Update devbox, remove go tools

.github/workflows/go-analyze.yml

@@ -58,6 +58,8 @@ jobs:
             golangci-lint.run:443
             dl.k8s.io:443
             cdn.dl.k8s.io:443
+            registry-1.docker.io:443
+            auth.docker.io:443
 
       - uses: actions/checkout@v5
 
@@ -66,10 +68,9 @@ jobs:
         with:
           go-version-file: 'go.mod'
           check-latest: true
-          cache: false
 
       - name: lint
-        run: make lint
+        uses: golangci/golangci-lint-action@v8
 
       - name: lint-api
         run: make lint-api

Makefile

@@ -5,7 +5,7 @@ REGISTRY            ?= docker.io/linode
 IMAGE_NAME          ?= cluster-api-provider-linode
 CONTROLLER_IMAGE    ?= $(REGISTRY)/$(IMAGE_NAME)
 TAG                 ?= dev
-ENVTEST_K8SVERSION ?= $(shell go list -m -f "{{ .Version }}" k8s.io/api | awk -F'[v.]' '{printf "1.%d", $$3}')
+ENVTEST_K8S_VERSION := $(shell go list -m -f '{{.Version}}' k8s.io/client-go)
 VERSION             ?= $(shell git describe --always --tag --dirty=-dev)
 BUILD_ARGS          := --build-arg VERSION=$(VERSION)
 SHELL                = /usr/bin/env bash -o pipefail
@@ -15,7 +15,7 @@ MDBOOK_DEV_HOST      = 0.0.0.0
 MDBOOK_DEV_PORT      = 3000
 E2E_SELECTOR        ?= all
 
-# ENVTEST_K8SVERSION
+# ENVTEST_K8S_VERSION
 # - refers to the version of kubebuilder assets to be downloaded by envtest binary.
 # CONTAINER_TOOL
 # - defines the container tool to be used for building images.
@@ -80,25 +80,25 @@ help: ## Display this help.
 generate: generate-manifests generate-code generate-mock generate-api-docs
 
 .PHONY: generate-manifests
-generate-manifests: tools ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+generate-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate-code
-generate-code: tools ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+generate-code: controller-gen gowrap ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	go generate ./...
-	controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..."
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 .PHONY: generate-mock
-generate-mock: tools ## Generate mocks for the Linode API client.
-	mockgen -source=./clients/clients.go -destination ./mock/client.go -package mock
+generate-mock: mockgen ## Generate mocks for the Linode API client.
+	$(MOCKGEN) -source=./clients/clients.go -destination ./mock/client.go -package mock
 
 .PHONY: generate-flavors ## Generate template flavors.
-generate-flavors:
+generate-flavors: $(KUSTOMIZE)
 	bash hack/generate-flavors.sh
 
 .PHONY: generate-api-docs
-generate-api-docs: tools ## Generate API reference documentation.
-	crd-ref-docs \
+generate-api-docs: crd-ref-docs ## Generate API reference documentation.
+	$(CRD_REF_DOCS) \
 		--config=./docs/.crd-ref-docs.yaml \
 		--source-path=./api/ \
 		--renderer=markdown \
@@ -123,23 +123,23 @@ vet: ## Run go vet against code.
 	go vet ./...
 
 .PHONY: gosec
-gosec: tools ## Run gosec against code.
-	gosec -exclude-dir=bin -exclude-generated ./...
+gosec: ## Run gosec against code.
+	docker run --rm -w /workdir -v $(PWD):/workdir securego/gosec:$(GOSEC_VERSION) -exclude-dir=bin -exclude-generated ./...
 
 .PHONY: lint
-lint: tools ## Run lint against code.
-	golangci-lint run -c .golangci.yml
+lint: ## Run lint against code.
+	$(GOLANGCI_LINT) run -c .golangci.yml
 
 .PHONY: lint
 lint-api: golangci-lint-kal ## Run lint against code.
 	$(GOLANGCI_LINT_KAL) run -c .golangci-kal.yml
 
 .PHONY: nilcheck
-nilcheck: tools ## Run nil check against code.
+nilcheck: nilaway ## Run nil check against code.
 	go list ./... | xargs -I {} -d '\n' nilaway -include-pkgs {} -exclude-file-docstrings "ignore_autogenerated" ./...
 
