Merge pull request #4 from cert-manager/add_makefile_modules

Add makefile modules

Author: cert-manager-prow[bot]

.github/dependabot.yaml

@@ -0,0 +1,20 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base-dependabot/.github/dependabot.yaml instead.
+
+# Update Go dependencies and GitHub Actions dependencies daily.
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: /
+  schedule:
+    interval: daily
+  groups:
+    all:
+      patterns: ["*"]
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: daily
+  groups:
+    all:
+      patterns: ["*"]

.github/workflows/govulncheck.yaml

@@ -0,0 +1,37 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead.
+
+# Run govulncheck at midnight every night on the main branch,
+# to alert us to recent vulnerabilities which affect the Go code in this
+# project.
+name: govulncheck
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+
+    if: github.repository_owner == 'cert-manager'
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        # Adding `fetch-depth: 0` makes sure tags are also fetched. We need
+        # the tags so `git describe` returns a valid version.
+        # see https://github.com/actions/checkout/issues/701 for extra info about this option
+        with: { fetch-depth: 0 }
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: make verify-govulncheck

.github/workflows/make-self-upgrade.yaml

@@ -0,0 +1,105 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.
+
+name: make-self-upgrade
+concurrency: make-self-upgrade
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  self_upgrade:
+    runs-on: ubuntu-latest
+
+    if: github.repository_owner == 'cert-manager'
+
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    env:
+      SOURCE_BRANCH: "${{ github.ref_name }}"
+      SELF_UPGRADE_BRANCH: "self-upgrade-${{ github.ref_name }}"
+
+    steps:
+      - name: Fail if branch is not head of branch.
+        if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }}
+        run: |
+          echo "This workflow should not be run on a non-branch-head."
+          exit 1
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        # Adding `fetch-depth: 0` makes sure tags are also fetched. We need
+        # the tags so `git describe` returns a valid version.
+        # see https://github.com/actions/checkout/issues/701 for extra info about this option
+        with: { fetch-depth: 0 }
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: |
+          git checkout -B "$SELF_UPGRADE_BRANCH"
+
+      - run: |
+          make -j upgrade-klone
+          make -j generate
+
+      - id: is-up-to-date
+        shell: bash
+        run: |
+          git_status=$(git status -s)
+          is_up_to_date="true"
+          if [ -n "$git_status" ]; then
+              is_up_to_date="false"
+              echo "The following changes will be committed:"
+              echo "$git_status"
+          fi
+          echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        run: |
+          git config --global user.name "cert-manager-bot"
+          git config --global user.email "[email protected]"
+          git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff
+          git push -f origin "$SELF_UPGRADE_BRANCH"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const { repo, owner } = context.repo;
+            const pulls = await github.rest.pulls.list({
+              owner: owner,
+              repo: repo,
+              head: owner + ':' + process.env.SELF_UPGRADE_BRANCH,
+              base: process.env.SOURCE_BRANCH,
+              state: 'open',
+            });
+            
+            if (pulls.data.length < 1) {
+              const result = await github.rest.pulls.create({
+                title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH,
+                owner: owner,
+                repo: repo,
+                head: process.env.SELF_UPGRADE_BRANCH,
+                base: process.env.SOURCE_BRANCH,
+                body: [
+                  'This PR is auto-generated to bump the Makefile modules.',
+                ].join('\n'),
+              });
+              await github.rest.issues.addLabels({
+                owner,
+                repo,
+                issue_number: result.data.number,
+                labels: ['skip-review']
+              });
+            }

.golangci.yaml

@@ -0,0 +1,80 @@
+version: "2"
+linters:
+  default: none
+  exclusions:
+    generated: lax
+    presets: [comments, common-false-positives, legacy, std-error-handling]
+    paths: [third_party, builtin$, examples$]
+    warn-unused: true
+  settings:
+    staticcheck:
+      checks: ["all", "-ST1000", "-ST1001", "-ST1003", "-ST1005", "-ST1012", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-QF1001", "-QF1003", "-QF1008"]
+  enable:
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - canonicalheader
+    - contextcheck
+    - copyloopvar
+    - decorder
+    - dogsled
+    - dupword
+    - durationcheck
+    - errcheck
+    - errchkjson
+    - errname
+    - exhaustive
+    - exptostd
+    - forbidigo
+    - ginkgolinter
+    - gocheckcompilerdirectives
+    - gochecksumtype
+    - gocritic
+    - goheader
+    - goprintffuncname
+    - gosec
+    - gosmopolitan
+    - govet
+    - grouper
+    - importas
+    - ineffassign
+    - interfacebloat
+    - intrange
+    - loggercheck
+    - makezero
+    - mirror
+    - misspell
+    - musttag
+    - nakedret
+    - nilerr
+    - nilnil
+    - noctx
+    - nosprintfhostport
+    - predeclared
+    - promlinter
+    - protogetter
+    - reassign
+    - sloglint
+    - staticcheck
+    - tagalign
+    - testableexamples
+    - unconvert
+    - unparam
+    - unused
+    - usestdlibvars
+    - usetesting
+    - wastedassign
+formatters:
+  enable: [gci, gofmt]
+  settings:
+    gci:
+      sections:
+        - standard # Standard section: captures all standard packages.
+        - default # Default section: contains all imports that could not be matched to another section type.
+        - prefix(github.com/cert-manager/webhook-cert-lib) # Custom section: groups all imports with the specified Prefix.
+        - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled.
+        - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled.
+  exclusions:
+    generated: lax
+    paths: [third_party, builtin$, examples$]

