From cbaeea5bfe59690927bf5adae957aeb2d18b7a93 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Mon, 12 Aug 2024 13:30:22 +0300 Subject: [PATCH 1/5] sign test Signed-off-by: Tuomas Katila --- .github/workflows/lib-publish.yaml | 69 ++++++++++++++++++++---------- .github/workflows/test.yaml | 18 ++++++++ 2 files changed, 64 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index 383459682..d0321de84 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -1,11 +1,16 @@ name: publish on: + workflow_dispatch: workflow_call: inputs: image_tag: default: "devel" required: false type: string + registry: + default: "docker.io/intel" + required: false + type: string env: no_base_check: "['intel-qat-plugin-kerneldrv', 'intel-idxd-config-initcontainer', 'crypto-perf', 'opae-nlb-demo']" @@ -14,33 +19,36 @@ permissions: jobs: image: + permissions: + contents: read + id-token: write name: Build image runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: image: - - intel-fpga-admissionwebhook - - intel-fpga-initcontainer - - intel-gpu-initcontainer + #- intel-fpga-admissionwebhook + # - intel-fpga-initcontainer + # - intel-gpu-initcontainer - intel-gpu-plugin - - intel-fpga-plugin - - intel-qat-initcontainer - - intel-qat-plugin - - intel-deviceplugin-operator - - intel-sgx-admissionwebhook - - intel-sgx-plugin - - intel-sgx-initcontainer - - intel-dsa-plugin - - intel-iaa-plugin - - intel-idxd-config-initcontainer - - intel-dlb-plugin - - intel-dlb-initcontainer - - intel-xpumanager-sidecar + # - intel-fpga-plugin + # - intel-qat-initcontainer + # - intel-qat-plugin + # - intel-deviceplugin-operator + # - intel-sgx-admissionwebhook + # - intel-sgx-plugin + # - intel-sgx-initcontainer + # - intel-dsa-plugin + # - intel-iaa-plugin + # - intel-idxd-config-initcontainer + # - intel-dlb-plugin + # - intel-dlb-initcontainer + # - intel-xpumanager-sidecar # # Demo images - - crypto-perf - - opae-nlb-demo + #- crypto-perf + #- opae-nlb-demo steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 @@ -52,21 +60,36 @@ jobs: env: IMAGE_NAME: ${{ matrix.image }} run: | - REG=intel/ make ${IMAGE_NAME} BUILDER=docker + ORG=${{ inputs.registry }} TAG=${{ inputs.image_tag }} make ${IMAGE_NAME} BUILDER=docker + - name: List images + run: docker images - name: Trivy scan for image uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: scan-type: image - image-ref: intel/${{ matrix.image }}:${{ inputs.image_tag }} + image-ref: ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} exit-code: 1 - name: Test image base layer # Don't run base layer check for selected images if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }} - run: IMG=intel/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker + run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker - name: Login uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: + registry: ghcr.io username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: Push - run: docker push intel/${{ matrix.image }}:${{ inputs.image_tag }} + - name: Push & Pull + run: docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} + - name: Get image digest + if: ${{ inputs.image_tag != 'devel' }} + id: digest + run: | + echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT + - name: Install cosign + if: ${{ inputs.image_tag != 'devel' }} + uses: sigstore/cosign-installer@v3.6.0 + - name: Keyless image sign + if: ${{ inputs.image_tag != 'devel' }} + run: | + cosign sign --yes ${{ steps.digest.outputs.image_sha }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 000000000..a65c1dabd --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,18 @@ +name: Test +on: + workflow_dispatch: + push: + +permissions: + contents: read + pull-requests: read + id-token: write + +jobs: + build: + name: Build & Publish + uses: "./.github/workflows/lib-publish.yaml" + secrets: inherit + with: + image_tag: v9.99.9 + registry: ghcr.io/tkatila From 8094452fee00627b430b1f1594f8ef1b0c96bb48 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Tue, 13 Aug 2024 11:28:55 +0300 Subject: [PATCH 2/5] Revert "sign test" This reverts commit cbaeea5bfe59690927bf5adae957aeb2d18b7a93. --- .github/workflows/lib-publish.yaml | 69 ++++++++++-------------------- .github/workflows/test.yaml | 18 -------- 2 files changed, 23 insertions(+), 64 deletions(-) delete mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index d0321de84..383459682 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -1,16 +1,11 @@ name: publish on: - workflow_dispatch: workflow_call: inputs: image_tag: default: "devel" required: false type: string - registry: - default: "docker.io/intel" - required: false - type: string env: no_base_check: "['intel-qat-plugin-kerneldrv', 'intel-idxd-config-initcontainer', 'crypto-perf', 'opae-nlb-demo']" @@ -19,36 +14,33 @@ permissions: jobs: image: - permissions: - contents: read - id-token: write name: Build image runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: image: - #- intel-fpga-admissionwebhook - # - intel-fpga-initcontainer - # - intel-gpu-initcontainer + - intel-fpga-admissionwebhook + - intel-fpga-initcontainer + - intel-gpu-initcontainer - intel-gpu-plugin - # - intel-fpga-plugin - # - intel-qat-initcontainer - # - intel-qat-plugin - # - intel-deviceplugin-operator - # - intel-sgx-admissionwebhook - # - intel-sgx-plugin - # - intel-sgx-initcontainer - # - intel-dsa-plugin - # - intel-iaa-plugin - # - intel-idxd-config-initcontainer - # - intel-dlb-plugin - # - intel-dlb-initcontainer - # - intel-xpumanager-sidecar + - intel-fpga-plugin + - intel-qat-initcontainer + - intel-qat-plugin + - intel-deviceplugin-operator + - intel-sgx-admissionwebhook + - intel-sgx-plugin + - intel-sgx-initcontainer + - intel-dsa-plugin + - intel-iaa-plugin + - intel-idxd-config-initcontainer + - intel-dlb-plugin + - intel-dlb-initcontainer + - intel-xpumanager-sidecar # # Demo images - #- crypto-perf - #- opae-nlb-demo + - crypto-perf + - opae-nlb-demo steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 @@ -60,36 +52,21 @@ jobs: env: IMAGE_NAME: ${{ matrix.image }} run: | - ORG=${{ inputs.registry }} TAG=${{ inputs.image_tag }} make ${IMAGE_NAME} BUILDER=docker - - name: List images - run: docker images + REG=intel/ make ${IMAGE_NAME} BUILDER=docker - name: Trivy scan for image uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: scan-type: image - image-ref: ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} + image-ref: intel/${{ matrix.image }}:${{ inputs.image_tag }} exit-code: 1 - name: Test image base layer # Don't run base layer check for selected images if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }} - run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker + run: IMG=intel/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker - name: Login uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: - registry: ghcr.io username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: Push & Pull - run: docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} - - name: Get image digest - if: ${{ inputs.image_tag != 'devel' }} - id: digest - run: | - echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT - - name: Install cosign - if: ${{ inputs.image_tag != 'devel' }} - uses: sigstore/cosign-installer@v3.6.0 - - name: Keyless image sign - if: ${{ inputs.image_tag != 'devel' }} - run: | - cosign sign --yes ${{ steps.digest.outputs.image_sha }} + - name: Push + run: docker push intel/${{ matrix.image }}:${{ inputs.image_tag }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index a65c1dabd..000000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: Test -on: - workflow_dispatch: - push: - -permissions: - contents: read - pull-requests: read - id-token: write - -jobs: - build: - name: Build & Publish - uses: "./.github/workflows/lib-publish.yaml" - secrets: inherit - with: - image_tag: v9.99.9 - registry: ghcr.io/tkatila From 4e7c558a80fd7b42b9875c9722c8ddb8f2bc2874 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Tue, 13 Aug 2024 11:40:13 +0300 Subject: [PATCH 3/5] workflow: sign release containers Signed-off-by: Tuomas Katila --- .github/workflows/devel.yaml | 3 +++ .github/workflows/lib-publish.yaml | 28 ++++++++++++++++++++++++---- .github/workflows/release.yaml | 3 +++ 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/.github/workflows/devel.yaml b/.github/workflows/devel.yaml index cf5bb5a40..3708f2005 100644 --- a/.github/workflows/devel.yaml +++ b/.github/workflows/devel.yaml @@ -48,6 +48,9 @@ jobs: # devel image push publish: + permissions: + contents: read + id-token: write needs: - e2e - build diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index 