[shell-operator] сhore/automate versions (#841)

Signed-off-by: Pavel Okhlopkov <pavel.okhlopkov@flant.com>

Author: ldmonster

.github/workflows/build.yaml

@@ -8,34 +8,34 @@ jobs:
     name: Build shell-operator binary
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.23
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23"
-
+          go-version: "1.25.5"
       - name: Check out shell-operator code
         uses: actions/checkout@v4
-
       - name: Restore Go modules
         id: go-modules-cache
         uses: actions/cache@v4.2.3
         with:
           path: |
             ~/go/pkg/mod
           key: ${{ runner.os }}-gomod-${{ hashFiles('go.mod', 'go.sum') }}
+      - name: Check generated code is up to date
+        run: |
+          make generate
 
+          git diff --exit-code || (echo 'Regenerated code does not match source, please run "make generate"' && exit 1)
       - name: Download Go modules
         if: steps.go-modules-cache.outputs.cache-hit != 'true'
         run: |
           go mod download
           echo -n "Go modules unpacked size is: " && du -sh $HOME/go/pkg/mod
-
       - name: Build binary
         run: |
           export GOOS=linux
 
           go build ./cmd/shell-operator
-
 # MacOS build works fine because jq package already has static libraries.
 # Windows build requires jq compilation, this should be done in libjq-go.
 # TODO Does cross-compile can help here?

.github/workflows/checks.yaml

@@ -1,14 +1,11 @@
 name: PR Checks
-
 on:
   pull_request:
     types: [opened, labeled, unlabeled, synchronize]
-
 jobs:
   release-label:
     name: Release note label
     runs-on: ubuntu-latest
-
     steps:
       - name: Check minimum labels
         uses: mheap/github-action-required-labels@v5

.github/workflows/docs.yaml

@@ -1,26 +1,21 @@
 name: Docs
-
 on:
   push:
     branches:
       - main
   pull_request:
-
 jobs:
   deploy:
     runs-on: ubuntu-24.04
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}
     steps:
       - uses: actions/checkout@v4
-
       - name: Setup mdBook
         uses: peaceiris/actions-mdbook@v2
         with:
           mdbook-version: '0.4.10'
-
       - run: mdbook build docs
-
       - name: Deploy
         uses: peaceiris/actions-gh-pages@v4
         if: ${{ github.ref == 'refs/heads/main' }}

.github/workflows/lint.yaml

@@ -4,20 +4,17 @@ name: Lint
 on:
   pull_request:
     types: [opened, synchronize]
-
 jobs:
   run_linter:
     name: Run linter
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.23
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23"
-
+          go-version: "1.25.5"
       - name: Check out shell-operator code
         uses: actions/checkout@v4
-
       - name: Restore Go modules
         id: go-modules-cache
         uses: actions/cache@v4.2.3
@@ -27,30 +24,24 @@ jobs:
           key: ${{ runner.os }}-gomod-${{ hashFiles('go.mod', 'go.sum') }}
           restore-keys: |
             ${{ runner.os }}-gomod-
-
       - name: Download Go modules
         if: steps.go-modules-cache.outputs.cache-hit != 'true'
         run: |
           go mod download
           echo -n "Go modules unpacked size is: " && du -sh $HOME/go/pkg/mod
-
       - name: Run golangci-lint
         run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b . v2.1.6
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b . v2.8.0
           ./golangci-lint run --build-tags integration,test
-
-
   codespell:
     name: Run codespell
     runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-python@v5
         with:
           python-version: 3.8
-
       - name: Check out addon-operator code
         uses: actions/checkout@v4
-
       - name: Run codespell
         run: |
           pip install codespell==v1.17.1

