diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000..f961545b1 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,66 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master, 'release-**' ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master, 'release-**' ] + schedule: + - cron: '0 */24 * * *' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: ^1.18 + id: go + + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + run: | + make all + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index 45c0f6aa3..0a6930995 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -12,7 +12,7 @@ jobs: - name: Run linter uses: golangci/golangci-lint-action@v2 with: - version: v1.43 + version: v1.45 args: -E=gofmt,deadcode,unused,varcheck,ineffassign,revive,misspell,exportloopref,asciicheck,bodyclose,contextcheck --timeout=30m0s verify-helm: name: Verify Helm diff --git a/Dockerfile b/Dockerfile index dbd045134..0929790ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,6 @@ COPY ${binary} /nfsplugin RUN apt update && apt-mark unhold libcap2 RUN clean-install ca-certificates mount nfs-common netbase # install updated packages to fix CVE issues -RUN clean-install libgmp10 bsdutils libssl1.1 openssl libc6 libc-bin libsystemd0 libudev1 +RUN clean-install libgmp10 bsdutils libssl1.1 openssl libc6 libc-bin libsystemd0 libudev1 zlib1g ENTRYPOINT ["/nfsplugin"] diff --git a/deploy/example/README.md b/deploy/example/README.md index 961510d34..1a0ae313a 100644 --- a/deploy/example/README.md +++ b/deploy/example/README.md @@ -1,7 +1,5 @@ # CSI driver example -After the NFS CSI Driver is deployed in your cluster, you can follow this documentation to quickly deploy some examples. - You can use NFS CSI Driver to provision Persistent Volumes statically or dynamically. Please read [Kubernetes Persistent Volumes documentation](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for more information about Static and Dynamic provisioning. Please refer to [driver parameters](../../docs/driver-parameters.md) for more detailed usage. @@ -35,13 +33,7 @@ kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nf kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/example/pvc-nfs-csi-static.yaml ``` -## Deployment/Statefulset Usage - -- Follow the following command to create `Deployment` and `Statefulset` . - -```bash -# create Deployment and Statefulset -git clone https://github.com/kubernetes-csi/csi-driver-nfs.git -cd csi-driver-nfs -./hack/verify-examples.sh +## Create a deployment +```console +kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/example/deployment.yaml ``` \ No newline at end of file diff --git a/deploy/example/pv-nfs-csi.yaml b/deploy/example/pv-nfs-csi.yaml index 2f50a2c61..e2f1a65c5 100644 --- a/deploy/example/pv-nfs-csi.yaml +++ b/deploy/example/pv-nfs-csi.yaml @@ -9,8 +9,9 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-csi mountOptions: - - nconnect=8 + - nconnect=8 # only supported on linux kernel version >= 5.3 - hard - nfsvers=4.1 csi: diff --git a/deploy/example/pvc-nfs-csi-static.yaml b/deploy/example/pvc-nfs-csi-static.yaml index b52186fdb..91a2cf750 100644 --- a/deploy/example/pvc-nfs-csi-static.yaml +++ b/deploy/example/pvc-nfs-csi-static.yaml @@ -10,4 +10,4 @@ spec: requests: storage: 10Gi volumeName: pv-nfs - storageClassName: "" + storageClassName: nfs-csi diff --git a/deploy/example/storageclass-nfs.yaml b/deploy/example/storageclass-nfs.yaml index c84bbaf28..2fd2cdaeb 100644 --- a/deploy/example/storageclass-nfs.yaml +++ b/deploy/example/storageclass-nfs.yaml @@ -13,6 +13,6 @@ parameters: reclaimPolicy: Delete volumeBindingMode: Immediate mountOptions: - - nconnect=8 + - nconnect=8 # only supported on linux kernel version >= 5.3 - hard - nfsvers=4.1 diff --git a/hack/verify-all.sh b/hack/verify-all.sh index b0d9582b7..3372df3da 100755 --- a/hack/verify-all.sh +++ b/hack/verify-all.sh @@ -20,10 +20,8 @@ readonly PKG_ROOT="$(git rev-parse --show-toplevel)" ${PKG_ROOT}/hack/verify-gofmt.sh ${PKG_ROOT}/hack/verify-govet.sh -${PKG_ROOT}/hack/verify-golint.sh ${PKG_ROOT}/hack/verify-yamllint.sh ${PKG_ROOT}/hack/verify-boilerplate.sh -${PKG_ROOT}/hack/verify-spelling.sh ${PKG_ROOT}/hack/verify-helm-chart-files.sh ${PKG_ROOT}/hack/verify-helm-chart.sh ${PKG_ROOT}/hack/verify-gomod.sh diff --git a/release-tools/prow.sh b/release-tools/prow.sh index 8053b205a..e6df4763b 100755 --- a/release-tools/prow.sh +++ b/release-tools/prow.sh @@ -86,7 +86,7 @@ configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -pp # which is disabled with GOFLAGS=-mod=vendor). configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory" -configvar CSI_PROW_GO_VERSION_BUILD "1.17.3" "Go version for building the component" # depends on component's source code +configvar CSI_PROW_GO_VERSION_BUILD "1.18" "Go version for building the component" # depends on component's source code configvar CSI_PROW_GO_VERSION_E2E "" "override Go version for building the Kubernetes E2E test suite" # normally doesn't need to be set, see install_e2e configvar CSI_PROW_GO_VERSION_SANITY "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building the csi-sanity test suite" # depends on CSI_PROW_SANITY settings below configvar CSI_PROW_GO_VERSION_KIND "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building 'kind'" # depends on CSI_PROW_KIND_VERSION below @@ -441,10 +441,7 @@ install_ginkgo () { if [ "v$(ginkgo version 2>/dev/null | sed -e 's/.* //')" = "${CSI_PROW_GINKGO_VERSION}" ]; then return fi - git_checkout https://github.com/onsi/ginkgo "$GOPATH/src/github.com/onsi/ginkgo" "${CSI_PROW_GINKGO_VERSION}" --depth=1 && - # We have to get dependencies and hence can't call just "go build". - run_with_go "${CSI_PROW_GO_VERSION_GINKGO}" go get github.com/onsi/ginkgo/ginkgo || die "building ginkgo failed" && - mv "$GOPATH/bin/ginkgo" "${CSI_PROW_BIN}" + run_with_go "${CSI_PROW_GO_VERSION_GINKGO}" env GOBIN="${CSI_PROW_BIN}" go install "github.com/onsi/ginkgo/ginkgo@${CSI_PROW_GINKGO_VERSION}" || die "building ginkgo failed" } # Ensure that we have the desired version of dep. diff --git a/release-tools/verify-spelling.sh b/release-tools/verify-spelling.sh index 4aeb34d68..6e87b1dbf 100755 --- a/release-tools/verify-spelling.sh +++ b/release-tools/verify-spelling.sh @@ -41,7 +41,7 @@ if [[ -z "$(command -v misspell)" ]]; then # perform go get in a temp dir as we are not tracking this version in a go module # if we do the go get in the repo, it will create / update a go.mod and go.sum cd "${TMP_DIR}" - GO111MODULE=on GOBIN="${TMP_DIR}" go get "github.com/client9/misspell/cmd/misspell@${TOOL_VERSION}" + GO111MODULE=on GOBIN="${TMP_DIR}" go install "github.com/client9/misspell/cmd/misspell@${TOOL_VERSION}" export PATH="${TMP_DIR}:${PATH}" fi