feat(k8s): more boilerplate: add GitHub actions, license, PDOK golang…

…ci-lint config, upgrade to Go 1.22

.github/workflows/build-and-publish-image.yml

@@ -0,0 +1,78 @@
+---
+name: build
+env:
+  image: pdok/uptime-operator
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22'
+      - name: Make test
+        run: |
+          make test
+          echo "removing generated code from coverage results"
+          diffs="$(git status -s)"
+          if [[ -n "$diffs" ]]; then echo "there are diffs after make test: $diffs"; exit 250; fi
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.image }}
+          tags: |
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+      - name: Login to PDOK Docker Hub
+        if: startsWith(env.image, 'pdok/')
+        uses: docker/login-action@v1
+        with:
+          username: koalapdok
+          password: ${{ secrets.DOCKERHUB_PUSH }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+      - # Temp fix to cleanup cache
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+      - name: Build result notification
+        if: success() || failure()
+        uses: 8398a7/action-slack@v3
+        with:
+          fields: all
+          status: custom
+          custom_payload: |
+            {
+              attachments: [{
+                color: '${{ job.status }}' === 'success' ? 'good' : '${{ job.status }}' === 'failure' ? 'danger' : 'warning',
+                text: `${process.env.AS_WORKFLOW} ${{ job.status }} for ${process.env.AS_REPO}!\n${process.env.AS_JOB} job on ${process.env.AS_REF} (commit: ${process.env.AS_COMMIT}, version: ${{ steps.docker_meta.outputs.version }}) by ${process.env.AS_AUTHOR} took ${process.env.AS_TOOK}`,
+              }]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/lint-go.yml

@@ -0,0 +1,28 @@
+---
+name: lint (go)
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+permissions:
+  contents: read
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.22'
+          cache: false
+
+      - uses: actions/checkout@v3
+
+      - name: tidy
+        uses: katexochen/go-tidy-check@v2
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest

.github/workflows/test-go.yml

@@ -0,0 +1,39 @@
+---
+name: test (go)
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+permissions:
+  contents: write
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22'
+
+      - name: Make test
+        run: |
+          make test
+          echo "removing generated code from coverage results"
+          mv cover.out cover.out.tmp && grep -vP "uptime-operator/(api/v1alpha1|cmd|test/utils)/" cover.out.tmp > cover.out
+          diffs="$(git status -s)"
+          if [[ -n "$diffs" ]]; then echo "there are diffs after make test: $diffs"; exit 250; fi
+
+      - name: Update coverage report
+        uses: ncruces/go-coverage-report@v0
+        with:
+          coverage-file: cover.out
+          report: true
+          chart: false
+          amend: false
+          reuse-go: true
+        if: |
+          github.event_name == 'push'
+        continue-on-error: false

.golangci.yml

@@ -1,40 +1,102 @@
+---
 run:
-  deadline: 5m
-  allow-parallel-runners: true
+  # Timeout for analysis.
+  timeout: 5m
+
+  # Modules download mode (do not modify go.mod)
+  module-download-mode: readonly
+
+  # Include test files (see below to exclude certain linters)
+  tests: true
 
