Install tools with aqua

Signed-off-by: Daichi Sakaue <[email protected]>

.github/actions/aqua/action.yaml

@@ -0,0 +1,14 @@
+name: "Setup tools"
+description: "Setup tools with aqua"
+inputs:
+ github_token:
+ description: "GitHub Token"
+ required: true
+runs:
+ using: composite
+ steps:
+ - uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
+ with:
+ aqua_version: v2.25.1
+ env:
+ GITHUB_TOKEN: ${{ inputs.github_token }}

.github/workflows/ci.yaml

@@ -23,6 +23,9 @@ jobs:
  with:
  path: cache
  key: cache-files-go-${{ hashFiles('go.mod') }}-${{ hashFiles('Makefile') }}
+ - uses: ./.github/actions/aqua
+ with:
+ github_token: ${{ secrets.GITHUB_TOKEN }}
  - name: Setup tools
  run: make setup
  - name: Run code check

Makefile

@@ -2,23 +2,10 @@ BIN_DIR := $(shell pwd)/bin
 TOOLS_DIR := $(BIN_DIR)/download
 CACHE_DIR := $(shell pwd)/cache
 
-HELM_VERSION := 3.14.3
-JQ_VERSION := 1.7.1
-KIND_VERSION := 0.22.0
-KUBECTL_VERSION := 1.29.3
-KUSTOMIZE_VERSION := 5.3.0
-YQ_VERSION := 4.43.1
-
 # Test tools
 CUSTOMCHECKER := $(TOOLS_DIR)/custom-checker
-HELM_BINARY := $(TOOLS_DIR)/helm
-HELM := $(HELM_BINARY) --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml
-JQ := $(TOOLS_DIR)/jq
-KIND := $(TOOLS_DIR)/kind
-KUBECTL := $(TOOLS_DIR)/kubectl
-KUSTOMIZE := $(TOOLS_DIR)/kustomize
+HELM := helm --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml
 STATICCHECK := $(TOOLS_DIR)/staticcheck
-YQ := $(TOOLS_DIR)/yq
 
 .PHONY: all
 all: help
@@ -30,44 +17,21 @@ help: ## Display this help
  @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
 .PHONY: setup
-setup: $(CUSTOMCHECKER) $(HELM_BINARY) $(KIND) $(JQ) $(KUBECTL) $(KUSTOMIZE) $(STATICCHECK) $(YQ) ## Install necessary tools
+setup: $(CUSTOMCHECKER) $(STATICCHECK) ## Install necessary tools
+ if ! which aqua; then \
+ echo 'setup needs aqua.'; \
+ exit 1; \
+ fi
+ aqua install -l
  $(HELM) repo add cilium https://helm.cilium.io/
  $(HELM) repo update cilium
 
 $(CUSTOMCHECKER):
  GOBIN=$(TOOLS_DIR) go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
 
-$(HELM_BINARY):
- mkdir -p $(TOOLS_DIR)
- wget -qO - https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz | tar zx -O linux-amd64/helm > $@
- chmod +x $@
-
-$(JQ):
- mkdir -p $(TOOLS_DIR)
- wget -qO $@ https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION)/jq-linux-amd64
- chmod +x $@
-
-$(KIND):
- GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@v$(KIND_VERSION)
-
-$(KUBECTL):
- mkdir -p $(TOOLS_DIR)
- wget -qO $@ https://storage.googleapis.com/kubernetes-release/release/v$(KUBECTL_VERSION)/bin/linux/amd64/kubectl
- chmod +x $@
-
-$(KUSTOMIZE):
- mkdir -p $(TOOLS_DIR)
- wget -qO - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv$(KUSTOMIZE_VERSION)/kustomize_v$(KUSTOMIZE_VERSION)_linux_amd64.tar.gz | tar zx -O kustomize > $@
- chmod +x $@
-
 $(STATICCHECK):
  GOBIN=$(TOOLS_DIR) go install honnef.co/go/tools/cmd/staticcheck@latest
 
