[EXPERIMENTAL] CLOUDP-346302: Manage go tools with go.mod

.github/HOWTO.md

@@ -33,13 +33,13 @@ KUBE_CONFIG_DATA=$(kubectl config view -o json --raw | jq -c '.')
 Calling push trigger will run all workflow with `push` trigger. This command will run build-image and push-test workflows:
 
 ```bash
-act push
+go tool act push
 ```
 
 This sample runs a specific job - unit-test
 
 ```bash
-act -j unit-test
+go tool act -j unit-test
 ```
 
 Some workflows have `workflow_dispatch` trigger - manual launch with inputs. It is possible to run it with `act` too.
@@ -57,8 +57,8 @@ Some workflows have `workflow_dispatch` trigger - manual launch with inputs. It
 Build-image triggered by Pull_request:
 
 ```bash
-act pull_request -e event_pull_request.json
-act pull_request -j name -e event_pull_request.json
+go tool act pull_request -e event_pull_request.json
+go tool act pull_request -j name -e event_pull_request.json
 ```
 
 event_pull_request.json:
@@ -81,5 +81,5 @@ For example, we need to run image-build
 3. Run job
 
 ```bash
-act -j build-push
+go tool act -j build-push
 ```

.github/actions/gen-install-scripts/entrypoint.sh

@@ -28,7 +28,7 @@ mkdir -p "${crds_dir}"
 mkdir -p "${openshift}"
 
 # Generate configuration and save it to `all-in-one`
-controller-gen crd:crdVersions=v1,ignoreUnexportedFields=true rbac:roleName=manager-role webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
+go tool controller-gen crd:crdVersions=v1,ignoreUnexportedFields=true rbac:roleName=manager-role webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
 cd config/manager && kustomize edit set image controller="${INPUT_IMAGE_URL}"
 cd -
 ./scripts/split_roles_yaml.sh
@@ -59,7 +59,7 @@ echo "Created namespaced config"
 cp config/crd/bases/* "${crds_dir}"
 
 # CSV bundle
-operator-sdk generate kustomize manifests -q --apis-dir=api
+go tool operator-sdk generate kustomize manifests -q --apis-dir=api
 # get the current version so we could put it into the "replaces:"
 current_version="$(yq e '.metadata.name' bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml)"
 
@@ -68,23 +68,23 @@ channel="stable"
 if [[ "${INPUT_ENV}" == "dev" ]]; then
   echo "build dev purpose"
   kustomize build --load-restrictor LoadRestrictionsNone config/manifests |
-    operator-sdk generate bundle -q --overwrite --default-channel="${channel}" --channels="${channel}"
+    go tool operator-sdk generate bundle -q --overwrite --default-channel="${channel}" --channels="${channel}"
 else
   echo "build release version"
   echo "${INPUT_IMAGE_URL}"
   kustomize build --load-restrictor LoadRestrictionsNone config/manifests |
-    operator-sdk generate bundle -q --overwrite --version "${INPUT_VERSION}" --default-channel="${channel}" --channels="${channel}"
+    go tool operator-sdk generate bundle -q --overwrite --version "${INPUT_VERSION}" --default-channel="${channel}" --channels="${channel}"
   # add replaces
   awk '!/replaces:/' bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml >tmp && mv tmp bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
   echo "  replaces: $current_version" >>bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
   # Add WATCH_NAMESPACE env parameter
   value="metadata.annotations['olm.targetNamespaces']" yq e -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env[2] |= {"name": "WATCH_NAMESPACE", "valueFrom": {"fieldRef": {"fieldPath": env(value)}}}' bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
   # Add containerImage to bundle/manifests/ csv. containerImage - The full location (registry, repository, name and tag) of the operator image
-  yq e -i ".metadata.annotations.containerImage=\"${INPUT_IMAGE_URL}\"" bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
+  go tool yq e -i ".metadata.annotations.containerImage=\"${INPUT_IMAGE_URL}\"" bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
 fi
 
 # add additional LABELs to bundle.Docker file
 label="LABEL com.redhat.openshift.versions=\"v4.8-v4.18\"\nLABEL com.redhat.delivery.backport=true\nLABEL com.redhat.delivery.operator.bundle=true"
 awk -v rep="FROM scratch\n\n$label" '{sub(/FROM scratch/, rep); print}' bundle.Dockerfile >tmp && mv tmp bundle.Dockerfile
 
