chore: update dependencies and improve environment setup

.github/workflows/check-dist.yml

@@ -24,8 +24,8 @@ jobs:
         working-directory: actions/spa-setup-task
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # ratchet:actions/setup-node@v6
         with:
           node-version: '20'
       - run: yarn install
@@ -41,7 +41,7 @@ jobs:
         id: diff
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # ratchet:actions/upload-artifact@v6
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/master.yaml

@@ -36,11 +36,9 @@ jobs:
           - component: canary-deployer
             chart: true
     steps:
-      - uses: actions/checkout@v4 # ratchet:exclude
-      - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # ratchet:azure/setup-helm@v3
+      - uses: actions/checkout@v6 # ratchet:exclude
+      - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # ratchet:azure/setup-helm@v4
         if: matrix.chart
-        with:
-          version: "v3.11.1"
       - name: "Build and push image"
         uses: nais/platform-build-push-sign@main # ratchet:exclude
         id: build_push_sign
@@ -78,7 +76,7 @@ jobs:
       - name: "Authenticate to Google Cloud"
         if: matrix.chart && github.ref == 'refs/heads/master'
         id: "auth"
-        uses: "google-github-actions/auth@v2" # ratchet:exclude
+        uses: "google-github-actions/auth@v3" # ratchet:exclude
         with:
           workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
           service_account: "gh-deploy@nais-io.iam.gserviceaccount.com"
@@ -136,9 +134,9 @@ jobs:
       - build_and_push
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4 # ratchet:exclude
+      - uses: actions/checkout@v6 # ratchet:exclude
 
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # ratchet:actions/setup-go@v6
         with:
           go-version: 'stable'
 

.github/workflows/test-job.yaml

@@ -13,10 +13,10 @@ jobs:
     name: Deploy to NAIS
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: deploy to ${{ github.event.inputs.cluster }}
-      uses: nais/deploy/actions/deploy@v2
-      env:
-        APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-        CLUSTER: ${{ github.event.inputs.cluster }}
-        RESOURCE: testdata/job.yaml
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # ratchet:actions/checkout@v4
+      - name: deploy to ${{ github.event.inputs.cluster }}
+        uses: nais/deploy/actions/deploy@v2 # ratchet:exclude
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: ${{ github.event.inputs.cluster }}
+          RESOURCE: testdata/job.yaml

.github/workflows/test-naisjob-without-schedule.yaml

@@ -15,9 +15,9 @@ jobs:
       contents: read
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: deploy to ${{ github.event.inputs.cluster }}
-      uses: nais/deploy/actions/deploy@v2
-      env:
-        CLUSTER: ${{ github.event.inputs.cluster }}
-        RESOURCE: testdata/naisjob-without-schedule.yaml
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
+      - name: deploy to ${{ github.event.inputs.cluster }}
+        uses: nais/deploy/actions/deploy@v2 # ratchet:exclude
+        env:
+          CLUSTER: ${{ github.event.inputs.cluster }}
+          RESOURCE: testdata/naisjob-without-schedule.yaml

.github/workflows/test-naisjob.yaml

@@ -13,10 +13,10 @@ jobs:
     name: Deploy to NAIS
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: deploy to ${{ github.event.inputs.cluster }}
-      uses: nais/deploy/actions/deploy@v2
-      env:
-        APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-        CLUSTER: ${{ github.event.inputs.cluster }}
-        RESOURCE: testdata/naisjob.yaml
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
+      - name: deploy to ${{ github.event.inputs.cluster }}
+        uses: nais/deploy/actions/deploy@v2 # ratchet:exclude
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: ${{ github.event.inputs.cluster }}
+          RESOURCE: testdata/naisjob.yaml

CODEOWNERS

@@ -1 +1 @@
-* @navikt/aura
+* @navikt/nais

Dockerfile.canary-deployer

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 RUN apk add --no-cache git make curl
 ENV GOOS=linux
@@ -11,12 +11,12 @@ COPY go.sum .
 RUN go mod download
 COPY . .
 
-RUN make kubebuilder
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 RUN make test
 RUN make deploy-alpine
 
 
-FROM alpine:3
+FROM alpine:3.20
 
 WORKDIR /app
 RUN apk add --no-cache ca-certificates

Dockerfile.deploy

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 RUN apk add --no-cache git make curl
 ENV GOOS=linux
@@ -11,12 +11,12 @@ COPY go.sum .
 RUN go mod download
 COPY . .
 
