diff --git a/.github/workflows/check-manifest.yaml b/.github/workflows/check-manifest.yaml new file mode 100644 index 00000000000..29626ef2bbc --- /dev/null +++ b/.github/workflows/check-manifest.yaml @@ -0,0 +1,53 @@ +name: check-manifest +on: + push: + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + - "!cmd/build/helmify/static/README.md" + pull_request: + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + - "!cmd/build/helmify/static/README.md" + +permissions: read-all + +jobs: + check_manifest: + name: "Check codegen and manifest" + runs-on: ubuntu-22.04 + timeout-minutes: 10 + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Check out code into the Go module directory + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Set up Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: "1.22" + check-latest: true + - name: Check go.mod and manifests + run: | + # there should be no additional manifest or go.mod changes + go mod tidy + git diff --exit-code + make generate manifests + git diff --exit-code diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 10a946e77f3..f475474070b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -2,7 +2,7 @@ # # This Action will scan dependency manifest files that change as part of a Pull Request, # surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, +# Once installed, if the workflow run is marked as required, # PRs introducing known-vulnerable packages will be blocked from merging. # # Source repository: https://github.com/actions/dependency-review-action @@ -14,7 +14,7 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 00000000000..18562b37b29 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,43 @@ +name: lint + +on: + push: + branches: + - master + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + pull_request: + branches: + - master + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + +permissions: read-all + +jobs: + lint: + runs-on: ubuntu-22.04 + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: lint + run: make lint diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index eaf0b762142..0b0dc79688a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -20,7 +20,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write diff --git a/.github/workflows/test-gator.yaml b/.github/workflows/test-gator.yaml new file mode 100644 index 00000000000..1d29d387ae0 --- /dev/null +++ b/.github/workflows/test-gator.yaml @@ -0,0 +1,59 @@ +name: build_test +on: + push: + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + - "!cmd/build/helmify/static/README.md" + pull_request: + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + - "!cmd/build/helmify/static/README.md" + +permissions: read-all + +jobs: + gator_test: + name: "Test Gator" + runs-on: ubuntu-22.04 + timeout-minutes: 5 + strategy: + fail-fast: false + matrix: + KUBERNETES_VERSION: ["1.26.3", "1.27.1", "1.28.0", "1.29.0"] + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Check out code into the Go module directory + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Set up Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: "1.22" + check-latest: true + + - name: Download e2e dependencies + run: | + mkdir -p $GITHUB_WORKSPACE/bin + echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH + make e2e-dependencies KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} + + - name: gator test + run: make test-gator-containerized diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml new file mode 100644 index 00000000000..e8d89c5254a --- /dev/null +++ b/.github/workflows/unit-test.yaml @@ -0,0 +1,56 @@ +name: unit-test +on: + push: + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + - "!cmd/build/helmify/static/README.md" + pull_request: + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + - "!cmd/build/helmify/static/README.md" + +permissions: read-all + +jobs: + test: + name: "Unit test" + runs-on: ubuntu-22.04 + timeout-minutes: 20 + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Check out code into the Go module directory + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Set up Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: "1.22" + check-latest: true + + - name: Unit test + run: make native-test + + - name: Codecov Upload + uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 + with: + flags: