From 912b64804c9d4e370dd87cf4d531bd22ecd698c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Fri, 28 Jun 2024 09:21:10 -0300 Subject: [PATCH] chore(deps): update tinygo version to v0.32.0. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the tinygo version used in the policy to the latest version with the patched required by this policy applied. The version in use now is v0.32.0. Signed-off-by: José Guilherme Vanz --- .github/workflows/release.yml | 90 ++----------------- .github/workflows/reusable-test-policy-go.yml | 82 ----------------- .github/workflows/test.yml | 2 +- Makefile | 12 +-- go.mod | 2 +- go.sum | 10 +-- 6 files changed, 11 insertions(+), 187 deletions(-) delete mode 100644 .github/workflows/reusable-test-policy-go.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b5f5417..15a0f9c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,12 +5,12 @@ on: tags: - "v*" -name: Release policy - test +name: Release policy jobs: test: name: run tests and linters - uses: ./.github/workflows/reusable-test-policy-go.yml + uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.3.0 release: needs: test @@ -22,86 +22,6 @@ jobs: # Required by cosign keyless signing id-token: write - # TODO: go back to using the reusable workflow once we don't need the special tinygo build - #uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v3.0.4 - #with: - # oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources - - runs-on: ubuntu-latest - steps: - - name: Install dependencies - uses: kubewarden/github-actions/policy-gh-action-dependencies@v3.2.0 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # until https://github.com/actions/checkout/pull/579 is released - fetch-depth: 0 - - name: Install patched tinygo - shell: bash - run: | - wget https://github.com/tinygo-org/tinygo/releases/download/v0.31.1/tinygo_0.31.1_amd64.deb - sudo dpkg -i tinygo_0.31.1_amd64.deb - wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-16/libclang_rt.builtins-wasm32-wasi-16.0.tar.gz - tar xvf libclang_rt.builtins-wasm32-wasi-16.0.tar.gz - sudo cp lib/wasi/libclang_rt.builtins-wasm32.a /usr/local/lib/tinygo/lib/wasi-libc/sysroot/lib/wasm32-wasi/ - sudo cp wasi-gh-action.json /usr/local/lib/tinygo/targets/wasi.json - - id: calculate-version - if: ${{ inputs.artifacthub }} - # obtain latest tag. Here it must be the current release tag - run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT - shell: bash - - name: Check that artifacthub-pkg.yml is up-to-date - if: ${{ inputs.artifacthub }} - uses: kubewarden/github-actions/check-artifacthub@v3.2.0 - with: - version: ${{ steps.calculate-version.outputs.version }} - - name: Build policy - run: | - tinygo build -o policy.wasm -target=wasi -no-debug . - - name: Generate the SBOM files - shell: bash - run: | - spdx-sbom-generator -f json - - # SBOM files should have "sbom" in the name due the CLO monitor - # https://clomonitor.io/docs/topics/checks/#software-bill-of-materials-sbom - mv bom-go-mod.json policy-sbom.spdx.json - - name: Annotate Wasm module - shell: bash - run: | - make annotated-policy.wasm - - name: Sign BOM file - shell: bash - run: | - cosign sign-blob --yes --output-certificate policy-sbom.spdx.cert \ - --output-signature policy-sbom.spdx.sig \ - policy-sbom.spdx.json - - name: Upload policy SBOM files - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: policy-sbom - path: | - policy-sbom.spdx.json - policy-sbom.spdx.cert - policy-sbom.spdx.sig - - name: Run e2e tests - run: | - make e2e-tests - - name: Release - uses: kubewarden/github-actions/policy-release@v3.2.0 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources - - push-artifacthub: - # skip when releasing :latest from main, versions will not match - if: startsWith(github.ref, 'refs/tags/v') - needs: release - permissions: - # Give the default GITHUB_TOKEN write permission to commit and push the - # added or changed files to the repository. - contents: write - runs-on: ubuntu-latest - steps: - - - name: Push artifacthub files to artifacthub branch - uses: kubewarden/github-actions/push-artifacthub@v3.2.0 + uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v3.3.0 + with: + oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources diff --git a/.github/workflows/reusable-test-policy-go.yml b/.github/workflows/reusable-test-policy-go.yml deleted file mode 100644 index 8d26036..0000000 --- a/.github/workflows/reusable-test-policy-go.