Upgrade dependencies

Some Golang CVEs get flagged in the suc binary as it was built with an
older golang version. Use go 1.22.6
Updating other go module deps.
SLES update is required for libc compatiblity with latest ginkgo
version.

Update golangci-lint. Most gingko and gomega changes are to fix linting
failures.
Update sonobuoy

docker bridge address is added to tls-san to avoid cert errors when
using the client to connect the KUBEHOST.

Drop deprecated version field in the docker compose manifests.

It is recommended that the next release be v0.15.0 as 0.14.0 was already
published and deleted in the past and gosumdb already has entries.

Author: harsimranmaan

.golangci.json

@@ -11,9 +11,9 @@
 		]
 	},
 	"run": {
-		"skip-files": [
+		"exclude-files": [
 			"/zz_generated_"
 		],
 		"deadline": "5m"
 	}
-}
+}

Dockerfile.dapper

@@ -1,24 +1,23 @@
-ARG KUBECTL=rancher/kubectl:v1.25.4
+ARG KUBECTL=rancher/kubectl:v1.30.3
 FROM ${KUBECTL} AS kubectl
 
-FROM registry.suse.com/bci/golang:1.20
+FROM registry.suse.com/bci/golang:1.22
 
 COPY --from=kubectl /bin/kubectl /usr/local/bin/kubectl
 
 ARG DAPPER_HOST_ARCH
 ENV ARCH $DAPPER_HOST_ARCH
-ARG SONOBUOY_VERSION=0.56.16
-
+ARG SONOBUOY_VERSION=0.57.1
 RUN zypper -n install expect git jq  docker vim less file curl wget iproute2 gawk
 RUN if [ "${ARCH:-$(go env GOARCH)}" = "amd64" ]; then \
-        curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2; \
-        curl -sL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.0.3/kustomize_v5.0.3_linux_amd64.tar.gz" | tar -xz -C /usr/local/bin; \
-        curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${SONOBUOY_VERSION}/sonobuoy_${SONOBUOY_VERSION}_linux_${ARCH}.tar.gz" | tar -xz -C /usr/local/bin; \
-        curl -sL "https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose && \
-        chmod +x /usr/local/bin/docker-compose; \
+    curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.59.1; \
+    curl -sL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.3/kustomize_v5.4.3_linux_amd64.tar.gz" | tar -xz -C /usr/local/bin; \
+    curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${SONOBUOY_VERSION}/sonobuoy_${SONOBUOY_VERSION}_linux_${ARCH}.tar.gz" | tar -xz -C /usr/local/bin; \
+    curl -sL "https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose && \
+    chmod +x /usr/local/bin/docker-compose; \
     fi
 RUN mkdir -p /usr/local/lib/docker/cli-plugins; \
-    curl -o /usr/local/lib/docker/cli-plugins/docker-buildx -fsSL "https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-${ARCH}"; \
+    curl -o /usr/local/lib/docker/cli-plugins/docker-buildx -fsSL "https://github.com/docker/buildx/releases/download/v0.16.2/buildx-v0.16.2.linux-${ARCH}"; \
     chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
 ENV DAPPER_ENV REPO TAG DRONE_TAG
 ENV DAPPER_SOURCE /go/src/github.com/rancher/system-upgrade-controller/

e2e/cluster/local/docker-compose.yaml

@@ -1,5 +1,3 @@
-version: "3.7"
-
 volumes:
   kubeconfig:
     name: e2e-local-kubeconfig
@@ -13,7 +11,7 @@ services:
       context: ./images/k3s/.
       args:
         - ARCH=${ARCH}
-    command: server --disable=traefik,metrics-server --disable-helm-controller
+    command: server --disable=traefik,metrics-server --disable-helm-controller --tls-san 172.17.0.1
     environment:
       - K3S_TOKEN=e2e
     hostname: k3s-server-1

