search

kudobuilder / kudo

Kubernetes Universal Declarative Operator (KUDO)
https://kudo.dev
Apache License 2.0
1.18k stars 103 forks source link

Chore: Update third-party dependencies to their latest releases #1615

Closed nfnt closed 4 years ago

nfnt commented 4 years ago

What this PR does / why we need it: This bumps the modules as well as 'golangci-lint' to their latest releases. It also fixes linter warnings due to updated linters, among them a potential DoS when copying files from archives (gosec G110). gotest.tools has been removed in favor of stretchr/testify, as it offers the same functionality.

kensipe commented 4 years ago

I would push the updated changes... but it likely needs some analysis... some of the change looks like simple line limits which result in wrapping... like:

                   email:
-                    description: Email is an optional email address to contact the named maintainer.
+                    description: Email is an optional email address to contact the
+                      named maintainer.
                     type: string

It would be good to understand what is causing this change... and if innocuous.. then including the changed files

kensipe commented 4 years ago

after generating files make generate, make test passes... but make integration-test fails. (around crds)

kensipe commented 4 years ago

additionally... golangci needs a change to install-golangcilint.sh which is missing in this change.
https://github.com/kudobuilder/kudo/blob/main/hack/install-golangcilint.sh#L7

which makes me question if the correct linter version was used..

kensipe commented 4 years ago

I should add.. there are some really good mods here... In particular the error handling around io.Copy and size limitations!

nfnt commented 4 years ago

@kensipe, interesting,make generate was run here and resulted in updated CRDs, make integration-test succeeds in the CI. But controller-gen isn't being updated as part of this PR. This must be due to the Kubernetes APIs bump to 0.18.6. The updated APIs are used by controller-gen as well -- because that's how dependency resolution works with Go modules. As a result, the output is different.

nfnt commented 4 years ago

This would also explain why running make generate locally leaves your repo dirty: You already have controller-gen in the right version installed. But if you would rebuild controller-gen, it would use different dependencies, which results in a different binary. This is a problem 😦. Thanks for surfacing this.