Merge branch 'main' into oci_fallback

Author: davidcollom

.github/workflows/build-test.yaml

@@ -13,6 +13,7 @@ jobs:
     permissions:
       contents: read  # for actions/checkout to fetch code
       pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+      checks: write  # for golangci/golangci-lint-action to annotate Pull Requests
     name: Lint Go code
     runs-on: ubuntu-latest
     steps:
@@ -21,9 +22,9 @@ jobs:
       - name: Setup Golang
         uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
+        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804      # v4.0.0
         with:
-          version: v1.53
+          version: v1.54
           args: --timeout 10m --exclude SA5011 --verbose --issues-exit-code=0
           only-new-issues: true
 
@@ -83,7 +84,18 @@ jobs:
       with:
         context: .
         platforms: ${{ matrix.platform }}
+        load: true
         push: false
         tags: quay.io/jetstack/version-checker:${{github.sha}}
         cache-from: type=gha
         cache-to: type=gha,mode=max
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.19.0
+      with:
+        image-ref: 'quay.io/jetstack/version-checker:${{github.sha}}'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'

Dockerfile

@@ -8,7 +8,7 @@ WORKDIR /app/
 RUN make build
 
 
-FROM alpine:3.18.3
+FROM alpine:3.19.1
 LABEL description="Kubernetes utility for exposing used image versions compared to the latest version, as metrics."
 
 RUN apk --no-cache add ca-certificates

Makefile

@@ -22,7 +22,7 @@ verify: test build ## tests and builds version-checker
 
 image: ## build docker image
 	GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/.
-	docker build -t quay.io/jetstack/version-checker:v0.5.2 .
+	docker build -t quay.io/jetstack/version-checker:v0.5.4 .
 
 clean: ## clean up created files
 	rm -rf \

deploy/charts/version-checker/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "v0.5.2"
-version: "v0.5.2"
+appVersion: "v0.5.4"
+version: "v0.5.4"
 description: A Helm chart for version-checker
 home: https://github.com/jetstack/version-checker
 name: version-checker

deploy/charts/version-checker/README.md

@@ -37,6 +37,7 @@ A Helm chart for version-checker
 | image.tag | string | `nil` | Override the chart version |
 | livenessProbe | object | `{"enabled":true,"httpGet":{"path":"/readyz","port":8080},"initialDelaySeconds":3,"periodSeconds":3}` | Configure the healthcheck probe for version-checker |
 | livenessProbe.enabled | bool | `true` | Enable/Disable the setting of a livenessProbe |
+| nodeSelector | object | `{}` | Configure nodeSelector |
 | prometheus | object | `{"enabled":false,"replicas":1,"serviceAccountName":"prometheus"}` | Prometheus Operator |
 | prometheus.enabled | bool | `false` | Deploy a Prometheus-Operator Prometheus Object to collect version-checker metrics |
 | prometheus.serviceAccountName | string | `"prometheus"` | ServiceAccount for new Prometheus Object |
@@ -58,4 +59,4 @@ A Helm chart for version-checker
 | versionChecker.testAllContainers | bool | `true` | Enable/Disable the requirement for an enable.version-checker.io annotation on pods. |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)

deploy/charts/version-checker/templates/deployment.yaml

@@ -32,9 +32,13 @@ spec:
     spec:
       serviceAccountName: {{ $chartname }}
       {{- with .Values.tolerations }}
-      tolerations: 
+      tolerations:
         {{- toYaml . | trim | nindent 8 }}
       {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ $chartname }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"

deploy/charts/version-checker/tests/deployment_test.yaml

@@ -59,6 +59,15 @@ tests:
             name: CUSTOM_ENV_VAR
             value: CUSTOM_ENV_VALUE
 
+  - it: NodeSelectors Present
+    set:
+      nodeSelector:
+        abc: "123"
+    asserts:
+      - equal:
+          path: spec.template.spec.nodeSelector.abc
+          value: "123"
+
     # Param changes
   - it: imageCacheTimeout
     set:

deploy/charts/version-checker/values.yaml

@@ -20,6 +20,9 @@ image:
 # -- Configure tolerations
 tolerations: []
 
+# -- Configure nodeSelector
+nodeSelector: {}
+
 # -- Configure version-checkers Service
 service:
   labels: {}

deploy/yaml/deploy.yaml

@@ -49,7 +49,7 @@ spec:
     spec:
       serviceAccountName: version-checker
       containers:
-      - image: quay.io/jetstack/version-checker:v0.5.2
+      - image: quay.io/jetstack/version-checker:v0.5.4
         imagePullPolicy: Always
         ports:
         - containerPort: 8080

go.mod

@@ -96,7 +96,7 @@ require (
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

@@ -260,8 +260,8 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

pkg/client/acr/acr.go

@@ -55,8 +55,7 @@ type ACRManifestResponse struct {
 
 func New(opts Options) (*Client, error) {
 	client := &http.Client{
-		Timeout:   time.Second * 5,
-		Transport: &http.Transport{Proxy: http.ProxyFromEnvironment},
+		Timeout: time.Second * 5,
 	}
 
 	if len(opts.RefreshToken) > 0 &&

pkg/client/docker/docker.go

@@ -52,8 +52,7 @@ type Image struct {
 
 func New(ctx context.Context, opts Options) (*Client, error) {
 	client := &http.Client{
-		Timeout:   time.Second * 10,
-		Transport: &http.Transport{Proxy: http.ProxyFromEnvironment},
+		Timeout: time.Second * 10,
 	}
 
 	// Setup Auth if username and password used.

pkg/client/ecr/ecr.go

@@ -3,7 +3,6 @@ package ecr
 import (
 	"context"
 	"fmt"
-	"net/http"
 	"sync"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -103,8 +102,6 @@ func (c *Client) getClient(region string) (*ecr.ECR, error) {
 			return nil, err
 		}
 	}
-	// Try and use an HTTP(S) Proxies defined within Environment variables.
-	client.Config.WithHTTPClient(&http.Client{Transport: &http.Transport{Proxy: http.ProxyFromEnvironment}})
 
 	c.cachedRegionClients[region] = client
 	return client, nil

pkg/client/gcr/gcr.go

@@ -35,14 +35,11 @@ type ManifestItem struct {
 }
 
 func New(opts Options) *Client {
-	client := &http.Client{
-		Timeout:   time.Second * 5,
-		Transport: &http.Transport{Proxy: http.ProxyFromEnvironment},
-	}
-
 	return &Client{
 		Options: opts,
-		Client:  client,
+		Client: &http.Client{
+			Timeout: time.Second * 5,
+		},
 	}
 }
 

pkg/client/ghcr/ghcr.go

@@ -25,8 +25,7 @@ func New(opts Options) *Client {
 	return &Client{
 		Options: opts,
 		Client: &http.Client{
-			Timeout:   time.Second * 5,
-			Transport: &http.Transport{Proxy: http.ProxyFromEnvironment},
+			Timeout: time.Second * 5,
 		},
 	}
 }

pkg/client/quay/quay.go

@@ -59,7 +59,6 @@ type responseManifestDataItem struct {
 
 func New(opts Options) *Client {
 	client := retryablehttp.NewClient()
-	client.HTTPClient.Transport = &http.Transport{Proxy: http.ProxyFromEnvironment}
 	client.RetryMax = 10
 	client.Logger = nil