webdevops
diff --git a/‎.github/workflows/build-docker.yaml‎
Lines changed: 11 additions & 21 deletions b/‎.github/workflows/build-docker.yaml‎
Lines changed: 11 additions & 21 deletions
diff --git a/‎.github/workflows/ci-docker.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/ci-docker.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/release-assets.yaml‎
Lines changed: 21 additions & 12 deletions b/‎.github/workflows/release-assets.yaml‎
Lines changed: 21 additions & 12 deletions
diff --git a/‎.github/workflows/release-docker.yaml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/release-docker.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/schedule-docker.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/schedule-docker.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 2 additions & 1 deletion b/‎Dockerfile‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 7 additions & 5 deletions b/‎Makefile‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 7 additions & 6 deletions b/‎README.md‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎cloudprovider/azure.go‎
Lines changed: 23 additions & 20 deletions b/‎cloudprovider/azure.go‎
Lines changed: 23 additions & 20 deletions
diff --git a/‎cloudprovider/base.go‎
Lines changed: 3 additions & 3 deletions b/‎cloudprovider/base.go‎
Lines changed: 3 additions & 3 deletions
@@ -11,21 +11,16 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
-      - name: Set Swap Space
-        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
-        with:
-          swap-size-gb: 12
+      - name: Setup runner
+        uses: webdevops/setup-runner@main
 
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          cache-dependency-path: "go.sum"
-          check-latest: true
+      - name: Setup go
+        uses: webdevops/setup-go@main
 
       - name: Run Golangci lint
-        uses: golangci/golangci-lint-action@v7
+        uses: golangci/golangci-lint-action@v9
         with:
           version: latest
           args: --print-resources-usage
@@ -44,18 +39,13 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
-      - name: Set Swap Space
-        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
-        with:
-          swap-size-gb: 12
+      - name: Setup runner
+        uses: webdevops/setup-runner@main
 
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          cache-dependency-path: "go.sum"
-          check-latest: true
+      - name: Setup go
+        uses: webdevops/setup-go@main
 
       - name: Docker meta
         id: docker_meta
 
@@ -2,6 +2,10 @@ name: "ci/docker"
 
 on: [pull_request, workflow_dispatch]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build:
     uses: ./.github/workflows/build-docker.yaml
 
@@ -4,26 +4,34 @@ on:
   release:
     types: [created]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  RELEASE_TAG: ${{ github.ref_name }}
+
 jobs:
-  release:
+  build:
+    name: "${{ matrix.task }}"
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - task: release-assets
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
-      - name: Set Swap Space
-        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
-        with:
-          swap-size-gb: 12
+      - name: Setup runner
+        uses: webdevops/setup-runner@main
 
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          cache-dependency-path: "go.sum"
-          check-latest: true
+      - name: Setup go
+        uses: webdevops/setup-go@main
 
       - name: Build
         run: |
-          make release-assets
+          make "${{ matrix.task }}"
 
       - name: Upload assets to release
         uses: svenstaro/upload-release-action@v2
@@ -33,3 +41,4 @@ jobs:
           tag: ${{ github.ref }}
           overwrite: true
           file_glob: true
+          promote: false
@@ -1,6 +1,7 @@
 name: "release/docker"
 
 on:
+  workflow_dispatch: {}
   push:
     branches:
       - 'main'
@@ -9,6 +10,10 @@ on:
     tags:
       - '*.*.*'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   release:
     uses: ./.github/workflows/build-docker.yaml
 
@@ -4,6 +4,10 @@ on:
   schedule:
     - cron: '45 6 * * 1'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   schedule:
     uses: ./.github/workflows/build-docker.yaml
 
@@ -1,7 +1,7 @@
 #############################################
 # Build
 #############################################
-FROM --platform=$BUILDPLATFORM golang:1.24-alpine AS build
+FROM --platform=$BUILDPLATFORM golang:1.25-alpine AS build
 
 RUN apk upgrade --no-cache --force
 RUN apk add --update build-base make git
@@ -15,6 +15,7 @@ RUN go mod download
 # Compile
 COPY . .
 RUN make test
+RUN make build # warmup
 ARG TARGETOS TARGETARCH
 RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} make build
 
