Merge branch 'main' into issue-fix-8706

2026-01-10 23:11:03 +00:00 · 2025-02-20 19:20:45 +08:00
parent e2a7986629 e64806a651
commit cf58cc8fb2
5 changed files with 20 additions and 53 deletions
--- a/.github/workflows/e2e-test-kind.yaml
+++ b/.github/workflows/e2e-test-kind.yaml
@@ -60,10 +60,10 @@ jobs:
        # grep -E "v[1-9]\.(2[5-9]|[3-9][0-9])" filters for v1.25 to v9.99
        # and removes older patches of the same minor version
        # awk -F. '{if(!a[$1"."$2]++)print $1"."$2"."$NF}'
-        # TODO: replace "alpha|beta|1\.3[2-9]\.[1-9]" with "alpha|beta" when containerdv2 works https://github.com/vmware-tanzu/velero/issues/8648
+        # TODO: replace "alpha|beta|1\.3[2-9]\.[1-9]|1\.31\.[6-9]|1\.30\.[1-9][0-9]|1\.29\.[1-9][4-9]" with "alpha|beta" when containerdv2 works https://github.com/vmware-tanzu/velero/issues/8648
        run: |
          echo "matrix={\
-            \"k8s\":$(wget -q -O - "https://hub.docker.com/v2/namespaces/kindest/repositories/node/tags?page_size=50" | grep -o '"name": *"[^"]*' | grep -o '[^"]*$' | grep -v -E "alpha|beta|1\.3[2-9]\.[1-9]" | grep -E "v[1-9]\.(2[5-9]|[3-9][0-9])" | awk -F. '{if(!a[$1"."$2]++)print $1"."$2"."$NF}' | sort -r | sed s/v//g | jq -R -c -s 'split("\n")[:-1]'),\
+            \"k8s\":$(wget -q -O - "https://hub.docker.com/v2/namespaces/kindest/repositories/node/tags?page_size=50" | grep -o '"name": *"[^"]*' | grep -o '[^"]*$' | grep -v -E "alpha|beta|1\.3[2-9]\.[1-9]|1\.31\.[6-9]|1\.30\.[1-9][0-9]|1\.29\.[1-9][4-9]" | grep -E "v[1-9]\.(2[5-9]|[3-9][0-9])" | awk -F. '{if(!a[$1"."$2]++)print $1"."$2"."$NF}' | sort -r | sed s/v//g | jq -R -c -s 'split("\n")[:-1]'),\
            \"labels\":[\
              \"Basic && (ClusterResource || NodePort || StorageClass)\", \
              \"ResourceFiltering && !Restic\", \
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -12,11 +12,6 @@ run:
  # exit code when at least one issue was found, default is 1
  issues-exit-code: 1

-
-  # default is true. Enables skipping of directories:
-  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs-use-default: true
-
  # by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules":
  # If invoked with -mod=readonly, the go command is disallowed from the implicit
  # automatic updating of go.mod described above. Instead, it fails when any changes
@@ -138,28 +133,6 @@ linters-settings:
    # put imports beginning with prefix after 3rd-party packages;
    # it's a comma-separated list of prefixes
    local-prefixes: github.com/org/project
-  golint:
-    # minimal confidence for issues, default is 0.8
-    min-confidence: 0.8
-  gomnd:
-    # the list of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description.
-    checks: argument,case,condition,operation,return,assign
-  gomodguard:
-    allowed:
-      modules:                                                        # List of allowed modules
-        # - gopkg.in/yaml.v2
-      domains:                                                        # List of allowed module domains
-        # - golang.org
-    blocked:
-      modules:                                                        # List of blocked modules
-        # - github.com/uudashr/go-module:                             # Blocked module
-        #     recommendations:                                        # Recommended modules that should be used instead (Optional)
-        #       - golang.org/x/mod
-        #     reason: "`mod` is the official go.mod parser library."  # Reason why the recommended module should be used (Optional)
-      versions:                                                       # List of blocked module version constraints
-        # - github.com/mitchellh/go-homedir:                          # Blocked module with version constraint
-        #     version: "< 1.1.0"                                      # Version constraint, see https://github.com/Masterminds/semver#basic-comparisons
-        #     reason: "testing if blocked version constraint works."  # Reason why the version constraint exists. (Optional)
  govet:
    # report about shadowed variables
    # check-shadowing: true
@@ -180,23 +153,12 @@ linters-settings:
    disable:
      - shadow
    disable-all: false
-  depguard:
-    list-type: blacklist # Velero.io word list : ignore
-    include-go-root: false
-    packages:
-      - github.com/sirupsen/logrus
-    packages-with-error-message:
-      # specify an error message to output when a denylisted package is used
-      - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
  lll:
    # max line length, lines longer will be reported. Default is 120.
    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
    line-length: 120
    # tab width in spaces. Default to 1.
    tab-width: 1
-  maligned:
-    # print struct with more effective memory layout or not, false by default
-    suggest-new: true
  misspell:
    # Correct spellings using locale preferences for US or UK.
    # Default is to use a neutral variety of English.
@@ -219,8 +181,6 @@ linters-settings:
  nolintlint:
    # Enable to ensure that nolint directives are all used. Default is true.
    allow-unused: false
-    # Disable to ensure that nolint directives don't have a leading space. Default is true.
-    allow-leading-space: true
    # Exclude following linters from requiring an explanation.  Default is [].
    allow-no-explanation: []
    # Enable to require an explanation of nonzero length after each nolint directive. Default is false.
@@ -232,7 +192,6 @@ linters-settings:
    sprintf1: false
    errorf: false
    int-conversion: true
-    fiximports: true
  revive:
    rules:
      - name: blank-imports
@@ -299,12 +258,6 @@ linters-settings:
    # if it's called for subdir of a project it can't find external interfaces. All text editor integrations
    # with golangci-lint call it on a directory with the changed file.
    check-exported: false
-  unused:
-    # treat code as a program (not a library) and report unused exported identifiers; default is false.
-    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
-    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
-    # with golangci-lint call it on a directory with the changed file.
-    check-exported: false
  whitespace:
    multi-if: false   # Enforces newlines (or comments) after every multi-line if statement
    multi-func: false # Enforces newlines (or comments) after every multi-line function signature
--- a/20
+++ b/20
@@ -22,6 +22,18 @@ PKG := github.com/vmware-tanzu/velero

