ci: update golang; switch kubeval to kubeconform (#167)

* ci: update golang; switch kubeval to kubeconform

* Fix typo

* Fix typo

* Fix typo

* Fix typo

* Fix typo

* Fix typo

* Fix typo

* Fix typo

* Fix typo

.github/workflows/ci.yaml

@@ -11,20 +11,25 @@ jobs:
 
     name: CI
     environment: ci-cd
+    # UPDATE_HERE
+    # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on
     runs-on: ubuntu-20.04
     env:
+      # UPDATE_HERE
       # https://hub.docker.com/r/rancher/k3s/tags
       K3S_VERSION: v1.29.1-k3s1
       # https://github.com/helm-unittest/helm-unittest/releases
       HELM_UNITTEST_VERSION: 0.4.1
 
     steps:
 
+      # UPDATE_HERE
       - uses: actions/checkout@v4
         name: Check out code
 
+      # UPDATE_HERE
       - name: Install asdf tools
-        uses: asdf-vm/actions/install@v2
+        uses: asdf-vm/actions/install@v3
 
       - name: install gpg2
         run: |
@@ -161,18 +166,22 @@ jobs:
             echo "IMAGE_LATEST_NAME=$(make image_latest_name)" >> $GITHUB_ENV
             echo "IMAGE_CACHE_NAME=$(make image_cache_name)" >> $GITHUB_ENV
 
+      # UPDATE_HERE
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
+      # UPDATE_HERE
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      # UPDATE_HERE
       - name: Log in to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASS }}
 
+      # UPDATE_HERE
       - name: Docker build
         uses: docker/build-push-action@v5
         with:

.github/workflows/release.yaml

@@ -10,13 +10,17 @@ jobs:
 
     name: Release
     environment: ci-cd
-    runs-on: ubuntu-20.04
+    # UPDATE_HERE
+    # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on
+    runs-on: ubuntu-22.04
     env:
+      # UPDATE_HERE
       # https://github.com/github/hub/releases
       HUB_VERSION: 2.14.2
 
     steps:
 
+      # UPDATE_HERE
       - uses: actions/checkout@v4
         name: Check out code
         with:
@@ -39,9 +43,10 @@ jobs:
         run: |
             echo "Skip release, tag found for ${VERSION}"
 
+      # UPDATE_HERE
       - name: Install asdf tools
         if: env.SKIP_RELEASE == ''
-        uses: asdf-vm/actions/install@v2
+        uses: asdf-vm/actions/install@v3
 
       - name: install hub
         if: env.SKIP_RELEASE == ''
@@ -51,14 +56,17 @@ jobs:
             chmod +x hub-linux-amd64-${HUB_VERSION}/bin/hub
             sudo mv hub-linux-amd64-${HUB_VERSION}/bin/hub /usr/local/bin/
 
+      # UPDATE_HERE
       - name: Set up QEMU
         if: env.SKIP_RELEASE == ''
         uses: docker/setup-qemu-action@v3
 
+      # UPDATE_HERE
       - name: Set up Docker Buildx
         if: env.SKIP_RELEASE == ''
         uses: docker/setup-buildx-action@v3
 
+      # UPDATE_HERE
       - name: Log in to Docker Hub
         if: env.SKIP_RELEASE == ''
         uses: docker/login-action@v3
@@ -75,6 +83,7 @@ jobs:
             git-chglog "${SOPS_SEC_OPERATOR_VERSION}" > chglog.tmp
             hub release create -F chglog.tmp "${SOPS_SEC_OPERATOR_VERSION}"
 
+      # UPDATE_HERE
       - name: Docker build
         if: env.SKIP_RELEASE == ''
         uses: docker/build-push-action@v5

.github/workflows/reviewdog.yaml

@@ -4,19 +4,25 @@ on: [pull_request]
 jobs:
   golangci-lint:
     name: runner / golangci-lint
-    runs-on: ubuntu-latest
+    # UPDATE_HERE
+    # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on
+    runs-on: ubuntu-22.04
     steps:
+      # UPDATE_HERE
       - name: Check out code into the Go module directory
         uses: actions/checkout@v4
 
+      # UPDATE_HERE
       - name: golangci-lint
         uses: reviewdog/action-golangci-lint@v2
         with:
           golangci_lint_flags: "--timeout=4m"
 
+      # UPDATE_HERE
       - name: action-lint
         uses: reviewdog/action-actionlint@v1
 
+      # UPDATE_HERE
       - name: docker hadolint
         uses: reviewdog/action-hadolint@v1
         with:

.tool-versions

@@ -2,7 +2,7 @@
 # https://github.com/kubernetes-sigs/kubebuilder/releases
 kubebuilder 3.14.0
 # https://golang.org/dl/
-golang 1.21.6
+golang 1.21.7
 # https://github.com/mozilla/sops/releases
 sops 3.8.1
 # https://github.com/kubernetes-sigs/kustomize/releases
@@ -16,11 +16,11 @@ kubectl 1.29.1
 helm 3.14.0
 # https://github.com/norwoodj/helm-docs/releases
 helm-docs 1.12.0
-# https://github.com/instrumenta/kubeval/releases
-kubeval v0.16.1
+# https://github.com/yannh/kubeconform/releases
+kubeconform 0.6.4
 # https://github.com/git-chglog/git-chglog/releases
 git-chglog 0.15.4
 # https://github.com/golangci/golangci-lint/releases
-golangci-lint 1.55.2
+golangci-lint 1.56.1
 # https://github.com/kubernetes-sigs/controller-tools/releases
 #kube-controller-tools 0.13.0

