Skip to content

Commit 3d3aac4

Browse files
tknatkna
authored
Merge pull request #141 from cybozu-go/lock-dependencies
Lock dependencies
2 parents b7be600 + 586b168 commit 3d3aac4

5 files changed

Lines changed: 63 additions & 21 deletions

File tree

.github/workflows/main.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ jobs:
99
name: Build image
1010
runs-on: ubuntu-24.04
1111
steps:
12-
- uses: actions/checkout@v6
13-
- uses: actions/setup-go@v6
12+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
13+
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
1414
with:
1515
go-version-file: 'go.mod'
1616
- run: make setup

.github/workflows/release.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@ jobs:
88
name: Push container image
99
runs-on: ubuntu-22.04
1010
steps:
11-
- uses: actions/checkout@v6
12-
- uses: actions/setup-go@v6
11+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
12+
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
1313
with:
1414
go-version-file: 'go.mod'
1515
- run: make setup
@@ -18,7 +18,7 @@ jobs:
1818
- run: make test
1919
- run: make docker-build
2020
- name: Login to GitHub Container Registry
21-
uses: docker/login-action@v3
21+
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
2222
with:
2323
registry: ghcr.io
2424
username: ${{ github.actor }}
@@ -36,10 +36,10 @@ jobs:
3636
needs: image
3737
runs-on: ubuntu-22.04
3838
steps:
39-
- uses: actions/checkout@v6
39+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4040
- name: Create release
4141
id: create_release
42-
uses: actions/create-release@v1
42+
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
4343
env:
4444
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4545
with:

Makefile

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -40,41 +40,50 @@ setup: download-tools download-crds ## Setup
4040
.PHONY: download-tools
4141
download-tools: $(GH) $(YQ) $(KUBECTL) $(HELM)
4242
GOBIN=$(BIN_DIR) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v$(CONTROLLER_TOOLS_VERSION)
43-
GOBIN=$(BIN_DIR) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
43+
GOBIN=$(BIN_DIR) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v$(SETUP_ENVTEST_VERSION)
4444
GOBIN=$(BIN_DIR) go install sigs.k8s.io/kustomize/kustomize/v5@v$(KUSTOMIZE_VERSION)
45-
GOBIN=$(BIN_DIR) go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
46-
GOBIN=$(BIN_DIR) go install honnef.co/go/tools/cmd/staticcheck@latest
47-
GOBIN=$(BIN_DIR) go install golang.org/x/tools/cmd/goimports@latest
48-
GOBIN=$(BIN_DIR) go install sigs.k8s.io/kind@latest
45+
GOBIN=$(BIN_DIR) go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@v$(CUSTOM_CHECKER_VERSION)
46+
GOBIN=$(BIN_DIR) go install honnef.co/go/tools/cmd/staticcheck@v$(STATICCHECK_VERSION)
47+
GOBIN=$(BIN_DIR) go install golang.org/x/tools/cmd/goimports@v$(GOIMPORTS_VERSION)
48+
GOBIN=$(BIN_DIR) go install sigs.k8s.io/kind@v$(KIND_CLI_VERSION)
4949

5050
.PHONY: download-crds
5151
download-crds:
5252
curl -fsL -o $(CRD_DIR)/certmanager.yml -sLf https://github.com/jetstack/cert-manager/releases/download/$(call upstream-tag,$(CERT_MANAGER_VERSION))/cert-manager.crds.yaml
53+
echo "$(CERTMANAGER_CRD_SHA256) $(CRD_DIR)/certmanager.yml" | sha256sum --check
5354
curl -fsL -o $(CRD_DIR)/dnsendpoint.yml -sLf https://github.com/kubernetes-sigs/external-dns/raw/$(call upstream-tag,$(EXTERNAL_DNS_VERSION))/config/crd/standard/dnsendpoints.externaldns.k8s.io.yaml
55+
echo "$(EXTERNALDNS_CRD_SHA256) $(CRD_DIR)/dnsendpoint.yml" | sha256sum --check
5456
curl -fsL -o $(CRD_DIR)/httpproxy.yml -sLf https://github.com/projectcontour/contour/raw/$(call upstream-tag,$(CONTOUR_VERSION))/examples/contour/01-crds.yaml
57+
echo "$(CONTOUR_CRD_SHA256) $(CRD_DIR)/httpproxy.yml" | sha256sum --check
5558

5659
$(GH):
5760
mkdir -p $(BIN_DIR)
58-
wget -qO - https://github.com/cli/cli/releases/download/v$(GH_VERSION)/gh_$(GH_VERSION)_linux_amd64.tar.gz | tar -zx -O gh_$(GH_VERSION)_linux_amd64/bin/gh > $@
61+
wget -qO $(BIN_DIR)/gh.tar.gz https://github.com/cli/cli/releases/download/v$(GH_VERSION)/gh_$(GH_VERSION)_linux_amd64.tar.gz
62+
echo "$(GH_SHA256) $(BIN_DIR)/gh.tar.gz" | sha256sum --check
63+
tar -zx -O -f $(BIN_DIR)/gh.tar.gz gh_$(GH_VERSION)_linux_amd64/bin/gh > $@
5964
chmod +x $@
65+
rm $(BIN_DIR)/gh.tar.gz
6066