unittests + file: ./cover.out + fail_ci_if_error: false diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 926a7ef82ee..65ceab7475f 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -26,115 +26,6 @@ on: permissions: read-all jobs: - lint: - name: "Lint" - runs-on: ubuntu-22.04 - timeout-minutes: 7 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit - - - name: Check out code into the Go module directory - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.22" - check-latest: true - - # source: https://github.com/golangci/golangci-lint-action - - name: golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 - with: - # version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v1.55.2 - - test: - name: "Unit test" - runs-on: ubuntu-22.04 - timeout-minutes: 20 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit - - - name: Check out code into the Go module directory - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.22" - check-latest: true - - - name: Unit test - run: make native-test - - - name: Codecov Upload - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 - with: - flags: unittests - file: ./cover.out - fail_ci_if_error: false - - check_manifest: - name: "Check codegen and manifest" - runs-on: ubuntu-22.04 - timeout-minutes: 10 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit - - - name: Check out code into the Go module directory - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.22" - check-latest: true - - name: Check go.mod and manifests - run: | - # there should be no additional manifest or go.mod changes - go mod tidy - git diff --exit-code - make generate manifests - git diff --exit-code - - gator_test: - name: "Test Gator" - runs-on: ubuntu-22.04 - timeout-minutes: 5 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit - - - name: Check out code into the Go module directory - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.22" - check-latest: true - - - name: Download e2e dependencies - run: | - mkdir -p $GITHUB_WORKSPACE/bin - echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH - make e2e-dependencies KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} - - - name: gator test - run: make test-gator-containerized - build_test: name: "Build and Test" runs-on: ubuntu-22.04 diff --git a/.golangci.yaml b/.golangci.yaml index d4ddf3b08d7..2afc0cf40e9 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,6 +1,8 @@ run: timeout: 5m - skip-files: + +issues: + exclude-files: - pkg/target/matchcrd_constant.go linters-settings: diff --git a/Makefile b/Makefile index faccede490f..7898ff86a8e 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,7 @@ GATEKEEPER_NAMESPACE ?= gatekeeper-system # When updating this, make sure to update the corresponding action in # workflow.yaml -GOLANGCI_LINT_VERSION := v1.55.2 +GOLANGCI_LINT_VERSION := v1.57.1 # Detects the location of the user golangci-lint cache. GOLANGCI_LINT_CACHE := $(shell pwd)/.tmp/golangci-lint @@ -361,10 +361,10 @@ manifests: __controller-gen # across systems. # Source: https://golangci-lint.run/usage/install/#docker lint: - docker run --rm -v $(shell pwd):/app \ + docker run -t --rm -v $(shell pwd):/app \ -v ${GOLANGCI_LINT_CACHE}:/root/.cache/golangci-lint \ - -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine \ - golangci-lint run -v + -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} \ + golangci-lint run -v --fix # Generate code generate: __conversion-gen __controller-gen diff --git a/pkg/audit/stats_reporter.go b/pkg/audit/stats_reporter.go index ca759a2e0a2..8fb5c4678d9 100644 --- a/pkg/audit/stats_reporter.go +++ b/pkg/audit/stats_reporter.go @@ -97,7 +97,6 @@ func newStatsReporter() (*reporter, error) { metric.WithDescription("Total number of audited violations"), metric.WithInt64Callback(r.observeTotalViolations), ) - if err != nil { return nil, err } diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go index 4c196ba5981..b751ef98343 100644 --- a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go +++ b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go @@ -236,7 +236,7 @@ func TestReconcile(t *testing.T) { testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) clientset := kubernetes.NewForConfigOrDie(cfg) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { crd := &apiextensionsv1.CustomResourceDefinition{} @@ -270,7 +270,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -297,7 +297,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -325,7 +325,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -355,7 +355,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -394,7 +394,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -487,7 +487,7 @@ func TestReconcile(t *testing.T) { testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) var crd *apiextensionsv1.CustomResourceDefinition - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { crd = &apiextensionsv1.CustomResourceDefinition{} @@ -504,7 +504,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { crd := &apiextensionsv1.CustomResourceDefinition{} @@ -528,7 +528,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { sList := &statusv1beta1.ConstraintPodStatusList{} @@ -544,7 +544,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { return c.Create(ctx, newDenyAllCstr(suffix)) @@ -598,7 +598,7 @@ func TestReconcile(t *testing.T) { // https://github.com/open-policy-agent/gatekeeper/pull/1595#discussion_r722819552 t.Cleanup(testutils.DeleteObject(t, c, instanceInvalidRego)) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { ct := &v1beta1.ConstraintTemplate{} @@ -673,7 +673,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { resp, err := cfClient.Review(ctx, req) @@ -810,7 +810,7 @@ violation[{"msg": "denied!"}] { t.Fatalf("unexpected tracker, got %T", ot) } // ensure that expectations are set for the constraint gvk - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { gotExpected := tr.IsExpecting(gvk, types.NamespacedName{Name: "denyallconstraint"}) @@ -836,7 +836,7 @@ violation[{"msg": "denied!"}] { } // Check readiness tracker is satisfied post-reconcile - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { satisfied := tracker.For(gvk).Satisfied() @@ -851,7 +851,7 @@ violation[{"msg": "denied!"}] { } func constraintEnforced(ctx context.Context, c client.Client, suffix string) error { - return retry.OnError(testutils.ConstantRetry, func(err error) bool { + return retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { cstr := newDenyAllCstr(suffix) @@ -978,7 +978,7 @@ func applyCRD(ctx context.Context, client client.Client, gvk schema.GroupVersion u := &unstructured.UnstructuredList{} u.SetGroupVersionKind(gvk) - return retry.OnError(testutils.ConstantRetry, func(err error) bool { + return retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { if ctx.Err() != nil { diff --git a/pkg/controller/constrainttemplate/stats_reporter.go b/pkg/controller/constrainttemplate/stats_reporter.go index 68ac2781496..77754344622 100644 --- a/pkg/controller/constrainttemplate/stats_reporter.go +++ b/pkg/controller/constrainttemplate/stats_reporter.go @@ -56,7 +56,6 @@ func newStatsReporter() *reporter { metric.WithDescription(ctDesc), metric.WithInt64Callback(r.observeCTM), ) - if err != nil { panic(err) } diff --git a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go index c1d44bf196b..c8efd5b7498 100644 --- a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go +++ b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go @@ -76,7 +76,7 @@ func newReconciler( // PodStatusToConstraintTemplateMapper correlates a ConstraintTemplatePodStatus with its corresponding constraint template // `selfOnly` tells the mapper to only map statuses corresponding to the current pod. func PodStatusToConstraintTemplateMapper(selfOnly bool) handler.MapFunc { - return func(ctx context.Context, obj client.Object) []reconcile.Request { + return func(_ context.Context, obj client.Object) []reconcile.Request { labels := obj.GetLabels() name, ok := labels[v1beta1.ConstraintTemplateNameLabel] if !ok { diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 3076b5fba02..d129dc03e02 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -167,7 +167,7 @@ func AddToManager(m manager.Manager, deps *Dependencies) error { return err } - fakePodGetter := func(ctx context.Context) (*corev1.Pod, error) { + fakePodGetter := func(_ context.Context) (*corev1.Pod, error) { pod := fakes.Pod( fakes.WithNamespace(util.GetNamespace()), fakes.WithName(util.GetPodName()), diff --git a/pkg/controller/expansion/expansion_controller_test.go b/pkg/controller/expansion/expansion_controller_test.go index 08054c123fc..4948f5f57ea 100644 --- a/pkg/controller/expansion/expansion_controller_test.go +++ b/pkg/controller/expansion/expansion_controller_test.go @@ -90,7 +90,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, et)) testutils.CreateThenCleanup(ctx, t, c, et) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // First, get the ET @@ -128,7 +128,7 @@ func TestReconcile(t *testing.T) { t.Fatalf("error deleting ET: %s", err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // Get the ETPodStatus diff --git a/pkg/controller/expansion/stats_reporter.go b/pkg/controller/expansion/stats_reporter.go index ebc225c53a8..a919719012a 100644 --- a/pkg/controller/expansion/stats_reporter.go +++ b/pkg/controller/expansion/stats_reporter.go @@ -25,7 +25,6 @@ func newRegistry() *etRegistry { etMetricName, metric.WithDescription(etDesc), metric.WithInt64Callback(r.observeETM)) - if err != nil { panic(err) } diff --git a/pkg/controller/expansionstatus/expansionstatus_controller.go b/pkg/controller/expansionstatus/expansionstatus_controller.go index cdc5e0f6941..6e9b3ec67e4 100644 --- a/pkg/controller/expansionstatus/expansionstatus_controller.go +++ b/pkg/controller/expansionstatus/expansionstatus_controller.go @@ -78,7 +78,7 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler { // PodStatusToExpansionTemplateMapper correlates a ExpansionTemplatePodStatus with its corresponding expansion template. // `selfOnly` tells the mapper to only map statuses corresponding to the current pod. func PodStatusToExpansionTemplateMapper(selfOnly bool) handler.MapFunc { - return func(ctx context.Context, obj client.Object) []reconcile.Request { + return func(_ context.Context, obj client.Object) []reconcile.Request { labels := obj.GetLabels() name, ok := labels[v1beta1.ExpansionTemplateNameLabel] if !ok { diff --git a/pkg/controller/mutators/core/adder.go b/pkg/controller/mutators/core/adder.go index 6dbb2dd3e3f..9b51ae8249b 100644 --- a/pkg/controller/mutators/core/adder.go +++ b/pkg/controller/mutators/core/adder.go @@ -76,7 +76,7 @@ func (a *Adder) add(mgr manager.Manager, r *Reconciler) error { // Watch for changes to MutatorPodStatuses. err = c.Watch( source.Kind(mgr.GetCache(), &statusv1beta1.MutatorPodStatus{}), - handler.EnqueueRequestsFromMapFunc(mutatorstatus.PodStatusToMutatorMapper(true, r.gvk.Kind, func(ctx context.Context, obj client.Object) []reconcile.Request { + handler.EnqueueRequestsFromMapFunc(mutatorstatus.PodStatusToMutatorMapper(true, r.gvk.Kind, func(_ context.Context, obj client.Object) []reconcile.Request { return []reconcile.Request{{ NamespacedName: apitypes.NamespacedName{ Namespace: obj.GetNamespace(), @@ -93,7 +93,7 @@ func (a *Adder) add(mgr manager.Manager, r *Reconciler) error { // Watch for enqueued events. err = c.Watch( a.EventsSource, - handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request { + handler.EnqueueRequestsFromMapFunc(func(_ context.Context, obj client.Object) []reconcile.Request { if obj.GetObjectKind().GroupVersionKind().Kind != r.gvk.Kind { return nil } diff --git a/pkg/controller/mutators/core/controller_test.go b/pkg/controller/mutators/core/controller_test.go index a31177344dd..c9a968c74e0 100644 --- a/pkg/controller/mutators/core/controller_test.go +++ b/pkg/controller/mutators/core/controller_test.go @@ -145,7 +145,7 @@ func TestReconcile(t *testing.T) { } events := make(chan event.GenericEvent, 1024) - rec := newReconciler(mgr, mSys, tracker, func(ctx context.Context) (*corev1.Pod, error) { return pod, nil }, kind, newObj, newMutator, events) + rec := newReconciler(mgr, mSys, tracker, func(_ context.Context) (*corev1.Pod, error) { return pod, nil }, kind, newObj, newMutator, events) adder := Adder{EventsSource: &source.Channel{Source: events}} err = adder.add(mgr, rec) @@ -169,7 +169,7 @@ func TestReconcile(t *testing.T) { } }) - t.Run("Mutator is reported as enforced", func(t *testing.T) { + t.Run("Mutator is reported as enforced", func(_ *testing.T) { g.Eventually(func() error { v := &mutationsv1.Assign{} v.SetName("assign-test-obj") diff --git a/pkg/controller/mutators/core/reconciler_test.go b/pkg/controller/mutators/core/reconciler_test.go index 7430f1aabaf..1ba3a2822ec 100644 --- a/pkg/controller/mutators/core/reconciler_test.go +++ b/pkg/controller/mutators/core/reconciler_test.go @@ -308,7 +308,7 @@ func newFakeReconciler(t *testing.T, c