.github/workflows/publish-dev.yaml

@@ -11,7 +11,6 @@ env:
   BUILDX_PLATFORMS: "linux/amd64,linux/arm64,linux/arm/v7"
   BUILDX_PLATFORMS_AMD64: "linux/amd64"
   GHCR_IO_REPO: ghcr.io/flant/shell-operator-dev
-
 jobs:
   check:
     name: Check and remove label
@@ -60,7 +59,6 @@ jobs:
             } catch (e) {
               console.log(`Error occurred while remove label. Possibly label is already removed. Ignore '${typeof e}' error.`);
             }
-
   publish_dev_image:
     name: Build and publish
     runs-on: ubuntu-latest
@@ -69,7 +67,6 @@ jobs:
     if: needs.check.outputs.run_publish == 'true'
     steps:
       - uses: actions/checkout@v4
-
       - name: Prepare environment
         env:
           BUILD_MULTI_ARCH: ${{ needs.check.outputs.build_multi_arch }}
@@ -93,26 +90,22 @@ jobs:
           echo "BUILD_MULTI_ARCH   = ${BUILD_MULTI_ARCH}"
           echo "BUILDX_PLATFORMS   = ${BUILDX_PLATFORMS}"
           echo "========================================="
-
       - name: Set up QEMU
         if: needs.check.outputs.build_multi_arch == 'true'
         uses: docker/setup-qemu-action@v3.6.0
         with:
           platforms: "${{ env.QEMU_PLATFORMS }}"
-
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
         with:
           version: latest
-
       - name: Login to Github Container Registry
         uses: docker/login-action@v3.4.0
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_IO_USER }}
           password: ${{ secrets.GHCR_IO_PASS }}
-
       - name: Build and push using buildx
         run: |
           echo "Build ${GHCR_IO_IMAGE_NAME} with version '${APP_VERSION}'"
@@ -121,32 +114,6 @@ jobs:
               --build-arg appVersion=$APP_VERSION \
               --tag $GHCR_IO_IMAGE_NAME \
               --push .
-
       - name: Inspect binaries
         if: needs.check.outputs.build_multi_arch == 'true'
-        run: |
-          # Image for one arhitecture has digest in config field.
-          # Image with multiple manifests has digest in each manifest.
-          manifests=$(docker buildx imagetools inspect "${GHCR_IO_IMAGE_NAME}" --raw)
-          if grep manifests <<<"${manifests}" 2>&1 >/dev/null ; then
-            jq -r '.manifests[]? | .digest + " " + .platform.os + "/" + .platform.architecture' <<<"${manifests}" \
-            | while read digest platform ; do
-              image=${GHCR_IO_IMAGE_NAME}@${digest}
-              if [[ ${BUILDX_PLATFORMS} != *"${platform}"* ]] ; then
-                echo "====================================="
-                echo "Ignore image for non-runnable platform ${platform}"
-                echo "  ${image}"
-                echo "====================================="
-                continue          
-              fi
-              echo "====================================="
-              echo "Inspect image for platform ${platform}"
-              echo "  ${image}"
-              echo "====================================="
-              docker run --rm --platform ${platform} --entrypoint sh ${image} -c \
-                'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /shell-operator'
-            done
-          else
-            echo Not a multi-arhitecture image.
-            #echo $(echo -n "${manifests}" | openssl dgst -sha256) ' linux/amd64'
-          fi
+        run: "# Image for one arhitecture has digest in config field.\n# Image with multiple manifests has digest in each manifest.\nmanifests=$(docker buildx imagetools inspect \"${GHCR_IO_IMAGE_NAME}\" --raw)\nif grep manifests <<<\"${manifests}\" 2>&1 >/dev/null ; then\n  jq -r '.manifests[]? | .digest + \" \" + .platform.os + \"/\" + .platform.architecture' <<<\"${manifests}\" \\\n  | while read digest platform ; do\n    image=${GHCR_IO_IMAGE_NAME}@${digest}\n    if [[ ${BUILDX_PLATFORMS} != *\"${platform}\"* ]] ; then\n      echo \"=====================================\"\n      echo \"Ignore image for non-runnable platform ${platform}\"\n      echo \"  ${image}\"\n      echo \"=====================================\"\n      continue          \n    fi\n    echo \"=====================================\"\n    echo \"Inspect image for platform ${platform}\"\n    echo \"  ${image}\"\n    echo \"=====================================\"\n    docker run --rm --platform ${platform} --entrypoint sh ${image} -c \\\n      'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /shell-operator'\n  done\nelse\n  echo Not a multi-arhitecture image.\n  #echo $(echo -n \"${manifests}\" | openssl dgst -sha256) ' linux/amd64'\nfi\n"

