weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2116 from munnerz/nogo-vet

Browse Source 
Run govet using nogo
This commit is contained in:
jetstack-bot 2019-09-27 12:28:27 +01:00 committed by GitHub
commit 6d51aedeee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 230 additions and 508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bazelrc
View File

@ -1,5 +1,5 @@
# Include git version info
build --workspace_status_command hack/print-workspace-status.sh
build --workspace_status_command hack/build/print-workspace-status.sh
# bazel including rules_docker 0.12.0 may not need the following flag
build --host_force_python=PY2

1
.bazelversion
View File

@ -1 +0,0 @@
0.27.1

1
BUILD.bazel
View File

@ -1,6 +1,5 @@
# gazelle:prefix github.com/jetstack/cert-manager
# gazelle:proto disable_global
# gazelle:exclude hack
# gazelle:exclude docs/generated/reference/generate/json_swagger
load("@io_bazel_rules_docker//container:container.bzl", "container_bundle")

5
WORKSPACE
View File

@ -1,4 +1,4 @@
# gazelle:repository_macro repos.bzl%go_repositories
# gazelle:repository_macro hack/build/repos.bzl%go_repositories
workspace(name = "com_github_jetstack_cert_manager")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
@ -31,6 +31,7 @@ go_rules_dependencies()
go_register_toolchains(
go_version = "1.13.1",
nogo = "@//hack/build:nogo_vet",
)
## Load gazelle and dependencies
@ -126,6 +127,6 @@ load("@brodocs_modules//:install_bazel_dependencies.bzl", "install_bazel_depende
install_bazel_dependencies()
load("//:repos.bzl", "go_repositories")
load("//hack/build:repos.bzl", "go_repositories")
go_repositories()

2
cmd/acmesolver/BUILD.bazel
View File

@ -1,5 +1,5 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("//hack:def.bzl", "image")
load("//hack/build:docker.bzl", "image")
image(
name = "image",

2
cmd/cainjector/BUILD.bazel
View File

@ -1,5 +1,5 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("//hack:def.bzl", "image")
load("//hack/build:docker.bzl", "image")
image(
name = "image",

2
cmd/controller/BUILD.bazel
View File

@ -1,5 +1,5 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("//hack:def.bzl", "image")
load("//hack/build:docker.bzl", "image")
image(
name = "image",

2
cmd/webhook/BUILD.bazel
View File

@ -1,5 +1,5 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("//hack:def.bzl", "image")
load("//hack/build:docker.bzl", "image")
image(
name = "image",

2
cmd/webhook/main.go
View File

@ -85,7 +85,7 @@ func runfilewatch(filename string) {
// let the k8s scheduler restart us
// TODO(dmo): figure out if there's a way to do this with clean
// shutdown
klog.Info("Detected change in TLS certificate %s. Restarting to pick up new certificate", filename)
klog.Infof("Detected change in TLS certificate %s. Restarting to pick up new certificate", filename)
os.Exit(0)
}
}

3
deploy/manifests/BUILD.bazel
View File

@ -1,9 +1,10 @@
exports_files(["00-crds.yaml"])
load(":def.bzl", "generated_crds")
load("//hack/build:crds.bzl", "generated_crds")
generated_crds(
name = "00-crds",
out = "crds.yaml.generated",
go_prefix = "github.com/jetstack/cert-manager",
paths = [
"./pkg/apis/...",

1
hack/BUILD.bazel
View File

@ -298,6 +298,7 @@ filegroup(
":package-srcs",
"//hack/bin:all-srcs",
"//hack/boilerplate:all-srcs",
"//hack/build:all-srcs",
"//hack/release:all-srcs",
],
tags = ["automanaged"],

0
.kazelcfg.json → hack/build/.kazelcfg.json
View File

54
hack/build/BUILD.bazel Normal file
View File

@ -0,0 +1,54 @@
load("@io_bazel_rules_go//go:def.bzl", "nogo")
nogo(
name = "nogo_vet",
config = "nogo_config.json",
visibility = ["//visibility:public"],
deps = [
"@org_golang_x_tools//go/analysis/passes/unusedresult:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/unsafeptr:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/unreachable:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/unmarshal:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/tests:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/structtag:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/stdmethods:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/shift:go_tool_library",
## Disable checking for variable declarations that shadow others
# "@org_golang_x_tools//go/analysis/passes/shadow:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/printf:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/pkgfact:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/nilness:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/nilfunc:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/lostcancel:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/loopclosure:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/httpresponse:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/findcall:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/deepequalerrors:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/ctrlflow:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/copylock:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/composite:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/cgocall:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/buildtag:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/buildssa:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/bools:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/atomicalign:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/atomic:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/assign:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/inspect:go_tool_library",
"@org_golang_x_tools//go/analysis/passes/asmdecl:go_tool_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

