chore: update deps

.github/workflows/ci.yaml

@@ -49,27 +49,6 @@ jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        vault_version: ["1.11.12", "1.12.8", "1.13.4", "1.14.8"]
-
-    services:
-      vault:
-        image: hashicorp/vault:${{ matrix.vault_version }}
-        env:
-          SKIP_SETCAP: true
-          VAULT_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
-        ports:
-          - 8200:8200
-      bao:
-        image: openbao/openbao:latest
-        env:
-          SKIP_SETCAP: true
-          BAO_ADDR: http://127.0.0.1:8200
-          BAO_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf
-          BAO_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
-        ports:
-          - 8300:8200
 
     steps:
       - name: Checkout repository
@@ -235,7 +214,7 @@ jobs:
     needs: [artifacts]
     strategy:
       matrix:
-        k8s_version: ["v1.24.15", "v1.25.11", "v1.26.6", "v1.27.3"]
+        k8s_version: ["v1.28.9", "v1.29.4", "v1.30.0"]
         operator_version: ["v1.22.1", "v1.22.2"] # First version that works with the generic webhook: v1.22.1
         # vault_version: ["1.11.12", "1.12.8", "1.13.4", "1.14.8"]
 

.golangci.yaml

@@ -12,16 +12,25 @@ linters-settings:
   misspell:
     locale: US
   nolintlint:
-    allow-leading-space: false # require machine-readable nolint directives (with no leading space)
     allow-unused: false # report any unused nolint directives
     require-specific: false # don't require nolint directives to be specific about which linter is being skipped
   revive:
     confidence: 0
 
 linters:
   enable:
+    - bodyclose
+    - errcheck
     - gci
+    - gofmt
+    - gofumpt
     - goimports
+    - gosimple
+    - ineffassign
     - misspell
     - nolintlint
     - revive
+    - unconvert
+    - unparam
+    - unused
+    - whitespace

Dockerfile

@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx
 
-FROM --platform=$BUILDPLATFORM golang:1.22.3-alpine3.18@sha256:d1a601b64de09e2fa38c95e55838961811d5ca11062a8f4230a5c434b3ae2a34 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.23.1-alpine3.20@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06 AS builder
 
 COPY --from=xx / /
 

Makefile

@@ -45,6 +45,10 @@ build: ## Build binary
 	@mkdir -p build
 	go build -race -o build/webhook .
 
+.PHONY: artifacts
+artifacts: container-image helm-chart
+artifacts: ## Build docker image and helm chart
+
 .PHONY: container-image
 container-image: ## Build container image
 	docker build -t ${CONTAINER_IMAGE_REF} .
@@ -54,14 +58,10 @@ helm-chart: ## Build Helm chart
 	@mkdir -p build
 	$(HELM_BIN) package -d build/ deploy/charts/secrets-webhook
 
-.PHONY: artifacts
-artifacts: container-image helm-chart
-artifacts: ## Build docker image and helm chart
-
 ##@ Checks
 
 .PHONY: check
-check: test lint ## Run lint checks and tests
+check: test lint ## Run tests and lint checks
 
 .PHONY: test
 test: ## Run tests
@@ -81,7 +81,7 @@ lint: ## Run linters
 
 .PHONY: lint-go
 lint-go:
-	$(GOLANGCI_LINT_BIN) run $(if ${CI},--out-format github-actions,)
+	$(GOLANGCI_LINT_BIN) run $(if ${CI},--out-format colored-line-number,)
 
 .PHONY: lint-helm
 lint-helm:
@@ -95,15 +95,15 @@ lint-docker:
 lint-yaml:
 	$(YAMLLINT_BIN) $(if ${CI},-f github,) --no-warnings .
 
+.PHONY: fmt
+fmt: ## Format code
+	$(GOLANGCI_LINT_BIN) run --fix
+
 .PHONY: license-check
 license-check: ## Run license check
 	$(LICENSEI_BIN) check
 	$(LICENSEI_BIN) header
 
-.PHONY: fmt
-fmt: ## Format code
-	$(GOLANGCI_LINT_BIN) run --fix
-
 ##@ Autogeneration
 
 .PHONY: generate
@@ -120,11 +120,12 @@ deps: bin/golangci-lint bin/licensei bin/kind bin/kurun bin/helm bin/helm-docs
 deps: ## Install dependencies
 
 # Dependency versions
-GOLANGCI_VERSION = 1.53.3
-LICENSEI_VERSION = 0.8.0
-KIND_VERSION = 0.20.0
+GOLANGCI_LINT_VERSION = 1.61.0
+LICENSEI_VERSION = 0.9.0
+KIND_VERSION = 0.24.0
 KURUN_VERSION = 0.7.0
-HELM_DOCS_VERSION = 1.11.0
+HELM_VERSION = 3.16.1
+HELM_DOCS_VERSION = 1.14.2
 
