[addon-operator] publish flow fix

.github/workflows/build.yaml

@@ -3,21 +3,18 @@ name: Build
 on:
   pull_request:
     types: [opened, synchronize]
-
 jobs:
   build_binary:
     name: Build addon-operator binary
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.25
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: '1.25.5'
         id: go
-
       - name: Check out addon-operator code
         uses: actions/checkout@v4
-
       - name: Restore Go modules
         id: go-modules-cache
         uses: actions/cache@v4
@@ -27,15 +24,18 @@ jobs:
           key: ${{ runner.os }}-gomod-${{ hashFiles('go.mod', 'go.sum') }}
           restore-keys: |
             ${{ runner.os }}-gomod-
+      - name: Check generated code is up to date
+        run: |
+          make generate
 
+          git diff --exit-code || (echo 'Regenerated code does not match source, please run "make generate"' && exit 1)
       - name: Download Go modules
         if: steps.go-modules-cache.outputs.cache-hit != 'true'
         run: |
           go mod download
           echo -n "Go modules unpacked size is: " && du -sh $HOME/go/pkg/mod
-
       - name: Build binary
-        run: |
+        run: |-
           export GOOS=linux
 
-          go build ./cmd/addon-operator
+          go build ./cmd/addon-operator

.github/workflows/lint.yaml

@@ -1,58 +1,48 @@
 # every push to a branch:
-# - Run Go linters.
-# - Check grammar with codespell.
+# - run linter
 name: Lint
 on:
   pull_request:
     types: [opened, synchronize]
-
 jobs:
-  go_linters:
-    name: Run Go linters
+  run_linter:
+    name: Run linter
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.25
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.25.5'
-        id: go
-
-      - name: Check out addon-operator code
+          go-version: "1.25.5"
+      - name: Check out shell-operator code
         uses: actions/checkout@v4
-
       - name: Restore Go modules
         id: go-modules-cache
-        uses: actions/cache@v4
+        uses: actions/cache@v4.2.3
         with:
           path: |
             ~/go/pkg/mod
           key: ${{ runner.os }}-gomod-${{ hashFiles('go.mod', 'go.sum') }}
           restore-keys: |
             ${{ runner.os }}-gomod-
-
       - name: Download Go modules
         if: steps.go-modules-cache.outputs.cache-hit != 'true'
         run: |
           go mod download
           echo -n "Go modules unpacked size is: " && du -sh $HOME/go/pkg/mod
-
       - name: Run golangci-lint
         run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b . v2.7.2
-          ./golangci-lint run
-
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b . v2.8.0
+          ./golangci-lint run ./...
   codespell:
     name: Run codespell
     runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-python@v5
         with:
           python-version: 3.8
-
       - name: Check out addon-operator code
         uses: actions/checkout@v4
-
       - name: Run codespell
         run: |
           pip install codespell==v1.17.1
-          codespell --skip=".git,go.mod,go.sum,*.log,*.gif,*.png" -L witht,eventtypes,uint,uptodate,afterall
+          codespell --skip=".git,go.mod,go.sum,*.log,*.gif,*.png,*.md" -L witht,eventtypes,uint,uptodate,afterall,keypair

.github/workflows/publish-dev.yaml

@@ -126,16 +126,24 @@ jobs:
           # Image with multiple manifests has digest in each manifest.
           manifests=$(docker buildx imagetools inspect "${FINAL_IMAGE_NAME}" --raw)
           if grep manifests <<<"${manifests}" 2>&1 >/dev/null ; then
-            jq -r '.manifests[]? | .digest + " " + .platform.os + "/" + .platform.architecture' <<<"${manifests}"
+            jq -r '.manifests[]? | .digest + " " + .platform.os + "/" + .platform.architecture' <<<"${manifests}" \
+            | while read digest platform ; do
+              image=${FINAL_IMAGE_NAME}@${digest}
+              if [[ ${BUILDX_PLATFORMS} != *"${platform}"* ]] ; then
+                echo "====================================="
+                echo "Ignore image for non-runnable platform ${platform}"
+                echo "  ${image}"
+                echo "====================================="
+                continue          
+              fi
+              echo "====================================="
+              echo "Inspect image for platform ${platform}"
+              echo "  ${image}"
+              echo "====================================="
+              docker run --rm --platform ${platform} --entrypoint sh ${image} -c \
+                'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /addon-operator'
+            done
           else
-            echo $(echo -n "${manifests}" | openssl dgst -sha256 | sed s/^.stdin.*\ //) ' linux/amd64'
-          fi \
-          | while read digest platform ; do
-            image=$FINAL_IMAGE_NAME@${digest}
-            echo "====================================="
-            echo "Inspect image for platform ${platform}"
-            echo "  ${image}"
-            echo "====================================="
-            docker run --rm --platform ${platform} --entrypoint sh ${image} -c \
-              'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /addon-operator; file /bin/helm'
-          done
+            echo Not a multi-arhitecture image.
+            #echo $(echo -n "${manifests}" | openssl dgst -sha256) ' linux/amd64'
+          fi