.github/workflows/publish-release.yaml

@@ -2,18 +2,15 @@
 # Build tag from release name when release is published.
 # Build 'latest' tag when release is published and marked as 'latest'.
 name: Publish release image
-
 on:
   workflow_dispatch:
   release:
     types: [published]
-
 env:
   QEMU_PLATFORMS: arm64,arm
   BUILDX_PLATFORMS: "linux/amd64,linux/arm64,linux/arm/v7"
   DOCKER_HUB_REPO: flant/shell-operator
   GHCR_IO_REPO: ghcr.io/flant/shell-operator
-
 jobs:
   check:
     name: Check
@@ -73,7 +70,6 @@ jobs:
             core.setOutput('run_publish', runPublish.toString());
             core.setOutput('image_tag', imageTag);
             core.setOutput('additional_tag', additionalTag);
-
   publish_image:
     name: Build and publish
     runs-on: [ubuntu-latest]
@@ -82,7 +78,6 @@ jobs:
     if: needs.check.outputs.run_publish == 'true'
     steps:
       - uses: actions/checkout@v4
-
       - name: Prepare environment
         env:
           ADDITIONAL_TAG: ${{ needs.check.outputs.additional_tag }}
@@ -116,25 +111,21 @@ jobs:
           echo "ADDITIONAL_DOCKER_HUB_IMAGE_NAME  = $ADDITIONAL_DOCKER_HUB_IMAGE_NAME" && \
           echo "ADDITIONAL_GHCR_IO_IMAGE_NAME     = $ADDITIONAL_GHCR_IO_IMAGE_NAME"
           echo "========================================="
-
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3.6.0
         with:
           platforms: "${{ env.QEMU_PLATFORMS }}"
-
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
         with:
           version: latest
-
       - name: Login to Github Container Registry
         uses: docker/login-action@v3.4.0
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_IO_USER }}
           password: ${{ secrets.GHCR_IO_PASS }}
-
       - name: Build and push multi-arch image
         run: |
           echo "Build and push $FINAL_IMAGE_NAME with version '$APP_VERSION'."
@@ -147,45 +138,19 @@ jobs:
             --tag $GHCR_IO_IMAGE_NAME \
             --push \
             .
-
       - name: Inspect binaries
-        run: |
-          # Image for one arhitecture has digest in config field.
-          # Image with multiple manifests has digest in each manifest.
-          manifests=$(docker buildx imagetools inspect "${GHCR_IO_IMAGE_NAME}" --raw)
-          if grep manifests <<<"${manifests}" 2>&1 >/dev/null ; then
-            jq -r '.manifests[]? | .digest + " " + .platform.os + "/" + .platform.architecture' <<<"${manifests}"
-          else
-            echo $(echo -n "${manifests}" | openssl dgst -sha256 | sed s/^.stdin.*\ //) ' linux/amd64'
-          fi \
-          | while read digest platform ; do
-            if [[ ${BUILDX_PLATFORMS} != *"${platform}"* ]] ; then
-              echo "====================================="
-              echo "Ignore image for non-runnable platform ${platform}"
-              echo "  ${image}"
-              echo "====================================="
-              continue          
-            fi
-            image=${GHCR_IO_IMAGE_NAME}@${digest}
-            echo "====================================="
-            echo "Inspect image for platform ${platform}"
-            echo "  ${image}"
-            echo "====================================="
-            docker run --rm --platform ${platform} --entrypoint sh ${image} -c \
-              'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /shell-operator'
-          done
-
+        run: "# Image for one arhitecture has digest in config field.\n# Image with multiple manifests has digest in each manifest.\nmanifests=$(docker buildx imagetools inspect \"${GHCR_IO_IMAGE_NAME}\" --raw)\nif grep manifests <<<\"${manifests}\" 2>&1 >/dev/null ; then\n  jq -r '.manifests[]? | .digest + \" \" + .platform.os + \"/\" + .platform.architecture' <<<\"${manifests}\"\nelse\n  echo $(echo -n \"${manifests}\" | openssl dgst -sha256 | sed s/^.stdin.*\\ //) ' linux/amd64'\nfi \\\n| while read digest platform ; do\n  if [[ ${BUILDX_PLATFORMS} != *\"${platform}\"* ]] ; then\n    echo \"=====================================\"\n    echo \"Ignore image for non-runnable platform ${platform}\"\n    echo \"  ${image}\"\n    echo \"=====================================\"\n    continue          \n  fi\n  image=${GHCR_IO_IMAGE_NAME}@${digest}\n  echo \"=====================================\"\n  echo \"Inspect image for platform ${platform}\"\n  echo \"  ${image}\"\n  echo \"=====================================\"\n  docker run --rm --platform ${platform} --entrypoint sh ${image} -c \\\n    'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /shell-operator'\ndone\n"
       - name: Copy image to Docker Hub
         env:
           DOCKER_USER: ${{ secrets.DOCKER_USER }}
           DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
         run: |
           echo "Download crane tool ..."
-          
+
           CRANE_VERSION=$(curl -s "https://api.github.com/repos/google/go-containerregistry/releases/latest" | jq -r '.tag_name')
           CRANE_OS=Linux       # or Darwin, Windows
           CRANE_ARCH=x86_64    # or arm64, x86_64, armv6, i386, s390x, riscv64
-          
+
           echo "Crane version: ${CRANE_VERSION}, OS: ${CRANE_OS}, ARCH: ${CRANE_ARCH}"
           curl -sL "https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_${CRANE_OS}_${CRANE_ARCH}.tar.gz" > go-containerregistry.tar.gz
           echo "Extract crane tool ..."