12
deploy/manifests/def.bzl → hack/build/crds.bzl
View File

@ -14,7 +14,7 @@
load("@io_k8s_repo_infra//defs:go.bzl", "go_genrule")
def generated_crds(name, go_prefix, paths, visibility = [], deps = []):
def generated_crds(name, go_prefix, paths, out, visibility = [], deps = []):
go_genrule(
name = name,
tools = [
@ -33,7 +33,7 @@ def generated_crds(name, go_prefix, paths, visibility = [], deps = []):
"export GOCACHE=$$(mktemp -d);",
# create an output directory to store each CRD file
"output_dir=$$(mktemp -d);",
"out=$$(pwd)/$(location :crds.yaml.generated);",
"out=$$(pwd)/$(location :%s);" % out,
# obtain absolute path to controller-gen
"cg=\"$$(pwd)/$(location @io_k8s_sigs_controller_tools//cmd/controller-gen)\";",
"cd \"$$GOPATH/src/" + go_prefix + "\";",
@ -47,11 +47,7 @@ def generated_crds(name, go_prefix, paths, visibility = [], deps = []):
" echo \"---\" >> \"$$out\";",
"done;",
]),
outs = ["crds.yaml.generated"],
go_deps = [
"//pkg/apis/certmanager/v1alpha2:go_default_library",
"//pkg/apis/acme/v1alpha2:go_default_library",
"//pkg/apis/meta/v1:go_default_library",
],
outs = [out],
go_deps = deps,
visibility = visibility,
)

0
hack/def.bzl → hack/build/docker.bzl
View File

107
hack/build/nogo_config.json Normal file
View File

@ -0,0 +1,107 @@
{
"structtag": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"asmdecl": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"assign": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"atomic": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"bools": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"buildtag": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"cgocall": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"composites": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"copylocks": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"httpresponse": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"loopclosure": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"lostcancel": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"nilness": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"nilfunc": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"printf": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"shift": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"stdmethods": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"tests": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"unreachable": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"unsafeptr": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
},
"unusedresult": {
"exclude_files": {
"external/": "external tools don't pass vet"
}
}
}

2
hack/print-workspace-status.sh → hack/build/print-workspace-status.sh
View File

@ -20,8 +20,6 @@ set -o errexit
set -o nounset
set -o pipefail
SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/../..
# AppVersion is set as the AppVersion to be compiled into the controller binary.
# It's used as the default version of the 'acmesolver' image to use for ACME
# challenge requests, and any other future provider that requires additional

2
repos.bzl → hack/build/repos.bzl
View File

@ -12,6 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# This file is automatically updated by hack/update-deps.sh
load("@bazel_gazelle//:deps.bzl", "go_repository")
def go_repositories():

