These enable scanning of each of our container images on linux/amd64
to check for vulnerabilities. These targets can then be used in CI as
an indicator that we might need to take a look at upgrading dependencies
or base images.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
I also took the opportunity to document the three most important "build"
variables in "make help".
Manually rebased to adopt $(BINDIR) changes
Signed-off-by: Maël Valais <mael@vls.dev>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This adds multiple retries on every attempt we make to use curl, which
should help to reduce flakes. Uses a $(CURL) variable where possible so
that we have the same invocation everywhere.
Also switches to using the more verbose curl arguments, in an attempt to
make it easier to reason about how curl is configured.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
previously we'd relied on rosetta because these tools hadn't been built
for darwin-arm64, but now they've started to be built and we can use
arm64 versions directly
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
we don't _need_ to remove these and we can keep them around for
longer, but we don't need them to be in files we actually use and edit.
putting the targets in a separate file feels cleaner!
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
We only use python in one place and probably won't start using it more
without some kind of policy change. We don't need to require that everyone
has it installed, and can instead only require it for people who're running
the boilerplate check
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
- includes a run of make update-crds which causes some trivial changes
- updates version of YQ to latest
- makes hack/update-crds.sh just call make
- makes hack/verify-crds.sh just call make
- moves functionality of hack/verify-crds.sh to hack/check-crds.sh,
using the makefile for generating alternative CRDs for comparison
- removes the bazel test associated with CRDs
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This is needed because go and other tools will ignore directories
starting with "_" or "." but would treat a dir called "bin" as a regular
directory.
This in turn meant that when we vendored Go in bin, these tools would by
default scan the whole stdlib included with the bundled vendored go.
See https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns for details
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
this removes the update functionality from make/cluster.sh in favour of
the simpler logic in hack/latest-kind-images.sh
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
- "make help" should be good enough for most people in most situations
to build and test cert-manager
- "make clean-all" can be a one-stop-shop to start fresh.
- "make which-go" makes it clearer whether go vendoring is being used
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
