* fix: match image digests with any algorithm, not only sha256
IsImageMatched hard-coded '@sha256:' in its regex, while Split accepts any
digest algorithm. An image pinned with a non-sha256 digest (e.g.
nginx@sha512:...) was not matched, so the ImageTagTransformer silently left
it unchanged and the user's images: override was ignored. Generalize the
digest algorithm in the regex to match what Split accepts.
Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
* Address review: match OCI digest grammar and test spec example algorithms
Broaden the digest-algorithm match to the OCI grammar (algorithm components
separated by +._-), so multihash+base58 and other registered/unregistered
algorithms match, not just [a-zA-Z][a-zA-Z0-9]*. Add test cases using the
descriptor example algorithms: a full-length sha512 digest and
multihash+base58.
Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
---------
Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
* Reject paths with inner '..' in FileLoader.New to prevent silent misresolution
* Refactor hasInnerDotDot to two-phase loop eliminating mutable state
* Narrow check to embedded '..' segments to allow legitimate winding paths
* Fix gofmt alignment and trailing whitespace in new test functions
* Fix pre-existing lint errors in fileloader_test.go
* fix: performance recession when propagating namespace to helm
* fix: handle passing namespace downstream more elegant
* Revert "fix: handle passing namespace downstream more elegant"
This reverts commit 976a7cf2aa.
* Revert "fix: performance recession when propagating namespace to helm"
This reverts commit c7612d1dba.
* fix: use annotation to identify helm chart generated resources
* fix: deduplicate code
* fix: missing import in NamespaceTransformer.go
* ci: allow manual trigger of pipeline in fork
* Revert "ci: allow manual trigger of pipeline in fork"
This reverts commit 8948788fe2.
* fix: test cases
* chore: fix code comment was on wrong line
* chore: fix code comment was on wrong line pt2
* update go 1.24.6
* fix non-constant format string error
* update golang.org/x/tools@v0.36.0 and github.com/golangci/golangci-lint@v1.64.8 to pass execute golangci-lint
* add a verpose diff output to prow test
* remove pluginator binary version from generated files
* fix: Add test, when an empty patch file is given, it should not fail
* fix: Add code so there's no error given if an empty file is given as a patch
* chore: Generate plugin with pluginator
* chore: fix tests
Signed-off-by: Julio Chana <julio.chana@lokalise.com>
* Add t.helper() at start of test function
Signed-off-by: Julio Chana <julio.chana@lokalise.com>
---------
Signed-off-by: Julio Chana <julio.chana@lokalise.com>
Include configuration for the new `ValidatingAdmissionPolicy` and
`ValidationAdmissionPolicyBinding` APIs so that Kustomize can natively configure
the `policyName` field in `ValidatingAdmissionPolicyBinding` with the transformed
name of `ValidatingAdmissionPolicy`.
* fix: use fmt.Errorf ubstead if non-exising `errors.New`
When https://github.com/kubernetes-sigs/kustomize/pull/5525 merged, it
referenced `errors.New` function but that function doesn't exist.
This PR replaces the call with simple `fmt.Errorf`.
* Add lint check with kustomize_disable_go_plugin_support
* move lint-api-static to /api/Makefile
* clean golangci cache
* feat: support labels key in transformer configuration
Allow the usage of a separate transformer configuration for the labels key,
similar to what is currently available for commonLabels and commonAnnotations.
This aims to provide the same functionality that commonLabels currently provide
for labels, since commonLabels is deprecated and slated for removal in a future
release.
* chore(transformerconfig): add nolint hint
Add a nolint hint to the new method so the returns can stay consistent with
one another.
* fix: changes from code review
* Rename methods `AddCommonLabelFieldSpec` and `AddLabelFieldSpec` to
`AddCommonLabelsFieldSpec` and `AddLabelsFieldSpec`.
* Add extra test to verify scenarios applying labels to Custom Resource Definitions.
Assert keeps going after failure, but require immediately fails
the tests, making it easier to find the output related to the test
failure, rather than having to comb through a bunch of subsequent
assertion failures. For equality tests, we may or may not want to
continue, but for error checks we almost always want to immediately
fail the test. Exceptions can be changed as-needed.