client.Client, events chan event.GenericE return fake.mutator, nil }, system: mutation.NewSystem(mutation.SystemOpts{}), - getPod: func(ctx context.Context) (*corev1.Pod, error) { + getPod: func(_ context.Context) (*corev1.Pod, error) { return fakes.Pod( fakes.WithNamespace("gatekeeper-system"), fakes.WithName(podName), @@ -1041,7 +1041,7 @@ func TestReconcile_ReconcileUpsert_GetPodError(t *testing.T) { ctx := context.Background() - r.getPod = func(ctx context.Context) (*corev1.Pod, error) { + r.getPod = func(_ context.Context) (*corev1.Pod, error) { return nil, newErrSome(1) } @@ -1071,7 +1071,7 @@ func TestReconcile_ReconcileDeleted_GetPodError(t *testing.T) { ctx := context.Background() - r.getPod = func(ctx context.Context) (*corev1.Pod, error) { + r.getPod = func(_ context.Context) (*corev1.Pod, error) { return nil, newErrSome(1) } diff --git a/pkg/gator/verify/runner_test.go b/pkg/gator/verify/runner_test.go index dcc3a81a300..6c855b31746 100644 --- a/pkg/gator/verify/runner_test.go +++ b/pkg/gator/verify/runner_test.go @@ -1207,7 +1207,7 @@ func TestRunner_Run_ClientError(t *testing.T) { TestResults: []TestResult{{Error: gator.ErrCreatingClient}}, } - runner, err := NewRunner(fstest.MapFS{}, func(includeTrace bool, useK8sCEL bool) (gator.Client, error) { + runner, err := NewRunner(fstest.MapFS{}, func(_ bool, _ bool) (gator.Client, error) { return nil, errors.New("error") }) if err != nil { diff --git a/pkg/mutation/mutators/conversion_test.go b/pkg/mutation/mutators/conversion_test.go index 46006f389f9..d34faae7b42 100644 --- a/pkg/mutation/mutators/conversion_test.go +++ b/pkg/mutation/mutators/conversion_test.go @@ -139,7 +139,7 @@ func TestAssignHasDiff(t *testing.T) { }{ { "same", - func(a *mutationsunversioned.Assign) {}, + func(_ *mutationsunversioned.Assign) {}, false, }, { @@ -221,7 +221,7 @@ func TestAssignMetadataHasDiff(t *testing.T) { }{ { "same", - func(a *mutationsunversioned.AssignMetadata) {}, + func(_ *mutationsunversioned.AssignMetadata) {}, false, }, { diff --git a/pkg/mutation/mutators/core/mutation_function_test.go b/pkg/mutation/mutators/core/mutation_function_test.go index fcc3a378ad8..d1e5b3e9a10 100644 --- a/pkg/mutation/mutators/core/mutation_function_test.go +++ b/pkg/mutation/mutators/core/mutation_function_test.go @@ -171,7 +171,7 @@ func TestObjectsAndLists(t *testing.T) { } func TestListsAsLastElementWithStringValue(t *testing.T) { - testFunc := func(u *unstructured.Unstructured) {} + testFunc := func(_ *unstructured.Unstructured) {} if err := testDummyMutation( `spec.containers["name": "notExists"]`, @@ -382,7 +382,7 @@ func TestAssignDoesNotMatchObjectStructure(t *testing.T) { } func TestListsAsLastElementAlreadyExistsWithKeyConflict(t *testing.T) { - testFunc := func(u *unstructured.Unstructured) {} + testFunc := func(_ *unstructured.Unstructured) {} var v interface{} err := json.Unmarshal([]byte("{\"name\": \"conflictingName\", \"foo\": \"bar\"}"), &v) if err != nil { diff --git a/pkg/mutation/system_external_data_test.go b/pkg/mutation/system_external_data_test.go index 778bbf7b73b..f678d49508d 100644 --- a/pkg/mutation/system_external_data_test.go +++ b/pkg/mutation/system_external_data_test.go @@ -112,7 +112,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "when placeholder is part of a map[string]interface{}", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -143,7 +143,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "when placeholder is part of a []interface{}", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -182,7 +182,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "system error", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -208,7 +208,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "error when sending request", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return nil, http.StatusInternalServerError, errors.New("error") }, }, @@ -229,7 +229,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "failure policy fail", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -260,7 +260,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "failure policy use default", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -299,7 +299,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "failure policy ignore", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, diff --git a/pkg/readiness/ready_tracker_test.go b/pkg/readiness/ready_tracker_test.go index 7b4a8176de4..ac55a6857d4 100644 --- a/pkg/readiness/ready_tracker_test.go +++ b/pkg/readiness/ready_tracker_test.go @@ -163,7 +163,7 @@ func setupController( WatchManger: wm, ControllerSwitch: sw, Tracker: tracker, - GetPod: func(ctx context.Context) (*corev1.Pod, error) { return pod, nil }, + GetPod: func(_ context.Context) (*corev1.Pod, error) { return pod, nil }, ProcessExcluder: processExcluder, MutationSystem: mutationSystem, ExpansionSystem: expansionSystem, diff --git a/pkg/syncutil/single_runner_test.go b/pkg/syncutil/single_runner_test.go index ec120cfcc3b..c413d3a8d69 100644 --- a/pkg/syncutil/single_runner_test.go +++ b/pkg/syncutil/single_runner_test.go @@ -40,7 +40,7 @@ func Test_SingleRunner(t *testing.T) { }) // Repeat key won't be scheduled. - r.Go(ctx, "one", func(ctx context.Context) error { + r.Go(ctx, "one", func(_ context.Context) error { t.Fatal("repeat key will never be scheduled") return nil }) diff --git a/pkg/syncutil/syncbool_test.go b/pkg/syncutil/syncbool_test.go index 75606c50233..ed510223d46 100644 --- a/pkg/syncutil/syncbool_test.go +++ b/pkg/syncutil/syncbool_test.go @@ -37,7 +37,7 @@ func Test_SyncBool(t *testing.T) { b.Set(true) }() - waitErr := wait.PollUntilContextTimeout(context.Background(), 10*time.Millisecond, 5*time.Second, false, func(ctx context.Context) (done bool, err error) { + waitErr := wait.PollUntilContextTimeout(context.Background(), 10*time.Millisecond, 5*time.Second, false, func(_ context.Context) (done bool, err error) { return b.Get(), nil }) diff --git a/pkg/watch/manager_test.go b/pkg/watch/manager_test.go index 08f6b392d0d..bf1f7437145 100644 --- a/pkg/watch/manager_test.go +++ b/pkg/watch/manager_test.go @@ -388,7 +388,7 @@ func TestRegistrar_Replay_Retry(t *testing.T) { resources := generateTestResources(gvk, 10) errCount := 3 c := &funcCache{ - ListFunc: func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { + ListFunc: func(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { if errCount > 0 { errCount-- return fmt.Errorf("failing %d more times", errCount) @@ -401,7 +401,7 @@ func TestRegistrar_Replay_Retry(t *testing.T) { } return nil }, - GetInformerNonBlockingFunc: func(_ context.Context, obj client.Object) (cache.Informer, error) { + GetInformerNonBlockingFunc: func(_ context.Context, _ client.Object) (cache.Informer, error) { return informer, nil }, } @@ -468,7 +468,7 @@ func TestRegistrar_Replay_Async(t *testing.T) { listCalled := make(chan struct{}) listDone := make(chan struct{}) c := &funcCache{ - ListFunc: func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { + ListFunc: func(ctx context.Context, _ client.ObjectList, _ ...client.ListOption) error { listCalled <- struct{}{} // Block until we're canceled. @@ -590,7 +590,7 @@ func TestRegistrar_ReplaceWatch(t *testing.T) { listCalls := make(map[schema.GroupVersionKind]int) getInformerCalls := make(map[schema.GroupVersionKind]int) c := &funcCache{ - ListFunc: func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { + ListFunc: func(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { mu.Lock() defer mu.Unlock() gvk := list.GetObjectKind().GroupVersionKind() diff --git a/pkg/webhook/common_test.go b/pkg/webhook/common_test.go index a05b538a601..c1aa07b12e4 100644 --- a/pkg/webhook/common_test.go +++ b/pkg/webhook/common_test.go @@ -43,7 +43,7 @@ func TestTLSConfig(t *testing.T) { t.Fatal(err) } - ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { fmt.Fprintln(w, "success!") })) ts.TLS = serverTLSConf diff --git a/test/testutils/controller.go b/test/testutils/controller.go index 7dd11303e3a..5b3c55388a1 100644 --- a/test/testutils/controller.go +++ b/test/testutils/controller.go @@ -99,7 +99,7 @@ func DeleteObjectAndConfirm(ctx context.Context, t *testing.T, c client.Client, t.Fatal(err) } - err = retry.OnError(ConstantRetry, func(err error) bool { + err = retry.OnError(ConstantRetry, func(_ error) bool { return true }, func() error { // Construct a single-use Unstructured to send the Get request. It isn't @@ -116,7 +116,6 @@ func DeleteObjectAndConfirm(ctx context.Context, t *testing.T, c client.Client, s, _ := json.MarshalIndent(toGet, "", " ") return fmt.Errorf("found %v %v:\n%s", gvk, key, string(s)) }) - if err != nil { t.Fatal(err) }