run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
-        shell: bash
-      - name: Check that artifacthub-pkg.yml is up-to-date
-        if: ${{ inputs.artifacthub }}
-        uses: kubewarden/github-actions/[email protected]
-        with:
-          version: ${{ steps.calculate-version.outputs.version }}
-      - name: Build policy
-        run: |
-          tinygo build -o policy.wasm -target=wasi -no-debug .
-      - name: Generate the SBOM files
-        shell: bash
-        run: |
-          spdx-sbom-generator -f json
-
-          # SBOM files should have "sbom" in the name due the CLO monitor
-          # https://clomonitor.io/docs/topics/checks/#software-bill-of-materials-sbom
-          mv bom-go-mod.json policy-sbom.spdx.json
-      - name: Annotate Wasm module
-        shell: bash
-        run: |
-          make annotated-policy.wasm
-      - name: Sign BOM file
-        shell: bash
-        run: |
-          cosign sign-blob --yes --output-certificate policy-sbom.spdx.cert \
-            --output-signature policy-sbom.spdx.sig \
-            policy-sbom.spdx.json
-      - name: Upload policy SBOM files
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: policy-sbom
-          path: |
-            policy-sbom.spdx.json
-            policy-sbom.spdx.cert
-            policy-sbom.spdx.sig
-      - name: Run e2e tests
-        run: |
-          make e2e-tests
-      - name: Release
-        uses: kubewarden/github-actions/[email protected]
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources
-
-  push-artifacthub:
-      # skip when releasing :latest from main, versions will not match
-      if: startsWith(github.ref, 'refs/tags/v')
-      needs: release
-      permissions:
-        # Give the default GITHUB_TOKEN write permission to commit and push the
-        # added or changed files to the repository.
-        contents: write
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Push artifacthub files to artifacthub branch
-          uses: kubewarden/github-actions/[email protected]
+    uses: kubewarden/github-actions/.github/workflows/[email protected]
+    with:
+     oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources

.github/workflows/test.yml

@@ -3,4 +3,4 @@ name: Continuous integration
 jobs:
   test:
     name: run tests and linters
-    uses: ./.github/workflows/reusable-test-policy-go.yml
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.3.0

Makefile

@@ -1,14 +1,6 @@
 SOURCE_FILES := $(shell find . -type f -name '*.go')
 VERSION := $(shell git describe | cut -c2-)
-
-# We cannot use the official tinygo container image until
-# this issue is closed: https://github.com/tinygo-org/tinygo/issues/3501
-CONTAINER_IMAGE = ghcr.io/kubewarden/tinygo/tinygo-dev:0.31.1-multi3_fix
-
-# TODO: drop this once we can use the official tinygo container image
-# see comment from above
-build-container:
-	DOCKER_BUILDKIT=1 docker build . -t $(CONTAINER_IMAGE)
+CONTAINER_IMAGE ?= tinygo/tinygo:0.32.0
 
 policy.wasm: $(SOURCE_FILES) go.mod go.sum
 	docker run \
@@ -17,7 +9,7 @@ policy.wasm: $(SOURCE_FILES) go.mod go.sum
 		-v ${PWD}:/src \
 		-w /src \
 		$(CONTAINER_IMAGE) \
-		tinygo build -o policy.wasm -target=wasi -no-debug .
+		tinygo build -o policy.wasm -target=wasip1 -no-debug .
 
 artifacthub-pkg.yml: metadata.yml go.mod
 	$(warning If you are updating the artifacthub-pkg.yml file for a release, \

go.mod

@@ -1,6 +1,6 @@
 module github.com/kubewarden/container-resources-policy
 
-go 1.22
+go 1.22.0
 
 toolchain go1.22.4
 

go.sum

@@ -10,12 +10,6 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/kubewarden/k8s-objects v1.29.0-kw1 h1:bVQ2WL1ROqApYmHQJ/yxrs3tssfzzalblE2txChcHxY=
 github.com/kubewarden/k8s-objects v1.29.0-kw1/go.mod h1:EMF+Hr26oDR4yQkWJAQpl0M0Ek5ioNXlCswjGZO0G2U=
-github.com/kubewarden/policy-sdk-go v0.8.0 h1:4SR6UeKLBQ+UkwohuMqYw2lPKgqgF5Ifdw7tFNjQwiI=
-github.com/kubewarden/policy-sdk-go v0.8.0/go.mod h1:gjYdcErABXti/dxoNW2PceSwy4+/X+o/wuLwWHZCoNU=
-github.com/kubewarden/policy-sdk-go v0.9.0 h1:tS9aMtjkUj04WJ0xjO3o0jSGvtj/T8rGr4mn3DPx5Fo=
-github.com/kubewarden/policy-sdk-go v0.9.0/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY=
-github.com/kubewarden/policy-sdk-go v0.9.1 h1:ogO4Eq6/HEiVk0gnX+RNxFV71ICpf56kHjSqVjGtCDE=
-github.com/kubewarden/policy-sdk-go v0.9.1/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY=
 github.com/kubewarden/policy-sdk-go v0.11.0 h1:qW2UqARixH2r8KyitSistiAg0Ex0LA+HJr/xaBwiDcg=
 github.com/kubewarden/policy-sdk-go v0.11.0/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY=
 github.com/kubewarden/strfmt v0.1.3 h1:bb+2rbotioROjCkziSt+hqnHXzOlumN94NxDKdV2kPI=
@@ -25,8 +19,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/wapc/wapc-guest-tinygo v0.3.3 h1:jLebiwjVSHLGnS+BRabQ6+XOV7oihVWAc05Hf1SbeR0=
 github.com/wapc/wapc-guest-tinygo v0.3.3/go.mod h1:mzM3CnsdSYktfPkaBdZ8v88ZlfUDEy5Jh5XBOV3fYcw=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=