 # Where to push the docker image.
 REGISTRY ?= velero
+# In order to push images to an insecure registry, follow the two steps:
+#   1. Set "INSECURE_REGISTRY=true" 
+#   2. Provide your own buildx builder instance by setting "BUILDX_INSTANCE=your-own-builder-instance"
+#      The builder can be created with the following command:
+#        cat << EOF > buildkitd.toml
+#        [registry."insecure-registry-ip:port"]
+#        http = true
+#        insecure = true
+#        EOF
+#        docker buildx create --name=velero-builder --driver=docker-container --bootstrap --use --config ./buildkitd.toml
+#      Refer to https://github.com/docker/buildx/issues/1370#issuecomment-1288516840 for more details
+INSECURE_REGISTRY ?= false
 GCR_REGISTRY ?= gcr.io/velero-gcp

 # Image name
@@ -289,22 +301,22 @@ container-windows:

 push-manifest:
 	@echo "building manifest: $(IMAGE_TAG) for $(foreach osarch, $(ALL_OS_ARCH), $(IMAGE_TAG)-${osarch})"
-	@docker manifest create --amend $(IMAGE_TAG) $(foreach osarch, $(ALL_OS_ARCH), $(IMAGE_TAG)-${osarch})
+	@docker manifest create --amend --insecure=$(INSECURE_REGISTRY) $(IMAGE_TAG) $(foreach osarch, $(ALL_OS_ARCH), $(IMAGE_TAG)-${osarch})

 	@set -x; \
 	for arch in $(ALL_ARCH.windows); do \
 		for osversion in $(ALL_OSVERSIONS.windows); do \
 			BASEIMAGE=mcr.microsoft.com/windows/nanoserver:$${osversion}; \
-			full_version=`docker manifest inspect $${BASEIMAGE} | jq -r '.manifests[0].platform["os.version"]'`; \
+			full_version=`docker manifest inspect --insecure=$(INSECURE_REGISTRY) $${BASEIMAGE} | jq -r '.manifests[0].platform["os.version"]'`; \
 			docker manifest annotate --os windows --arch $${arch} --os-version $${full_version} $(IMAGE_TAG) $(IMAGE_TAG)-windows-$${osversion}-$${arch}; \
 		done; \
 	done

 	@echo "pushing manifest $(IMAGE_TAG)"
-	@docker manifest push --purge $(IMAGE_TAG)
+	@docker manifest push --purge --insecure=$(INSECURE_REGISTRY) $(IMAGE_TAG)

 	@echo "pushed manifest $(IMAGE_TAG):"
-	@docker manifest inspect $(IMAGE_TAG)
+	@docker manifest inspect --insecure=$(INSECURE_REGISTRY) $(IMAGE_TAG)

 SKIP_TESTS ?=
 test: build-dirs
--- a/changelogs/unreleased/8695-blackpiglet
+++ b/changelogs/unreleased/8695-blackpiglet
@@ -0,0 +1 @@
+Modify golangci configuration to make it work.
--- a/changelogs/unreleased/8703-ywk253100
+++ b/changelogs/unreleased/8703-ywk253100
@@ -0,0 +1 @@
+Support pushing images to an insecure registry
				`@@ -0,0 +1 @@`
				`Modify golangci configuration to make it work.`
				`@@ -0,0 +1 @@`
				`Support pushing images to an insecure registry`