243
hack/cherry-pick-pull.sh
View File

@ -1,243 +0,0 @@
#!/bin/bash
# +skip_license_check
# Copyright 2015 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Checkout a PR from GitHub. (Yes, this is sitting in a Git tree. How
# meta.) Assumes you care about pulls from remote "upstream" and
# checks thems out to a branch named:
# automated-cherry-pick-of-<pr>-<target branch>-<timestamp>
set -o errexit
set -o nounset
set -o pipefail
declare -r KUBE_ROOT="$(dirname "${BASH_SOURCE}")/.."
cd "${KUBE_ROOT}"
declare -r STARTINGBRANCH=$(git symbolic-ref --short HEAD)
declare -r REBASEMAGIC="${KUBE_ROOT}/.git/rebase-apply"
DRY_RUN=${DRY_RUN:-""}
REGENERATE_DOCS=${REGENERATE_DOCS:-""}
UPSTREAM_REMOTE=${UPSTREAM_REMOTE:-upstream}
FORK_REMOTE=${FORK_REMOTE:-origin}
if [[ -z ${GITHUB_USER:-} ]]; then
echo "Please export GITHUB_USER=<your-user> (or GH organization, if that's where your fork lives)"
exit 1
fi
if ! which hub > /dev/null; then
echo "Can't find 'hub' tool in PATH, please install from https://github.com/github/hub"
exit 1
fi
if [[ "$#" -lt 2 ]]; then
echo "${0} <remote branch> <pr-number>...: cherry pick one or more <pr> onto <remote branch> and leave instructions for proposing pull request"
echo
echo " Checks out <remote branch> and handles the cherry-pick of <pr> (possibly multiple) for you."
echo " Examples:"
echo " $0 upstream/release-3.14 12345 # Cherry-picks PR 12345 onto upstream/release-3.14 and proposes that as a PR."
echo " $0 upstream/release-3.14 12345 56789 # Cherry-picks PR 12345, then 56789 and proposes the combination as a single PR."
echo
echo " Set the DRY_RUN environment var to skip git push and creating PR."
echo " This is useful for creating patches to a release branch without making a PR."
echo " When DRY_RUN is set the script will leave you in a branch containing the commits you cherry-picked."
echo
echo " Set the REGENERATE_DOCS environment var to regenerate documentation for the target branch after picking the specified commits."
echo " This is useful when picking commits containing changes to API documentation."
echo
echo " Set UPSTREAM_REMOTE (default: upstream) and FORK_REMOTE (default: origin)"
echo " To override the default remote names to what you have locally."
exit 2
fi
if git_status=$(git status --porcelain --untracked=no 2>/dev/null) && [[ -n "${git_status}" ]]; then
echo "!!! Dirty tree. Clean up and try again."
exit 1
fi
if [[ -e "${REBASEMAGIC}" ]]; then
echo "!!! 'git rebase' or 'git am' in progress. Clean up and try again."
exit 1
fi
declare -r BRANCH="$1"
shift 1
declare -r PULLS=( "$@" )
function join { local IFS="$1"; shift; echo "$*"; }
declare -r PULLDASH=$(join - "${PULLS[@]/#/#}") # Generates something like "#12345-#56789"
declare -r PULLSUBJ=$(join " " "${PULLS[@]/#/#}") # Generates something like "#12345 #56789"
echo "+++ Updating remotes..."
git remote update "${UPSTREAM_REMOTE}" "${FORK_REMOTE}"
if ! git log -n1 --format=%H "${BRANCH}" >/dev/null 2>&1; then
echo "!!! '${BRANCH}' not found. The second argument should be something like ${UPSTREAM_REMOTE}/release-0.21."
echo " (In particular, it needs to be a valid, existing remote branch that I can 'git checkout'.)"
exit 1
fi
declare -r NEWBRANCHREQ="automated-cherry-pick-of-${PULLDASH}" # "Required" portion for tools.
declare -r NEWBRANCH="$(echo "${NEWBRANCHREQ}-${BRANCH}" | sed 's/\//-/g')"
declare -r NEWBRANCHUNIQ="${NEWBRANCH}-$(date +%s)"
echo "+++ Creating local branch ${NEWBRANCHUNIQ}"
cleanbranch=""
prtext=""
gitamcleanup=false
function return_to_kansas {
if [[ "${gitamcleanup}" == "true" ]]; then
echo
echo "+++ Aborting in-progress git am."
git am --abort >/dev/null 2>&1 || true
fi
# return to the starting branch and delete the PR text file
if [[ -z "${DRY_RUN}" ]]; then
echo
echo "+++ Returning you to the ${STARTINGBRANCH} branch and cleaning up."
git checkout -f "${STARTINGBRANCH}" >/dev/null 2>&1 || true
if [[ -n "${cleanbranch}" ]]; then
git branch -D "${cleanbranch}" >/dev/null 2>&1 || true
fi
if [[ -n "${prtext}" ]]; then
rm "${prtext}"
fi
fi
}
trap return_to_kansas EXIT
SUBJECTS=()
function make-a-pr() {
local rel="$(basename "${BRANCH}")"
echo
echo "+++ Creating a pull request on GitHub at ${GITHUB_USER}:${NEWBRANCH}"
# This looks like an unnecessary use of a tmpfile, but it avoids
# https://github.com/github/hub/issues/976 Otherwise stdin is stolen
# when we shove the heredoc at hub directly, tickling the ioctl
# crash.
prtext="$(mktemp -t prtext.XXXX)" # cleaned in return_to_kansas
cat >"${prtext}" <<EOF
Automated cherry pick of ${PULLSUBJ}
Cherry pick of ${PULLSUBJ} on ${rel}.
$(printf '%s\n' "${SUBJECTS[@]}")
EOF
hub pull-request -F "${prtext}" -h "${GITHUB_USER}:${NEWBRANCH}" -b "jetstack:${rel}"
}
git checkout -b "${NEWBRANCHUNIQ}" "${BRANCH}"
cleanbranch="${NEWBRANCHUNIQ}"
gitamcleanup=true
for pull in "${PULLS[@]}"; do
echo "+++ Downloading patch to /tmp/${pull}.patch (in case you need to do this again)"
curl -o "/tmp/${pull}.patch" -sSL "https://github.com/jetstack/cert-manager/pull/${pull}.patch"
echo
echo "+++ About to attempt cherry pick of PR. To reattempt:"
echo " $ git am -3 /tmp/${pull}.patch"
echo
git am -3 "/tmp/${pull}.patch" || {
conflicts=false
while unmerged=$(git status --porcelain | grep ^U) && [[ -n ${unmerged} ]] \
|| [[ -e "${REBASEMAGIC}" ]]; do
conflicts=true # <-- We should have detected conflicts once
echo
echo "+++ Conflicts detected:"
echo
(git status --porcelain | grep ^U) || echo "!!! None. Did you git am --continue?"
echo
echo "+++ Please resolve the conflicts in another window (and remember to 'git add / git am --continue')"
read -p "+++ Proceed (anything but 'y' aborts the cherry-pick)? [y/n] " -r
echo
if ! [[ "${REPLY}" =~ ^[yY]$ ]]; then
echo "Aborting." >&2
exit 1
fi
done
if [[ "${conflicts}" != "true" ]]; then
echo "!!! git am failed, likely because of an in-progress 'git am' or 'git rebase'"
exit 1
fi
}
# set the subject
subject=$(grep -m 1 "^Subject" "/tmp/${pull}.patch" | sed -e 's/Subject: \[PATCH//g' | sed 's/.*] //')
SUBJECTS+=("#${pull}: ${subject}")
# remove the patch file from /tmp
rm -f "/tmp/${pull}.patch"
done
gitamcleanup=false
# Re-generate docs (if needed)
if [[ -n "${REGENERATE_DOCS}" ]]; then
echo
echo "Regenerating docs..."
if ! hack/generate-docs.sh; then
echo
echo "hack/generate-docs.sh FAILED to complete."
exit 1
fi
fi
if [[ -n "${DRY_RUN}" ]]; then
echo "!!! Skipping git push and PR creation because you set DRY_RUN."
echo "To return to the branch you were in when you invoked this script:"
echo
echo " git checkout ${STARTINGBRANCH}"
echo
echo "To delete this branch:"
echo
echo " git branch -D ${NEWBRANCHUNIQ}"
exit 0
fi
if git remote -v | grep ^${FORK_REMOTE} | grep kubernetes/kubernetes.git; then
echo "!!! You have ${FORK_REMOTE} configured as your kubernetes/kubernetes.git"
echo "This isn't normal. Leaving you with push instructions:"
echo
echo "+++ First manually push the branch this script created:"
echo
echo " git push REMOTE ${NEWBRANCHUNIQ}:${NEWBRANCH}"
echo
echo "where REMOTE is your personal fork (maybe ${UPSTREAM_REMOTE}? Consider swapping those.)."
echo "OR consider setting UPSTREAM_REMOTE and FORK_REMOTE to different values."
echo
make-a-pr
cleanbranch=""
exit 0
fi
echo
echo "+++ I'm about to do the following to push to GitHub (and I'm assuming ${FORK_REMOTE} is your personal fork):"
echo
echo " git push ${FORK_REMOTE} ${NEWBRANCHUNIQ}:${NEWBRANCH}"
echo
read -p "+++ Proceed (anything but 'y' aborts the cherry-pick)? [y/n] " -r
if ! [[ "${REPLY}" =~ ^[yY]$ ]]; then
echo "Aborting." >&2
exit 1
fi
git push "${FORK_REMOTE}" -f "${NEWBRANCHUNIQ}:${NEWBRANCH}"
make-a-pr

