Backport into master from V0.5.8

.github/dependabot.yml

@@ -0,0 +1,28 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"      
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "docker"
+    directory: "/hostplumber"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "docker"
+    directory: "/dhcp-controller"
+    schedule:
+      interval: "weekly"
+

.github/workflows/anchore.yml

@@ -36,7 +36,7 @@ jobs:
     - name: Build the Docker image
       run: docker build . --file Dockerfile --tag platform9/luigi_dev:latest
     - name: Run the Anchore Grype scan action
-      uses: anchore/scan-action@v3
+      uses: anchore/scan-action@v5
       id: scan
       with:
         image: "platform9/luigi_dev:latest"

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          go-version: 1.21
+          go-version: 1.22
           check-latest: true
           cache: true
       - name: Print the version of golang
@@ -37,7 +37,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          go-version: 1.21
+          go-version: 1.22
           check-latest: true
           cache: true
       - name: Print the version of golang

.github/workflows/hostplumber-multiarch-build-and-push.yml

@@ -0,0 +1,42 @@
+---
+name: docker
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v*'
+      - 'private/**'
+    paths:
+      - hostplumber/**
+
+jobs:
+  buildx:
+    env:
+      USERNAME: ${{ secrets.QUAY_USERNAME }}
+      PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+      OVERRIDE_HOSTPLUMBER_VERSION: ${{ secrets.OVERRIDE_HOSTPLUMBER_VERSION || '' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Docker BuildX
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to the Quay Registry
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+
+      - name: Build/Push image to Quay Container Registry
+        run:
+          TEAMCITY_BUILD_ID=${{ github.run_number }}
+          make -C hostplumber img-build-push

.github/workflows/luigi-build-and-push.yml

@@ -0,0 +1,40 @@
+---
+name: docker
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v*'
+      - 'private/**'
+
+jobs:
+  buildx:
+    env:
+      USERNAME: ${{ secrets.QUAY_USERNAME }}
+      PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+      OVERRIDE_LUIGI_VERSION: ${{ secrets.OVERRIDE_LUIGI_VERSION || '' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Docker BuildX
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to the Quay Registry
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+
+      - name: Build/Push image to Quay Container Registry
+        run:
+          TEAMCITY_BUILD_ID=${{ github.run_number }}
+          make img-build-push        

.github/workflows/ovs-build-and-push.yml

@@ -0,0 +1,53 @@
+---
+name: docker
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v*'
+      - 'private/**'
+    paths:
+      - hostplumber/**
+
+jobs:
+  buildx:
+    env:
+      USERNAME: ${{ secrets.QUAY_USERNAME }}
+      PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+      BUILD_ARGS: ""
+      PLATFORMS: linux/amd64
+      BRANCH: ${{ github.head_ref || github.ref_name }}
+      PUSH: true
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set env
+        run: 
+          echo "TAG=$(echo "${{ env.BRANCH }}" | tr -d /)" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v4
+
+      - name: Setup Docker BuildX
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to the Quay Registry
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+
+      - name: Build/Push image to Quay Container Registry
+        uses: docker/build-push-action@v6
+        with:
+          context: hostplumber/pkg/ovs-docker
+          tags: quay.io/platform9/openvswitch:${{ env.TAG }}-${{ github.run_number }}
+          push: ${{ env.PUSH }}
+          build-args: ${{ env.BUILD_ARGS}}
+          platforms: ${{ env.PLATFORMS }}

.github/workflows/trivy.yml

@@ -27,18 +27,19 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Build an image from Dockerfile
         run: |
           docker build -t docker.io/platform9/luigi:${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        uses: aquasecurity/trivy-action@master
         with:
           image-ref: 'docker.io/platform9/luigi:${{ github.sha }}'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
           format: 'template'
-          template: '@/contrib/sarif.tpl'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
 

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.21 as builder
+FROM golang:1.23 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -23,7 +23,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 #FROM gcr.io/distroless/static:nonroot
 
-FROM alpine:3.18
+FROM alpine:3.20
 RUN apk add --no-cache bash
 WORKDIR /
 COPY --from=builder /workspace/manager .

Makefile

@@ -1,10 +1,18 @@
 SHELL=/bin/bash
 # Image URL to use all building/pushing image targets
 #IMG ?= controller:latest
-VER_LABEL=$(shell ./get-label.bash)
-IMG ?= platform9/luigi-plugins:$(VER_LABEL)
+ifndef OVERRIDE_LUIGI_VERSION
+	IMG_TAG = $(shell ./get-label.bash)
+else
+	ifneq ($(strip $(OVERRIDE_LUIGI_VERSION)),)
+		IMG_TAG ?= $(OVERRIDE_LUIGI_VERSION)
+	else
+		IMG_TAG = $(shell ./get-label.bash)
+	endif
+endif
+IMG ?= quay.io/platform9/luigi-plugins:$(IMG_TAG)
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.23
+ENVTEST_K8S_VERSION = 1.29
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -128,7 +136,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.8.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.3
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
@@ -147,17 +155,16 @@ $(ENVTEST): $(LOCALBIN)
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
 img-test:
-	docker run --rm  -v $(SRCROOT):/luigi -w /luigi golang:1.21-alpine3.18  bash -c "GOFLAGS=-buildvcs=false make test"
+	docker run --rm  -v $(SRCROOT):/luigi -w /luigi golang:1.23  bash -c "GOFLAGS=-buildvcs=false make test"
 
-img-build: $(BUILD_DIR) img-test 
+img-build: $(BUILD_DIR) img-test
 	docker build --network host . -t ${IMG}
 	echo ${IMG} > $(BUILD_DIR)/container-tag
 
 img-build-push: img-build
-	docker login
 	docker push ${IMG}
 	echo ${IMG} > $(BUILD_DIR)/container-tag
 
 scan: $(BUILD_ROOT)
-	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json  --vuln-type library -o /out/library_vulnerabilities.json --exit-code 22 ${IMG}
-	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json  --vuln-type os -o /out/os_vulnerabilities.json --exit-code 22 ${IMG}
+	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json --scanners vuln --vuln-type library -o /out/library_vulnerabilities.json --exit-code 22 ${IMG}
+	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json --scanners vuln --vuln-type os -o /out/os_vulnerabilities.json --exit-code 22 ${IMG}