-RUN make kubebuilder
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 RUN make test
 RUN make deploy-alpine
 
 
-FROM alpine:3
+FROM alpine:3.20
 
 WORKDIR /app
 RUN apk add --no-cache ca-certificates wget

Dockerfile.deploy-action

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 RUN apk add --no-cache git make curl
 ENV GOOS=linux
@@ -11,12 +11,12 @@ COPY go.sum .
 RUN go mod download
 COPY . .
 
-RUN make kubebuilder
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 RUN make test
 RUN make deploy-alpine
 
 
-FROM alpine:3
+FROM alpine:3.20
 
 WORKDIR /app
 ENV TZ="Europe/Oslo"

Dockerfile.deployd

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 RUN apk add --no-cache git make curl
 ENV GOOS=linux
@@ -11,12 +11,12 @@ COPY go.sum .
 RUN go mod download
 COPY . .
 
-RUN make kubebuilder
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 RUN make test
 RUN make deployd-alpine
 
 
-FROM alpine:3
+FROM alpine:3.20
 
 WORKDIR /app
 RUN apk add --no-cache ca-certificates

Dockerfile.hookd

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 RUN apk add --no-cache git make curl
 ENV GOOS=linux
@@ -11,12 +11,12 @@ COPY go.sum .
 RUN go mod download
 COPY . .
 
-RUN make kubebuilder
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 RUN make test
 RUN make hookd-alpine
 
 
-FROM alpine:3
+FROM alpine:3.20
 
 WORKDIR /app
 RUN apk add --no-cache ca-certificates

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 NAV
+Copyright (c) NAV
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -2,16 +2,17 @@ PROTOC = $(shell which protoc)
 PROTOC_GEN_GO = $(shell which protoc-gen-go)
 BUILDTIME = $(shell date "+%s")
 DATE = $(shell date "+%Y-%m-%d")
-K8S_VERSION := 1.27.1
+K8S_VERSION := 1.33.5
 LAST_COMMIT = $(shell git rev-parse --short HEAD)
 VERSION ?= $(DATE)-$(LAST_COMMIT)
 LDFLAGS := -X github.com/nais/deploy/pkg/version.Revision=$(LAST_COMMIT) -X github.com/nais/deploy/pkg/version.Date=$(DATE) -X github.com/nais/deploy/pkg/version.BuildUnixTime=$(BUILDTIME)
 arch := $(shell uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
 os := $(shell uname -s | tr '[:upper:]' '[:lower:]')
 testbin_dir := ./.testbin/
 tools_archive := kubebuilder-tools-${K8S_VERSION}-$(os)-$(arch).tar.gz
+SETUP_ENVTEST := $(shell command -v setup-envtest 2>/dev/null || command -v $(shell go env GOPATH)/bin/setup-envtest 2>/dev/null)
 
-.PHONY: all proto hookd deployd token-generator deploy alpine test docker upload deploy-alpine hookd-alpine deployd-alpine
+.PHONY: all proto hookd deployd token-generator deploy alpine test docker upload deploy-alpine hookd-alpine deployd-alpine envtest-info
 
 all: hookd deployd deploy
 
@@ -63,8 +64,18 @@ alpine:
 	go build -a -installsuffix cgo -o bin/deployd -ldflags "-s $(LDFLAGS)" cmd/deployd/main.go
 	go build -a -installsuffix cgo -o bin/deploy -ldflags "-s $(LDFLAGS)" cmd/deploy/main.go
 
-test: kubebuilder
-	go test ./... -count=1
+test:
+	@if [ -n "$(SETUP_ENVTEST)" ]; then \
+		ASSETS=$$($(SETUP_ENVTEST) use -p path); \
+		echo "Using envtest assets: $$ASSETS"; \
+		export KUBEBUILDER_ASSETS=$$ASSETS; \
+		go test ./... -count=1; \
+	else \
+		echo "setup-envtest not found; falling back to kubebuilder tools download"; \
+		$(MAKE) kubebuilder; \
+		export KUBEBUILDER_ASSETS=$(testbin_dir); \
+		go test ./... -count=1; \
+	fi
 
 migration:
 	go generate ./...
@@ -75,7 +86,7 @@ kubebuilder: $(testbin_dir)/$(tools_archive)
 