29
hack/deprecated.sh
View File

@ -1,29 +0,0 @@
#!/usr/bin/env bash
# Copyright 2019 The Jetstack cert-manager contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
TARGET="${1:-}"
if [ -z "${TARGET}" ]; then
echo "This script has been removed - please use an alternative."
else
echo "This script has been removed. Please use '${TARGET}' instead."
fi
exit 1

68
hack/pin-dependency.sh
View File

@ -1,68 +0,0 @@
#!/usr/bin/env bash
# +skip_license_check
# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
# Usage:
# hack/pin-dependency.sh $MODULE $SHA-OR-TAG
#
# Example:
# hack/pin-dependency.sh github.com/docker/docker 501cb131a7b7
# Explicitly opt into go modules, even though we're inside a GOPATH directory
export GO111MODULE=on
# Explicitly clear GOPATH, to ensure nothing this script calls makes use of that path info
export GOPATH=
# Explicitly clear GOFLAGS, since GOFLAGS=-mod=vendor breaks dependency resolution while rebuilding vendor
export GOFLAGS=
# Detect problematic GOPROXY settings that prevent lookup of dependencies
if [[ "${GOPROXY:-}" == "off" ]]; then
echo "Cannot run hack/pin-dependency.sh with \$GOPROXY=off"
exit 1
fi
dep="${1:-}"
sha="${2:-}"
if [[ -z "${dep}" || -z "${sha}" ]]; then
echo "Usage:"
echo " hack/pin-dependency.sh \$MODULE \$SHA-OR-TAG"
echo ""
echo "Example:"
echo " hack/pin-dependency.sh github.com/docker/docker 501cb131a7b7"
echo ""
exit 1
fi
# Add the require directive
echo "Running: go get ${dep}@${sha}"
bazel run //hack/bin:go -- get -d "${dep}@${sha}"
# Find the resolved version
rev=$(go mod edit -json | jq -r ".Require[] | select(.Path == \"${dep}\") | .Version")
echo "Resolved to ${dep}@${rev}"
# Add the replace directive
echo "Running: go mod edit -replace ${dep}=${dep}@${rev}"
bazel run //hack/bin:go -- mod edit -replace "${dep}=${dep}@${rev}"
echo ""
echo "Run hack/update-vendor.sh to rebuild the vendor directory"