Dockerfile

@@ -7,10 +7,12 @@ FROM ubuntu:noble-20240114 as asdf-builder
 # UPDATE_HERE
 ARG ASDF_VERSION=v0.14.0
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # Install build tools
 RUN apt-get -y update \
       && apt-get -y install build-essential \
-      && apt-get -y install autoconf automake gdb git libffi-dev zlib1g-dev libssl-dev curl \
+      && apt-get -y install autoconf automake gdb git libffi-dev zlib1g-dev libssl-dev curl wget \
       && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install asdf
@@ -29,7 +31,7 @@ RUN git config --global user.email "[email protected]" \
 WORKDIR /root
 COPY .tool-versions .
 
-RUN awk '$0 !~ /^#/ {print $1}' ~/.tool-versions|xargs -i asdf plugin add  {} \
+RUN awk '$0 !~ /^#/ {print $1}' .tool-versions|xargs -I{} asdf plugin add  {} \
       && asdf install && asdf reshim
 ENV PATH "/root/.asdf/shims:/root/.asdf/bin:$PATH"
 

Makefile

@@ -5,15 +5,15 @@ SOPS_SEC_OPERATOR_VERSION := 0.12.2
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.14.0"
 # https://github.com/kubernetes-sigs/controller-runtime/releases
-CONTROLLER_RUNTIME_VERSION := "v0.17.0"
+CONTROLLER_RUNTIME_VERSION := "v0.17.1"
 # https://github.com/kubernetes-sigs/kustomize/releases
 KUSTOMIZE_VERSION := "v5.3.0"
 # use `setup-envtest list` to obtain the list of available versions
 # until fixed, can't use newer version, see:
 #   https://github.com/kubernetes-sigs/controller-runtime/issues/1571
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 # https://storage.googleapis.com/kubebuilder-tools
-ENVTEST_K8S_VERSION := "1.29.0"
+ENVTEST_K8S_VERSION := "1.29.1"
 
 # Use existing cluster instead of starting processes
 USE_EXISTING_CLUSTER ?= true
@@ -128,7 +128,7 @@ lint: ## Run golangci-lint
 .PHONY: update-here
 update-here: ## Helper target to start editing all occurances with UPDATE_HERE.
 	@echo "Update following files for release:"
-	@grep --color -nHR UPDATE_HERE .
+	@git grep --color -H UPDATE_HERE | sed -e 's/:.*//' | sort -u
 
 .PHONY: envtest-list
 envtest-list: envtest ## List of the available setup-envtest versions.

README.md

@@ -12,7 +12,7 @@ CRs, inspired by [Bitnami SealedSecrets](https://github.com/bitnami-labs/sealed-
 [sops](https://github.com/mozilla/sops). SopsSecret CR defines multiple
 kubernetes Secret resources. It supports managing kubernetes Secrets with
 annotations and labels, that allows using these kubernetes secrets as [Jenkins Credentials](https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/).
-The SopsSecret resources can be deployed by [Weaveworks Flux GitOps CD](https://fluxcd.io/) and
+The SopsSecret resources can be deployed by [Flux GitOps CD](https://fluxcd.io/) and
 encrypted using [sops](https://github.com/mozilla/sops) for AWS, GCP, Azure or
 on-prem hosted kubernetes clusters. Using `sops` greatly simplifies changing
 encrypted files stored in `git` repository.
@@ -310,9 +310,9 @@ Projects and tools inspired development of `sops-secrets-operator`:
 * [sops](https://github.com/mozilla/sops)
   * [Configuring AWS KMS for use with sops](https://github.com/mozilla/sops#26assuming-roles-and-using-kms-in-various-aws-accounts)
   * [helm secrets plugin](https://github.com/jkroepke/helm-secrets)
-* [kiam](https://github.com/uswitch/kiam) - in maintenance mode now
 * [kube2iam](https://github.com/jtblin/kube2iam)
-* [Weaveworks Flux GitOps CD](https://fluxcd.io/) - flux supports `sops` out of the box
+  * [kiam](https://github.com/uswitch/kiam) - in ABANDONED mode now
+* [Flux GitOps CD](https://fluxcd.io/) - flux supports `sops` out of the box
   * [Flux github repositories](https://github.com/fluxcd)
   * [Flux sops native integration documentation](https://fluxcd.io/flux/guides/mozilla-sops/)
 * [Jenkins Configuration as Code](https://jenkins.io/projects/jcasc/)
@@ -323,12 +323,12 @@ Projects and tools inspired development of `sops-secrets-operator`:
 * [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)
   * [operator-sdk](https://github.com/operator-framework/operator-sdk)
 
-## Similar tools
+## Alternative tools
 
 * [Kubernetes external secrets](https://github.com/external-secrets/external-secrets)
+* [Vault Secrets Operator](https://github.com/ricoberger/vault-secrets-operator)
 * [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
 * [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver)
 * [Kamus](https://kamus.soluto.io/)
-* [Sops Operator](https://github.com/craftypath/sops-operator)
 * [Tesoro](https://github.com/kapicorp/tesoro)
-* [Vault Secrets Operator](https://github.com/ricoberger/vault-secrets-operator)
+* [Sops Operator](https://github.com/craftypath/sops-operator)