-operator-sdk bundle validate ./bundle
+go tool operator-sdk bundle validate ./bundle

.github/workflows/openshift-upgrade-test.yaml

@@ -42,10 +42,10 @@ jobs:
           enable-cache: 'true'
       - name: Download tools for openshift test
         run: |
-          wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.9/opm-linux.tar.gz -O opm.tar.gz -q
+          curl -sL -o opm.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.9/opm-linux.tar.gz
           tar xvf opm.tar.gz
           chmod +x opm && sudo mv opm /usr/local/bin/opm
-          wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.6/openshift-client-linux.tar.gz -O openshift.tar.gz -q
+          curl -sL -o openshift.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.6/openshift-client-linux.tar.gz
           tar xvf openshift.tar.gz
           chmod +x oc && sudo mv oc /usr/local/bin/oc
       - name: Login to registry

.github/workflows/release-openshift.yaml

@@ -88,11 +88,11 @@ jobs:
           export REPO_DIGEST=$(docker inspect --format='{{ index .RepoDigests 0}}' "${IMAGE}":"${VERSION}")
 
           cd "$REPOSITORY/$REPO_PATH"
-          yq e -i '.metadata.annotations.containerImage = env(REPO_DIGEST)' "${VERSION}"/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
-          yq e -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].image = env(REPO_DIGEST)' "${VERSION}"/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
+          go tool yq e -i '.metadata.annotations.containerImage = env(REPO_DIGEST)' "${VERSION}"/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
+          go tool yq e -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].image = env(REPO_DIGEST)' "${VERSION}"/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
 
           # Add skip range
-          value='">=0.8.0"' yq e -i '.spec.skipRange = env(value)' "${VERSION}"/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
+          value='">=0.8.0"' go tool yq e -i '.spec.skipRange = env(value)' "${VERSION}"/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
       - name: Push Changes & Open PR
         env:
           VERSION: ${{ github.event.inputs.version }}

.github/workflows/tests-e2e2.yaml

@@ -34,9 +34,6 @@ jobs:
         with:
           go-version-file: "${{ github.workspace }}/go.mod"
 
-      - name: Install Ginkgo
-        run: go install github.com/onsi/ginkgo/v2/ginkgo@latest
-
       - name: Get test labels from PR or input
         env:
           TEST_LABELS: ${{ github.event.inputs.testLabels }}
@@ -61,7 +58,7 @@ jobs:
       - name: List available Ginkgo test labels
         id: fetch-labels
         run: |
-          E2E2_LABELS=$(cd ./test/e2e2 && ginkgo labels | sed 's/^e2e2: //' | jq -s -c '.[0]')
+          E2E2_LABELS=$(cd ./test/e2e2 && go tool ginkgo labels | sed 's/^e2e2: //' | jq -s -c '.[0]')
 
           echo "e2e2_labels=$E2E2_LABELS" >> $GITHUB_ENV
 

.github/workflows/tests-selectable.yaml

@@ -39,9 +39,6 @@ jobs:
         with:
           go-version-file: "${{ github.workspace }}/go.mod"
 
-      - name: Install Ginkgo
-        run: go install github.com/onsi/ginkgo/v2/ginkgo@latest
-
       - name: Get test labels from PR or input
         env:
           TEST_LABELS: ${{ github.event.inputs.testLabels }}
@@ -66,8 +63,8 @@ jobs:
       - name: List available Ginkgo test labels
         id: fetch-labels
         run: |
-          INT_LABELS=$(cd ./test/int && ginkgo labels | sed 's/^int: //' | jq -s -c '.[0]')
-          E2E_LABELS=$(cd ./test/e2e && ginkgo labels | sed 's/^e2e: //' | jq -s -c '.[0]')
+          INT_LABELS=$(cd ./test/int && go tool ginkgo labels | sed 's/^int: //' | jq -s -c '.[0]')
+          E2E_LABELS=$(cd ./test/e2e && go tool ginkgo labels | sed 's/^e2e: //' | jq -s -c '.[0]')
 
           echo "int_labels=$INT_LABELS" >> $GITHUB_ENV
           echo "e2e_labels=$E2E_LABELS" >> $GITHUB_ENV

Makefile

@@ -111,11 +111,10 @@ GINKGO_FILTER_LABEL ?=
 ifneq ($(GINKGO_FILTER_LABEL),)
 GINKGO_FILTER_LABEL_OPT := --label-filter="$(GINKGO_FILTER_LABEL)"
 endif
-GINKGO=ginkgo run $(GINKGO_OPTS) $(GINKGO_FILTER_LABEL_OPT) $(shell pwd)/$@
+GINKGO=go tool ginkgo run $(GINKGO_OPTS) $(GINKGO_FILTER_LABEL_OPT) $(shell pwd)/$@
 
 BASE_GO_PACKAGE = github.com/mongodb/mongodb-atlas-kubernetes/v2
 GO_LICENSES = go-licenses
-GO_LICENSES_VERSION = 1.6.0
 KUSTOMIZE = kustomize
 DISALLOWED_LICENSES = restricted,reciprocal
 
@@ -172,7 +171,7 @@ build-licenses.csv: go.mod ## Track licenses in a CSV file
 	export GOOS=linux
 	export GOARCH=amd64
 	GOTOOLCHAIN=local \
-	go run github.com/google/$(GO_LICENSES)@v$(GO_LICENSES_VERSION) csv --include_tests $(BASE_GO_PACKAGE)/... > licenses.csv
+	$(GO_LICENSES) csv --include_tests $(BASE_GO_PACKAGE)/... > licenses.csv
 	echo $(GOMOD_SHA) > $(LICENSES_GOMOD_SHA_FILE)
 
 
@@ -183,7 +182,7 @@ check-licenses:  ## Check licenses are compliant with our restrictions
 	export GOOS=linux
 	export GOARCH=amd64
 	GOTOOLCHAIN=local \
-	go run github.com/google/$(GO_LICENSES)@v$(GO_LICENSES_VERSION) check --include_tests \
+	$(GO_LICENSES) check --include_tests \
 	--disallowed_types $(DISALLOWED_LICENSES) $(BASE_GO_PACKAGE)/...
 	@echo "--------------------"
 	@echo "Licenses check: PASS"
@@ -200,7 +199,7 @@ test/int/clusterwide: envtest
 	AKO_INT_TEST=1 KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) $(GINKGO)
 
 envtest: envtest-assets
-	KUBEBUILDER_ASSETS=$(shell setup-envtest use $(ENVTEST_K8S_VERSION) --bin-dir $(ENVTEST_ASSETS_DIR) -p path)
+	KUBEBUILDER_ASSETS=$(shell go tool setup-envtest use $(ENVTEST_K8S_VERSION) --bin-dir $(ENVTEST_ASSETS_DIR) -p path)
 
 envtest-assets:
 	echo "Env: $(env)"
@@ -215,7 +214,7 @@ e2e2: run-kind manager install-credentials install-crds set-namespace ## Run e2e
 	NO_GORUN=1 \
 	AKO_E2E2_TEST=1 \
 	OPERATOR_NAMESPACE=$(OPERATOR_NAMESPACE) \
-	ginkgo --race --label-filter=$(label) -ldflags="$(LD_FLAGS)" --timeout 120m -vv test/e2e2/
+	go tool ginkgo --race --label-filter=$(label) -ldflags="$(LD_FLAGS)" --timeout 120m -vv test/e2e2/
 
 .PHONY: e2e-openshift-upgrade
 e2e-openshift-upgrade:
@@ -251,15 +250,15 @@ deploy: generate manifests run-kind ## Deploy controller in the configured Kuber
 # Produce CRDs that work back to Kubernetes 1.16 (so 'apiVersion: apiextensions.k8s.io/v1')
 manifests: CRD_OPTIONS ?= "crd:crdVersions=v1,ignoreUnexportedFields=true"
 manifests: fmt ## Generate manifests e.g. CRD, RBAC etc.
-	controller-gen $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
+	go tool controller-gen $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
 	@./scripts/split_roles_yaml.sh
 ifdef EXPERIMENTAL
-	controller-gen crd paths="./internal/nextapi/v1" output:crd:artifacts:config=internal/next-crds
+	go tool controller-gen crd paths="./internal/nextapi/v1" output:crd:artifacts:config=internal/next-crds
 endif
 