Makefile

@@ -0,0 +1,116 @@
+# Copyright 2023 The cert-manager Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/Makefile instead.
+
+# NOTE FOR DEVELOPERS: "How do the Makefiles work and how can I extend them?"
+#
+# Shared Makefile logic lives in the make/_shared/ directory. The source of truth for these files
+# lies outside of this repository, eg. in the cert-manager/makefile-modules repository.
+#
+# Logic specific to this repository must be defined in the make/00_mod.mk and make/02_mod.mk files:
+#   - The make/00_mod.mk file is included first and contains variable definitions needed by
+#     the shared Makefile logic.
+#   - The make/02_mod.mk file is included later, it can make use of most of the shared targets
+#     defined in the make/_shared/ directory (all targets defined in 00_mod.mk and 01_mod.mk).
+#     This file should be used to define targets specific to this repository.
+
+##################################
+
+# Some modules build their dependencies from variables, we want these to be 
+# evaluated at the last possible moment. For this we use second expansion to 
+# re-evaluate the generate and verify targets a second time.
+#
+# See https://www.gnu.org/software/make/manual/html_node/Secondary-Expansion.html
+.SECONDEXPANSION:
+
+# For details on some of these "prelude" settings, see:
+# https://clarkgrubb.com/makefile-style-guide
+MAKEFLAGS += --warn-undefined-variables --no-builtin-rules
+SHELL := /usr/bin/env bash
+.SHELLFLAGS := -uo pipefail -c
+.DEFAULT_GOAL := help
+.DELETE_ON_ERROR:
+.SUFFIXES:
+FORCE:
+
+noop: # do nothing
+
+# Set empty value for MAKECMDGOALS to prevent the "warning: undefined variable 'MAKECMDGOALS'"
+# warning from happening when running make without arguments
+MAKECMDGOALS ?=
+
+##################################
+# Host OS and architecture setup #
+##################################
+
+# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go"
+# binary may not be available in the PATH yet when the Makefiles are
+# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1
+# and Intel).
+host_os := $(shell uname -s | tr A-Z a-z)
+host_arch := $(shell uname -m)
+HOST_OS ?= $(host_os)
+HOST_ARCH ?= $(host_arch)
+
+ifeq (x86_64, $(HOST_ARCH))
+	HOST_ARCH = amd64
+else ifeq (aarch64, $(HOST_ARCH))
+	# linux reports the arm64 arch as aarch64
+	HOST_ARCH = arm64
+endif
+
+##################################
+# Git and versioning information #
+##################################
+
+git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty)
+VERSION ?= $(git_version)
+IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false)
+GITCOMMIT := $(shell git rev-parse HEAD)
+GITEPOCH := $(shell git show -s --format=%ct HEAD)
+
+##################################
+# Global variables and dirs      #
+##################################
+
+bin_dir := _bin
+
+# The ARTIFACTS environment variable is set by the CI system to a directory
+# where artifacts should be placed. These artifacts are then uploaded to a
+# storage bucket by the CI system (https://docs.prow.k8s.io/docs/components/pod-utilities/).
+# An example of such an artifact is a jUnit XML file containing test results.
+# If the ARTIFACTS environment variable is not set, we default to a local
+# directory in the _bin directory.
+ARTIFACTS ?= $(bin_dir)/artifacts
+
+$(bin_dir) $(ARTIFACTS) $(bin_dir)/scratch:
+	mkdir -p $@
+
+.PHONY: clean
+## Clean all temporary files
+## @category [shared] Tools
+clean:
+	rm -rf $(bin_dir)
+
+##################################
+# Include all the Makefiles      #
+##################################
+
+-include make/00_mod.mk
+-include make/_shared/*/00_mod.mk
+-include make/_shared/*/01_mod.mk
+-include make/02_mod.mk
+-include make/_shared/*/02_mod.mk

OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- cm-maintainers
+reviewers:
+- cm-maintainers

OWNERS_ALIASES

@@ -0,0 +1,14 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/OWNERS_ALIASES instead.
+
+aliases:
+  cm-maintainers:
+    - munnerz
+    - joshvanl
+    - wallrj
+    - jakexks
+    - maelvls
+    - sgtcodfish
+    - inteon
+    - thatsmrtalbot
+    - erikgb