feat: new rsa E2E test

Additionally bumped dependencies & code to go 1.23

.dockerignore

@@ -0,0 +1,8 @@
+Makefile
+*.key
+*.pub
+*.png
+hack/
+manifests/
+chart/
+README.md

.github/workflows/build.yaml

@@ -4,8 +4,8 @@ on:
   push:
     branches:
       - main
-    tags:        
-      - '*'
+    tags:
+      - "*"
 
 jobs:
   build:
@@ -28,7 +28,7 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
         with:
-          cosign-release: 'v2.2.0'
+          cosign-release: "v2.4.0"
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx

.golangci.yaml

@@ -23,8 +23,8 @@ linters-settings:
     min-complexity: 15
   gofmt:
     rewrite-rules:
-      - pattern: 'interface{}'
-        replacement: 'any'
+      - pattern: "interface{}"
+        replacement: "any"
   goimports:
     local-prefixes: github.com/golangci/golangci-lint
   gomnd:
@@ -35,15 +35,14 @@ linters-settings:
       - condition
       - return
     ignored-numbers:
-      - '0'
-      - '1'
-      - '2'
-      - '3'
+      - "0"
+      - "1"
+      - "2"
+      - "3"
     ignored-functions:
       - strings.SplitN
 
   govet:
-    check-shadowing: true
     settings:
       printf:
         funcs:
@@ -72,7 +71,7 @@ linters:
     - dogsled
     - dupl
     - errcheck
-    - exportloopref
+    - copyloopvar
     - funlen
     - gocheckcompilerdirectives
     - gochecknoinits
@@ -81,7 +80,7 @@ linters:
     - gocyclo
     - gofmt
     - goimports
-    - gomnd
+    - mnd
     - goprintffuncname
     - gosec
     - gosimple
@@ -99,9 +98,8 @@ linters:
     - unused
     - whitespace
 
-run:
-  timeout: 5m
-  skip-files:
+issues:
+  exclude-files:
     - .*_test\.go
-  skip-dirs:
+  exclude-dirs:
     - test/

Dockerfile

@@ -1,5 +1,5 @@
 # build stage
-FROM golang:1.21 AS build-env
+FROM golang:1.23 AS build-env
 WORKDIR /app
 COPY  . /app
 RUN useradd -u 10001 webhook && \

Makefile

@@ -19,7 +19,7 @@ e2e-cluster:
 	@echo "Creating registry..."
 	@k3d registry create registry.localhost --port 13942
 	@echo "Adding registry to cluster..."
-	@K3D_FIX_DNS=0 k3d cluster create cosign-tests --registry-use k3d-registry.localhost:13942
+	@k3d cluster create cosign-tests --registry-use k3d-registry.localhost:13942
 	@echo "Create test namespace..."
 	@kubectl create namespace test-cases
 
@@ -59,13 +59,14 @@ e2e-deploy:
 		--set image.tag=dev \
 		--set-file cosign.scwebhook.key=cosign.pub \
 		--set logLevel=debug \
-		--wait --debug
+		--wait --debug --atomic
 
 e2e-prep: e2e-cluster e2e-keys e2e-images e2e-deploy
 
 e2e-cleanup:
-	@echo "Cleaning up..."
-	@k3d registry delete k3d-registry.localhost
-	@k3d cluster delete cosign-tests
-	@helm uninstall cosignwebhook -n cosignwebhook
-	@rm -f cosign.pub cosign.key second.pub second.key
+	@echo "Cleaning up test env..."
+	@k3d registry delete k3d-registry || echo "Deleting k3d registry failed. Continuing..."
+	@helm uninstall cosignwebhook -n cosignwebhook || echo "Uninstalling cosignwebhook helm release failed. Continuing..."
+	@k3d cluster delete cosign-tests || echo "Deleting cosign tests k3d cluster failed. Continuing..."
+	@rm -f cosign.pub cosign.key second.pub second.key || echo "Removing files failed. Continuing..."
+	@echo "Done."

chart/values.yaml

@@ -32,15 +32,15 @@ podAnnotations: {}
 podSecurityContext:
   fsGroup: 1000
   supplementalGroups:
-  - 1000
+    - 1000
 
 # minimal permissions for container
 securityContext:
   readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
   capabilities:
     drop:
-    - ALL
+      - ALL
   privileged: false
   runAsUser: 1000
   runAsGroup: 1000
@@ -103,17 +103,17 @@ affinity: {}
 cosign:
   image:
     repository: ghcr.io/sigstore/cosign/cosign
-    tag: v2.0.0
+    tag: v2.4.0
     pullPolicy: IfNotPresent
   sccosign:
     key: |
-        -----BEGIN PUBLIC KEY-----
-        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt
-        IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww==
-        -----END PUBLIC KEY-----
+      -----BEGIN PUBLIC KEY-----
+      MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt
+      IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww==
+      -----END PUBLIC KEY-----
   scwebhook:
     key: |
-        -----BEGIN PUBLIC KEY-----
-        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENDN3HpXY2weMYRuuJbZnNczrOyns
-        ZvVnR15G9EILCH8+elXkYy+4U70mR++XIL0iD8NhZ3kxfpFjxyHlnG5Snw==
-        -----END PUBLIC KEY-----
+      -----BEGIN PUBLIC KEY-----
+      MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENDN3HpXY2weMYRuuJbZnNczrOyns
+      ZvVnR15G9EILCH8+elXkYy+4U70mR++XIL0iD8NhZ3kxfpFjxyHlnG5Snw==
+      -----END PUBLIC KEY-----