e2e/cluster/local/images/k3s/Dockerfile

@@ -1,21 +1,21 @@
 # Install the all-in-one binary so we can copy our run-time images into the image
 # which helps avoid pulling them when running e2e tests.
-ARG BCI="registry.suse.com/bci/bci-base:15.5"
+ARG BCI="registry.suse.com/bci/bci-base:15.6"
 FROM ${BCI} AS k3s
 ARG ARCH
-ARG K3S_VERSION="v1.25.9+k3s1"
+ARG K3S_VERSION="v1.30.3+k3s1"
 RUN set -x \
- && zypper -n in \
-    ca-certificates \
-    curl \
- && if [ "${ARCH?required}" != "amd64" ]; then \
-        K3S_SUFFIX="-${ARCH}"; \
-    fi \
- && curl -fsSL "https://github.com/rancher/k3s/releases/download/${K3S_VERSION}/k3s${K3S_SUFFIX}" > /bin/k3s \
- && chmod +x /bin/k3s \
- && ln -s /bin/k3s /bin/kubectl \
- && ln -s /bin/k3s /bin/ctr \
- && k3s --version
+   && zypper -n in \
+   ca-certificates \
+   curl \
+   && if [ "${ARCH?required}" != "amd64" ]; then \
+   K3S_SUFFIX="-${ARCH}"; \
+   fi \
+   && curl -fsSL "https://github.com/rancher/k3s/releases/download/${K3S_VERSION}/k3s${K3S_SUFFIX}" > /bin/k3s \
+   && chmod +x /bin/k3s \
+   && ln -s /bin/k3s /bin/kubectl \
+   && ln -s /bin/k3s /bin/ctr \
+   && k3s --version
 
 COPY scratch/*-${ARCH}.tar /var/lib/rancher/k3s/agent/images/
 #ADD https://github.com/rancher/k3s/releases/download/${K3S_VERSION}/k3s-airgap-images-${ARCH}.tar /var/lib/rancher/k3s/agent/images/

e2e/cluster/local/scripts/cluster-prepare

@@ -5,8 +5,8 @@ set -e
 : "${ARCH?required}"
 : "${DIST?required}"
 : "${BCI_TAG:=15.4}"
-: "${KUBECTL_TAG:=v1.25.4}"
-: "${SONOBUOY_TAG:=v0.56.16}"
+: "${KUBECTL_TAG:=v1.30.3}"
+: "${SONOBUOY_TAG:=v0.57.1}"
 
 docker-image-save() {
   echo "Pulling '$1:$2' ..."

e2e/framework/channel.go

@@ -13,7 +13,7 @@ func ChannelServer(location string, statusCode int) *httptest.Server {
 		Failf("cannot read hostname: %v", err)
 	}
 	server := &httptest.Server{
-		Config: &http.Server{Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Config: &http.Server{Handler: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			w.Header().Set("Location", location)
 			w.WriteHeader(statusCode)
 		})},

e2e/framework/framework.go

@@ -60,15 +60,11 @@ func New(name string, opt ...Option) *Client {
 		fn(options)
 	}
 	client := &Client{
-		Framework: framework.Framework{
-			BaseName:                         name,
-			AddonResourceConstraints:         make(map[string]framework.ResourceConstraint),
-			NamespacePodSecurityEnforceLevel: admissionapi.LevelPrivileged,
-			Options:                          options.Options,
-		},
+		Framework: *framework.NewFramework(name, options.Options, nil),
 	}
+	client.Framework.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
 	ginkgo.BeforeEach(client.BeforeEach)
-	ginkgo.AfterEach(client.AfterEach)
+	//ginkgo.DeferCleanup(client.AfterEach)
 	return client
 }
 
@@ -161,14 +157,14 @@ func (c *Client) WaitForPlanJobs(plan *upgradeapiv1.Plan, count int, timeout tim
 	})
 }
 
-func (c *Client) BeforeEach() {
+func (c *Client) BeforeEach(ctx context.Context) {
 	c.beforeFramework()
-	c.Framework.BeforeEach()
+	c.Framework.BeforeEach(ctx)
 	c.setupController()
 }
 
-func (c *Client) AfterEach() {
-	c.Framework.AfterEach()
+func (c *Client) AfterEach(ctx context.Context) {
+	c.Framework.AfterEach(ctx)
 }
 
 func (c *Client) setupController() {
@@ -181,7 +177,7 @@ func (c *Client) setupController() {
 	}, metav1.CreateOptions{})
 	framework.ExpectNoError(err)
 
-	err = frameworkauth.BindClusterRole(c.ClientSet.RbacV1(), "cluster-admin", c.Namespace.Name, rbacv1.Subject{
+	err = frameworkauth.BindClusterRole(context.TODO(), c.ClientSet.RbacV1(), "cluster-admin", c.Namespace.Name, rbacv1.Subject{
 		Kind:      rbacv1.ServiceAccountKind,
 		Name:      c.controllerServiceAccount.Name,
 		Namespace: c.controllerServiceAccount.Namespace,

e2e/framework/logging.go

@@ -5,7 +5,7 @@ import (
 	"time"
 