 .PHONY: vulncheck
-vulncheck: tools ## Run vulnerability check against code.
+vulncheck: govulncheck ## Run vulnerability check against code.
 	govulncheck ./...
 
 .PHONY: docs
@@ -153,23 +153,22 @@ docs:
 ##@ Testing:
 
 .PHONY: test
-test: generate fmt vet ## Run tests.
-	go env -w GOTOOLCHAIN=go1.25.0+auto
-	KUBEBUILDER_ASSETS="$(shell setup-envtest use $(ENVTEST_K8SVERSION) --bin-dir $(CACHE_BIN) -p path)" go test -race -timeout 60s `go list ./... | grep -v ./mock$$`  -coverprofile cover.out.tmp
+test: generate fmt vet envtest ## Run tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use ${ENVTEST_K8S_VERSION#v} --bin-dir $(CACHE_BIN) -p path)" go test -race -timeout 60s `go list ./... | grep -v ./mock$$`  -coverprofile cover.out.tmp
 	grep -v "zz_generated.*" cover.out.tmp > cover.out
 	rm cover.out.tmp
 
 .PHONY: e2etest
-e2etest: generate local-release local-deploy
-	SSE_KEY=$$(openssl rand -base64 32) LOCALBIN=$(CACHE_BIN) chainsaw test ./e2e --parallel 2 --selector $(E2E_SELECTOR) $(E2E_FLAGS)
+e2etest: generate local-release local-deploy chainsaw s5cmd
+	SSE_KEY=$$(openssl rand -base64 32) LOCALBIN=$(CACHE_BIN) $(CHAINSAW) test ./e2e --parallel 2 --selector $(E2E_SELECTOR) $(E2E_FLAGS)
 
 .PHONY: local-deploy
-local-deploy: tools kind-cluster
+local-deploy: kind-cluster tilt kustomize clusterctl
 	$(TILT) ci -f Tiltfile
 
 .PHONY: kind-cluster
-kind-cluster: tools
-	ctlptl apply -f .tilt/ctlptl-config.yaml
+kind-cluster: kind ctlptl
+	$(CTLPTL) apply -f .tilt/ctlptl-config.yaml
 
 ##@ Test Upgrade:
 
@@ -186,18 +185,18 @@ checkout-last-release:
 	git checkout $(LAST_RELEASE)
 
 .PHONY: last-release-cluster
-last-release-cluster: tools kind-cluster checkout-last-release local-release local-deploy
-	LOCALBIN=$(CACHE_BIN) CLUSTERCTL_CONFIG=$(CLUSTERCTL_CONFIG) SKIP_CUSTOM_DELETE=true chainsaw test --namespace $(COMMON_NAMESPACE) --assert-timeout 600s --skip-delete ./e2e/capl-cluster-flavors/kubeadm-capl-cluster
+last-release-cluster: kind ctlptl tilt kustomize clusterctl chainsaw kind-cluster checkout-last-release local-release local-deploy
+	LOCALBIN=$(CACHE_BIN) CLUSTERCTL_CONFIG=$(CLUSTERCTL_CONFIG) SKIP_CUSTOM_DELETE=true $(CHAINSAW) test --namespace $(COMMON_NAMESPACE) --assert-timeout 600s --skip-delete ./e2e/capl-cluster-flavors/kubeadm-capl-cluster
 
 .PHONY: test-upgrade
 test-upgrade: last-release-cluster checkout-latest-commit
 	$(MAKE) local-release
 	$(MAKE) local-deploy
-	LOCALBIN=$(CACHE_BIN) CLUSTERCTL_CONFIG=$(CLUSTERCTL_CONFIG) chainsaw test --namespace $(COMMON_NAMESPACE) --assert-timeout 800s ./e2e/capl-cluster-flavors/kubeadm-capl-cluster
+	LOCALBIN=$(CACHE_BIN) CLUSTERCTL_CONFIG=$(CLUSTERCTL_CONFIG) $(CHAINSAW) test --namespace $(COMMON_NAMESPACE) --assert-timeout 800s ./e2e/capl-cluster-flavors/kubeadm-capl-cluster
 