 issues:
-  # don't skip warning about doc comments
-  # don't exclude the default set of lint
-  exclude-use-default: false
-  # restore some of the defaults
-  # (fill in the rest as needed)
   exclude-rules:
-    - path: "api/*"
-      linters:
-        - lll
-    - path: "internal/*"
+    # Exclude certain linters for test code
+    - path: "_test\\.go"
       linters:
+        - bodyclose
         - dupl
-        - lll
+        - funlen
+
+output:
+  format: colored-line-number
+  print-issued-lines: true
+  print-linter-name: true
+
+linters-settings:
+  depguard:
+    rules:
+      main:
+        # Packages that are not allowed where the value is a suggestion.
+        deny:
+          - pkg: "github.com/pkg/errors"
+            desc: Should be replaced by standard lib errors package
+  cyclop:
+    # The maximal code complexity to report.
+    max-complexity: 15
+    skip-tests: true
+  funlen:
+    lines: 100
+  gomoddirectives:
+    replace-allow-list:
+      - github.com/abbot/go-http-auth  # https://github.com/traefik/traefik/issues/6873#issuecomment-637654361
+  nestif:
+    min-complexity: 6
+
 linters:
   disable-all: true
   enable:
-    - dupl
-    - errcheck
-    - exportloopref
-    - goconst
-    - gocyclo
-    - gofmt
-    - goimports
-    - gosimple
-    - govet
-    - ineffassign
-    - lll
-    - misspell
-    - nakedret
-    - prealloc
-    - staticcheck
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
+    # enabled by default by golangci-lint
+    - errcheck  # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - gosimple  # specializes in simplifying a code
+    - govet  # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign  # detects when assignments to existing variables are not used
+    - staticcheck  # is a go vet on steroids, applying a ton of static analysis checks
+    - typecheck  # like the front-end of a Go compiler, parses and type-checks Go code
+    - unused  # checks for unused constants, variables, functions and types
+    # extra enabled by us
+    - asasalint  # checks for pass []any as any in variadic func(...any)
+    - asciicheck  # checks that your code does not contain non-ASCII identifiers
+    - bidichk  # checks for dangerous unicode character sequences
+    - bodyclose  # checks whether HTTP response body is closed successfully
+    - cyclop  # checks function and package cyclomatic complexity
+    - dupl  # tool for code clone detection
+    - durationcheck  # checks for two durations multiplied together
+    - errname  # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - errorlint  # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
+    - execinquery  # checks query string in Query function which reads your Go src files and warning it finds
+    - exhaustive  # checks exhaustiveness of enum switch statements
+    - exportloopref  # checks for pointers to enclosing loop variables
+    - forbidigo  # forbids identifiers
+    - funlen  # tool for detection of long functions
+    - gocheckcompilerdirectives  # validates go compiler directive comments (//go:)
+    - goconst  # finds repeated strings that could be replaced by a constant
+    - gocritic  # provides diagnostics that check for bugs, performance and style issues
+    - goimports  # in addition to fixing imports, goimports also formats your code in the same style as gofmt
+    - gomoddirectives  # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    - gomodguard  # allow and block lists linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations
+    - goprintffuncname  # checks that printf-like functions are named with f at the end
+    - gosec  # inspects source code for security problems
+    - loggercheck  # checks key value pairs for common logger libraries (kitlog,klog,logr,zap)
+    - makezero  # finds slice declarations with non-zero initial length
+    - nakedret  # finds naked returns in functions greater than a specified function length
+    - nestif  # reports deeply nested if statements
+    - nilerr  # finds the code that returns nil even if it checks that the error is not nil
+    - nolintlint  # reports ill-formed or insufficient nolint directives
+    - nosprintfhostport  # checks for misuse of Sprintf to construct a host with port in a URL
+    - perfsprint  # Golang linter for performance, aiming at usages of fmt.Sprintf which have faster alternatives
+    - predeclared  # finds code that shadows one of Go's predeclared identifiers
+    - promlinter  # checks Prometheus metrics naming via promlint
+    - reassign  # checks that package variables are not reassigned
+    - revive  # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - rowserrcheck  # checks whether Err of rows is checked successfully
+    - sqlclosecheck  # checks that sql.Rows and sql.Stmt are closed
+    - sloglint  # A Go linter that ensures consistent code style when using log/slog
+    - tenv  # detects using os.Setenv instead of t.Setenv since Go1.17
+    - testableexamples  # checks if examples are testable (have an expected output)
+    - tparallel  # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - unconvert  # removes unnecessary type conversions
+    - unparam  # reports unused function parameters
+    - usestdlibvars  # detects the possibility to use variables/constants from the Go standard library
+    - wastedassign  # finds wasted assignment statements
+  fast: false

.yamllint

@@ -0,0 +1,14 @@
+extends: default
+
+ignore: |
+  .golangci.yaml
+
+# (deduced from generated yaml by kubebuilder:)
+rules:
+  comments:
+    require-starting-space: false
+  document-start: false
+  indentation:
+    indent-sequences: consistent
+  line-length:
+    max: 120

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.21 AS builder
+FROM golang:1.22 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 
@@ -21,7 +21,7 @@ COPY internal/controller/ internal/controller/
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
-RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} go build -a -o manager cmd/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Publieke Dienstverlening op de Kaart
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

go.mod

@@ -1,6 +1,6 @@
 module github.com/PDOK/uptime-operator
 
-go 1.21
+go 1.22
 
 require (
 	github.com/onsi/ginkgo/v2 v2.14.0

hack/boilerplate.go.txt

@@ -1,15 +1,23 @@
 /*
-Copyright 2024 pdok.nl.
+MIT License
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+Copyright (c) 2024 Publieke Dienstverlening op de Kaart
 
-    http://www.apache.org/licenses/LICENSE-2.0
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
 */