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Tests and linters - -on: - workflow_call: - inputs: - artifacthub: - description: "check artifacthub-pkg.yml for submission to ArtifactHub" - required: false - type: boolean - default: true - secrets: {} - -jobs: - unit-tests: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: "stable" - - - name: run Go unit tests - run: make test - - e2e-tests: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Install dependencies - uses: kubewarden/github-actions/policy-gh-action-dependencies@v3.2.0 - - name: Install patched tinygo - shell: bash - run: | - wget https://github.com/tinygo-org/tinygo/releases/download/v0.31.1/tinygo_0.31.1_amd64.deb - sudo dpkg -i tinygo_0.31.1_amd64.deb - wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-16/libclang_rt.builtins-wasm32-wasi-16.0.tar.gz - tar xvf libclang_rt.builtins-wasm32-wasi-16.0.tar.gz - sudo cp lib/wasi/libclang_rt.builtins-wasm32.a /usr/local/lib/tinygo/lib/wasi-libc/sysroot/lib/wasm32-wasi/ - sudo cp wasi-gh-action.json /usr/local/lib/tinygo/targets/wasi.json - - name: Build Wasm module - shell: bash - run: | - tinygo build -o policy.wasm -target=wasi -no-debug . - - name: Annotate Wasm module - shell: bash - run: | - make annotated-policy.wasm - - name: Run e2e tests - run: make e2e-tests - - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: "stable" - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 - with: - version: "latest" - - check-artifacthub: - if: ${{ inputs.artifacthub }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # until https://github.com/actions/checkout/pull/579 is released - fetch-depth: 0 - - name: Install kwctl - uses: kubewarden/github-actions/kwctl-installer@v3.2.0 - - id: calculate-version - run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT - shell: bash - - name: Check that artifacthub-pkg.yml is up-to-date - uses: kubewarden/github-actions/check-artifacthub@v3.2.0 - with: - version: ${{ steps.calculate-version.outputs.version }} - check_version: false # must match a git tag that hasn't been created yet, so let's ignore until then diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dbf969b..028873b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,4 +3,4 @@ name: Continuous integration jobs: test: name: run tests and linters - uses: ./.github/workflows/reusable-test-policy-go.yml + uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.3.0 diff --git a/Makefile b/Makefile index 0c6c50a..232b314 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,6 @@ SOURCE_FILES := $(shell find . -type f -name '*.go') VERSION := $(shell git describe | cut -c2-) - -# We cannot use the official tinygo container image until -# this issue is closed: https://github.com/tinygo-org/tinygo/issues/3501 -CONTAINER_IMAGE = ghcr.io/kubewarden/tinygo/tinygo-dev:0.31.1-multi3_fix - -# TODO: drop this once we can use the official tinygo container image -# see comment from above -build-container: - DOCKER_BUILDKIT=1 docker build . -t $(CONTAINER_IMAGE) +CONTAINER_IMAGE ?= tinygo/tinygo:0.32.0 policy.wasm: $(SOURCE_FILES) go.mod go.sum docker run \ @@ -17,7 +9,7 @@ policy.wasm: $(SOURCE_FILES) go.mod go.sum -v ${PWD}:/src \ -w /src \ $(CONTAINER_IMAGE) \ - tinygo build -o policy.wasm -target=wasi -no-debug . + tinygo build -o policy.wasm -target=wasip1 -no-debug . artifacthub-pkg.yml: metadata.yml go.mod $(warning If you are updating the artifacthub-pkg.yml file for a release, \ diff --git a/go.mod b/go.mod index 30ebef8..7ae3318 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kubewarden/container-resources-policy -go 1.22 +go 1.22.0 toolchain go1.22.4 diff --git a/go.sum b/go.sum index 5814e2f..3a5034c 100644 --- a/go.sum +++ b/go.sum @@ -10,12 +10,6 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/kubewarden/k8s-objects v1.29.0-kw1 h1:bVQ2WL1ROqApYmHQJ/yxrs3tssfzzalblE2txChcHxY= github.com/kubewarden/k8s-objects v1.29.0-kw1/go.mod h1:EMF+Hr26oDR4yQkWJAQpl0M0Ek5ioNXlCswjGZO0G2U= -github.com/kubewarden/policy-sdk-go v0.8.0 h1:4SR6UeKLBQ+UkwohuMqYw2lPKgqgF5Ifdw7tFNjQwiI= -github.com/kubewarden/policy-sdk-go v0.8.0/go.mod h1:gjYdcErABXti/dxoNW2PceSwy4+/X+o/wuLwWHZCoNU= -github.com/kubewarden/policy-sdk-go v0.9.0 h1:tS9aMtjkUj04WJ0xjO3o0jSGvtj/T8rGr4mn3DPx5Fo= -github.com/kubewarden/policy-sdk-go v0.9.0/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY= -github.com/kubewarden/policy-sdk-go v0.9.1 h1:ogO4Eq6/HEiVk0gnX+RNxFV71ICpf56kHjSqVjGtCDE= -github.com/kubewarden/policy-sdk-go v0.9.1/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY= github.com/kubewarden/policy-sdk-go v0.11.0 h1:qW2UqARixH2r8KyitSistiAg0Ex0LA+HJr/xaBwiDcg= github.com/kubewarden/policy-sdk-go v0.11.0/go.mod h1:4Yg/Wpxnt7p4Ps68hBfnK8qoGURM5MJaq67Kjao2smY= github.com/kubewarden/strfmt v0.1.3 h1:bb+2rbotioROjCkziSt+hqnHXzOlumN94NxDKdV2kPI= @@ -25,8 +19,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/wapc/wapc-guest-tinygo v0.3.3 h1:jLebiwjVSHLGnS+BRabQ6+XOV7oihVWAc05Hf1SbeR0= github.com/wapc/wapc-guest-tinygo v0.3.3/go.mod h1:mzM3CnsdSYktfPkaBdZ8v88ZlfUDEy5Jh5XBOV3fYcw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=