 # Dependency binaries
 GOLANGCI_LINT_BIN := golangci-lint
@@ -150,7 +151,7 @@ endif
 
 bin/golangci-lint:
 	@mkdir -p bin
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_VERSION}
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_LINT_VERSION}
 
 bin/licensei:
 	@mkdir -p bin
@@ -168,7 +169,7 @@ bin/kurun:
 
 bin/helm:
 	@mkdir -p bin
-	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO=false HELM_INSTALL_DIR=bin bash
+	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO=false HELM_INSTALL_DIR=bin DESIRED_VERSION=v$(HELM_VERSION) bash
 	@chmod +x bin/helm
 
 bin/helm-docs:

deploy/charts/secrets-webhook/README.md

@@ -138,11 +138,11 @@ The following table lists the configurable parameters of the Helm chart.
 | `podAnnotations` | object | `{}` | Extra annotations to add to pod metadata |
 | `labels` | object | `{}` | Extra labels to add to the deployment and pods |
 | `resources` | object | `{}` | Resources to request for the deployment and pods |
-| `nodeSelector` | object | `{}` | Node labels for pod assignment. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
-| `tolerations` | list | `[]` | List of node tolerations for the pods. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
-| `affinity` | object | `{}` | Node affinity settings for the pods. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ |
-| `topologySpreadConstraints` | object | `{}` | TopologySpreadConstraints to add for the pods. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ |
-| `priorityClassName` | string | `""` | Assign a PriorityClassName to pods if set. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ |
+| `nodeSelector` | object | `{}` | Node labels for pod assignment. Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector> |
+| `tolerations` | list | `[]` | List of node tolerations for the pods. Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/> |
+| `affinity` | object | `{}` | Node affinity settings for the pods. Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/> |
+| `topologySpreadConstraints` | object | `{}` | TopologySpreadConstraints to add for the pods. Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/> |
+| `priorityClassName` | string | `""` | Assign a PriorityClassName to pods if set. Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/> |
 | `livenessProbe` | object | `{"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Liveness and readiness probes for the webhook container |
 | `readinessProbe.failureThreshold` | int | `3` |  |
 | `readinessProbe.periodSeconds` | int | `10` |  |
@@ -167,7 +167,7 @@ The following table lists the configurable parameters of the Helm chart.
 | `configMapFailurePolicy` | string | `"Ignore"` |  |
 | `podsFailurePolicy` | string | `"Ignore"` |  |
 | `secretsFailurePolicy` | string | `"Ignore"` |  |
-| `apiSideEffectValue` | string | `"NoneOnDryRun"` | Webhook sideEffect value Check: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects |
+| `apiSideEffectValue` | string | `"NoneOnDryRun"` | Webhook sideEffect value Check: <https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects> |
 | `namespaceSelector` | object | `{}` | Namespace selector to use, will limit webhook scope (K8s version 1.15+) |
 | `objectSelector` | object | `{}` | Object selector to use, will limit webhook scope (K8s version 1.15+) |
 | `secrets.objectSelector` | object | `{}` | Object selector for secrets (overrides `objectSelector`); Requires K8s 1.15+ |

deploy/charts/secrets-webhook/values.yaml

@@ -154,23 +154,23 @@ labels: {}
 resources: {}
 
 # -- Node labels for pod assignment.
-# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+# Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector>
 nodeSelector: {}
 
 # -- List of node tolerations for the pods.
-# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+# Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/>
 tolerations: []
 
 # -- Node affinity settings for the pods.
-# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+# Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/>
 affinity: {}
 
 # -- TopologySpreadConstraints to add for the pods.
-# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+# Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/>
 topologySpreadConstraints: {}
 
 # -- Assign a PriorityClassName to pods if set.
-# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
+# Check: <https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/>
 priorityClassName: ""
 
 # -- Liveness and readiness probes for the webhook container
@@ -241,14 +241,14 @@ podsFailurePolicy: Ignore
 secretsFailurePolicy: Ignore
 
 # -- Webhook sideEffect value
-# Check: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects
+# Check: <https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects>
 apiSideEffectValue: NoneOnDryRun
 
 # -- Namespace selector to use, will limit webhook scope (K8s version 1.15+)
 namespaceSelector:
   # @ignored
   matchExpressions:
-    # https://kubernetes.io/docs/reference/labels-annotations-taints/#kubernetes-io-metadata-name
+    # <https://kubernetes.io/docs/reference/labels-annotations-taints/#kubernetes-io-metadata-name>
     - key: kubernetes.io/metadata.name
       operator: NotIn
       values: