Upgraded scaffolding to 4.10.1

Author: Jelle Dijkstra

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Kubebuilder DevContainer",
-  "image": "golang:1.24",
+  "image": "docker.io/golang:1.25",
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {},
     "ghcr.io/devcontainers/features/git:1": {}

.github/workflows/build-and-publish-image.yml

@@ -0,0 +1,67 @@
+---
+name: Build
+env:
+  image: pdok/mapserver-operator
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.image }}
+          tags: |
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+      - name: Login to PDOK Docker Hub
+        if: startsWith(env.image, 'pdok/')
+        uses: docker/login-action@v1
+        with:
+          username: koalapdok
+          password: ${{ secrets.DOCKERHUB_PUSH }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+      - # Temp fix to cleanup cache
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+      - name: Build result notification
+        if: success() || failure()
+        uses: 8398a7/action-slack@v3
+        with:
+          fields: all
+          status: custom
+          custom_payload: |
+            {
+              attachments: [{
+                color: '${{ job.status }}' === 'success' ? 'good' : '${{ job.status }}' === 'failure' ? 'danger' : 'warning',
+                text: `${process.env.AS_WORKFLOW} ${{ job.status }} for ${process.env.AS_REPO}!\n${process.env.AS_JOB} job on ${process.env.AS_REF} (commit: ${process.env.AS_COMMIT}, version: ${{ steps.docker_meta.outputs.version }}) by ${process.env.AS_AUTHOR} took ${process.env.AS_TOOK}`,
+              }]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/lint.yml

@@ -2,11 +2,13 @@ name: Lint
 
 on:
   push:
+    branches:
+      - master
   pull_request:
 
 jobs:
   lint:
-    name: Run on Ubuntu
+    name: Linting on Ubuntu
     runs-on: ubuntu-latest
     steps:
       - name: Clone the code

.github/workflows/test-e2e.yml

@@ -2,11 +2,13 @@ name: E2E Tests
 
 on:
   push:
+    branches:
+      - master
   pull_request:
 
 jobs:
   test-e2e:
-    name: Run on Ubuntu
+    name: End-2-End on Ubuntu
     runs-on: ubuntu-latest
     steps:
       - name: Clone the code

.github/workflows/test.yml

@@ -2,11 +2,13 @@ name: Tests
 
 on:
   push:
+    branches:
+      - master
   pull_request:
 
 jobs:
   test:
-    name: Run on Ubuntu
+    name: Testing on Ubuntu
     runs-on: ubuntu-latest
     steps:
       - name: Clone the code

.golangci.bck.yml

@@ -0,0 +1,116 @@
+---
+run:
+  # Timeout for analysis.
+  timeout: 5m
+
+  # Modules download mode (do not modify go.mod)
+  modules-download-mode: readonly
+
+  # Include test files (see below to exclude certain linters)
+  tests: true
+
+issues:
+  exclude-rules:
+    # Exclude certain linters for test code
+    - path: "_test\\.go"
+      linters:
+        - bodyclose
+        - dupl
+        - dogsled
+        - funlen
+        - gosec
+
+output:
+  formats:
+    - format: colored-line-number
+      path: stdout
+  print-issued-lines: true
+  print-linter-name: true
+
+linters-settings:
+  depguard:
+    rules:
+      main:
+        # Packages that are not allowed where the value is a suggestion.
+        deny:
+          - pkg: "github.com/pkg/errors"
+            desc: Should be replaced by standard lib errors package
+  cyclop:
+    # The maximal code complexity to report.
+    max-complexity: 15
+    skip-tests: true
+  funlen:
+    lines: 100
+  nestif:
+    min-complexity: 6
+  forbidigo:
+    forbid:
+      - http\.NotFound.*  # return RFC 7807 problem details instead
+      - http\.Error.*  # return RFC 7807 problem details instead
+  gomoddirectives:
+    replace-allow-list:
+      - github.com/abbot/go-http-auth  # https://github.com/traefik/traefik/issues/6873#issuecomment-637654361
+
+linters:
+  disable-all: true
+  enable:
+    # enabled by default by golangci-lint
+    - errcheck  # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - gosimple  # specializes in simplifying a code
+    - govet  # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign  # detects when assignments to existing variables are not used
+    - staticcheck  # is a go vet on steroids, applying a ton of static analysis checks
+    - typecheck  # like the front-end of a Go compiler, parses and type-checks Go code
+    - unused  # checks for unused constants, variables, functions and types
+    # extra enabled by us
+    - asasalint  # checks for pass []any as any in variadic func(...any)
+    - asciicheck  # checks that your code does not contain non-ASCII identifiers
+    - bidichk  # checks for dangerous unicode character sequences
+    - bodyclose  # checks whether HTTP response body is closed successfully
+    - cyclop  # checks function and package cyclomatic complexity
+    - dupl  # tool for code clone detection
+    - durationcheck  # checks for two durations multiplied together
+    - dogsled  # find assignments/declarations with too many blank identifiers
+    - errname  # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - errorlint  # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
+    - exhaustive  # checks exhaustiveness of enum switch statements
+    - exptostd  # detects functions from golang.org/x/exp/ that can be replaced by std functions
+    - copyloopvar  # checks for pointers to enclosing loop variables
+    - fatcontext  # detects nested contexts in loops and function literals
+    - forbidigo  # forbids identifiers
+    - funlen  # tool for detection of long functions
+    - gocheckcompilerdirectives  # validates go compiler directive comments (//go:)
+    - goconst  # finds repeated strings that could be replaced by a constant
+    - gocritic  # provides diagnostics that check for bugs, performance and style issues
+    - gofmt  # checks if the code is formatted according to 'gofmt' command
+    - goimports  # in addition to fixing imports, goimports also formats your code in the same style as gofmt
+    - gomoddirectives  # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    - gomodguard  # allow and block lists linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations
+    - goprintffuncname  # checks that printf-like functions are named with f at the end
+    - gosec  # inspects source code for security problems
+    - loggercheck  # checks key value pairs for common logger libraries (kitlog,klog,logr,zap)
+    - makezero  # finds slice declarations with non-zero initial length
+    - mirror  # reports wrong mirror patterns of bytes/strings usage
+    - misspell  # finds commonly misspelled English words
+    - nakedret  # finds naked returns in functions greater than a specified function length
+    - nestif  # reports deeply nested if statements
+    - nilerr  # finds the code that returns nil even if it checks that the error is not nil
+    - nolintlint  # reports ill-formed or insufficient nolint directives
+    - nosprintfhostport  # checks for misuse of Sprintf to construct a host with port in a URL
+    - perfsprint  # Golang linter for performance, aiming at usages of fmt.Sprintf which have faster alternatives
+    - predeclared  # finds code that shadows one of Go's predeclared identifiers
+    - promlinter  # checks Prometheus metrics naming via promlint
+    - reassign  # checks that package variables are not reassigned
+    - revive  # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - rowserrcheck  # checks whether Err of rows is checked successfully
+    - sqlclosecheck  # checks that sql.Rows and sql.Stmt are closed
+    - sloglint  # A Go linter that ensures consistent code style when using log/slog
+    - tagliatelle  # checks the struct tags.
+    - testableexamples  # checks if examples are testable (have an expected output)
+    - tparallel  # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - usetesting  # detects using os.Setenv instead of t.Setenv since Go1.17
+    - unconvert  # removes unnecessary type conversions
+    - unparam  # reports unused function parameters
+    - usestdlibvars  # detects the possibility to use variables/constants from the Go standard library
+    - wastedassign  # finds wasted assignment statements
+  fast: false

