🌱 add make verify-generated-files. Update controller-gen to v1.18 (#1676)

Author: guettli

.builder-image-version.txt

@@ -1 +1 @@
-1.0.24
+1.0.25

.github/actions/e2e/action.yaml

@@ -44,7 +44,10 @@ runs:
       shell: bash
       env:
         hcloudctl_version: 1.40.0
-      run: curl -fsSL https://github.com/hetznercloud/cli/releases/download/v${{ env.hcloudctl_version }}/hcloud-linux-amd64.tar.gz | tar -xzv hcloud ; mv hcloud hack/tools/bin/hcloud
+      run: |
+        curl -fsSL https://github.com/hetznercloud/cli/releases/download/v${{ env.hcloudctl_version }}/hcloud-linux-amd64.tar.gz | tar -xzv hcloud
+        mkdir -p hack/tools/bin/
+        mv hcloud hack/tools/bin/hcloud
 
     - name: Generate metadata
       id: meta

.github/actions/fixes/action.yaml

@@ -0,0 +1,25 @@
+name: Fix env var HOME and git permissions
+description: Fix env var HOME and git permissions
+runs:
+  using: "composite"
+  steps:
+  - name: Fix HOME Directory
+    shell: bash
+    run: |
+      # Issue [HOME is overridden for containers](https://github.com/actions/runner/issues/863)
+      h=$(getent passwd $(id -un) | cut -d: -f6)
+      if [ "$h" = "$HOME" ]; then
+        echo "HOME fine: $HOME"
+        exit 0
+      fi
+      echo "HOME=$HOME was broken. Setting it to $h"
+      ls -ld $HOME
+      ls -ld $h
+      echo "USER: $USER"
+      echo "id: $(id)"
+      echo "HOME=$h" >> $GITHUB_ENV
+
+  - name: Fixup git permissions
+    # https://github.com/actions/checkout/issues/766
+    shell: bash
+    run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

.github/workflows/main-promote-builder-image.yml

@@ -10,7 +10,7 @@ jobs:
     name: Promote Latest tag to Caph Builder Image
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/syself/caph-builder:1.0.24
+      image: ghcr.io/syself/caph-builder:1.0.25
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}

.github/workflows/pr-e2e.yaml

@@ -38,9 +38,20 @@ jobs:
     name: Test Release
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/syself/caph-builder:1.0.25
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.github_token }}
+    env:
+      BUILD_IN_CONTAINER: "false"
     steps:
       - name: checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - name: Fix broken env var HOME
+        uses: ./.github/actions/fixes
+
       - name: Test Release
         id: manager-image
         uses: ./.github/actions/test-release

.github/workflows/pr-lint.yml

@@ -22,7 +22,7 @@ jobs:
     name: "Lint Pull Request"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/syself/caph-builder:1.0.24
+      image: ghcr.io/syself/caph-builder:1.0.25
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}

.github/workflows/pr-verify.yml

@@ -10,13 +10,26 @@ jobs:
       pull-requests: write
       issues: write
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/syself/caph-builder:1.0.25
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.github_token }}
     name: Verify Pull Request
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
+      - name: Fix Env Var HOME
+        uses: ./.github/actions/fixes
+        # Fixes:
+        #   fatal: detected dubious ownership in repository at '/__w/clu...
+        #   To add an exception for this directory, call:
+        #   git config --global --add safe.directory /__w...
+
       # Take from https://github.com/kubernetes-sigs/kubebuilder/blob/master/.github/workflows/verify.yml
       - name: Validate PR Title Format
+        shell: bash
         env:
           TITLE: ${{ github.event.pull_request.title }}
         run: |
@@ -48,13 +61,17 @@ jobs:
       - name: Verify Starlark
         run: make verify-starlark
 
+      - name: Verify Generated Files of Git Repo
+        run: make BUILD_IN_CONTAINER=false verify-generated-files
+
       - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
         with:
           node-version: "22"
       - name: Install renovate
         run: npm i -g [email protected] # TODO update this via renovatebot
 
       - name: Validate config
+        shell: bash
         run: |
           for file in $(find . -name "*.json5"); do
             renovate-config-validator ${file}

.github/workflows/schedule-scan-image.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'syself/cluster-api-provider-hetzner'
     container:
-      image: ghcr.io/syself/caph-builder:1.0.24
+      image: ghcr.io/syself/caph-builder:1.0.25
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}

