(deps) advance clusterAPI to v1.12.4

gianlucam76 · gianlucam76 · commit 7e1d0eb64b78 · 2026-03-22T15:29:47.000+01:00
Advance go to v1.26.1
Advance k8s library to v1.25.3
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -8,7 +8,7 @@
     "dockerfile": "${localWorkspaceFolder}/.devcontainer/Dockerfile",
     "context": "${localWorkspaceFolder}",
     "args": {
-      "GO_VERSION": "1.25.6",
+      "GO_VERSION": "1.26.1",
       "KUBECTX_VERSION": "0.9.5",
       "SVELTOSCTL_VERSION": "0.53.0"
     }
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -18,7 +18,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Build
       run: make build
     - name: FMT
@@ -37,7 +37,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: ut
       run: make test
       env:
@@ -50,7 +50,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Free Disk Space (Ubuntu)
       uses: jlumbroso/free-disk-space@main
       with:
@@ -78,7 +78,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Free Disk Space (Ubuntu)
       uses: jlumbroso/free-disk-space@main
       with:
@@ -106,7 +106,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Free Disk Space (Ubuntu)
       uses: jlumbroso/free-disk-space@main
       with:
@@ -134,7 +134,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Free Disk Space (Ubuntu)
       uses: jlumbroso/free-disk-space@main
       with:
@@ -162,7 +162,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Free Disk Space (Ubuntu)
       uses: jlumbroso/free-disk-space@main
       with:
@@ -190,7 +190,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
       with:
-        go-version: 1.25.6
+        go-version: 1.26.1
     - name: Free Disk Space (Ubuntu)
       uses: jlumbroso/free-disk-space@main
       with:
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.25.6 AS builder
+FROM golang:1.26.1 AS builder
 
 ARG BUILDOS
 ARG TARGETARCH
diff --git a/Dockerfile_WithGit b/Dockerfile_WithGit
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.25.6 AS builder
+FROM golang:1.26.1 AS builder
 
 ARG BUILDOS
 ARG TARGETARCH
diff --git a/Makefile b/Makefile
@@ -72,7 +72,7 @@ KIND := $(TOOLS_BIN_DIR)/kind
 KUBECTL := $(TOOLS_BIN_DIR)/kubectl
 
 GOVULNCHECK_VERSION := "v1.1.4"
-GOLANGCI_LINT_VERSION := "v2.8.0"
+GOLANGCI_LINT_VERSION := "v2.11.3"
 CLUSTERCTL_VERSION := v1.12.3
 
 KUSTOMIZE_VER := v5.8.0
diff --git a/controllers/clustersummary_watchers.go b/controllers/clustersummary_watchers.go
@@ -373,7 +373,7 @@ func (m *manager) startWatcher(ctx context.Context, gvk *schema.GroupVersionKind
 		return err
 	}
 
-	watcherCtx, cancel := context.WithCancel(ctx)
+	watcherCtx, cancel := context.WithCancel(ctx) //nolint:gosec // cancel is stored in m.watchers and called when the watcher is stopped
 	m.watchers[*gvk] = cancel
 	go m.runInformer(watcherCtx.Done(), dcinformer.Informer(), logger)
 	return nil
diff --git a/controllers/dependencymanager/manager.go b/controllers/dependencymanager/manager.go
@@ -489,10 +489,20 @@ func (m *instance) updateClusterProfile(ctx context.Context, c client.Client, cl
 }
 
 func (m *instance) updateProfiles(ctx context.Context, c client.Client, logger logr.Logger) {
+	const interval = 30 * time.Second
 	for {
 		m.chartMux.Lock()
 
+		canceled := false
 		for profile := range m.profileToBeUpdated {
+			select {
+			case <-ctx.Done():
+				canceled = true
+			default:
+			}
+			if canceled {
+				break
+			}
 			clusters := m.profileClusterRequests.getClusterDeployments(&profile)
 			logger.V(logs.LogDebug).Info(fmt.Sprintf("updating prerequestite profile %s/%s", profile.Namespace, profile.Name))
 			err := m.updateProfileInstance(ctx, c, &profile, clusters)
@@ -503,8 +513,15 @@ func (m *instance) updateProfiles(ctx context.Context, c client.Client, logger l
 
 		m.chartMux.Unlock()
 
-		const interval = 30 * time.Second
-		time.Sleep(interval)
+		if canceled {
+			return
+		}
+
+		select {
+		case <-ctx.Done():
+			return
+		case <-time.After(interval):
+		}
 	}
 }
 
diff --git a/controllers/handlers_helm_test.go b/controllers/handlers_helm_test.go
@@ -1038,20 +1038,19 @@ resources:
 	})
 