.golangci.yml

@@ -1,41 +1,107 @@
 version: "2"
 run:
-  allow-parallel-runners: true
+  modules-download-mode: readonly
+  tests: true
+output:
+  formats:
+    text:
+      path: stdout
+      print-linter-name: true
+      print-issued-lines: true
 linters:
   default: none
   enable:
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
     - copyloopvar
+    - cyclop
+    - dogsled
     - dupl
+    - durationcheck
     - errcheck
-    - ginkgolinter
+    - errname
+    - errorlint
+    - exhaustive
+    - exptostd
+    - fatcontext
+    - forbidigo
+    - funlen
+    - gocheckcompilerdirectives
     - goconst
-    - gocyclo
+    - gocritic
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+    - gosec
     - govet
     - ineffassign
-    - lll
+    - loggercheck
+    - makezero
+    - mirror
     - misspell
     - nakedret
-    - prealloc
+    - nestif
+    - nilerr
+    - nolintlint
+    - nosprintfhostport
+    - perfsprint
+    - predeclared
+    - promlinter
+    - reassign
     - revive
+    - rowserrcheck
+    - sloglint
+    - sqlclosecheck
     - staticcheck
+    - tagliatelle
+    - testableexamples
+    - tparallel
     - unconvert
     - unparam
     - unused
+    - usestdlibvars
+    - usetesting
+    - wastedassign
   settings:
-    revive:
+    cyclop:
+      max-complexity: 15
+    depguard:
       rules:
-        - name: comment-spacings
-        - name: import-shadowing
+        main:
+          deny:
+            - pkg: github.com/pkg/errors
+              desc: Should be replaced by standard lib errors package
+    forbidigo:
+      forbid:
+        - pattern: http\.NotFound.*
+        - pattern: http\.Error.*
+    funlen:
+      lines: 100
+    gomoddirectives:
+      replace-allow-list:
+        - github.com/abbot/go-http-auth
+    nestif:
+      min-complexity: 6
   exclusions:
     generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
     rules:
       - linters:
-          - lll
-        path: api/*
-      - linters:
+          - bodyclose
+          - dogsled
           - dupl
-          - lll
-        path: internal/*
+          - funlen
+          - gosec
+        path: _test\.go
+      - linters:
+          - cyclop
+        path: (.+)_test\.go
     paths:
       - third_party$
       - builtin$

DEVELOPMENT.md

@@ -0,0 +1,5 @@
+## Local testing
+
+- Start an empty cluster using `k8s-clusters/local-test/empty-cluster.sh`
+- Build and push the controller to the cluster using `build-and-push-locally.sh <controller-version>`
+- Deploy a service to the cluster, for example (running from `k8s-clusters/local-test`): `OWNER=kadaster TECHNICAL_NAME=ad docker-compose -f ./docker-compose.yaml -f ./bundle-pollers/docker-compose.services.yaml up kustomize-init`

Dockerfile

@@ -1,21 +1,27 @@
 # Build the manager binary
-FROM golang:1.24 AS builder
+FROM docker.io/golang:1.25 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 
+#COPY --from=repos ./smooth-operator /smooth-operator
+#COPY --from=repos ./ogc-specifications /ogc-specifications
+
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
+
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
 
-# Copy the Go source (relies on .dockerignore to filter)
-COPY . .
+# Copy the go source
+COPY cmd/main.go cmd/main.go
+COPY api/ api/
+COPY internal/ internal/
 
 # Build
-# the GOARCH has no default value to allow the binary to be built according to the host where the command
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.