.github/workflows/tests-labeled.yaml

@@ -36,7 +36,6 @@ jobs:
             } catch (e) {
               console.log(`Error occurred while remove label. Possibly label is already removed. Ignore '${typeof e}' error.`);
             }
-
   integration_tests:
     name: Integration tests
     needs:
@@ -63,14 +62,12 @@ jobs:
             cluster_name: "kube-1-32"
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.23
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23"
-
+          go-version: "1.25.5"
       - name: Check out shell-operator code
         uses: actions/checkout@v4
-
       - name: Restore Go modules
         id: go-modules-cache
         uses: actions/cache@v4.2.3
@@ -80,27 +77,23 @@ jobs:
           key: ${{ runner.os }}-gomod-${{ hashFiles('go.mod', 'go.sum') }}
           restore-keys: |
             ${{ runner.os }}-gomod-
-
       - name: Download Go modules
         if: steps.go-modules-cache.outputs.cache-hit != 'true'
         run: |
           go mod download
           echo -n "Go modules unpacked size is: " && du -sh $HOME/go/pkg/mod
-
       - name: Install ginkgo
         run: |
-          go install github.com/onsi/ginkgo/v2/ginkgo@latest
+          go install github.com/onsi/ginkgo/v2/ginkgo@v2.27.5
           echo $PATH
           ls -la $GOPATH/bin
           ginkgo version
-
       - name: Start kind cluster
         uses: engineerd/setup-kind@v0.6.2
         with:
           version: "v0.27.0"
           image: ${{ matrix.kind_node_image }}
           name: ${{ matrix.cluster_name }}
-
       - name: Run integration tests
         env:
           CLUSTER_NAME: ${{ matrix.cluster_name }}