 .PHONY: clean-kind-cluster
-clean-kind-cluster:
-	ctlptl delete -f .tilt/ctlptl-config.yaml
+clean-kind-cluster: ctlptl
+	$(CTLPTL) delete -f .tilt/ctlptl-config.yaml
 
 ## --------------------------------------
 ## Build
@@ -246,8 +245,8 @@ ifndef ignore-not-found
 endif
 
 .PHONY: tilt-cluster
-tilt-cluster: tools
-	ctlptl apply -f .tilt/ctlptl-config.yaml
+tilt-cluster: ctlptl tilt kind clusterctl
+	$(CTLPTL) apply -f .tilt/ctlptl-config.yaml
 	$(TILT) up
 
 ## --------------------------------------
@@ -259,7 +258,7 @@ tilt-cluster: tools
 RELEASE_DIR ?= infrastructure-linode
 
 .PHONY: release
-release: tools clean-release set-manifest-image release-manifests generate-flavors release-templates release-metadata clean-release-git
+release: kustomize clean-release set-manifest-image release-manifests generate-flavors release-templates release-metadata clean-release-git
 
 $(RELEASE_DIR):
 	mkdir -p $(RELEASE_DIR)/
@@ -278,8 +277,8 @@ set-manifest-image: ## Update kustomize image patch file for default resource.
 	sed -i'' -e 's@image: .*@image: '"$(REGISTRY)/$(IMAGE_NAME):$(VERSION)"'@' ./config/default/manager_image_patch.yaml
 
 .PHONY: release-manifests
-release-manifests: tools $(RELEASE_DIR)
-	kustomize build config/default > $(RELEASE_DIR)/infrastructure-components.yaml
+release-manifests: $(KUSTOMIZE) $(RELEASE_DIR)
+	$(KUSTOMIZE) build config/default > $(RELEASE_DIR)/infrastructure-components.yaml
 
 .PHONY: local-release
 local-release:
@@ -340,32 +339,73 @@ $(CACHE_BIN):
 ## --------------------------------------
 
 ##@ Tooling Binaries:
+# setup-envtest does not have devbox support so always use CACHE_BIN
 
 KUBECTL        ?= $(LOCALBIN)/kubectl
+KUSTOMIZE      ?= $(LOCALBIN)/kustomize
+CTLPTL         ?= $(LOCALBIN)/ctlptl
 CLUSTERCTL     ?= $(LOCALBIN)/clusterctl
+CRD_REF_DOCS   ?= $(CACHE_BIN)/crd-ref-docs
 KUBEBUILDER    ?= $(LOCALBIN)/kubebuilder
+CONTROLLER_GEN ?= $(CACHE_BIN)/controller-gen
+CONVERSION_GEN ?= $(CACHE_BIN)/conversion-gen
 TILT           ?= $(LOCALBIN)/tilt
+KIND           ?= $(LOCALBIN)/kind
+CHAINSAW       ?= $(LOCALBIN)/chainsaw
+ENVTEST        ?= $(CACHE_BIN)/setup-envtest
+NILAWAY        ?= $(LOCALBIN)/nilaway
+GOVULNC        ?= $(LOCALBIN)/govulncheck
+MOCKGEN        ?= $(LOCALBIN)/mockgen
+GOWRAP         ?= $(CACHE_BIN)/gowrap
+GOLANGCI_LINT  ?= $(LOCALBIN)/golangci-lint
 GOLANGCI_LINT_KAL ?= $(CACHE_BIN)/golangci-lint-kube-api-linter
+S5CMD          ?= $(CACHE_BIN)/s5cmd
 
 ## Tool Versions
-CLUSTERCTL_VERSION       ?= v1.11.1
-KUBECTL_VERSION          ?= v1.28.0
+KUSTOMIZE_VERSION        ?= v5.7.1
+CTLPTL_VERSION           ?= v0.8.43
+CLUSTERCTL_VERSION       ?= v1.11.2
+CRD_REF_DOCS_VERSION     ?= v0.2.0
+KUBECTL_VERSION          ?= v1.34.0
 KUBEBUILDER_VERSION      ?= v3.15.1
-TILT_VERSION             ?= 0.33.10
+CONTROLLER_TOOLS_VERSION ?= v0.19.0
+TILT_VERSION             ?= 0.35.2
+KIND_VERSION             ?= 0.30.0
 CHAINSAW_VERSION         ?= v0.2.13
+NILAWAY_VERSION          ?= d2274102dc2eab9f77cef849a5470a6ebf983125
+GOVULNC_VERSION          ?= v1.1.4
+MOCKGEN_VERSION          ?= v0.6.0
+GOWRAP_VERSION           ?= v1.4.3
+S5CMD_VERSION            ?= v2.3.0
+CONVERSION_GEN_VERSION   ?= v0.34.1
+GOLANGCI_LINT_VERSION    ?= v2.5.0
+GOSEC_VERSION            ?= 2.22.10
 