 	It("getCredentialsAndCAFiles returns files containing credentials and CA", func() {
-		type Credentials struct {
-			Username     string
-			Password     string
-			RefreshToken string
-			AccessToken  string
-		}
-
-		credentials := Credentials{
+		credentials := struct {
+			Username     string `json:"username"`
+			Password     string `json:"password"`
+			RefreshToken string `json:"refresh_token"`
+			AccessToken  string `json:"access_token"`
+		}{
 			Username:     randomString(),
 			Password:     randomString(),
 			RefreshToken: randomString(),
 			AccessToken:  randomString(),
 		}
 
+		//nolint:gosec // This is dummy data for testing purposes
 		credentialsBytes, err := json.Marshal(credentials)
 		Expect(err).To(BeNil())
 
diff --git a/controllers/handlers_kustomize_test.go b/controllers/handlers_kustomize_test.go
@@ -22,6 +22,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -601,15 +602,13 @@ var _ = Describe("Hash methods", func() {
 })
 
 func createTarGz(dest string) {
-	// Create the test directory and some test files.
-	err := os.MkdirAll("testdata/testdir", 0755)
-	Expect(err).To(BeNil())
-	err = os.WriteFile("testdata/test.txt", []byte("This is a test file."), 0600)
-	Expect(err).To(BeNil())
-	err = os.WriteFile("testdata/testdir/test.txt", []byte("This is another test file."), 0600)
-	Expect(err).To(BeNil())
+	baseDir := "testdata"
+	// Create the test directory and files
+	Expect(os.MkdirAll(filepath.Join(baseDir, "testdir"), 0755)).To(Succeed())
+	Expect(os.WriteFile(filepath.Join(baseDir, "test.txt"), []byte("This is a test file."), 0600)).To(Succeed())
+	Expect(os.WriteFile(filepath.Join(baseDir, "testdir", "test.txt"), []byte("This is another test file."), 0600)).To(Succeed())
 
-	// Create the testdata/test.tar.gz file.
+	// Create the destination archive
 	file, err := os.Create(dest)
 	Expect(err).To(BeNil())
 	defer file.Close()
@@ -620,28 +619,53 @@ func createTarGz(dest string) {
 	tarWriter := tar.NewWriter(gzWriter)
 	defer tarWriter.Close()
 
-	err = filepath.Walk("testdata/", func(path string, info os.FileInfo, err error) error {
+	// 1. Open the root of the walking operation
+	root, err := os.OpenRoot(baseDir)
+	Expect(err).To(BeNil())
+	defer root.Close()
+
+	// 2. Use WalkDir (more efficient than Walk)
+	err = filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Get info for the tar header
+		info, err := d.Info()
 		if err != nil {
 			return err
 		}
+
 		header, err := tar.FileInfoHeader(info, "")
 		if err != nil {
 			return err
 		}
-		header.Name = path[len("testdata")+1:]
+
+		// Clean up the path for the tar header
+		rel, _ := filepath.Rel(baseDir, path)
+		header.Name = rel
+		if rel == "." {
+			return nil
+		} // Skip the root directory itself if needed
+
 		err = tarWriter.WriteHeader(header)
 		if err != nil {
 			return err
 		}
+
 		if !info.Mode().IsRegular() {
 			return nil
 		}
-		file, err := os.Open(path)
+
+		// 3. SECURE FIX: Open file relative to the root handle
+		// This prevents G122 by ensuring no symlinks escaped 'testdata'
+		f, err := root.Open(rel)
 		if err != nil {
 			return err
 		}
-		defer file.Close()
-		_, err = io.Copy(tarWriter, file)
+		defer f.Close()
+
+		_, err = io.Copy(tarWriter, f)
 		return err
 	})
 	Expect(err).To(BeNil())
diff --git a/controllers/handlers_utils.go b/controllers/handlers_utils.go
@@ -22,6 +22,8 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"io"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"sort"
@@ -174,20 +176,44 @@ func deployContentOfSource(ctx context.Context, deployingToMgmtCluster bool, des
 
 func readFiles(dir string) (map[string]string, error) {
 	files := make(map[string]string)
-	err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+
+	// 1. Open the directory as a Root handle
+	root, err := os.OpenRoot(dir)
+	if err != nil {
+		return nil, err
+	}
+	defer root.Close()
+
+	// 2. WalkDir is faster than Walk as it doesn't Lstat every file unnecessarily
+	err = filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
 