102
hack/release.sh
View File

@ -1,102 +0,0 @@
#!/usr/bin/env bash
# Copyright 2019 The Jetstack cert-manager contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
set -o xtrace
function usage() {
cat <<'EOF'
This script is entrypoint to release images automatically.
Note that this script expected
Usage: hack/release.sh
-h show this message and exit
Environments:
REGISTRY container registry without repo name (default: quay.io/external_storage)
VERSION if set, use given version as image tag
CONFIRM set this to skip confirmation
ALLOW_DIRTY by default, git repo must be clean, set this to skip this check (debug only)
ALLOW_OVERWRITE by default, if an existing image exists with the same tag then pushing will be aborted, set this to skip this check
SKIP_REF_TAG skip creating a commit ref docker tag
CHART_PATH custom path to the Helm chart within the cert-manager repository (debug only) (default: deploy/charts/cert-manager)
CHART_BUCKET GCS bucket where the Helm chart should be published (default: jetstack-chart-museum)
CHART_SERVICE_ACCOUNT optional path to a JSON formatted Google Cloud service account used by gsutil to publish the chart
SKIP_CHART skip publishing the Helm chart
Examples:
1) Release to your own registry for testing
git tag v2.2.3
REGISTRY=quay.io/<yourname> SKIP_CHART=1 ./hack/release.sh
2) Release canary version
REGISTRY=quay.io/<yourname> VERSION=canary SKIP_CHART=1 ./hack/release.sh
EOF
}
while getopts "h?" opt; do
case "$opt" in
h|\?)
usage
exit 0
;;
esac
done
export CONFIRM=${CONFIRM:-}
export VERSION=${VERSION:-}
DOCKER_REPO=${REGISTRY:-quay.io/jetstack}
# remove trailing `/` if present
export DOCKER_REPO=${DOCKER_REPO%/}
# TODO: implement
export ALLOW_OVERWRITE=${ALLOW_OVERWRITE:-}
# Helm chart packaging vars
export CHART_PATH=${CHART_PATH:-deploy/charts/cert-manager}
export CHART_BUCKET=${CHART_BUCKET:-jetstack-chart-museum}
export CHART_SERVICE_ACCOUNT=${CHART_SERVICE_ACCOUNT:-}
export SKIP_CHART="${SKIP_CHART:-}"
export SKIP_MANIFESTS="${SKIP_MANIFESTS:-}"
if [[ ! -z "${CONFIRM}" ]]; then
PUBLISH="--publish"
fi
if [[ ! -z "${CHART_SERVICE_ACCOUNT}" ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="${CHART_SERVICE_ACCOUNT}"
gcloud auth activate-service-account --key-file "${CHART_SERVICE_ACCOUNT}"
fi
if [[ -z "${SKIP_CHART}" ]]; then
CHART="--chart"
fi
if [[ -z "${SKIP_MANIFESTS}" ]]; then
MANIFESTS="--manifests"
fi
# TODO: enable --manifests too
bazel run //hack/release -- \
--images \
"${CHART:-}" \
"${MANIFESTS:-}" \
--docker-repo="${DOCKER_REPO}" \
--helm.path="$(bazel info bazel-genfiles)/hack/bin/helm" \
--chart.path="${CHART_PATH}" \
--chart.bucket="${CHART_BUCKET}" \
--app-version="${VERSION}" \
--docker-repo="${DOCKER_REPO}" \
--v=4 \
"${PUBLISH:-}"

2
hack/update-bazel.sh
View File

@ -42,4 +42,4 @@ fi
set -o xtrace
"$gazelle" fix --external=external
"$kazel" --cfg-path=./.kazelcfg.json
"$kazel" --cfg-path=./hack/build/.kazelcfg.json

2
hack/update-deps.sh
View File

@ -89,7 +89,7 @@ esac
rm -rf vendor
"$go" mod tidy
"$gazelle" update-repos \
--from_file=go.mod --to_macro=repos.bzl%go_repositories \
--from_file=go.mod --to_macro=hack/build/repos.bzl%go_repositories \
--build_file_generation=on --build_file_proto_mode=disable
"${update_bazel[@]}" # TODO(fejta): do we still need to do this?
"${update_deps_licenses[@]}"