 $(testbin_dir)/$(tools_archive):
 	mkdir -p $(testbin_dir)
-	curl -L -O --output-dir $(testbin_dir) "https://storage.googleapis.com/kubebuilder-tools/$(tools_archive)"
+	curl -fL --output $(testbin_dir)/$(tools_archive) "https://storage.googleapis.com/kubebuilder-tools/$(tools_archive)"
 
 check:
 	go run honnef.co/go/tools/cmd/staticcheck ./...
@@ -88,3 +99,16 @@ hookd-alpine:
 
 deploy-alpine:
 	go build -a -installsuffix cgo -o bin/deploy -ldflags "-s $(LDFLAGS)" ./cmd/deploy/
+
+envtest-info:
+	@echo "setup-envtest (PATH): $$(command -v setup-envtest || true)"
+	@echo "setup-envtest (GOPATH/bin): $$(command -v $(shell go env GOPATH)/bin/setup-envtest || true)"
+	@echo "GOPATH: $$(go env GOPATH)"
+	@echo "KUBEBUILDER_ASSETS (env): $${KUBEBUILDER_ASSETS:-<unset>}"
+	@if [ -n "$(SETUP_ENVTEST)" ]; then \
+		ASSETS=$$($(SETUP_ENVTEST) use -p path); \
+		echo "envtest assets: $$ASSETS"; \
+		ls -la "$$ASSETS"; \
+	else \
+		echo "setup-envtest not found"; \
+	fi

README.md

@@ -132,6 +132,13 @@ go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 source <(setup-envtest use -p env)
 ```
 
+Troubleshooting envtest assets:
+```
+make envtest-info
+```
+
+Docker image builds also run `make test`, which uses `setup-envtest` when available.
+
 ## Running locally
 
 For a combination of more tools running locally ([hookd](https://github.com/nais/deploy), [Console frontend](https://github.com/nais/console-frontend) and more), check out the [nais/features-dev](https://github.com/nais/features-dev) repo. 
@@ -189,7 +196,6 @@ Once the above components are running and configured, you can deploy using the f
     --wait \
 ;
 ```
-
 ```
 ./bin/deploy --resource res.yaml --cluster local --apikey 20cefcd6bd0e8b8860c4ea90e75d7123019ed7866c61bd09e23821948878a11d --deploy-server http://localhost:8080 --wait
 ```

go.mod

@@ -1,6 +1,15 @@
 module github.com/nais/deploy
 
-go 1.24.0
+go 1.25.7
+
+tool (
+	github.com/vektra/mockery/v2
+	golang.org/x/vuln/cmd/govulncheck
+	google.golang.org/grpc/cmd/protoc-gen-go-grpc
+	google.golang.org/protobuf/cmd/protoc-gen-go
+	honnef.co/go/tools/cmd/staticcheck
+	mvdan.cc/gofumpt
+)
 
 require (
 	github.com/aymerick/raymond v2.0.2+incompatible
@@ -20,22 +29,17 @@ require (
 	github.com/spf13/pflag v1.0.6
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.10.0
-	github.com/vektra/mockery/v2 v2.53.2
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0
 	go.opentelemetry.io/otel/sdk v1.36.0
 	go.opentelemetry.io/otel/trace v1.36.0
-	golang.org/x/vuln v1.1.4
 	google.golang.org/grpc v1.72.2
-	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1
 	google.golang.org/protobuf v1.36.5
 	gopkg.in/sakura-internet/go-rison.v3 v3.2.0
 	gopkg.in/yaml.v2 v2.4.0
-	honnef.co/go/tools v0.6.0
 	k8s.io/api v0.32.2
 	k8s.io/apimachinery v0.32.2
 	k8s.io/client-go v0.32.2
-	mvdan.cc/gofumpt v0.8.0
 	sigs.k8s.io/controller-runtime v0.20.2
 )
 
@@ -115,6 +119,7 @@ require (
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/vektra/mockery/v2 v2.53.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect
@@ -134,17 +139,21 @@ require (
 	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/time v0.10.0 // indirect
 	golang.org/x/tools v0.32.0 // indirect
+	golang.org/x/vuln v1.1.4 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	honnef.co/go/tools v0.6.0 // indirect
 	k8s.io/apiextensions-apiserver v0.32.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+	mvdan.cc/gofumpt v0.8.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect

mise.toml

@@ -0,0 +1,2 @@
+[tools]
+go = "1.25.7"

pkg/deployd/deployd/deployd_test.go

@@ -193,9 +193,11 @@ func newTestRig() (*testRig, error) {
 
 	rig := &testRig{}
 
-	err = os.Setenv("KUBEBUILDER_ASSETS", testBinDirectory())
-	if err != nil {
-		return nil, fmt.Errorf("failed to set environment variable: %w", err)
+	if os.Getenv("KUBEBUILDER_ASSETS") == "" {
+		err = os.Setenv("KUBEBUILDER_ASSETS", testBinDirectory())
+		if err != nil {
+			return nil, fmt.Errorf("failed to set environment variable: %w", err)
+		}
 	}
 
 	rig.scheme, err = scheme.All()