✨ overall refactoring and linter fixes

.github/workflows/golangci-lint.yml

@@ -27,6 +27,6 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # tag=v8.0.0
         with:
-          version: v1.61.0
+          version: v2.1.0
           working-directory: ${{matrix.working-directory}}
           args: --timeout=5m

.gitignore

@@ -37,4 +37,7 @@ _artifacts
 `
 
 # Temp files
-tmp/
+tmp/
+
+# Release Files
+out/

Dockerfile

@@ -28,7 +28,7 @@ ARG ARCH
 # It's an invalid finding since the image is explicitly set in the Makefile.
 # https://github.com/hadolint/hadolint/wiki/DL3006
 # hadolint ignore=DL3006
-FROM ${builder_image} as builder
+FROM ${builder_image} AS builder
 WORKDIR /workspace
 
 # Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy
@@ -71,34 +71,31 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Production image
 FROM ${deployment_base_image}:${deployment_base_image_tag}
 
+# Set shell with pipefail option for better error handling
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # Install Node.js and cdk8s-cli directly
+# hadolint ignore=DL3015
 RUN apt-get update && \
-    apt-get install -y ca-certificates curl wget && \
+    apt-get install -y --no-install-recommends ca-certificates=20240203~22.04.1 curl=7.81.0-1ubuntu1.20 && \
     curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
-    apt-get install -y nodejs && \
-    npm install -g cdk8s-cli && \
-    wget https://go.dev/dl/go1.21.5.linux-amd64.tar.gz && \
-    tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz && \
-    rm go1.21.5.linux-amd64.tar.gz && \
+    apt-get install -y nodejs=18.19.1-1nodesource1 && \
+    npm install -g cdk8s-cli@2.200.97 && \
+    curl -fsSL -o go1.24.4.linux-amd64.tar.gz https://go.dev/dl/go1.24.4.linux-amd64.tar.gz && \
+    tar -C /usr/local -xzf go1.24.4.linux-amd64.tar.gz && \
+    rm go1.24.4.linux-amd64.tar.gz && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-    # Set Go environment variables
+# Set Go environment variables
 ENV PATH=$PATH:/usr/local/go/bin
 ENV GOROOT=/usr/local/go
 
-RUN cdk8s --version && go version
-
 WORKDIR /
 COPY --from=builder /workspace/manager .
 
 # Create non-root user
 RUN useradd --uid 65532 --create-home --shell /bin/bash nonroot
-
-# Ensure the non-root user can access Go by setting up their environment
-RUN echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/nonroot/.bashrc && \
-    echo 'export GOROOT=/usr/local/go' >> /home/nonroot/.bashrc && \
-    echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/nonroot/.profile
 
 # Switch back to non-root user (this line should already exist)
 # USER root # This was part of the removed direct install, ensure it's not re-added here unless needed for COPY permissions

Makefile

@@ -45,8 +45,6 @@ export GO111MODULE=on
 # Base docker images
 
 DOCKERFILE_CONTAINER_IMAGE ?= docker.io/docker/dockerfile:1.4
-# DEPLOYMENT_BASE_IMAGE ?= gcr.io/distroless/static
-# DEPLOYMENT_BASE_IMAGE_TAG ?= nonroot-${ARCH}
 DEPLOYMENT_BASE_IMAGE ?= ubuntu
 DEPLOYMENT_BASE_IMAGE_TAG ?= 22.04
 BUILD_CONTAINER_ADDITIONAL_ARGS ?=
@@ -220,7 +218,7 @@ endif
 
 PROD_REGISTRY ?= ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s
 
-STAGING_REGISTRY ?= ghcr.io/patricklaabs/k8s-staging-cluster-api-cdk8s
+STAGING_REGISTRY ?= ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s
 STAGING_BUCKET ?= artifacts.k8s-staging-cluster-api-cdk8s.appspot.com
 
 # core
@@ -232,7 +230,7 @@ CAPI_KIND_CLUSTER_NAME ?= capi-test
 
 # It is set by Prow GIT_TAG, a git-based tag of the form vYYYYMMDD-hash, e.g., v20210120-v0.3.10-308-gc61521971
 
-TAG ?= v0.2.4-alpha
+TAG ?= v0.2.11-preview
 ARCH ?= $(shell go env GOARCH)
 ALL_ARCH = amd64 arm arm64
 
@@ -594,7 +592,7 @@ release-staging: ## Build and push container images to the staging bucket
 	REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-push-all release-alias-tag
 
 .PHONY: release-staging-nightly
-release-staging-nightly: ## Tag and push container images to the staging bucket. Example image tag: cluster-api-helm-controller:nightly_main_20210121
+release-staging-nightly: ## Tag and push container images to the staging bucket. Example image tag: cluster-api-cdk8s-controller:nightly_main_20210121
 	$(eval NEW_RELEASE_ALIAS_TAG := nightly_$(RELEASE_ALIAS_TAG)_$(shell date +'%Y%m%d'))
 	echo $(NEW_RELEASE_ALIAS_TAG)
 	$(MAKE) release-alias-tag TAG=$(RELEASE_ALIAS_TAG) RELEASE_ALIAS_TAG=$(NEW_RELEASE_ALIAS_TAG)

api/v1alpha1/cdk8sappproxy_types.go

@@ -41,7 +41,7 @@ type GitRepositorySpec struct {
 	// containing authentication credentials for the Git repository.
 	// The secret must contain 'username' and 'password' fields.
 	// +kubebuilder:validation:Optional
-	AuthSecretRef *corev1.LocalObjectReference `json:"authSecretRef,omitempty"` // New field
+	AuthSecretRef *corev1.LocalObjectReference `json:"authSecretRef,omitempty"`
 }
 
 // Cdk8sAppProxySpec defines the desired state of Cdk8sAppProxy.

api/v1alpha1/cdk8sappproxy_webhook_test.go

@@ -1,7 +1,6 @@
 package v1alpha1
 
 import (
-	"context"
 	"testing"
 
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -90,12 +89,7 @@ func TestCdk8sAppProxy_Default(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := context.Background()
-			err := tt.proxy.Default(ctx, tt.proxy)
-			if err != nil {
-				t.Errorf("Default() error = %v", err)
-				return
-			}
+			tt.proxy.Default()
 
 			if tt.proxy.Spec.GitRepository != nil && tt.expected.Spec.GitRepository != nil {
 				if tt.proxy.Spec.GitRepository.Reference != tt.expected.Spec.GitRepository.Reference {
@@ -177,21 +171,19 @@ func TestCdk8sAppProxy_ValidateCreate(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := context.Background()
-			warnings, err := tt.proxy.ValidateCreate(ctx, tt.proxy)
+			warnings, err := tt.proxy.ValidateCreate()
 
 			if tt.wantError {
 				if err == nil {
 					t.Errorf("ValidateCreate() expected error, got nil")
+
 					return
 				}
 				if tt.errorMsg != "" && err.Error() != "validation failed: ["+tt.errorMsg+"]" {
 					t.Errorf("ValidateCreate() error = %v, want error containing %v", err.Error(), tt.errorMsg)
 				}
-			} else {
-				if err != nil {
-					t.Errorf("ValidateCreate() unexpected error = %v", err)
-				}
+			} else if err != nil {
+				t.Errorf("ValidateCreate() unexpected error = %v", err)
 			}
 
 			// Warnings should always be nil in our implementation
@@ -248,8 +240,7 @@ func TestCdk8sAppProxy_ValidateUpdate(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := context.Background()
-			warnings, err := tt.newProxy.ValidateUpdate(ctx, tt.oldProxy, tt.newProxy)
+			warnings, err := tt.newProxy.ValidateUpdate(tt.oldProxy)
 
 			if tt.wantError {
 				if err == nil {
@@ -278,8 +269,7 @@ func TestCdk8sAppProxy_ValidateDelete(t *testing.T) {
 		},
 	}
 
-	ctx := context.Background()
-	warnings, err := proxy.ValidateDelete(ctx, proxy)
+	warnings, err := proxy.ValidateDelete()
 
 	if err != nil {
 		t.Errorf("ValidateDelete() unexpected error = %v", err)
@@ -335,15 +325,17 @@ func TestCdk8sAppProxy_validateCdk8sAppProxy(t *testing.T) {
 
 			if (err != nil) != tt.wantError {
 				t.Errorf("validateCdk8sAppProxy() error = %v, wantError %v", err, tt.wantError)
+
 				return
 			}
 
 			// Compare warnings properly
-			if tt.wantWarnings == nil && warnings != nil {
+			switch {
+			case tt.wantWarnings == nil && warnings != nil:
 				t.Errorf("validateCdk8sAppProxy() warnings = %v, want nil", warnings)
-			} else if tt.wantWarnings != nil && warnings == nil {
+			case tt.wantWarnings != nil && warnings == nil:
 				t.Errorf("validateCdk8sAppProxy() warnings = nil, want %v", tt.wantWarnings)
-			} else if tt.wantWarnings != nil && warnings != nil {
+			case tt.wantWarnings != nil && warnings != nil:
 				if len(warnings) != len(tt.wantWarnings) {
 					t.Errorf("validateCdk8sAppProxy() warnings length = %d, want %d", len(warnings), len(tt.wantWarnings))
 				} else {