 
@@ -1,7 +1,9 @@
 PROJECT_NAME		:= $(shell basename $(CURDIR))
 GIT_TAG				:= $(shell git describe --dirty --tags --always)
 GIT_COMMIT			:= $(shell git rev-parse --short HEAD)
-LDFLAGS				:= -X "main.gitTag=$(GIT_TAG)" -X "main.gitCommit=$(GIT_COMMIT)" -extldflags "-static" -s -w
+BUILD_DATE          := $(shell TZ=UTC date '+%Y-%m-%dT%H:%M:%SZ')
+LDFLAGS				:= -X "main.gitTag=$(GIT_TAG)" -X "main.gitCommit=$(GIT_COMMIT)" -X "main.buildDate=$(BUILD_DATE)" -extldflags "-static" -s -w
+BUILDFLAGS          := -trimpath
 
 FIRST_GOPATH			:= $(firstword $(subst :, ,$(shell go env GOPATH)))
 GOLANGCI_LINT_BIN		:= $(FIRST_GOPATH)/bin/golangci-lint
@@ -25,13 +27,13 @@ vendor:
 
 .PHONY: build-all
 build-all:
-	GOOS=linux   GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' -o '$(PROJECT_NAME)' .
-	GOOS=darwin  GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' -o '$(PROJECT_NAME).darwin' .
-	GOOS=windows GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' -o '$(PROJECT_NAME).exe' .
+	GOOS=linux   GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' $(BUILDFLAGS) -o '$(PROJECT_NAME)' .
+	GOOS=darwin  GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' $(BUILDFLAGS) -o '$(PROJECT_NAME).darwin' .
+	GOOS=windows GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' $(BUILDFLAGS) -o '$(PROJECT_NAME).exe' .
 
 .PHONY: build
 build:
-	GOOS=${GOOS} GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' -o $(PROJECT_NAME) .
+	GOOS=${GOOS} GOARCH=${GOARCH} CGO_ENABLED=0 go build -ldflags '$(LDFLAGS)' $(BUILDFLAGS) -o $(PROJECT_NAME) .
 
 .PHONY: image
 image: image
 
@@ -21,21 +21,22 @@ Usage:
   kube-bootstrap-token-manager [OPTIONS]
 
 Application Options:
-      --log.debug                                      debug mode [$LOG_DEBUG]
-      --log.devel                                      development mode [$LOG_DEVEL]
-      --log.json                                       Switch log output to json format [$LOG_JSON]
+      --log.level=[trace|debug|info|warning|error]     Log level (default: info) [$LOG_LEVEL]
+      --log.format=[logfmt|json]                       Log format (default: logfmt) [$LOG_FORMAT]
+      --log.source=[|short|file|full]                  Show source for every log message (useful for debugging and bug reports) [$LOG_SOURCE]
+      --log.color=[|auto|yes|no]                       Enable color for logs [$LOG_COLOR]
+      --log.time                                       Show log time [$LOG_TIME]
       --bootstraptoken.id-template=                    Template for token ID for bootstrap tokens (default: {{.Date}}) [$BOOTSTRAPTOKEN_ID_TEMPLATE]
       --bootstraptoken.name=                           Name for bootstrap tokens (default: bootstrap-token-%s) [$BOOTSTRAPTOKEN_NAME]
-      --bootstraptoken.label=                          Label for bootstrap tokens (default: webdevops.kubernetes.io/bootstraptoken-managed) [$BOOTSTRAPTOKEN_LABEL]
+      --bootstraptoken.label=                          Label for bootstrap tokens (default: bootstraptoken.webdevops.io/managed) [$BOOTSTRAPTOKEN_LABEL]
       --bootstraptoken.namespace=                      Namespace for bootstrap tokens (default: kube-system) [$BOOTSTRAPTOKEN_NAMESPACE]
       --bootstraptoken.type=                           Type for bootstrap tokens (default: bootstrap.kubernetes.io/token) [$BOOTSTRAPTOKEN_TYPE]
       --bootstraptoken.usage-bootstrap-authentication= Usage bootstrap authentication for bootstrap tokens (default: true) [$BOOTSTRAPTOKEN_USAGE_BOOTSTRAP_AUTHENTICATION]
       --bootstraptoken.usage-bootstrap-signing=        usage bootstrap signing for bootstrap tokens (default: true) [$BOOTSTRAPTOKEN_USAGE_BOOTSTRAP_SIGNING]
       --bootstraptoken.auth-extra-groups=              Auth extra groups for bootstrap tokens (default: system:bootstrappers:worker,system:bootstrappers:ingress) [$BOOTSTRAPTOKEN_AUTH_EXTRA_GROUPS]
       --bootstraptoken.expiration=                     Expiration (time.Duration) for bootstrap tokens (default: 8760h) [$BOOTSTRAPTOKEN_EXPIRATION]
       --bootstraptoken.token-length=                   Length of the random token string for bootstrap tokens (default: 16) [$BOOTSTRAPTOKEN_TOKEN_LENGTH]
-      --bootstraptoken.token-runes=                    Runes which should be used for the random token string for bootstrap tokens (default: abcdefghijklmnopqrstuvwxyz0123456789)
-                                                       [$BOOTSTRAPTOKEN_TOKEN_RUNES]
+      --bootstraptoken.token-runes=                    Runes which should be used for the random token string for bootstrap tokens (default: abcdefghijklmnopqrstuvwxyz0123456789) [$BOOTSTRAPTOKEN_TOKEN_RUNES]
       --sync.time=                                     Sync time (time.Duration) (default: 1h) [$SYNC_TIME]
       --sync.recreate-before=                          Time duration (time.Duration) when token should be recreated (default: 2190h) [$SYNC_RECREATE_BEFORE]
       --sync.full                                      Sync also previous tokens (full sync) [$SYNC_FULL]
 