 .PHONY: tools
-tools: $(CLUSTERCTL) $(KUBECTL) $(KUBEBUILDER) $(TILT)
-	go install tool
-##@ we can't manage this with go tools because it causes a panic due to missing CRDs when running chainsaw
-	go install github.com/kyverno/chainsaw@$(CHAINSAW_VERSION)
+tools: $(KUSTOMIZE) $(CTLPTL) $(CLUSTERCTL) $(KUBECTL) $(CONTROLLER_GEN) $(CONVERSION_GEN) $(TILT) $(KIND) $(CHAINSAW) $(ENVTEST) $(NILAWAY) $(GOVULNC) $(MOCKGEN) $(GOWRAP)
+
+
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION)
+
+.PHONY: ctlptl
+ctlptl: $(CTLPTL) ## Download ctlptl locally if necessary.
+$(CTLPTL): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install github.com/tilt-dev/ctlptl/cmd/ctlptl@$(CTLPTL_VERSION)
 
 .PHONY: clusterctl
 clusterctl: $(CLUSTERCTL) ## Download clusterctl locally if necessary.
 $(CLUSTERCTL): $(LOCALBIN)
 	curl -fsSL https://github.com/kubernetes-sigs/cluster-api/releases/download/$(CLUSTERCTL_VERSION)/clusterctl-$(OS)-$(ARCH_SHORT) -o $(CLUSTERCTL)
 	chmod +x $(CLUSTERCTL)
 
+.PHONY: crd-ref-docs
+crd-ref-docs: $(CRD_REF_DOCS) ## Download crd-ref-docs locally if necessary.
+$(CRD_REF_DOCS): $(LOCALBIN)
+	GOBIN=$(CACHE_BIN) go install github.com/elastic/crd-ref-docs@$(CRD_REF_DOCS_VERSION)
+
 .PHONY: kubectl
 kubectl: $(KUBECTL) ## Download kubectl locally if necessary.
 $(KUBECTL): $(LOCALBIN)
@@ -378,6 +418,16 @@ $(KUBEBUILDER): $(LOCALBIN)
 	curl -L -o $(LOCALBIN)/kubebuilder https://github.com/kubernetes-sigs/kubebuilder/releases/download/$(KUBEBUILDER_VERSION)/kubebuilder_$(OS)_$(ARCH_SHORT)
 	chmod +x $(LOCALBIN)/kubebuilder
 
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	GOBIN=$(CACHE_BIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+.PHONY: conversion-gen
+conversion-gen: $(CONVERSION_GEN) ## Download conversion-gen locally if necessary.
+$(CONVERSION_GEN): $(LOCALBIN)
+	GOBIN=$(CACHE_BIN) go install k8s.io/code-generator/cmd/conversion-gen@$(CONVERSION_GEN_VERSION)
+
 .PHONY: tilt
 tilt: $(TILT) ## Download tilt locally if necessary.
 $(TILT): $(LOCALBIN)
@@ -387,7 +437,53 @@ $(TILT): $(LOCALBIN)
 	fi; \
 	curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$(TILT_VERSION)/tilt.$(TILT_VERSION).$$TILT_OS.$(ARCH).tar.gz | tar -xzvm -C $(LOCALBIN) tilt
 