383459682..e866cd214 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -6,16 +6,24 @@ on: default: "devel" required: false type: string + registry: + default: "docker.io/intel" + required: false + type: string env: no_base_check: "['intel-qat-plugin-kerneldrv', 'intel-idxd-config-initcontainer', 'crypto-perf', 'opae-nlb-demo']" permissions: contents: read + id-token: write jobs: image: name: Build image runs-on: ubuntu-22.04 + permissions: + contents: read + id-token: write strategy: fail-fast: false matrix: @@ -52,21 +60,33 @@ jobs: env: IMAGE_NAME: ${{ matrix.image }} run: | - REG=intel/ make ${IMAGE_NAME} BUILDER=docker + ORG=${{ inputs.registry }} TAG=${{ inputs.image_tag }} make ${IMAGE_NAME} BUILDER=docker - name: Trivy scan for image uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: scan-type: image - image-ref: intel/${{ matrix.image }}:${{ inputs.image_tag }} + image-ref: ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} exit-code: 1 - name: Test image base layer # Don't run base layer check for selected images if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }} - run: IMG=intel/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker + run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker - name: Login uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - name: Push - run: docker push intel/${{ matrix.image }}:${{ inputs.image_tag }} + run: docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} + - name: Get image digest + if: ${{ inputs.image_tag != 'devel' }} + id: digest + run: | + echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT + - name: Install cosign + if: ${{ inputs.image_tag != 'devel' }} + uses: sigstore/cosign-installer@v3.6.0 + - name: Keyless image sign + if: ${{ inputs.image_tag != 'devel' }} + run: | + cosign sign --yes ${{ steps.digest.outputs.image_sha }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f1c4eb476..8e3133d37 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,6 +35,9 @@ jobs: build: name: Build & Publish + permissions: + contents: read + id-token: write needs: - trivy - tag_fix From 7a9dcadb0cc42cd83905c04343a73ea51e85f344 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Tue, 13 Aug 2024 12:14:37 +0300 Subject: [PATCH 4/5] drop stuff again --- .github/workflows/devel.yaml | 80 +++++++++++++++--------------- .github/workflows/lib-publish.yaml | 38 +++++++------- .github/workflows/release.yaml | 27 +++++----- 3 files changed, 74 insertions(+), 71 deletions(-) diff --git a/.github/workflows/devel.yaml b/.github/workflows/devel.yaml index 3708f2005..65d032b3b 100644 --- a/.github/workflows/devel.yaml +++ b/.github/workflows/devel.yaml @@ -9,50 +9,52 @@ permissions: pull-requests: read jobs: - trivy: - permissions: - actions: read - contents: read - security-events: write - uses: "./.github/workflows/lib-trivy.yaml" - with: - upload-to-github-security-tab: true - - validate: - uses: "./.github/workflows/lib-validate.yaml" - - codeql: - permissions: - actions: read - contents: read - security-events: write - uses: "./.github/workflows/lib-codeql.yaml" - - scorecard: - permissions: - contents: read - id-token: write - security-events: write - uses: "./.github/workflows/lib-scorecard.yaml" - - build: - needs: - - validate - - trivy - uses: "./.github/workflows/lib-build.yaml" - - e2e: - needs: - - build - uses: "./.github/workflows/lib-e2e.yaml" + # trivy: + # permissions: + # actions: read + # contents: read + # security-events: write + # uses: "./.github/workflows/lib-trivy.yaml" + # with: + # upload-to-github-security-tab: true + + # validate: + # uses: "./.github/workflows/lib-validate.yaml" + + # codeql: + # permissions: + # actions: read + # contents: read + # security-events: write + # uses: "./.github/workflows/lib-codeql.yaml" + + # scorecard: + # permissions: + # contents: read + # id-token: write + # security-events: write + # uses: "./.github/workflows/lib-scorecard.yaml" + + # build: + # needs: + # - validate + # - trivy + # uses: "./.github/workflows/lib-build.yaml" + + # e2e: + # needs: + # - build + # uses: "./.github/workflows/lib-e2e.yaml" # devel image push publish: permissions: contents: read id-token: write - needs: - - e2e - - build + # needs: + # - e2e + # - build uses: "./.github/workflows/lib-publish.yaml" secrets: inherit + with: + registry: docker.io/tkatila diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index e866cd214..cbe2ee94f 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -28,27 +28,27 @@ jobs: fail-fast: false matrix: image: - - intel-fpga-admissionwebhook - - intel-fpga-initcontainer - - intel-gpu-initcontainer + # - intel-fpga-admissionwebhook + # - intel-fpga-initcontainer + # - intel-gpu-initcontainer - intel-gpu-plugin - - intel-fpga-plugin - - intel-qat-initcontainer - - intel-qat-plugin - - intel-deviceplugin-operator - - intel-sgx-admissionwebhook - - intel-sgx-plugin - - intel-sgx-initcontainer - - intel-dsa-plugin - - intel-iaa-plugin - - intel-idxd-config-initcontainer - - intel-dlb-plugin - - intel-dlb-initcontainer - - intel-xpumanager-sidecar + # - intel-fpga-plugin + # - intel-qat-initcontainer + # - intel-qat-plugin + # - intel-deviceplugin-operator + # - intel-sgx-admissionwebhook + # - intel-sgx-plugin + # - intel-sgx-initcontainer + # - intel-dsa-plugin + # - intel-iaa-plugin + # - intel-idxd-config-initcontainer + # - intel-dlb-plugin + # - intel-dlb-initcontainer + # - intel-xpumanager-sidecar - # # Demo images - - crypto-perf - - opae-nlb-demo + # # # Demo images + # - crypto-perf + # - opae-nlb-demo steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8e3133d37..91718d91a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,18 +20,18 @@ jobs: # remove first character (v) run: echo "tag=${TAGNAME:1}" >> "$GITHUB_OUTPUT" - trivy: - name: Trivy - uses: "./.github/workflows/lib-trivy.yaml" - permissions: - actions: read - contents: read - security-events: write - with: - deployments: false - dockerfiles: false - export-csv: true - upload-to-github-security-tab: false + # trivy: + # name: Trivy + # uses: "./.github/workflows/lib-trivy.yaml" + # permissions: + # actions: read + # contents: read + # security-events: write + # with: + # deployments: false + # dockerfiles: false + # export-csv: true + # upload-to-github-security-tab: false build: name: Build & Publish @@ -39,9 +39,10 @@ jobs: contents: read id-token: write needs: - - trivy + # - trivy - tag_fix uses: "./.github/workflows/lib-publish.yaml" secrets: inherit with: image_tag: ${{ needs.tag_fix.outputs.fixed_tag }} + registry: docker.io/tkatila From 39cd41c9907fe7e1c32935a0da70ea4e824254d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Aug 2024 22:41:03 +0000 Subject: [PATCH 5/5] build(deps): bump sigs.k8s.io/controller-runtime Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.1-0.20240717190548-1ed345090869 to 0.19.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/commits/v0.19.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 14 +++++++------- go.sum | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 9393f845f..33a5f5a3a 100644 --- a/go.mod +++ b/go.mod @@ -17,16 +17,16 @@ require ( golang.org/x/text v0.17.0 google.golang.org/grpc v1.65.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.31.0-beta.0 - k8s.io/apimachinery v0.31.0-beta.0 - k8s.io/client-go v0.31.0-beta.0 - k8s.io/component-base v0.31.0-beta.0 + k8s.io/api v0.31.0 + k8s.io/apimachinery v0.31.0 + k8s.io/client-go v0.31.0 + k8s.io/component-base v0.31.0 k8s.io/klog/v2 v2.130.1 k8s.io/kubelet v0.31.0-beta.0 k8s.io/kubernetes v1.31.0-beta.0 k8s.io/pod-security-admission v0.0.0 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 - sigs.k8s.io/controller-runtime v0.18.1-0.20240717190548-1ed345090869 + sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/yaml v1.4.0 tags.cncf.io/container-device-interface/specs-go v0.8.0 ) @@ -114,8 +114,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.31.0-beta.0 // indirect - k8s.io/apiserver v0.31.0-beta.0 // indirect + k8s.io/apiextensions-apiserver v0.31.0 // indirect + k8s.io/apiserver v0.31.0 // indirect k8s.io/cloud-provider v0.0.0 // indirect k8s.io/component-helpers v0.31.0-beta.0 // indirect k8s.io/controller-manager v0.31.0-beta.0 // indirect diff --git a/go.sum b/go.sum index ca09602a5..dca7e4be0 100644 --- a/go.sum +++ b/go.sum @@ -338,8 +338,8 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.18.1-0.20240717190548-1ed345090869 h1:9+0SFkDM+/1JJQQoG+Zk/lZXTT87mZwc6qmIezGhEq8= -sigs.k8s.io/controller-runtime v0.18.1-0.20240717190548-1ed345090869/go.mod h1:0N/oS51dz0ZJriISp1SloFWkR7uKCDC6LBt65tRt2J0= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=