 	"github.com/onsi/ginkgo/v2"
-	"k8s.io/kubernetes/test/e2e/framework/ginkgowrapper"
+	"k8s.io/kubernetes/test/e2e/framework"
 )
 
 // Logf logs the info.
@@ -35,7 +35,7 @@ func Failf(format string, args ...interface{}) {
 func FailfWithOffset(offset int, format string, args ...interface{}) {
 	msg := fmt.Sprintf(format, args...)
 	Logf("FAIL", msg)
-	ginkgowrapper.Fail(nowStamp()+": "+msg, 1+offset)
+	framework.Fail(nowStamp()+": "+msg, 1+offset)
 }
 
 func nowStamp() string {

e2e/suite/channel_resolve_test.go

@@ -5,17 +5,17 @@ import (
 	"net/http"
 	"net/http/httptest"
 
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
 	"github.com/rancher/system-upgrade-controller/e2e/framework"
 	upgradeapiv1 "github.com/rancher/system-upgrade-controller/pkg/apis/upgrade.cattle.io/v1"
 	upgradeplan "github.com/rancher/system-upgrade-controller/pkg/upgrade/plan"
 )
 
-var _ = Describe("Resolve channel", func() {
+var _ = ginkgo.Describe("Resolve channel", func() {
 	e2e := framework.New("channel")
 
-	When("passed url fails to resolve", func() {
+	ginkgo.When("passed url fails to resolve", func() {
 		var (
 			err        error
 			plan       *upgradeapiv1.Plan
@@ -25,45 +25,45 @@ var _ = Describe("Resolve channel", func() {
 			clusterID  string
 			latest     string
 		)
-		BeforeEach(func() {
+		ginkgo.BeforeEach(func() {
 			ctx, cancel = context.WithCancel(context.Background())
 			plan = e2e.NewPlan("channel-", "", nil)
 		})
-		AfterEach(func() {
+		ginkgo.AfterEach(func() {
 			if channelSrv != nil {
 				channelSrv.Close()
 			}
 			cancel()
 		})
-		It("channel server is up with correct address", func() {
+		ginkgo.It("channel server is up with correct address", func() {
 			channelSrv = framework.ChannelServer("/local", http.StatusFound)
 			plan.Spec.Channel = channelSrv.URL
-			Expect(plan.Spec.Channel).ToNot(BeEmpty())
+			gomega.Expect(plan.Spec.Channel).ToNot(gomega.BeEmpty())
 			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
 			latest, err = upgradeplan.ResolveChannel(ctx, plan.Spec.Channel, plan.Status.LatestVersion, clusterID)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(latest).NotTo(BeEmpty())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
+			gomega.Expect(latest).NotTo(gomega.BeEmpty())
 		})
-		It("channel server is up but url not found", func() {
+		ginkgo.It("channel server is up but url not found", func() {
 			channelSrv = framework.ChannelServer("/local", http.StatusNotFound)
 			plan.Spec.Channel = channelSrv.URL
-			Expect(plan.Spec.Channel).ToNot(BeEmpty())
+			gomega.Expect(plan.Spec.Channel).ToNot(gomega.BeEmpty())
 			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
 			latest, err = upgradeplan.ResolveChannel(ctx, plan.Spec.Channel, plan.Status.LatestVersion, clusterID)
-			Expect(err).To(HaveOccurred())
-			Expect(latest).To(BeEmpty())
+			gomega.Expect(err).To(gomega.HaveOccurred())
+			gomega.Expect(latest).To(gomega.BeEmpty())
 		})
-		It("Service Unavailable", func() {
+		ginkgo.It("Service Unavailable", func() {
 			channelSrv = framework.ChannelServer("/local", http.StatusServiceUnavailable)
 			plan.Spec.Channel = channelSrv.URL
-			Expect(plan.Spec.Channel).ToNot(BeEmpty())
+			gomega.Expect(plan.Spec.Channel).ToNot(gomega.BeEmpty())
 			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
 			latest, err = upgradeplan.ResolveChannel(ctx, plan.Spec.Channel, plan.Status.LatestVersion, clusterID)
-			Expect(err).To(HaveOccurred())
-			Expect(latest).To(BeEmpty())
+			gomega.Expect(err).To(gomega.HaveOccurred())
+			gomega.Expect(latest).To(gomega.BeEmpty())
 		})
 	})
 })