.github/workflows/tests.yaml

@@ -4,21 +4,18 @@ name: Unit tests
 on:
   pull_request:
     types: [opened, synchronize]
-
 jobs:
   run_unit_tests:
     name: Run unit tests
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.25
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: '1.25.5'
         id: go
-
       - name: Check out addon-operator code
         uses: actions/checkout@v4
-
       - name: Restore Go modules
         id: go-modules-cache
         uses: actions/cache@v4
@@ -28,17 +25,15 @@ jobs:
           key: ${{ runner.os }}-gomod-${{ hashFiles('go.mod', 'go.sum') }}
           restore-keys: |
             ${{ runner.os }}-gomod-
-
       - name: Download Go modules
         if: steps.go-modules-cache.outputs.cache-hit != 'true'
         run: |
           go mod download
           echo -n "Go modules unpacked size is: " && du -sh $HOME/go/pkg/mod
-
       - name: Run unit tests
-        run: |
+        run: |-
           export GOOS=linux
 
           go test \
             --race \
-            ./cmd/... ./pkg/...
+            ./cmd/... ./pkg/...

.gitignore

@@ -5,6 +5,8 @@
 *.so
 *.dylib
 
+bin/
+
 # Graph images
 *.gv
 *gv.svg

Dockerfile

@@ -3,7 +3,7 @@ FROM --platform=${TARGETPLATFORM:-linux/amd64} flant/jq:b6be13d5-musl as libjq
 
 # Go builder.
 
-FROM --platform=${TARGETPLATFORM:-linux/amd64} golang:1.23-alpine AS builder
+FROM --platform=${TARGETPLATFORM:-linux/amd64} golang:1.25.5-alpine3.23 AS builder
 
 
 ARG appVersion=latest
@@ -20,7 +20,7 @@ ADD . /app
 # Clone shell-operator to get frameworks
 RUN git clone https://github.com/flant/shell-operator shell-operator-clone && \
     cd shell-operator-clone && \
-    git checkout v1.7.2
+    git checkout v1.13.1
 
 RUN shellOpVer=$(go list -m all | grep shell-operator | cut -d' ' -f 2-) \
     GOOS=linux \
@@ -33,19 +33,22 @@ RUN GOOS=linux \
     go build -o post-renderer ./cmd/post-renderer
 
 # Final image
-FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.21
+FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.23
 ARG TARGETPLATFORM
-# kubectl url has no variant (v7)
+ARG kubectlVersion=v1.32.10
+
+    # kubectl url has no variant (v7)
 # helm url has dashes and no variant (v7)
 RUN apk --no-cache add ca-certificates bash sed tini && \
     kubectlArch=$(echo ${TARGETPLATFORM:-linux/amd64} | sed 's/\/v7//') && \
-    echo "Download kubectl for ${kubectlArch}" && \
-    wget https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/${kubectlArch}/kubectl -O /bin/kubectl && \
+    echo "Download kubectl version ${kubectlVersion} for ${kubectlArch}" && \
+    wget https://dl.k8s.io/release/${kubectlVersion}/bin/${kubectlArch}/kubectl -O /bin/kubectl && \
     chmod +x /bin/kubectl && \
     helmArch=$(echo ${TARGETPLATFORM:-linux/amd64} | sed 's/\//-/g;s/-v7//') && \
-    wget https://get.helm.sh/helm-v3.10.3-${helmArch}.tar.gz -O /helm.tgz && \
+    wget https://get.helm.sh/helm-v3.15.4-${helmArch}.tar.gz -O /helm.tgz && \
     tar -z -x -C /bin -f /helm.tgz --strip-components=1 ${helmArch}/helm && \
     rm -f /helm.tgz
+
 COPY --from=libjq /bin/jq /usr/bin
 COPY --from=builder /app/addon-operator /
 COPY --from=builder /app/post-renderer /

