CI: Added & updated GitHub workflows & templates & makefile. (#1) (#6)

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,33 @@
+
+### Description of your changes
+
+<!--
+
+Briefly describe what this pull request does. We love pull requests that have a clear purpose. If yours fix an issue,
+please uncomment the below line to indicate which issue your PR fixes, for example
+"Fixes #500":
+
+-->
+
+Fixes #
+
+I have:
+
+- [ ] Read and followed Caravel's [Code of conduct](https://github.com/Azure/k8s-work-api/blob/master/code-of-conduct.md).
+- [ ] Run `make reviewable` to ensure this PR is ready for review.
+
+### How has this code been tested
+
+<!--
+Before reviewers can be confident in the correctness of this pull request, it needs to tested and shown to be correct.
+Briefly describe the testing that has already been done or which is planned for this change.
+-->
+
+
+### Special notes for your reviewer
+
+<!--
+
+Be sure to direct your reviewers' attention to anything that needs special consideration.
+
+-->

.github/pr-title-config.json

@@ -0,0 +1,9 @@
+{
+  "LABEL": {
+    "name": "title-needs-formatting",
+    "color": "EEEEEE"
+  },
+  "CHECKS": {
+    "prefixes": [ "[WIP] ", "Feat: ", "Test: ", "Fix: ", "Docs: ", "Style: ", "Interface: ", "Util: ", "Chore: ", "CI: ", "Perf: ", "Refactor: ", "Revert: " ]
+  }
+}

.github/workflows/build.yml

@@ -0,0 +1,62 @@
+name: build
+
+on:
+  push:
+    branches: [ master ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+
+env:
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      # Login against the container registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+
+      # Build and push container image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push image
+        id: build-and-push
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/ci.yml

@@ -1,29 +1,35 @@
 name: CI Workflow
 on:
-  # Run this workflow every time a new commit pushed to upstream/fork repository.
-  # Run workflow on fork repository will help contributors find and resolve issues before sending a PR.
-  push:
   pull_request:
+    branches:
+      - master
+      - release-*
+  workflow_dispatch: {}
+
 defaults:
   run:
     working-directory: go/src/sigs.k8s.io/work-api
 
-jobs:
-  golangci:
-    name: lint
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/setup-go@v2
-      - uses: actions/checkout@v2
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
-        with:
-          # the version of golangci-lint.
-          version: v1.45.2
+env:
+  # Common versions
+  GO_VERSION: 1.17.x
+  GO_PATH: '/home/runner/work/work-api/work-api/go'
+
+jobs:
+  detect-noop:
+    runs-on: ubuntu-latest
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
 
-          # show only new issues if it's a pull request.
-          only-new-issues: false
-          args: --timeout 3m0s
   verify:
     name: verify
     runs-on: ubuntu-latest
@@ -33,32 +39,52 @@ jobs:
         with:
           fetch-depth: 1
           path: go/src/sigs.k8s.io/work-api
+
       - name: install Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16.x
+          go-version: ${{ env.GO_VERSION }}
+
       - name: verify
         run: hack/verify-all.sh -v
         env:
-          GOPATH: '/home/runner/work/work-api/work-api/go'
+          GOPATH: ${{ env.GO_PATH }}
+
   test:
     name: unit test
     needs: verify
     runs-on: ubuntu-latest
+    if: needs.detect-noop.outputs.noop != 'true'
     steps:
-      - name: checkout code
+      - name: Checkout source
         uses: actions/checkout@v2
         with:
           fetch-depth: 1
           path: go/src/sigs.k8s.io/work-api
-      - name: install Go
+
+      - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16.x
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Get dependencies
+        run: go get -v -t -d ./...
+
       - name: make test
         run: make test
         env:
-          GOPATH: '/home/runner/work/work-api/work-api/go'
+          GOPATH: ${{ env.GO_PATH }}
+
+      - name: Upload report
+        uses: codecov/codecov-action@v2.1.0
+        with:
+          ## Repository upload token - get it from codecov.io. Required only for private repositories
+          token: ${{ secrets.CODECOV_TOKEN }}
+          ## Comma-separated list of files to upload
+          files: ./cover.out
+          flags: ci-tests
+          name: codecov-umbrella
+
   e2e:
     name: e2e
     runs-on: ubuntu-latest
@@ -71,7 +97,7 @@ jobs:
       - name: install Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16.x
+          go-version: ${{ env.GO_VERSION }}
       - name: images
         run: make docker-build
         env:
@@ -87,4 +113,4 @@ jobs:
         run: |
           make test-e2e
         env:
-          KUBECONFIG: /home/runner/.kube/config
+          KUBECONFIG: /home/runner/.kube/config

.github/workflows/go.yml

@@ -0,0 +1,85 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - '**'
+  workflow_dispatch: {}
+
+env:
+  # Common versions
+  GO_VERSION: '1.17.x'
+  GOLANGCI_VERSION: 'v1.46'
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-latest
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  staticcheck:
+    runs-on: ubuntu-latest
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Cache Go Dependencies
+        uses: actions/cache@v2
+        with:
+          path: .work/pkg
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
+      - name: Install StaticCheck
+        run: GO111MODULE=auto go get honnef.co/go/tools/cmd/staticcheck@2022.1
+
+      - name: Static Check
+        run: staticcheck ./...
+
+  lint:
+    runs-on: ubuntu-20.04
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Cache Go Dependencies
+        uses: actions/cache@v2
+        with:
+          path: .work/pkg
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
+      # This action uses its own setup-go, which always seems to use the latest
+      # stable version of Go. We could run 'make lint' to ensure our desired Go
+      # version, but we prefer this action because it leaves 'annotations' (i.e.
+      # it comments on PRs to point out linter violations).
+      - name: Lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: ${{ env.GOLANGCI_VERSION }}
+        timeout-minutes: 3

.github/workflows/pr-lint.yaml

@@ -0,0 +1,19 @@
+name: PR Lint
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - labeled
+      - unlabeled
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: thehanimo/pr-title-checker@v1.3.1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pass_on_octokit_error: true
+          configuration_path: ".github/pr-title-config.json"

Makefile

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+include makefiles/dependency.mk
+
 DOCKER ?= docker
 
 GOHOSTOS ?=$(shell go env GOHOSTOS)
@@ -37,82 +39,96 @@ CRD_OPTIONS ?= "crd:crdVersions=v1"
 
 CONTROLLER_GEN=go run sigs.k8s.io/controller-tools/cmd/controller-gen
 
-.PHONY: all
-all: generate manifests controller verify
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+.PHONY: all
+all: generate manifests controller verify ##
+
+##@ Development
 
-# Build controller binary
 .PHONY: controller
-controller: generate fmt vet
+controller: generate fmt vet ## Build controller binary
 	go build -o bin/manager cmd/workcontroller/workcontroller.go
 
-# Run go fmt against code
 .PHONY: fmt
-fmt:
+fmt: ## Run go fmt against code
 	go fmt ./...
 
-# Run go vet against code
 .PHONY: vet
-vet:
+vet: ## Run go vet against code
 	go vet ./...
 
-# Run generators for Deepcopy funcs and CRDs
+##@ Development
+
 .PHONY: generate
-generate:
+generate: ## Run generators for Deepcopy funcs and CRDs
 	./hack/update-codegen.sh
 	$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./..."
 
-# Generate manifests e.g. CRD, RBAC etc.
 .PHONY: manifests
-manifests:
+manifests: ## Generate manifests e.g. CRD, RBAC etc.
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=work-manager webhook schemapatch:manifests="config/crd-base" paths="./pkg/apis/v1alpha1" output:crd:none output:schemapatch:dir="config/crd"
 
-# Run tests
+reviewable: manifests generate fmt vet lint staticcheck ## Runs a series of source code checks.
+	go mod tidy
+
+##@ Verify
+
 .PHONY: test
-test: generate fmt vet manifests ensure-kubebuilder-tools
+test: generate fmt vet manifests ensure-kubebuilder-tools ## Run tests.
 	go test ./pkg/... -coverprofile cover.out
 
-# Run static analysis.
 .PHONY: verify
-verify:
+verify: ## Run static analysis.
 	./hack/verify-all.sh
 
-# Build docker containers
+.PHONY: test-e2e
+test-e2e: build-e2e e2e-hub-kubeconfig-secret deploy ## Run e2e tests.
+	./e2e.test -test.v -ginkgo.v
+
+build-e2e: ## Compiles test binary.
+	go test -c ./tests/e2e
+
+lint: golangci
+	$(GOLANGCILINT) run ./...
+
+staticcheck: staticchecktool
+	$(STATICCHECK) ./...
+
+##@ Build
+
 .PHONY: docker-build
-docker-build: generate fmt vet manifests
+docker-build: generate fmt vet manifests ## Build docker containers.
 	docker build . -t ${IMG}
 
-# Push the docker image
 .PHONY: docker-push
-docker-push: docker-build
+docker-push: docker-build ## Push the docker image.
 	docker push ${IMG}
 
+##@ Deployment
+
 .PHONY: deploy
-deploy:
+deploy: ## Deploy to cluster both CRDs and items in deploy folder.
 	kubectl apply -f config/crd
 	kubectl apply -k deploy
 
-cluster-ip:
-	kubectl config use-context $(HUB_KUBECONFIG_CONTEXT) --kubeconfig $(HUB_KUBECONFIG)
-  	CLUSTER_IP?=$(shell kubectl --kubeconfig $(HUB_KUBECONFIG) get svc kubernetes -n default -o jsonpath="{.spec.clusterIP}")
-
-e2e-hub-kubeconfig-secret: cluster-ip
-	cp $(HUB_KUBECONFIG) e2e-hub-kubeconfig
-	kubectl apply -f deploy/component_namespace.yaml --kubeconfig $(SPOKE_KUBECONFIG)
-	kubectl config set clusters.$(HUB_KUBECONFIG_CONTEXT).server https://$(CLUSTER_IP) --kubeconfig e2e-hub-kubeconfig
-	kubectl delete secret hub-kubeconfig-secret -n work --ignore-not-found --kubeconfig $(SPOKE_KUBECONFIG)
-	kubectl create secret generic hub-kubeconfig-secret --from-file=kubeconfig=e2e-hub-kubeconfig -n work --kubeconfig $(SPOKE_KUBECONFIG)
-	rm ./e2e-hub-kubeconfig
-
-build-e2e:
-	go test -c ./tests/e2e
-
-.PHONY: test-e2e
-test-e2e: build-e2e e2e-hub-kubeconfig-secret deploy
-	./e2e.test -test.v -ginkgo.v
-
-# download the kubebuilder-tools to get kube-apiserver binaries from it
 .PHONY: ensure-kubebuilder-tools
-ensure-kubebuilder-tools:
+ensure-kubebuilder-tools: ## download the kubebuilder-tools to get kube-apiserver binaries from it.
 ifeq "" "$(wildcard $(KUBEBUILDER_ASSETS))"
 	$(info Downloading kube-apiserver into '$(KUBEBUILDER_ASSETS)')
 	mkdir -p '$(KUBEBUILDER_ASSETS)'
@@ -121,3 +137,17 @@ ifeq "" "$(wildcard $(KUBEBUILDER_ASSETS))"
 else
 	$(info Using existing kube-apiserver from "$(KUBEBUILDER_ASSETS)")
 endif
+
+
+## Helper commands
+cluster-ip:
+	kubectl config use-context $(HUB_KUBECONFIG_CONTEXT) --kubeconfig $(HUB_KUBECONFIG)
+  	CLUSTER_IP?=$(shell kubectl --kubeconfig $(HUB_KUBECONFIG) get svc kubernetes -n default -o jsonpath="{.spec.clusterIP}")
+
+e2e-hub-kubeconfig-secret: cluster-ip
+	cp $(HUB_KUBECONFIG) e2e-hub-kubeconfig
+	kubectl apply -f deploy/component_namespace.yaml --kubeconfig $(SPOKE_KUBECONFIG)
+	kubectl config set clusters.$(HUB_KUBECONFIG_CONTEXT).server https://$(CLUSTER_IP) --kubeconfig e2e-hub-kubeconfig
+	kubectl delete secret hub-kubeconfig-secret -n fleet-system --ignore-not-found --kubeconfig $(SPOKE_KUBECONFIG)
+	kubectl create secret generic hub-kubeconfig-secret --from-file=kubeconfig=e2e-hub-kubeconfig -n fleet-system --kubeconfig $(SPOKE_KUBECONFIG)
+	rm ./e2e-hub-kubeconfig

deploy/admin_clusterrole_binding.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: work-role
+rules:
+  - apiGroups: ["multicluster.x-k8s.io"]
+    resources: ["works", "appliedworks"]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: work-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+  - kind: ServiceAccount
+    name: work-controller-sa
+    namespace: fleet-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: work-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: work-role
+subjects:
+  - kind: ServiceAccount
+    name: work-controller-sa
+    namespace: fleet-system

deploy/clusterrole_binding.yaml

@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: work-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  # We deploy a controller that could work with permission lower than cluster-admin, the tradeoff is
-  # responsivity because list/watch cannot be maintained over too many namespaces.
-  name: admin
-subjects:
-  - kind: ServiceAccount
-    name: work-controller-sa
-    namespace: work

deploy/component_namespace.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: fleet-system
+  name: fleet-system

deploy/kustomization.yaml

@@ -1,16 +1,16 @@
 
 # Adds namespace to all resources.
-namespace: work
+namespace: fleet-system
 
 resources:
 - ./component_namespace.yaml
 - ./service_account.yaml
-- ./clusterrole_binding.yaml
+- ./admin_clusterrole_binding.yaml
 - ./deployment.yaml
 
 images:
 - name: work-api-controller:latest
-  newName: nerdyyatrice/work-api-controller
+  newName: work-api-controller
   newTag: latest
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

go.mod

@@ -1,6 +1,6 @@
 module sigs.k8s.io/work-api
 
-go 1.16
+go 1.17
 
 require (
 	github.com/go-logr/logr v0.4.0
@@ -12,7 +12,65 @@ require (
 	k8s.io/client-go v0.22.2
 	k8s.io/code-generator v0.22.2
 	k8s.io/klog/v2 v2.9.0
-	k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a // indirect
+	k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a
 	sigs.k8s.io/controller-runtime v0.10.1
 	sigs.k8s.io/controller-tools v0.5.0
 )
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/evanphx/json-patch v4.11.0+incompatible // indirect
+	github.com/fatih/color v1.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/go-logr/zapr v0.4.0 // indirect
+	github.com/gobuffalo/flect v0.2.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.1.2 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
+	github.com/prometheus/client_golang v1.11.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/spf13/cobra v1.1.3 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.19.0 // indirect
+	golang.org/x/mod v0.4.2 // indirect
+	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
+	golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 // indirect
+	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
+	golang.org/x/text v0.3.6 // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	golang.org/x/tools v0.1.2 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	k8s.io/apiextensions-apiserver v0.22.2 // indirect
+	k8s.io/component-base v0.22.2 // indirect
+	k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 // indirect
+	k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
+)

hack/boilerplate/boilerplate.py

@@ -193,7 +193,7 @@ def get_regexs():
         '(%s)' % "|".join(map(lambda l: str(l), years)))
     # strip // +build \n\n build constraints
     regexs["go_build_constraints"] = re.compile(
-        r"^(// \+build.*\n)+\n", re.MULTILINE)
+        r"^(//go:build.*\n)+\n", re.MULTILINE)
     # strip #!.* from shell scripts
     regexs["shebang"] = re.compile(r"^(#!.*\n)\n*", re.MULTILINE)
     return regexs

makefiles/dependency.mk

@@ -0,0 +1,30 @@
+GOLANGCILINT_VERSION ?= v1.44.2
+
+.PHONY: golangci
+golangci:
+ifneq ($(shell which golangci-lint),)
+GOLANGCILINT=$(shell which golangci-lint)
+else ifeq (, $(shell which $(GOBIN)/golangci-lint))
+	@{ \
+	set -e ;\
+	echo 'installing golangci-lint-$(GOLANGCILINT_VERSION)' ;\
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) $(GOLANGCILINT_VERSION) ;\
+	echo 'Successfully installed' ;\
+	}
+GOLANGCILINT=$(GOBIN)/golangci-lint
+else
+GOLANGCILINT=$(GOBIN)/golangci-lint
+endif
+
+.PHONY: staticchecktool
+staticchecktool:
+ifeq (, $(shell which staticcheck))
+	@{ \
+	set -e ;\
+	echo 'installing honnef.co/go/tools/cmd/staticcheck ' ;\
+	GO111MODULE=off go get honnef.co/go/tools/cmd/staticcheck ;\
+	}
+STATICCHECK=$(GOBIN)/staticcheck
+else
+STATICCHECK=$(shell which staticcheck)
+endif

pkg/apis/v1alpha1/zz_generated.deepcopy.go

@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated
 
 /*
 Copyright 2021 The Kubernetes Authors.

pkg/controllers/apply_controller.go

@@ -169,11 +169,11 @@ func (r *ApplyWorkReconciler) decodeUnstructured(manifest workv1alpha1.Manifest)
 	unstructuredObj := &unstructured.Unstructured{}
 	err := unstructuredObj.UnmarshalJSON(manifest.Raw)
 	if err != nil {
-		return schema.GroupVersionResource{}, nil, fmt.Errorf("Failed to decode object: %w", err)
+		return schema.GroupVersionResource{}, nil, fmt.Errorf("failed to decode object: %w", err)
 	}
 	mapping, err := r.restMapper.RESTMapping(unstructuredObj.GroupVersionKind().GroupKind(), unstructuredObj.GroupVersionKind().Version)
 	if err != nil {
-		return schema.GroupVersionResource{}, nil, fmt.Errorf("Failed to find gvr from restmapping: %w", err)
+		return schema.GroupVersionResource{}, nil, fmt.Errorf("failed to find gvr from restmapping: %w", err)
 	}
 
 	return mapping.Resource, unstructuredObj, nil

tests/e2e/apply_test.go

@@ -19,7 +19,6 @@ package e2e
 import (
 	"context"
 	"fmt"
-
 	"github.com/onsi/ginkgo"
 	"github.com/onsi/gomega"
 	"k8s.io/apimachinery/pkg/api/meta"

tools/tools.go

@@ -1,5 +1,4 @@
 //go:build tools
-// +build tools
 
 /*
 Copyright 2020 The Kubernetes Authors.