.gitignore

@@ -8,6 +8,7 @@ bin
 hack/tools/bin
 testbin/*
 temp
+/tmp
 # Test binary, build with `go test -c`
 *.test
 .coverage

Makefile

@@ -88,10 +88,6 @@ export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.31.0
 ############
 # Binaries #
 ############
-CONTROLLER_GEN := $(abspath $(TOOLS_BIN_DIR)/controller-gen)
-controller-gen: $(CONTROLLER_GEN) ## Build a local copy of controller-gen
-$(CONTROLLER_GEN): # Build controller-gen from tools folder.
-	go install sigs.k8s.io/controller-tools/cmd/[email protected]
 
 KUSTOMIZE := $(abspath $(TOOLS_BIN_DIR)/kustomize)
 kustomize: $(KUSTOMIZE) ## Build a local copy of kustomize
@@ -124,12 +120,6 @@ clusterctl: $(CLUSTERCTL) ## Build a local copy of clusterctl
 $(CLUSTERCTL):
 	go install sigs.k8s.io/cluster-api/cmd/[email protected]
 
-HELM := $(abspath $(TOOLS_BIN_DIR)/helm)
-helm: $(HELM) ## Build a local copy of helm
-$(HELM):
-	curl -sSL https://get.helm.sh/helm-v3.13.2-$$(go env GOOS)-$$(go env GOARCH).tar.gz | tar xz -C $(TOOLS_BIN_DIR) --strip-components=1 $$(go env GOOS)-$$(go env GOARCH)/helm
-	chmod a+rx $(HELM)
-
 HCLOUD := $(abspath $(TOOLS_BIN_DIR)/hcloud)
 hcloud: $(HCLOUD) ## Build a local copy of hcloud
 $(HCLOUD):
@@ -162,7 +152,7 @@ gotestsum: $(GOTESTSUM) # Build gotestsum from tools folder.
 $(GOTESTSUM):
 	go install gotest.tools/[email protected]
 
-all-tools: $(GOTESTSUM) $(go-cover-treemap) $(go-binsize-treemap) $(KIND) $(KUBECTL) $(CLUSTERCTL) $(CTLPTL) $(SETUP_ENVTEST) $(ENVSUBST) $(KUSTOMIZE) $(CONTROLLER_GEN) $(HELM) ## Install all tools required for development
+all-tools: $(GOTESTSUM) $(go-cover-treemap) $(go-binsize-treemap) $(KIND) $(KUBECTL) $(CLUSTERCTL) $(CTLPTL) $(SETUP_ENVTEST) $(ENVSUBST) $(KUSTOMIZE) ## Install all tools required for development
 	echo 'done'
 
 ##@ Development
@@ -193,21 +183,29 @@ wait-and-get-secret:
 	./hack/get-kubeconfig-of-workload-cluster.sh
 	${TIMEOUT} --foreground 15m bash -c "while ! $(KUBECTL) --kubeconfig=$(WORKER_CLUSTER_KUBECONFIG) get nodes | grep control-plane; do sleep 1; done"
 
-install-cilium-in-wl-cluster: $(HELM)
+install-cilium-in-wl-cluster:
 	# Deploy cilium
-	$(HELM) repo add cilium https://helm.cilium.io/
-	$(HELM) repo update cilium
-	KUBECONFIG=$(WORKER_CLUSTER_KUBECONFIG) $(HELM) upgrade --install cilium cilium/cilium \
+	helm repo add cilium https://helm.cilium.io/
+	helm repo update cilium
+	KUBECONFIG=$(WORKER_CLUSTER_KUBECONFIG) helm upgrade --install cilium cilium/cilium \
   		--namespace kube-system \
 		-f templates/cilium/cilium.yaml
 
+
 install-ccm-in-wl-cluster:
-	$(HELM) repo add syself https://charts.syself.com
-	$(HELM) repo update syself
-	KUBECONFIG=$(WORKER_CLUSTER_KUBECONFIG) $(HELM) upgrade --install ccm syself/ccm-hetzner --version 1.1.10 \
+ifeq ($(BUILD_IN_CONTAINER),true)
+	docker run  --rm \
+		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
+		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
+		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
+else
+	helm repo add syself https://charts.syself.com
+	helm repo update syself
+	KUBECONFIG=$(WORKER_CLUSTER_KUBECONFIG) helm upgrade --install ccm syself/ccm-hetzner --version 1.1.10 \
 	--namespace kube-system \
 	--set privateNetwork.enabled=$(PRIVATE_NETWORK)
 	@echo 'run "kubectl --kubeconfig=$(WORKER_CLUSTER_KUBECONFIG) ..." to work with the new target cluster'
+endif
 
 add-ssh-pub-key:
 	./hack/ensure-env-variables.sh HCLOUD_TOKEN SSH_KEY SSH_KEY_NAME
@@ -570,6 +568,17 @@ verify-manifests:
 verify-container-images: ## Verify container images
 	trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL $(IMAGE_PREFIX)/$(INFRA_SHORT):latest
 