2
hack/verify-bazel.sh
View File

@ -47,7 +47,7 @@ export GO111MODULE=on
echo "Running gazelle..."
gazelle_diff=$("$gazelle" fix --mode=diff --external=external || true)
echo "Running kazel..."
kazel_diff=$("$kazel" --dry-run --print-diff --cfg-path=./.kazelcfg.json)
kazel_diff=$("$kazel" --dry-run --print-diff --cfg-path=./hack/build/.kazelcfg.json)
if [[ -n "${gazelle_diff}${kazel_diff}" ]]; then
echo "Current rules (-) do not match expected (+):" >&2

2
pkg/apis/acme/v1alpha2/types_order.go
View File

@ -163,7 +163,7 @@ type ACMEChallenge struct {
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
Token string `json:"token""`
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. http-01, dns-01
Type ACMEChallengeType `json:"type"`

12
pkg/controller/certificaterequests/vault/vault_test.go
View File

@ -182,7 +182,7 @@ func TestSign(t *testing.T) {
TokenSecretRef: &cmmeta.SecretKeySelector{
Key: "secret-key",
LocalObjectReference: cmmeta.LocalObjectReference{
"non-existing-secret",
Name: "non-existing-secret",
},
},
},
@ -220,7 +220,7 @@ func TestSign(t *testing.T) {
SecretRef: cmmeta.SecretKeySelector{
Key: "secret-key",
LocalObjectReference: cmmeta.LocalObjectReference{
"non-existing-secret",
Name: "non-existing-secret",
},
},
},
@ -257,7 +257,7 @@ func TestSign(t *testing.T) {
TokenSecretRef: &cmmeta.SecretKeySelector{
Key: "my-token-key",
LocalObjectReference: cmmeta.LocalObjectReference{
"token-secret",
Name: "token-secret",
},
},
},
@ -296,7 +296,7 @@ func TestSign(t *testing.T) {
RoleId: "my-role-id",
SecretRef: cmmeta.SecretKeySelector{
LocalObjectReference: cmmeta.LocalObjectReference{
"role-secret",
Name: "role-secret",
},
Key: "my-role-key",
},
@ -336,7 +336,7 @@ func TestSign(t *testing.T) {
TokenSecretRef: &cmmeta.SecretKeySelector{
Key: "my-token-key",
LocalObjectReference: cmmeta.LocalObjectReference{
"token-secret",
Name: "token-secret",
},
},
},
@ -376,7 +376,7 @@ func TestSign(t *testing.T) {
RoleId: "my-role-id",
SecretRef: cmmeta.SecretKeySelector{
LocalObjectReference: cmmeta.LocalObjectReference{
"role-secret",
Name: "role-secret",
},
Key: "my-role-key",
},

16
pkg/controller/helper_test.go
View File

@ -46,7 +46,7 @@ func TestCalculateDurationUntilRenew(t *testing.T) {
desc: "generate an event if certificate duration is lower than requested duration",
notBefore: now(),
notAfter: now().Add(time.Hour * 24 * 90),
duration: &metav1.Duration{time.Hour * 24 * 120},
duration: &metav1.Duration{Duration: time.Hour * 24 * 120},
renewBefore: nil,
expectedExpiry: time.Hour * 24 * 60,
},
@ -70,24 +70,24 @@ func TestCalculateDurationUntilRenew(t *testing.T) {
desc: "expiry of 2/3 of certificate duration when duration < 30 minutes",
notBefore: now(),
notAfter: now().Add(time.Hour),
duration: &metav1.Duration{time.Hour},
renewBefore: &metav1.Duration{time.Hour / 3},
duration: &metav1.Duration{Duration: time.Hour},
renewBefore: &metav1.Duration{Duration: time.Hour / 3},
expectedExpiry: time.Hour * 2 / 3,
},
{
desc: "expiry of 60 days of certificate duration",
notBefore: now(),
notAfter: now().Add(time.Hour * 24 * 365),
duration: &metav1.Duration{time.Hour * 24 * 365},
renewBefore: &metav1.Duration{time.Hour * 24 * 60},
duration: &metav1.Duration{Duration: time.Hour * 24 * 365},
renewBefore: &metav1.Duration{Duration: time.Hour * 24 * 60},
expectedExpiry: (time.Hour * 24 * 365) - (time.Hour * 24 * 60),
},
{
desc: "expiry of 2/3 of certificate duration when renewBefore greater than certificate duration",
notBefore: now(),
notAfter: now().Add(time.Hour * 24 * 35),
duration: &metav1.Duration{time.Hour * 24 * 35},
renewBefore: &metav1.Duration{time.Hour * 24 * 40},
duration: &metav1.Duration{Duration: time.Hour * 24 * 35},
renewBefore: &metav1.Duration{Duration: time.Hour * 24 * 40},
expectedExpiry: time.Hour * 24 * 35 * 2 / 3,
},
{
@ -96,7 +96,7 @@ func TestCalculateDurationUntilRenew(t *testing.T) {
notBefore: now().Add(-time.Hour),
notAfter: now().Add(-time.Hour).Add(time.Hour * 24 * 90),
duration: nil,
renewBefore: &metav1.Duration{time.Hour*2159 + time.Minute*50},
renewBefore: &metav1.Duration{Duration: time.Hour*2159 + time.Minute*50},
expectedExpiry: -time.Minute * 50,
},
}