-$(YQ):
- mkdir -p $(TOOLS_DIR)
- wget -qO $@ https://github.com/mikefarah/yq/releases/download/v$(YQ_VERSION)/yq_linux_amd64
- chmod +x $@
-
 .PHONY: clean
 clean:
  rm -rf $(BIN_DIR)

aqua.yaml

@@ -0,0 +1,18 @@
+---
+# aqua - Declarative CLI Version Manager
+# https://aquaproj.github.io/
+# checksum:
+# enabled: true
+# require_checksum: true
+# supported_envs:
+# - all
+registries:
+- type: standard
+ ref: v4.231.0 # renovate: depName=aquaproj/aqua-registry
+packages:
+- name: helm/[email protected]
+- name: jqlang/[email protected]
+- name: kubernetes/[email protected]
+- name: kubernetes-sigs/[email protected]
+- name: kubernetes-sigs/kustomize@kustomize/v5.5.0
+- name: mikefarah/[email protected]

e2e/Makefile

@@ -5,11 +5,7 @@ TOOLS_DIR := $(BIN_DIR)/download
 CACHE_DIR := $(shell pwd)/../cache
 
 POLICY_VIEWER := $(BIN_DIR)/npv
-HELM := $(TOOLS_DIR)/helm --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml
-KIND := $(TOOLS_DIR)/kind
-KUBECTL := $(TOOLS_DIR)/kubectl
-KUSTOMIZE := $(TOOLS_DIR)/kustomize
-YQ := $(TOOLS_DIR)/yq
+HELM := helm --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml
 
 ##@ Basic
 
@@ -21,27 +17,27 @@ help: ## Display this help
 
 .PHONY: wait-for-workloads
 wait-for-workloads:
- $(KUBECTL) wait --for=condition=Available --all deployments --all-namespaces --timeout=1h
- $(KUBECTL) wait --for=condition=Ready --all pods --all-namespaces --timeout=1h
+ kubectl wait --for=condition=Available --all deployments --all-namespaces --timeout=1h
+ kubectl wait --for=condition=Ready --all pods --all-namespaces --timeout=1h
 
 .PHONY: start
 start:
  docker pull quay.io/cilium/cilium:v$(CILIUM_VERSION)
- $(KIND) create cluster --config testdata/cluster.yaml
- $(KIND) load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION)
+ kind create cluster --config testdata/cluster.yaml
+ kind load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION)
  $(HELM) install cilium cilium/cilium --version $(CILIUM_VERSION) \
  --namespace kube-system \
  --set image.pullPolicy=IfNotPresent \
  --set ipam.mode=kubernetes
- $(KUSTOMIZE) build testdata | $(KUBECTL) apply -f -
+ kustomize build testdata | kubectl apply -f -
  $(MAKE) --no-print-directory wait-for-workloads
 
 run-test-pod-%:
  cat testdata/template/ubuntu.yaml | \
- $(YQ) '.metadata.name = "$*"' | \
- $(YQ) '.spec.selector.matchLabels = {"test": "$*"}' | \
- $(YQ) '.spec.template.metadata.labels = {"test": "$*"}' | \
- $(KUBECTL) apply -f -
+ yq '.metadata.name = "$*"' | \
+ yq '.spec.selector.matchLabels = {"test": "$*"}' | \
+ yq '.spec.template.metadata.labels = {"test": "$*"}' | \
+ kubectl apply -f -
 
 .PHONY: install-test-pod
 install-test-pod:
@@ -52,19 +48,19 @@ install-test-pod:
  $(MAKE) --no-print-directory run-test-pod-l3-egress-implicit-deny
  $(MAKE) --no-print-directory run-test-pod-l3-egress-explicit-deny
  $(MAKE) --no-print-directory wait-for-workloads
- $(KUBECTL) apply -f testdata/policy/l3.yaml
+ kubectl apply -f testdata/policy/l3.yaml
 
 .PHONY: install-policy-viewer
 install-policy-viewer:
  $(MAKE) -C ../ build
- PODNAME=$$($(KUBECTL) get po -l app=ubuntu -o name | cut -d'/' -f2); \
- $(KUBECTL) cp $(POLICY_VIEWER) $${PODNAME}:/tmp/; \
- $(KUBECTL) exec $${PODNAME} -- chmod +x /tmp/npv
+ PODNAME=$$(kubectl get po -l app=ubuntu -o name | cut -d'/' -f2); \
+ kubectl cp $(POLICY_VIEWER) $${PODNAME}:/tmp/; \
+ kubectl exec $${PODNAME} -- chmod +x /tmp/npv
 
 .PHONY: test
 test:
  go test -v -race . -ginkgo.v -ginkgo.fail-fast
 
 .PHONY: stop
 stop:
- $(KIND) delete cluster
+ kind delete cluster