Makefile

@@ -1,5 +1,73 @@
+
+.PHONY: go-module-version
+go-module-version: go-check git-check
+	@echo "go get $(shell $(GO) list ./cmd/addon-operator)@$(shell $(GIT) rev-parse HEAD)"
+
+.PHONY: lint
+lint: golangci-lint ## Run linter.
+	@$(GOLANGCI_LINT) run --fix
+
+.PHONY: test
+test: go-check
+	@$(GO) test --race --cover ./...
+
+## Run all generate-* jobs in bulk.
+.PHONY: generate
+generate: update-k8s-version update-workflows-go-version update-workflows-golangci-lint-version update-workflows-ginkgo-version
+
+
+##@ Dependencies
+
+WHOAMI ?= $(shell whoami)
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
 GO=$(shell which go)
 GIT=$(shell which git)
+GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
+YQ = $(LOCALBIN)/yq
+
+## TODO: remap in yaml file (version.yaml or smthng)
+## Tool Versions
+# GO_BUILDER_VERSION must be without 'v' prefix
+GO_BUILDER_VERSION = 1.25.5
+GOLANGCI_LINT_VERSION = v2.8.0
+YQ_VERSION ?= v4.50.1
+
+
+.PHONY: update-k8s-version
+update-k8s-version: go-check
+	@kubernetesVer=$(shell $(GO) list -m k8s.io/api | cut -d' ' -f 2); \
+	kubectlVer=$$(echo $$kubernetesVer | sed 's/v0/v1/'); \
+	echo "Updating kubectl version in Dockerfile to match k8s.io/api version: $$kubectlVer"; \
+	sed -i "s/ARG kubectlVersion=.*/ARG kubectlVersion=$$kubectlVer/" Dockerfile; \
+	echo "kubectl version in Dockerfile updated to: $$kubectlVer"
+
+.PHONY: update-workflows-go-version
+update-workflows-go-version: yq
+	for file in $$(find .github/workflows -name "*.yaml"); do \
+		if grep -q "actions/setup-go" $$file; then \
+			$(YQ) -i '(.jobs[]?.steps[]? | select(.uses | test("actions/setup-go")) | .with."go-version") = "$(GO_BUILDER_VERSION)"' $$file; \
+		fi; \
+	done
+	echo "Updated go-version in workflow files to $(GO_BUILDER_VERSION)"
+
+.PHONY: update-workflows-golangci-lint-version
+update-workflows-golangci-lint-version: yq
+	$(YQ) -i '(.jobs.run_linter.steps[] | select(.name == "Run golangci-lint") | .run) |= sub("v\\d+\\.\\d+\\.\\d+", "$(GOLANGCI_LINT_VERSION)")' .github/workflows/lint.yaml
+	echo "Updated golangci-lint version in lint.yaml to $(GOLANGCI_LINT_VERSION)"
+
+.PHONY: update-workflows-ginkgo-version
+update-workflows-ginkgo-version: yq
+	@ginkgoVer=$(shell $(GO) list -m github.com/onsi/ginkgo/v2 | cut -d' ' -f 2); \
+	$(YQ) -i '(.jobs.integration_tests.steps[] | select(.name == "Install ginkgo") | .run) |= sub("@latest", "@$$ginkgoVer")' .github/workflows/tests-labeled.yaml; \
+	echo "Updated ginkgo version in tests-labeled.yaml to $$ginkgoVer"
+
+## Installed tools check
 
 .PHONY: go-check
 go-check:
@@ -9,13 +77,35 @@ go-check:
 git-check:
 	$(call error-if-empty,$(GIT),git)
 
-.PHONY: go-module-version
-go-module-version: go-check git-check
-	@echo "go get $(shell $(GO) list ./cmd/addon-operator)@$(shell $(GIT) rev-parse HEAD)"
+## Tool installations
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
+$(GOLANGCI_LINT): $(LOCALBIN)
+	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION))
+
+.PHONY: yq
+yq: $(YQ) ## Download yq locally if necessary.
+$(YQ): $(LOCALBIN)
+	$(call go-install-tool,$(YQ),github.com/mikefarah/yq/v4,$(YQ_VERSION))
+
+
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f "$(1)-$(3)" ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+rm -f $(1) || true ;\
+GOBIN=$(LOCALBIN) GOTOOLCHAIN=$(GO_TOOLCHAIN_AUTOINSTALL_VERSION) go install $${package} ;\
+mv $(1) $(1)-$(3) ;\
+} ;\
+ln -sf $(1)-$(3) $(1)
+endef
 
-.PHONY: test
-test: go-check
-	@$(GO) test --race --cover ./...
 
 define error-if-empty
 @if [[ -z $(1) ]]; then echo "$(2) not installed"; false; fi

pkg/addon-operator/operator.go

@@ -473,11 +473,13 @@ func (op *AddonOperator) BootstrapMainQueue(tqs *queue.TaskQueueSet) {
 
 func (op *AddonOperator) CreateBootstrapTasks(logLabels map[string]string) []sh_task.Task {
 	const eventDescription = "Operator-Startup"
-	tasks := make([]sh_task.Task, 0)
 	queuedAt := time.Now()
 
 	// 'OnStartup' global hooks.
 	onStartupHooks := op.ModuleManager.GetGlobalHooksInOrder(htypes.OnStartup)
+
+	tasks := make([]sh_task.Task, 0, len(onStartupHooks))
+
 	for _, hookName := range onStartupHooks {
 		hookLogLabels := utils.MergeLabels(logLabels, map[string]string{
 			pkg.LogKeyHook:    hookName,

pkg/kube_config_manager/kube_config_manager.go

@@ -259,8 +259,10 @@ func (kcm *KubeConfigManager) handleConfigEvent(obj config.Event) {
 }
 
 func (kcm *KubeConfigManager) handleDeleteEvent(moduleName string, cfg *config.ModuleKubeConfig) {
-	var modulesChanged []string
+	modulesChanged := make([]string, 0, 1)
+
 	var modulesStateChanged []string
+
 	moduleMaintenanceChanged := make(map[string]utils.Maintenance)
 
 	kcm.logger.Info("module section deleted", slog.String("name", moduleName))