2
pkg/internal/apis/acme/types_order.go
View File

@ -156,7 +156,7 @@ type ACMEChallenge struct {
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
Token string `json:"token""`
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. http-01, dns-01
Type ACMEChallengeType `json:"type"`

3
pkg/internal/vault/vault.go
View File

@ -273,8 +273,7 @@ func (v *Vault) requestTokenWithAppRoleRef(client Client, appRole *v1alpha2.Vaul
defer resp.Body.Close()
vaultResult := vault.Secret{}
resp.DecodeJSON(&vaultResult)
if err != nil {
if err := resp.DecodeJSON(&vaultResult); err != nil {
return "", fmt.Errorf("unable to decode JSON payload: %s", err.Error())
}

25
pkg/internal/vault/vault_test.go
View File

@ -29,7 +29,6 @@ import (
"fmt"
"io/ioutil"
"net/http"
"reflect"
"strings"
"testing"
"time"
@ -168,7 +167,9 @@ func TestSign(t *testing.T) {
}
cert, _, err := v.Sign(test.csrPEM, time.Minute)
if !reflect.DeepEqual(test.expectedErr, err) {
if ((test.expectedErr == nil) != (err == nil)) &&
test.expectedErr != nil &&
test.expectedErr.Error() != err.Error() {
t.Errorf("%s: unexpected error, exp=%v got=%v",
name, test.expectedErr, err)
}
@ -471,7 +472,9 @@ func TestSetToken(t *testing.T) {
}
err := v.setToken(test.fakeClient)
if !reflect.DeepEqual(test.expectedErr, err) {
if ((test.expectedErr == nil) != (err == nil)) &&
test.expectedErr != nil &&
test.expectedErr.Error() != err.Error() {
t.Errorf("unexpected error, exp=%v got=%v",
test.expectedErr, err)
}
@ -569,7 +572,9 @@ func TestAppRoleRef(t *testing.T) {
}
roleID, secretID, err := v.appRoleRef(test.appRole)
if !reflect.DeepEqual(test.expectedErr, err) {
if ((test.expectedErr == nil) != (err == nil)) &&
test.expectedErr != nil &&
test.expectedErr.Error() != err.Error() {
t.Errorf("unexpected error, exp=%v got=%v",
test.expectedErr, err)
}
@ -665,7 +670,9 @@ func TestTokenRef(t *testing.T) {
}
token, err := v.tokenRef("test-name", "test-namespace", test.key)
if !reflect.DeepEqual(test.expectedErr, err) {
if ((test.expectedErr == nil) != (err == nil)) &&
test.expectedErr != nil &&
test.expectedErr.Error() != err.Error() {
t.Errorf("unexpected error, exp=%v got=%v",
test.expectedErr, err)
}
@ -741,7 +748,9 @@ func TestNewConfig(t *testing.T) {
}
cfg, err := v.newConfig()
if !reflect.DeepEqual(test.expectedErr, err) {
if ((test.expectedErr == nil) != (err == nil)) &&
test.expectedErr != nil &&
test.expectedErr.Error() != err.Error() {
t.Errorf("unexpected error, exp=%v got=%v",
test.expectedErr, err)
}
@ -866,7 +875,9 @@ func TestRequestTokenWithAppRoleRef(t *testing.T) {
}
token, err := v.requestTokenWithAppRoleRef(test.client, test.appRole)
if !reflect.DeepEqual(test.expectedErr, err) {
if ((test.expectedErr == nil) != (err == nil)) &&
test.expectedErr != nil &&
test.expectedErr.Error() != err.Error() {
t.Errorf("unexpected error, exp=%v got=%v",
test.expectedErr, err)
}

4
pkg/issuer/acme/dns/dns_test.go
View File

@ -388,7 +388,7 @@ func TestRoute53AmbientCreds(t *testing.T) {
defer f.Finish(t)
s := f.Solver
_, _, err := s.solverForChallenge(context.Background(), f.Issuer, f.Challenge)
if !reflect.DeepEqual(tt.out.expectedErr, err) {
if tt.out.expectedErr != err {
t.Fatalf("expected error %v, got error %v", tt.out.expectedErr, err)
}
@ -480,7 +480,7 @@ func TestRoute53AssumeRole(t *testing.T) {
defer f.Finish(t)
s := f.Solver
_, _, err := s.solverForChallenge(context.Background(), f.Issuer, f.Challenge)
if !reflect.DeepEqual(tt.out.expectedErr, err) {
if tt.out.expectedErr != err {
t.Fatalf("expected error %v, got error %v", tt.out.expectedErr, err)
}