@@ -3,14 +3,14 @@ package cloudprovider
 import (
 	"context"
 	"errors"
+	"log/slog"
 	"sort"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"go.uber.org/zap"
-
 	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
 	"github.com/webdevops/go-common/azuresdk/armclient"
+	"github.com/webdevops/go-common/log/slogger"
 
 	"github.com/webdevops/kube-bootstrap-token-manager/bootstraptoken"
 	"github.com/webdevops/kube-bootstrap-token-manager/config"
@@ -27,22 +27,22 @@ type (
 		opts config.Opts
 		ctx  context.Context
 
-		logger *zap.SugaredLogger
+		logger *slogger.Logger
 		client *armclient.ArmClient
 
 		keyvaultClient *azsecrets.Client
 	}
 )
 
-func (m *CloudProviderAzure) Init(ctx context.Context, opts config.Opts, logger *zap.SugaredLogger, userAgent string) {
+func (m *CloudProviderAzure) Init(ctx context.Context, opts config.Opts, logger *slogger.Logger, userAgent string) {
 	var err error
 	m.ctx = ctx
 	m.opts = opts
 	m.logger = logger.With(
-		zap.String("cloudprovider", "azure"),
+		slog.String("cloudprovider", "azure"),
 	)
 
-	m.client, err = armclient.NewArmClientFromEnvironment(logger)
+	m.client, err = armclient.NewArmClientFromEnvironment(logger.Slog())
 	if err != nil {
 		logger.Fatal(err.Error())
 	}
@@ -62,20 +62,20 @@ func (m *CloudProviderAzure) Init(ctx context.Context, opts config.Opts, logger
 	}
 	m.keyvaultClient, err = azsecrets.NewClient(*m.opts.CloudProvider.Azure.KeyVaultUrl, m.client.GetCred(), &secretOpts)
 	if err != nil {
-		m.logger.Panic(err)
+		m.logger.Panic(err.Error())
 	}
 }
 
 func (m *CloudProviderAzure) FetchToken() (token *bootstraptoken.BootstrapToken) {
 	vaultUrl := *m.opts.CloudProvider.Azure.KeyVaultUrl
 	secretName := *m.opts.CloudProvider.Azure.KeyVaultSecretName
 
-	contextLogger := m.logger.With(zap.String("keyVault", vaultUrl), zap.String("secretName", secretName))
+	contextLogger := m.logger.With(slog.String("keyVault", vaultUrl), slog.String("secretName", secretName))
 
-	contextLogger.Infof("fetching current token from Azure KeyVault \"%s\" secret \"%s\"", vaultUrl, secretName)
+	contextLogger.Info("fetching current token from Azure KeyVault")
 	secret, err := m.keyvaultClient.GetSecret(m.ctx, secretName, "", nil)
 	if m.handleKeyvaultError(contextLogger, err) != nil {
-		contextLogger.Panic(err)
+		contextLogger.Panic(err.Error())
 	}
 
 	if secret.Value != nil {
@@ -106,17 +106,16 @@ func (m *CloudProviderAzure) FetchTokens() (tokens []*bootstraptoken.BootstrapTo
 	vaultUrl := *m.opts.CloudProvider.Azure.KeyVaultUrl
 	secretName := *m.opts.CloudProvider.Azure.KeyVaultSecretName
 