-		if !info.IsDir() {
-			content, err := os.ReadFile(path)
+		if !d.IsDir() {
+			// 3. Get the path relative to the root directory
+			rel, err := filepath.Rel(dir, path)
 			if err != nil {
 				return err
 			}
-			files[filepath.Base(path)] = string(content)
+
+			// 4. Open the file via the Root handle to prevent symlink traversal
+			f, err := root.Open(rel)
+			if err != nil {
+				return err
+			}
+			defer f.Close()
+
+			content, err := io.ReadAll(f)
+			if err != nil {
+				return err
+			}
+
+			files[d.Name()] = string(content)
 		}
 		return nil
 	})
+
 	return files, err
 }
 
@@ -1092,12 +1118,12 @@ func getDeployedGroupVersionKinds(clusterSummary *configv1beta1.ClusterSummary,
 	gvks := make([]schema.GroupVersionKind, 0)
 	// For backward compatible we still look at this field.
 	// New code set only FeatureDeploymentInfo
-	fs := getFeatureSummaryForFeatureID(clusterSummary, featureID)
-	if fs != nil {
+	featureSummary := getFeatureSummaryForFeatureID(clusterSummary, featureID)
+	if featureSummary != nil {
 		//nolint:staticcheck // using for backward compatibility
-		for j := range fs.DeployedGroupVersionKind {
+		for j := range featureSummary.DeployedGroupVersionKind {
 			//nolint:staticcheck // using for backward compatibility
-			gvk, _ := schema.ParseKindArg(fs.DeployedGroupVersionKind[j])
+			gvk, _ := schema.ParseKindArg(featureSummary.DeployedGroupVersionKind[j])
 			gvks = append(gvks, *gvk)
 		}
 	}
diff --git a/controllers/resourcesummary_collection.go b/controllers/resourcesummary_collection.go
@@ -62,17 +62,22 @@ func collectAndProcessResourceSummaries(ctx context.Context, c client.Client, sh
 		}
 
 		for i := range clusterList {
-			cluster := &clusterList[i]
-			if _, ok := clustersWithDD[*cluster]; !ok {
-				continue
-			}
+			select {
+			case <-ctx.Done():
+				return
+			default:
+				cluster := &clusterList[i]
+				if _, ok := clustersWithDD[*cluster]; !ok {
+					continue
+				}
 
-			l := logger.WithValues("cluster", fmt.Sprintf("%s/%s", cluster.Namespace, cluster.Name))
-			err = collectResourceSummariesFromCluster(ctx, c, cluster, version, l)
-			if err != nil {
-				if !strings.Contains(err.Error(), "unable to retrieve the complete list of server APIs") {
-					l.V(logs.LogInfo).Info(fmt.Sprintf("failed to collect ResourceSummaries from cluster: %s/%s %v",
-						cluster.Namespace, cluster.Name, err))
+				l := logger.WithValues("cluster", fmt.Sprintf("%s/%s", cluster.Namespace, cluster.Name))
+				err = collectResourceSummariesFromCluster(ctx, c, cluster, version, l)
+				if err != nil {
+					if !strings.Contains(err.Error(), "unable to retrieve the complete list of server APIs") {
+						l.V(logs.LogInfo).Info(fmt.Sprintf("failed to collect ResourceSummaries from cluster: %s/%s %v",
+							cluster.Namespace, cluster.Name, err))
+					}
 				}
 			}
 		}
diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/hack/tools/go.mod b/hack/tools/go.mod
diff --git a/hack/tools/go.sum b/hack/tools/go.sum

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"dockerfile": "${localWorkspaceFolder}/.devcontainer/Dockerfile",`
`9`	`9`	`"context": "${localWorkspaceFolder}",`
`10`	`10`	`"args": {`
`11`		`- "GO_VERSION": "1.25.6",`
	`11`	`+ "GO_VERSION": "1.26.1",`
`12`	`12`	`"KUBECTX_VERSION": "0.9.5",`
`13`	`13`	`"SVELTOSCTL_VERSION": "0.53.0"`
`14`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -373,7 +373,7 @@ func (m manager) startWatcher(ctx context.Context, gvk schema.GroupVersionKind`
`373`	`373`	`return err`
`374`	`374`	`}`
`375`	`375`
`376`		`- watcherCtx, cancel := context.WithCancel(ctx)`
	`376`	`+ watcherCtx, cancel := context.WithCancel(ctx) //nolint:gosec // cancel is stored in m.watchers and called when the watcher is stopped`
`377`	`377`	`m.watchers[*gvk] = cancel`
`378`	`378`	`go m.runInformer(watcherCtx.Done(), dcinformer.Informer(), logger)`
`379`	`379`	`return nil`