2
test/e2e/suite/issuers/acme/certificate/http01.go
View File

@ -72,7 +72,6 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() {
f.RequireAddon(pebble)
var acmeIngressDomain string
var acmeIngressClass string
issuerName := "test-acme-issuer"
certificateName := "test-acme-certificate"
certificateSecretName := "test-acme-certificate"
@ -136,7 +135,6 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() {
JustBeforeEach(func() {
acmeIngressDomain = addon.NginxIngress.Details().NewTestDomain()
acmeIngressClass = addon.NginxIngress.Details().IngressClass
})
AfterEach(func() {

2
test/e2e/suite/issuers/acme/certificaterequest/http01.go
View File

@ -66,7 +66,6 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func()
f.RequireAddon(pebble)
var acmeIngressDomain string
var acmeIngressClass string
issuerName := "test-acme-issuer"
certificateRequestName := "test-acme-certificate-request"
// fixedIngressName is the name of an ingress resource that is configured
@ -129,7 +128,6 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func()
JustBeforeEach(func() {
acmeIngressDomain = addon.NginxIngress.Details().NewTestDomain()
acmeIngressClass = addon.NginxIngress.Details().IngressClass
})
AfterEach(func() {

2
test/e2e/suite/issuers/ca/certificate.go
View File

@ -100,7 +100,7 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() {
label string
}{
{
inputDuration: &metav1.Duration{time.Hour * 24 * 35},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35},
inputRenewBefore: nil,
expectedDuration: time.Hour * 24 * 35,
label: "35 days",

2
test/e2e/suite/issuers/ca/certificaterequest.go
View File

@ -122,7 +122,7 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() {
label string
}{
{
inputDuration: &metav1.Duration{time.Hour * 24 * 35},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35},
expectedDuration: time.Hour * 24 * 35,
label: "35 days",
},

2
test/e2e/suite/issuers/selfsigned/certificate.go
View File

@ -67,7 +67,7 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() {
label string
}{
{
inputDuration: &metav1.Duration{time.Hour * 24 * 35},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35},
inputRenewBefore: nil,
expectedDuration: time.Hour * 24 * 35,
label: "35 days",

2
test/e2e/suite/issuers/selfsigned/certificaterequest.go
View File

@ -127,7 +127,7 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() {
label string
}{
{
inputDuration: &metav1.Duration{time.Hour * 24 * 35},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35},
expectedDuration: time.Hour * 24 * 35,
label: "35 days",
},

8
test/e2e/suite/issuers/vault/certificate/approle.go
View File

@ -129,7 +129,7 @@ var _ = framework.CertManagerDescribe("Vault Certificate (AppRole)", func() {
event string
}{
{
inputDuration: &metav1.Duration{time.Hour * 24 * 35},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35},
inputRenewBefore: nil,
expectedDuration: time.Hour * 24 * 35,
label: "valid for 35 days",
@ -141,14 +141,14 @@ var _ = framework.CertManagerDescribe("Vault Certificate (AppRole)", func() {
label: "valid for the default value (90 days)",
},
{
inputDuration: &metav1.Duration{time.Hour * 24 * 365},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 365},
inputRenewBefore: nil,
expectedDuration: time.Hour * 24 * 90,
label: "with Vault configured maximum TTL duration (90 days) when requested duration is greater than TTL",
},
{
inputDuration: &metav1.Duration{time.Hour * 24 * 240},
inputRenewBefore: &metav1.Duration{time.Hour * 24 * 120},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 240},
inputRenewBefore: &metav1.Duration{Duration: time.Hour * 24 * 120},
expectedDuration: time.Hour * 24 * 90,
label: "with a warning event when renewBefore is bigger than the duration",
},

6
test/e2e/suite/issuers/vault/certificaterequest/approle.go
View File

@ -141,7 +141,7 @@ var _ = framework.CertManagerDescribe("Vault CertificateRequest (AppRole)", func
event string
}{
{
inputDuration: &metav1.Duration{time.Hour * 24 * 35},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35},
expectedDuration: time.Hour * 24 * 35,
label: "valid for 35 days",
},
@ -151,12 +151,12 @@ var _ = framework.CertManagerDescribe("Vault CertificateRequest (AppRole)", func
label: "valid for the default value (90 days)",
},
{
inputDuration: &metav1.Duration{time.Hour * 24 * 365},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 365},
expectedDuration: time.Hour * 24 * 90,
label: "with Vault configured maximum TTL duration (90 days) when requested duration is greater than TTL",
},
{
inputDuration: &metav1.Duration{time.Hour * 24 * 240},
inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 240},
expectedDuration: time.Hour * 24 * 90,
label: "with a warning event when renewBefore is bigger than the duration",
},