-	contextLogger := m.logger.With(zap.String("keyVault", vaultUrl), zap.String("secretName", secretName))
-
-	contextLogger.Infof("fetching all tokens from Azure KeyVault \"%s\" secret \"%s\"", vaultUrl, secretName)
+	contextLogger := m.logger.With(slog.String("keyVault", vaultUrl), slog.String("secretName", secretName))
+	contextLogger.Info("fetching all tokens from Azure KeyVault")
 
 	pager := m.keyvaultClient.NewListSecretPropertiesVersionsPager(secretName, nil)
 	// get secrets first
 	secretCandidateList := []*azsecrets.SecretProperties{}
 	for pager.More() {
 		result, err := pager.NextPage(m.ctx)
 		if err != nil {
-			m.logger.Panic(err)
+			m.logger.Panic(err.Error())
 		}
 
 		for _, secretVersion := range result.Value {
@@ -146,11 +145,11 @@ func (m *CloudProviderAzure) FetchTokens() (tokens []*bootstraptoken.BootstrapTo
 	// process list
 	secretCounter := 0
 	for _, secretVersion := range secretCandidateList {
-		secretLogger := contextLogger.With(zap.String("secretVersion", secretVersion.ID.Version()))
+		secretLogger := contextLogger.With(slog.String("secretVersion", secretVersion.ID.Version()))
 
 		secret, err := m.keyvaultClient.GetSecret(m.ctx, secretVersion.ID.Name(), secretVersion.ID.Version(), nil)
 		if err != nil {
-			secretLogger.Warn(`unable to fetch secret "%[2]v" with version "%[3]v" from vault "%[1]v": %[4]w`, vaultUrl, secretVersion.ID.Name(), secretVersion.ID.Version(), err)
+			secretLogger.Warn(`unable to fetch secret`, slog.Any("error", err))
 			continue
 		}
 
@@ -183,11 +182,15 @@ func (m *CloudProviderAzure) FetchTokens() (tokens []*bootstraptoken.BootstrapTo
 }
 
 func (m *CloudProviderAzure) StoreToken(token *bootstraptoken.BootstrapToken) {
-	contextLogger := m.logger.With(zap.String("token", token.Id()))
 	vaultUrl := *m.opts.CloudProvider.Azure.KeyVaultUrl
 	secretName := *m.opts.CloudProvider.Azure.KeyVaultSecretName
 
-	contextLogger.Infof("storing token to Azure KeyVault \"%s\" secret \"%s\" with expiration %s", vaultUrl, secretName, token.ExpirationString())
+	contextLogger := m.logger.With(
+		slog.String("token", token.Id()),
+		slog.String("keyVault", vaultUrl),
+		slog.String("secretName", secretName),
+	)
+	contextLogger.Info("storing token to Azure KeyVault", slog.String("expiration", token.ExpirationString()))
 
 	secretParameters := azsecrets.SetSecretParameters{
 		Value: stringPtr(token.FullToken()),
@@ -204,7 +207,7 @@ func (m *CloudProviderAzure) StoreToken(token *bootstraptoken.BootstrapToken) {
 
 	_, err := m.keyvaultClient.SetSecret(m.ctx, secretName, secretParameters, nil)
 	if err != nil {
-		m.logger.Panic(err)
+		m.logger.Panic(err.Error())
 	}
 }
 
@@ -227,7 +230,7 @@ func (m *CloudProviderAzure) updateTokenMeta(token *bootstraptoken.BootstrapToke
 	}
 }
 
-func (m *CloudProviderAzure) handleKeyvaultError(logger *zap.SugaredLogger, err error) error {
+func (m *CloudProviderAzure) handleKeyvaultError(logger *slogger.Logger, err error) error {
 	if err != nil {
 		switch m.parseAzCoreResponseError(err) {
 		case "SecretNotFound":
 
@@ -5,15 +5,15 @@ import (
 	"fmt"
 	"strings"
 
-	"go.uber.org/zap"
+	"github.com/webdevops/go-common/log/slogger"
 
 	"github.com/webdevops/kube-bootstrap-token-manager/bootstraptoken"
 	"github.com/webdevops/kube-bootstrap-token-manager/config"
 )
 
 type (
 	CloudProvider interface {
-		Init(ctx context.Context, opts config.Opts, logger *zap.SugaredLogger, userAgent string)
+		Init(ctx context.Context, opts config.Opts, logger *slogger.Logger, userAgent string)
 		FetchToken() (token *bootstraptoken.BootstrapToken)
 		FetchTokens() (token []*bootstraptoken.BootstrapToken)
 		StoreToken(token *bootstraptoken.BootstrapToken)
@@ -26,5 +26,5 @@ func NewCloudProvider(provider string) CloudProvider {
 		return &CloudProviderAzure{}
 	}
 
-	panic(fmt.Sprintf("Cloud provider \"%s\" not available", provider))
+	panic(fmt.Sprintf("cloud provider \"%s\" not available", provider))
 }