-.PHONY: golangci-lint-kal
+.PHONY: kind
+kind: $(KIND) ## Download kind locally if necessary.
+$(KIND): $(LOCALBIN)
+	curl -Lso $(KIND) https://github.com/kubernetes-sigs/kind/releases/download/v$(KIND_VERSION)/kind-$(OS)-$(ARCH_SHORT)
+	chmod +x $(KIND)
+
+.PHONY: chainsaw
+chainsaw: $(CHAINSAW) ## Download chainsaw locally if necessary.
+$(CHAINSAW): $(CACHE_BIN)
+	GOBIN=$(CACHE_BIN) go install github.com/kyverno/chainsaw@$(CHAINSAW_VERSION)
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
+$(ENVTEST): $(CACHE_BIN)
+	GOBIN=$(CACHE_BIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+.phony: golangci-lint
+golangci-lint: $(GOLANGCI_LINT)
+$(GOLANGCI_LINT): # Build golangci-lint from tools folder.
+	GOBIN=$(LOCALBIN)  go install  github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+
+.phony: golangci-lint-kal
 golangci-lint-kal: $(GOLANGCI_LINT_KAL)
-$(GOLANGCI_LINT_KAL): tools # Build golangci-lint-kal from custom configuration.
-	golangci-lint custom
+$(GOLANGCI_LINT_KAL): $(GOLANGCI_LINT) # Build golangci-lint-kal from custom configuration.
+	$(GOLANGCI_LINT) custom
+
+.PHONY: nilaway
+nilaway: $(NILAWAY) ## Download nilaway locally if necessary.
+$(NILAWAY): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install go.uber.org/nilaway/cmd/nilaway@$(NILAWAY_VERSION)
+
+.PHONY: govulncheck
+govulncheck: $(GOVULNC) ## Download govulncheck locally if necessary.
+$(GOVULNC): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install golang.org/x/vuln/cmd/govulncheck@$(GOVULNC_VERSION)
+
+.PHONY: mockgen
+mockgen: $(MOCKGEN) ## Download mockgen locally if necessary.
+$(MOCKGEN): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install go.uber.org/mock/mockgen@$(MOCKGEN_VERSION)
+
+.PHONY: gowrap
+gowrap: $(GOWRAP) ## Download gowrap locally if necessary.
+$(GOWRAP): $(CACHE_BIN)
+	GOBIN=$(CACHE_BIN) go install github.com/hexdigest/gowrap/cmd/gowrap@$(GOWRAP_VERSION)
+
+.PHONY: s5cmd
+s5cmd: $(S5CMD)
+$(S5CMD): $(CACHE_BIN)
+	GOBIN=$(CACHE_BIN) go install github.com/peak/s5cmd/v2@$(S5CMD_VERSION)

devbox.json

@@ -1,25 +1,32 @@
 {
   "packages": {
-    "apple-sdk_15": {
-      "version":            "15.2",
-      "excluded_platforms": ["x86_64-linux"]
-    },
-    "clusterctl":       "1.11.1",
-    "docker":           "28.3.3",
+    "clusterctl":       "1.11.2",
+    "ctlptl":           "0.8.40",
+    "docker":           "28.4.0",
     "go-tools":         "2025.1.1",
-    "go":               "1.25",
+    "go":               "1.25.1",
+    "golangci-lint":    "2.4.0",
+    "govulncheck":      "1.1.4",
+    "kind":             "0.29.0",
+    "kustomize":        "5.6.0",
+    "nilaway":          "0-unstable-2025-03-07",
     "tilt":             "0.35.1",
-    "mdbook":           "0.4.52",
+    "mdbook":           "0.4.25",
     "mdbook-admonish":  "1.20.0",
-    "kyverno-chainsaw": "0.2.12",
+    "mockgen":          "0.5.2",
+    "kyverno-chainsaw": "0.2.13",
     "kubernetes-helm":  "3.19.0",
-    "kubectl":          "1.33.4",
-    "kubebuilder":      "4.8.0",
-    "jq":               "1.8.1"
+    "kubectl":          "1.34.1",
+    "kubebuilder":      "4.9.0",
+    "jq":               "1.8.1",
+    "apple-sdk_15": {
+      "version":            "15.2",
+      "excluded_platforms": ["x86_64-linux"]
+    }
   },
   "shell": {
     "init_hook": [
-      "export \"GOROOT=$(go env GOROOT)\"; export GOTOOLCHAIN=auto"
+      "export \"GOROOT=$(go env GOROOT)\""
     ],
     "scripts": {}
   }