Merge pull request #26 from sapcc/add-periodic-reconciliation

add periodic reconciliation

Author: adziauho

.github/renovate.json

@@ -14,7 +14,7 @@
   ],
   "commitMessageAction": "Renovate: Update",
   "constraints": {
-    "go": "1.24"
+    "go": "1.25"
   },
   "dependencyDashboardOSVVulnerabilitySummary": "all",
   "osvVulnerabilityAlerts": true,
@@ -25,9 +25,13 @@
   "packageRules": [
     {
       "matchPackageNames": [
-        "golang"
+        "/.*/"
       ],
-      "allowedVersions": "1.24.x"
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "groupName": "External dependencies"
     },
     {
       "matchPackageNames": [
@@ -38,20 +42,30 @@
     },
     {
       "matchPackageNames": [
-        "!/^github\\.com\\/sapcc\\/.*/",
-        "/.*/"
+        "go",
+        "golang",
+        "actions/go-versions"
+      ],
+      "groupName": "golang",
+      "separateMinorPatch": true
+    },
+    {
+      "matchPackageNames": [
+        "go",
+        "golang",
+        "actions/go-versions"
       ],
       "matchUpdateTypes": [
         "minor",
-        "patch"
+        "major"
       ],
-      "groupName": "External dependencies"
+      "dependencyDashboardApproval": true
     },
     {
       "matchPackageNames": [
         "/^k8s.io\\//"
       ],
-      "allowedVersions": "0.28.x"
+      "allowedVersions": "0.33.x"
     }
   ],
   "prHourlyLimit": 0,

.github/workflows/checks.yaml

@@ -24,14 +24,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.24.6
+          go-version: 1.25.7
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v8
+        uses: golangci/golangci-lint-action@v9
         with:
           version: latest
       - name: Delete pre-installed shellcheck
@@ -41,17 +41,15 @@ jobs:
       - name: Dependency Licenses Review
         run: make check-dependency-licenses
       - name: Check for spelling errors
-        uses: reviewdog/action-misspell@v1
-        with:
-          exclude: ./vendor/*
-          fail_on_error: true
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          ignore: importas
-          reporter: github-check
+        uses: crate-ci/typos@v1
+        env:
+          CLICOLOR: "1"
+      - name: Delete typos binary
+        run: rm typos
       - name: Check if source code files have license header
         run: make check-addlicense
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v5
+        uses: fsfe/reuse-action@v6
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest
       - name: Run govulncheck

.github/workflows/ci.yaml

@@ -27,12 +27,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.24.6
+          go-version: 1.25.7
       - name: Build all binaries
         run: make build-all
   test:
@@ -42,11 +42,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.24.6
+          go-version: 1.25.7
       - name: Run tests and generate coverage report
         run: make build/cover.out

.github/workflows/codeql.yaml

@@ -27,18 +27,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.24.6
+          go-version: 1.25.7
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: go
           queries: security-extended
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4

.github/workflows/container-registry-ghcr.yaml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:

.golangci.yaml

@@ -55,7 +55,8 @@ linters:
     - govet
     - ineffassign
     - intrange
-    - misspell
+    - iotamixing
+    - modernize
     - nilerr
     - nolintlint
     - nosprintfhostport
@@ -143,6 +144,13 @@ linters:
       enable-all: true
     nolintlint:
       require-specific: true
+    modernize:
+      disable:
+        # omitzero requires removing omitempty tags in kubernetes api struct types which are nested, which is interpreted by controller-gen and breaks the CRDs.
+        - omitzero
+    perfsprint:
+      # modernize generates nicer fix code
+      concat-loop: false
     staticcheck:
       dot-import-whitelist:
         - github.com/majewsky/gg/option
@@ -167,13 +175,13 @@ linters:
   exclusions:
     generated: lax
     presets:
-      - comments
       - common-false-positives
       - legacy
       - std-error-handling
     rules:
       - linters:
           - bodyclose
+          - revive
         path: _test\.go
       # It is idiomatic Go to reuse the name 'err' with ':=' for subsequent errors.
       # Ref: https://go.dev/doc/effective_go#redeclaration

.license-scan-overrides.jsonl

@@ -1,4 +1,5 @@
 {"name": "github.com/chzyer/logex", "licenceType": "MIT"}
+{"name": "github.com/grpc-ecosystem/go-grpc-middleware/v2", "licenceType": "Apache-2.0"}
 {"name": "github.com/hashicorp/vault/api/auth/approle", "licenceType": "MPL-2.0"}
 {"name": "github.com/jpillora/longestcommon", "licenceType": "MIT"}
 {"name": "github.com/logrusorgru/aurora", "licenceType": "Unlicense"}

.typos.toml

@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2025 SAP SE
+#
+# SPDX-License-Identifier: Apache-2.0
+
+[default.extend-words]
+
+[files]
+extend-exclude = [
+  "go.mod",
+]

Dockerfile

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # Build the manager binary
-FROM golang:1.24 as builder
+FROM golang:1.25 as builder
 ARG TARGETOS
 ARG TARGETARCH