 .PHONY: lint
 lint: ## Run the lint against the code
-	golangci-lint run --timeout 10m
+	go tool golangci-lint run --timeout 10m
 
 $(TIMESTAMPS_DIR)/fmt: $(GO_SOURCES)
 	gci write -s standard -s default -s localmodule $(GO_SOURCES)
@@ -277,11 +276,11 @@ vet: $(TIMESTAMPS_DIR)/vet ## Run go vet against code
 
 .PHONY: generate
 generate: ${GO_SOURCES} ## Generate code
-	controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./api/..." paths="./internal/controller/..."
+	go tool controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./api/..." paths="./internal/controller/..."
 ifdef EXPERIMENTAL
-	controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./internal/nextapi/v1/..."
+	go tool controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./internal/nextapi/v1/..."
 endif
-	mockery
+	go tool mockery
 	$(MAKE) fmt
 
 .PHONY: check-missing-files
@@ -322,10 +321,10 @@ validate-crds-chart: ## Validate the CRDs in the Helm chart
 .PHONY: bundle
 bundle: manifests  ## Generate bundle manifests and metadata, then validate generated files.
 	@echo "Building bundle $(VERSION)"
-	operator-sdk generate $(KUSTOMIZE) manifests -q --apis-dir=api
+	go tool operator-sdk generate $(KUSTOMIZE) manifests -q --apis-dir=api
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
-	operator-sdk bundle validate ./bundle
+	$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/manifests | go tool operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	go tool operator-sdk bundle validate ./bundle
 
 .PHONY: image
 image: ## Build an operator image for local development
@@ -608,10 +607,10 @@ prepare-all-in-one: local-docker-build run-kind
 test-all-in-one: prepare-all-in-one install-credentials ## Test the deploy/all-in-one.yaml definition
 	# Test all in one with a local image and at $(ATLAS_DOMAIN) (cloud-qa)
 	kubectl apply -f deploy/all-in-one.yaml
-	yq deploy/all-in-one.yaml \
-	| yq 'select(.kind == "Deployment") | $(CONTAINER_SPEC).imagePullPolicy="IfNotPresent"' \
-	| yq 'select(.kind == "Deployment") | $(CONTAINER_SPEC).image="$(LOCAL_IMAGE)"' \
-	| yq 'select(.kind == "Deployment") | $(CONTAINER_SPEC).args[0]="--atlas-domain=$(ATLAS_DOMAIN)"' \
+	go tool yq deploy/all-in-one.yaml \
+	| go tool yq 'select(.kind == "Deployment") | $(CONTAINER_SPEC).imagePullPolicy="IfNotPresent"' \
+	| go tool yq 'select(.kind == "Deployment") | $(CONTAINER_SPEC).image="$(LOCAL_IMAGE)"' \
+	| go tool yq 'select(.kind == "Deployment") | $(CONTAINER_SPEC).args[0]="--atlas-domain=$(ATLAS_DOMAIN)"' \
 	| kubectl apply -f -
 
 .PHONY: upload-sbom-to-kondukto

devbox.json

@@ -1,32 +1,21 @@
 {
   "packages": [
-    "yq-go@latest",
     "[email protected]",
     "jq@latest",
     "path:flakes/go",
-    "gotests@latest",
-    "act@latest",
     "kubectl@latest",
     "docker@latest",
     "[email protected]",
     "git@latest",
-    "gettext@latest",
-    "wget@latest",
+    "curl@latest",
     "cosign@latest",
     "kubernetes-helm@latest",
-    "govulncheck@latest",
-    "gotools@latest",
-    "ginkgo@latest",
-    "[email protected]",
     "shellcheck@latest",
-    "[email protected]",
-    "[email protected]",
-    "[email protected]",
     "awscli2@latest",
-    "go-mockery@2",
     "docker-sbom@latest",
     "openshift@latest",
     "gci@latest",
-    "gh@latest"
+    "gh@latest",
+    "[email protected]"
   ]
 }