+.PHONY: verify-generated-files
+verify-generated-files: ## Verify geneated files in git repo
+ifeq ($(BUILD_IN_CONTAINER),true)
+	docker run  --rm \
+		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
+		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
+		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
+else
+	./hack/verify-generated-files.sh
+endif
+
 ##@ Generate
 ############
 # Generate #
@@ -581,7 +590,7 @@ generate-boilerplate: ## Generates missing boilerplates
 # support go modules
 generate-modules: ## Generates missing go modules
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -599,20 +608,37 @@ generate-modules-ci: generate-modules
 		exit 1; \
 	fi
 
-generate-manifests: $(CONTROLLER_GEN) ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) \
+generate-manifests: ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+ifeq ($(BUILD_IN_CONTAINER),true)
+	docker run  --rm \
+		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
+		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
+		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
+else
+	# Ensure that these old binaries are not longer used. We use
+	# these from the builder-image now.
+	rm -f ./hack/tools/bin/controller-gen ./hack/tools/bin/helm
+	controller-gen \
 			paths=./api/... \
 			paths=./controllers/... \
 			crd:crdVersions=v1 \
 			rbac:roleName=manager-role \
 			output:crd:dir=./config/crd/bases \
 			output:webhook:dir=./config/webhook \
 			webhook
+endif
 
-generate-go-deepcopy: $(CONTROLLER_GEN) ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	$(CONTROLLER_GEN) \
+generate-go-deepcopy: ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+ifeq ($(BUILD_IN_CONTAINER),true)
+	docker run  --rm \
+		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
+		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
+		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
+else
+	controller-gen \
 		object:headerFile="./hack/boilerplate/boilerplate.generatego.txt" \
 		paths="./api/..."
+endif
 
 generate-api-ci: generate-manifests generate-go-deepcopy
 	@if ! (git diff --exit-code ); then \
@@ -635,7 +661,7 @@ cluster-templates: $(KUSTOMIZE)
 .PHONY: format-golang
 format-golang: ## Format the Go codebase and run auto-fixers if supported by the linter.
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -652,7 +678,7 @@ format-starlark: ## Format the Starlark codebase
 .PHONY: format-yaml
 format-yaml: ## Lint YAML files
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -668,7 +694,7 @@ endif
 .PHONY: lint-golang
 lint-golang: ## Lint Golang codebase
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -681,7 +707,7 @@ endif
 .PHONY: lint-golang-ci
 lint-golang-ci:
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -694,7 +720,7 @@ endif
 .PHONY: lint-yaml
 lint-yaml: ## Lint YAML files
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -706,7 +732,7 @@ endif
 .PHONY: lint-yaml-ci
 lint-yaml-ci:
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -719,7 +745,7 @@ DOCKERFILES=$(shell find . -not \( -path ./hack -prune \) -not \( -path ./vendor
 .PHONY: lint-dockerfile
 lint-dockerfile: ## Lint Dockerfiles
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -730,7 +756,7 @@ endif
 
 lint-links: ## Link Checker
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run --rm -t -i \
+	docker run --rm \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
 else
@@ -751,7 +777,7 @@ format: format-starlark format-golang format-yaml ## Format Codebase
 .PHONY: generate-mocks
 generate-mocks: ## Generate Mocks
 ifeq ($(BUILD_IN_CONTAINER),true)
-	docker run  --rm -t -i \
+	docker run  --rm \
 		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
@@ -804,3 +830,10 @@ create-hetzner-installimage-tgz:
 	@echo "============= ↓↓↓↓↓ Now update the version number here ↓↓↓↓↓ ============="
 	@git ls-files | xargs grep -P 'hetzner-installimage.*v\d+\.\d+' || true
 	@echo "↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"
+
+builder-image-shell: ## Start an interactive shell in the builder image.
+	docker run --rm -t -i \
+		--entrypoint bash \
+		-v $(shell go env GOPATH)/pkg:/go/pkg$(MOUNT_FLAGS) \
+		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
+		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION)