From 3de8289dbe4a6f55edcc22f5e59b635d57d14be5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Feb 2026 16:37:01 +0100 Subject: [PATCH 1/4] Update cloud-aws to the same level as the k8s operator and auto-discovery Signed-off-by: Jannik Hollenbach --- auto-discovery/cloud-aws/Makefile | 32 ++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/auto-discovery/cloud-aws/Makefile b/auto-discovery/cloud-aws/Makefile index 4b041ac9c2..5552991095 100644 --- a/auto-discovery/cloud-aws/Makefile +++ b/auto-discovery/cloud-aws/Makefile @@ -13,10 +13,10 @@ IMG ?= auto-discovery-cloud-aws IMG_TAG ?= sha-$$(git rev-parse --short HEAD) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.24.2 +ENVTEST_K8S_VERSION = 1.33.0 -# SETUP_ENVTEST_VERSION refers to the version of setup-envtest binary. -SETUP_ENVTEST_VERSION = v0.0.0-20230216140739-c98506dc3b8e +# ENVTEST_VERSION refers to the version of setup-envtest binary. +ENVTEST_VERSION ?= release-0.21 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set). # IMPORTANT: The body of conditionals MUST not be indented! Indentation result in @@ -66,11 +66,11 @@ vet: ## Run go vet against code. .PHONY: test test: fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out .PHONY: ginkgo ginkgo: fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" $(GOBIN)/ginkgo test ./... -coverprofile cover.out -v --progress + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GOBIN)/ginkgo test ./... -coverprofile cover.out -v --progress ## Helm unit tests .PHONY: helm-unit-tests @@ -127,19 +127,33 @@ $(LOCALBIN): mkdir -p $(LOCALBIN) ## Tool Binaries -ENVTEST ?= $(LOCALBIN)/setup-envtest +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) .PHONY: envtest -envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. $(ENVTEST): $(LOCALBIN) - test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(SETUP_ENVTEST_VERSION) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) .PHONY: print-envtest-path print-envtest-path: ## Print the path of the envtest binaries for use with other tools # suppress output so that result can be stored as env var @$(MAKE) -s envtest - @$(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path + @$(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path debug.env: ## Allow vscode profiles to access the envtest assets printf '%s' 'KUBEBUILDER_ASSETS=' > debug.env $(MAKE) print-envtest-path >> debug.env + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef From 37fdc40f151278bf3a4c53b30d47ef1b04539387 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Feb 2026 16:55:30 +0100 Subject: [PATCH 2/4] Adapt version extraction used by the makefiles from newer kubebuilder versions Reading dep versions from the go mods instead of maininting them in parallel Signed-off-by: Jannik Hollenbach --- auto-discovery/cloud-aws/Makefile | 11 ++++++++--- auto-discovery/kubernetes/Makefile | 11 ++++++++--- operator/Makefile | 11 ++++++++--- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/auto-discovery/cloud-aws/Makefile b/auto-discovery/cloud-aws/Makefile index 5552991095..2a4a61284c 100644 --- a/auto-discovery/cloud-aws/Makefile +++ b/auto-discovery/cloud-aws/Makefile @@ -13,10 +13,12 @@ IMG ?= auto-discovery-cloud-aws IMG_TAG ?= sha-$$(git rev-parse --short HEAD) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.33.0 +# Derived automatically from k8s.io/api in go.mod - updated by renovate via go.mod. +ENVTEST_K8S_VERSION ?= $(shell v='$(call gomodver,k8s.io/api)'; printf '%s\n' "$$v" | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/') # ENVTEST_VERSION refers to the version of setup-envtest binary. -ENVTEST_VERSION ?= release-0.21 +# Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. +ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set). # IMPORTANT: The body of conditionals MUST not be indented! Indentation result in @@ -127,7 +129,7 @@ $(LOCALBIN): mkdir -p $(LOCALBIN) ## Tool Binaries -ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest .PHONY: envtest envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. @@ -157,3 +159,6 @@ GOBIN=$(LOCALBIN) go install $${package} ;\ mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ } endef +define gomodver +$(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) +endef \ No newline at end of file diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile index df6a61958d..a82ffbb328 100644 --- a/auto-discovery/kubernetes/Makefile +++ b/auto-discovery/kubernetes/Makefile @@ -13,7 +13,8 @@ IMG ?= auto-discovery-kubernetes IMG_TAG ?= sha-$$(git rev-parse --short HEAD) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.33.0 +# Derived automatically from k8s.io/api in go.mod - updated by renovate via go.mod. +ENVTEST_K8S_VERSION ?= $(shell v='$(call gomodver,k8s.io/api)'; printf '%s\n' "$$v" | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/') # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set). # IMPORTANT: The body of conditionals MUST not be indented! Indentation result in @@ -142,11 +143,12 @@ $(LOCALBIN): ## Tool Binaries CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) -ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions CONTROLLER_TOOLS_VERSION ?= v0.18.0 -ENVTEST_VERSION ?= release-0.21 +# Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. +ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. @@ -171,3 +173,6 @@ GOBIN=$(LOCALBIN) go install $${package} ;\ mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ } endef +define gomodver +$(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) +endef \ No newline at end of file diff --git a/operator/Makefile b/operator/Makefile index 31da384e5e..f8ec5bbcee 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -11,7 +11,8 @@ PROJECT_DIR=.. IMG_NS ?= securecodebox # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.33.0 +# Derived automatically from k8s.io/api in go.mod - updated by renovate via go.mod. +ENVTEST_K8S_VERSION ?= $(shell v='$(call gomodver,k8s.io/api)'; printf '%s\n' "$$v" | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/') # Image URL to use all building/pushing image targets for the operator OPERATOR_IMG ?= operator @@ -175,11 +176,12 @@ $(LOCALBIN): ## Tool Binaries CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) -ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions CONTROLLER_TOOLS_VERSION ?= v0.18.0 -ENVTEST_VERSION ?= release-0.21 +# Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. +ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. @@ -204,3 +206,6 @@ GOBIN=$(LOCALBIN) go install $${package} ;\ mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ } endef +define gomodver +$(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) +endef \ No newline at end of file From 542432f3dfc2b93c062266d59c9c3c6fbff3df64 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Feb 2026 16:56:28 +0100 Subject: [PATCH 3/4] Include renovate config for the one remaining version number of the kubebuilder makefiles Signed-off-by: Jannik Hollenbach --- auto-discovery/kubernetes/Makefile | 1 + operator/Makefile | 1 + renovate.json | 13 +++++++++++++ 3 files changed, 15 insertions(+) diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile index a82ffbb328..bebfb63fe3 100644 --- a/auto-discovery/kubernetes/Makefile +++ b/auto-discovery/kubernetes/Makefile @@ -146,6 +146,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions +# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools CONTROLLER_TOOLS_VERSION ?= v0.18.0 # Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') diff --git a/operator/Makefile b/operator/Makefile index f8ec5bbcee..b7e8b75c44 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -179,6 +179,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions +# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools CONTROLLER_TOOLS_VERSION ?= v0.18.0 # Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') diff --git a/renovate.json b/renovate.json index 38ce5f46f8..a03a404800 100644 --- a/renovate.json +++ b/renovate.json @@ -42,6 +42,19 @@ "# renovate: datasource=github-releases depName=(?.*?)\\s*\\w+_VERSION:\\s*[\"']?(?[^\"'\\s]+)[\"']?" ], "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "description": "Update pinned tool versions in Makefiles (e.g. CONTROLLER_TOOLS_VERSION)", + "managerFilePatterns": [ + "/operator/Makefile$", + "/auto-discovery/cloud-aws/Makefile$", + "/auto-discovery/kubernetes/Makefile$" + ], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s*\\w+[_A-Z]* [?]?= (?[^\\s]+)" + ], + "datasourceTemplate": "github-releases" } ] } From 4d98694ca6d32c404890fb07e23a3f29427d8808 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Feb 2026 17:09:40 +0100 Subject: [PATCH 4/4] Make sure to also adapt the go-install-tool completely from kubebuilder Signed-off-by: Jannik Hollenbach --- auto-discovery/cloud-aws/Makefile | 12 +++++++----- auto-discovery/kubernetes/Makefile | 14 ++++++++------ operator/Makefile | 14 ++++++++------ 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/auto-discovery/cloud-aws/Makefile b/auto-discovery/cloud-aws/Makefile index 2a4a61284c..53211f5265 100644 --- a/auto-discovery/cloud-aws/Makefile +++ b/auto-discovery/cloud-aws/Makefile @@ -147,17 +147,19 @@ debug.env: ## Allow vscode profiles to access the envtest assets $(MAKE) print-envtest-path >> debug.env # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary (ideally with version) +# $1 - target path with name of binary # $2 - package url which can be installed # $3 - specific version of package define go-install-tool -@[ -f $(1) ] || { \ +@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \ set -e; \ package=$(2)@$(3) ;\ echo "Downloading $${package}" ;\ -GOBIN=$(LOCALBIN) go install $${package} ;\ -mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ -} +rm -f "$(1)" ;\ +GOBIN="$(LOCALBIN)" go install $${package} ;\ +mv "$(LOCALBIN)/$$(basename "$(1)")" "$(1)-$(3)" ;\ +} ;\ +ln -sf "$$(realpath "$(1)-$(3)")" "$(1)" endef define gomodver $(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile index bebfb63fe3..62911c16c7 100644 --- a/auto-discovery/kubernetes/Makefile +++ b/auto-discovery/kubernetes/Makefile @@ -142,7 +142,7 @@ $(LOCALBIN): mkdir -p $(LOCALBIN) ## Tool Binaries -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions @@ -162,17 +162,19 @@ $(ENVTEST): $(LOCALBIN) $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary (ideally with version) +# $1 - target path with name of binary # $2 - package url which can be installed # $3 - specific version of package define go-install-tool -@[ -f $(1) ] || { \ +@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \ set -e; \ package=$(2)@$(3) ;\ echo "Downloading $${package}" ;\ -GOBIN=$(LOCALBIN) go install $${package} ;\ -mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ -} +rm -f "$(1)" ;\ +GOBIN="$(LOCALBIN)" go install $${package} ;\ +mv "$(LOCALBIN)/$$(basename "$(1)")" "$(1)-$(3)" ;\ +} ;\ +ln -sf "$$(realpath "$(1)-$(3)")" "$(1)" endef define gomodver $(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) diff --git a/operator/Makefile b/operator/Makefile index b7e8b75c44..4410f947e9 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -175,7 +175,7 @@ $(LOCALBIN): mkdir -p $(LOCALBIN) ## Tool Binaries -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions @@ -195,17 +195,19 @@ $(ENVTEST): $(LOCALBIN) $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary (ideally with version) +# $1 - target path with name of binary # $2 - package url which can be installed # $3 - specific version of package define go-install-tool -@[ -f $(1) ] || { \ +@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \ set -e; \ package=$(2)@$(3) ;\ echo "Downloading $${package}" ;\ -GOBIN=$(LOCALBIN) go install $${package} ;\ -mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ -} +rm -f "$(1)" ;\ +GOBIN="$(LOCALBIN)" go install $${package} ;\ +mv "$(LOCALBIN)/$$(basename "$(1)")" "$(1)-$(3)" ;\ +} ;\ +ln -sf "$$(realpath "$(1)-$(3)")" "$(1)" endef define gomodver $(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null)