6167
$(YQ):
6268
mkdir -p $(BIN_DIR)
6369
wget -qO $@ https://github.com/mikefarah/yq/releases/download/v$(YQ_VERSION)/yq_linux_amd64
70+
echo "$(YQ_SHA256) $@" | sha256sum --check
6471
chmod +x $@
6572

6673
$(KUBECTL):
6774
mkdir -p $(BIN_DIR)
6875
wget -qO $@ https://dl.k8s.io/release/v$(ENVTEST_K8S_VERSION)/bin/linux/amd64/kubectl
76+
echo "$(KUBECTL_SHA256) $@" | sha256sum --check
6977
chmod +x $@
7078

7179
$(HELM):
7280
mkdir -p $(BIN_DIR)
73-
wget -qO helm.tar.gz https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz
74-
tar -xzf helm.tar.gz
75-
mv linux-amd64/helm $@
81+
wget -qO $(BIN_DIR)/helm.tar.gz https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz
82+
echo "$(HELM_SHA256) $(BIN_DIR)/helm.tar.gz" | sha256sum --check
83+
tar -xzf $(BIN_DIR)/helm.tar.gz -C $(BIN_DIR) linux-amd64/helm
84+
mv $(BIN_DIR)/linux-amd64/helm $@
7685
chmod +x $@
77-
rm -rf linux-amd64 helm.tar.gz
86+
rm -rf $(BIN_DIR)/linux-amd64 $(BIN_DIR)/helm.tar.gz
7887

7988
.PHONY: clean
8089
clean: ## Clean files

Makefile.versions

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,29 @@ HELM_VERSION := 3.20.0
1212
# https://github.com/cybozu/neco-containers/blob/main/argocd/Dockerfile#L10
1313
KUSTOMIZE_VERSION := 5.6.0
1414

15+
# Versions for go install
16+
SETUP_ENVTEST_VERSION := 0.0.0-20260405152528-6210f847b2c1
17+
CUSTOM_CHECKER_VERSION := 0.1.5
18+
STATICCHECK_VERSION := 0.7.0
19+
GOIMPORTS_VERSION := 0.44.0
20+
KIND_CLI_VERSION := 0.31.0
21+
22+
# Commit SHAs for git-cloned external repositories (must be updated together with the version)
23+
EXTERNAL_DNS_COMMIT := 5c2787321948e391ac188584855a7339eb8dd5e1
24+
CONTOUR_COMMIT := 33278ce35c125f8f2338910c983587ac667f95e8
25+
26+
# SHA256 checksums for downloaded files (must be updated together with the version)
27+
GH_SHA256 := b4f533bf21d1fc0750976b4755e479ae3f59bfc42c9c22dfb0c0c5491ab1e152
28+
YQ_SHA256 := 654d2943ca1d3be2024089eb4f270f4070f491a0610481d128509b2834870049
29+
KUBECTL_SHA256 := a2e984a18a0c063279d692533031c1eff93a262afcc0afdc517375432d060989
30+
HELM_SHA256 := dbb4c8fc8e19d159d1a63dda8db655f9ffa4aac1b9a6b188b34a40957119b286
31+
CERTMANAGER_CRD_SHA256 := 7326633f0f70514a71dc8eece2414c5f753b8d121e564d4c455f107f32a2defc
32+
EXTERNALDNS_CRD_SHA256 := 0dbd14aff7edbd9bffc0bb04068f53c6942c94e55567674844fea22fd5f9af9b
33+
CONTOUR_CRD_SHA256 := c02ed88146211c84edcafb718191f403ab35d8a9c6593bdc244338d20e8461b2
34+
CERTMANAGER_MANIFEST_SHA256 := a8e859afe65a630d80b2b7e7ef76b6c86c457cfe2bf194b1b3ed20cf6b23471f
35+
ETCD_YAML_SHA256 := 26d8a20e94007b3030f04fcbcddbe26b01eaab369b0a8a3c8b40c00001df365e
36+
COREDNS_VALUES_SHA256 := 195a33eb977f39f8280c0ef3146bf9c0fa67a19941e624d7df4e755096fd1b4e
37+
1538
# Versions used only in e2e testing
1639
KINDEST_NODE_VERSION := 1.35.1
1740
ENVOY_VERSION := 1.35.9.1

e2e/Makefile

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,10 @@ install-crds:
1111
.PHONY: update-cert-manager-manifests
1212
update-cert-manager-manifests:
1313
mkdir -p testdata/cert-manager/upstream
14-
curl -sSLf https://github.com/jetstack/cert-manager/releases/download/$(call upstream-tag,$(CERT_MANAGER_VERSION))/cert-manager.yaml |\
15-
$(YQ) eval 'select(.$(KIND) != "CustomResourceDefinition")' > testdata/cert-manager/upstream/cert-manager.yaml
14+
curl -sSLf -o /tmp/cert-manager-upstream.yaml https://github.com/jetstack/cert-manager/releases/download/$(call upstream-tag,$(CERT_MANAGER_VERSION))/cert-manager.yaml
15+
echo "$(CERTMANAGER_MANIFEST_SHA256) /tmp/cert-manager-upstream.yaml" | sha256sum --check
16+
$(YQ) eval 'select(.$(KIND) != "CustomResourceDefinition")' /tmp/cert-manager-upstream.yaml > testdata/cert-manager/upstream/cert-manager.yaml
17+
rm /tmp/cert-manager-upstream.yaml
1618
$(YQ) -i "(.images[] | select(.name==\"ghcr.io/cybozu/cert-manager\")).newTag = \"$(CERT_MANAGER_VERSION)\"" testdata/cert-manager/kustomization.yaml
1719

1820
.PHONY: install-cert-manager
@@ -25,7 +27,9 @@ install-cert-manager:
2527
update-coredns-manifests:
2628
mkdir -p testdata/coredns/upstream
2729
curl -sSLf -o testdata/coredns/upstream/etcd.yaml https://raw.githubusercontent.com/kubernetes-sigs/external-dns/refs/tags/$(call upstream-tag,$(EXTERNAL_DNS_VERSION))/docs/snippets/tutorials/coredns/etcd.yaml
30+
echo "$(ETCD_YAML_SHA256) testdata/coredns/upstream/etcd.yaml" | sha256sum --check
2831
curl -sSLf -o testdata/coredns/upstream/values-coredns.yaml https://raw.githubusercontent.com/kubernetes-sigs/external-dns/refs/tags/$(call upstream-tag,$(EXTERNAL_DNS_VERSION))/docs/snippets/tutorials/coredns/values-coredns.yaml
32+
echo "$(COREDNS_VALUES_SHA256) testdata/coredns/upstream/values-coredns.yaml" | sha256sum --check
2933
# replace etcd resource namespace
3034
$(YQ) -i 'select(.metadata.namespace) | .metadata.namespace = "external-dns"' testdata/coredns/upstream/etcd.yaml
3135
# replace binary path with that of cybozu build
@@ -48,7 +52,10 @@ install-coredns:
4852
update-external-dns-manifests:
4953
mkdir -p testdata/external-dns/upstream
5054
d=$$(mktemp -d); \
51-
cd $$d; git clone --depth 1 -b $(call upstream-tag,$(EXTERNAL_DNS_VERSION)) https://github.com/kubernetes-sigs/external-dns.git; \
55+
git init $$d/external-dns; \
56+
git -C $$d/external-dns remote add origin https://github.com/kubernetes-sigs/external-dns.git; \
57+
git -C $$d/external-dns fetch --depth 1 origin $(EXTERNAL_DNS_COMMIT); \
58+
git -C $$d/external-dns checkout FETCH_HEAD; \
5259
cp -r $$d/external-dns/kustomize/. $(THIS_MK_DIR)/testdata/external-dns/upstream
5360
$(YQ) -i "(.images[] | select(.name==\"ghcr.io/cybozu/external-dns\")).newTag = \"$(EXTERNAL_DNS_VERSION)\"" testdata/external-dns/kustomization.yaml
5461

@@ -61,7 +68,10 @@ install-external-dns:
6168
update-contour-manifests:
6269
mkdir -p testdata/contour/upstream
6370
d=$$(mktemp -d); \
64-
cd $$d; git clone --depth 1 -b $(call upstream-tag,$(CONTOUR_VERSION)) https://github.com/projectcontour/contour.git; \
71+
git init $$d/contour; \
72+
git -C $$d/contour remote add origin https://github.com/projectcontour/contour.git; \
73+
git -C $$d/contour fetch --depth 1 origin $(CONTOUR_COMMIT); \
74+
git -C $$d/contour checkout FETCH_HEAD; \
6575
cp -r $$d/contour/examples/contour/. $(THIS_MK_DIR)/testdata/contour/upstream
6676
$(YQ) -i "(.images[] | select(.newName==\"ghcr.io/cybozu/contour\")).newTag = \"$(CONTOUR_VERSION)\"" testdata/contour/kustomization.yaml
6777
$(YQ) -i "(.images[] | select(.newName==\"ghcr.io/cybozu/envoy\")).newTag = \"$(ENVOY_VERSION)\"" testdata/contour/kustomization.yaml

0 commit comments

Comments
 (0)