release: 2.1.3: Dependency Updates (#116)

irby · spbsoluble · dependabot[bot] · web-flow · commit 05e73eccd708 · 2026-02-24T17:12:47.000-08:00
* chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.10.0 to 1.11.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.10.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.22.1 to 0.22.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.1 to 0.22.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.22.1...v0.22.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.22.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.27.1 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.22.0 to 2.27.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.22.0...v2.27.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.27.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Change builder image to major.minor(1.24) instead of major.minor.patch(1.24.6) When rebuilding the image now old critical vulnerabilities will not be in the resulting image anymore. * chore(tests): add documentation for configuring security roles and update test names Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(docs): update contributing guideline link in PR template Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(docs): update changelog Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark de Jong <HoogWater@users.noreply.github.com>
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -14,4 +14,4 @@
 - [ ] I have kept the patch limited to only change the parts related to the patch
 - [ ] This change requires a documentation update
 
-See also [Contributing Guidelines](../CONTRIBUTING.md).
+See also [Contributing Guidelines](https://github.com/Keyfactor/ejbca-cert-manager-issuer/blob/main/CONTRIBUTING.md).
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
@@ -46,7 +46,7 @@ jobs:
 
       # Checkout code
       - name: Checkout code at tag
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ steps.tag_ref.outputs.checkout_ref }}
           fetch-depth: 0  # Fetch full history for better context
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,14 @@
+# v2.1.3
+## Chores:
+- Build Docker image from Go 1.24 instead of 1.24.6
+- Update GitHub Actions workflow versions
+- Update Go dependencies
+
 # v2.1.1
 # Fixes:
 - Fix issue with Helm chart not publishing correct tag (https://github.com/Keyfactor/ejbca-cert-manager-issuer/issues/89)
 
-# Chores:
+## Chores:
 - Fix small typo in link description
 - Aligned with EJBCA & SignServer template repo
 - Bump versions of GitHub Actions steps
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-ARG GOIMAGE=golang:1.24.6
+ARG GOIMAGE=golang:1.24
 ARG BASEIMAGE=gcr.io/distroless/static:nonroot
 ARG TARGETOS
 ARG TARGETARCH
diff --git a/go.mod b/go.mod
@@ -5,20 +5,21 @@ go 1.24.0
 require (
 	github.com/Keyfactor/ejbca-go-client-sdk v1.0.2
 	github.com/cert-manager/cert-manager v1.18.2
-	github.com/go-logr/logr v1.4.2
-	github.com/onsi/ginkgo/v2 v2.22.0
-	github.com/onsi/gomega v1.36.1
-	github.com/stretchr/testify v1.10.0
+	github.com/go-logr/logr v1.4.3
+	github.com/onsi/ginkgo/v2 v2.27.1
+	github.com/onsi/gomega v1.38.2
+	github.com/stretchr/testify v1.11.1
 	k8s.io/api v0.34.1
 	k8s.io/apimachinery v0.34.1
 	k8s.io/client-go v0.34.1
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
-	sigs.k8s.io/controller-runtime v0.22.1
+	sigs.k8s.io/controller-runtime v0.22.3
 )
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -38,7 +39,7 @@ require (
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
+	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -58,26 +59,28 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.38.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
 	golang.org/x/oauth2 v0.28.0 // indirect
-	golang.org/x/sync v0.14.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/term v0.32.0 // indirect
-	golang.org/x/text v0.25.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/term v0.34.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
 	golang.org/x/time v0.10.0 // indirect
-	golang.org/x/tools v0.30.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	google.golang.org/protobuf v1.36.7 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.34.0 // indirect
-	k8s.io/component-base v0.34.0 // indirect
+	k8s.io/apiextensions-apiserver v0.34.1 // indirect
+	k8s.io/component-base v0.34.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
 	sigs.k8s.io/gateway-api v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
diff --git a/go.sum b/go.sum
diff --git a/test/e2e/README.md b/test/e2e/README.md
@@ -33,6 +33,9 @@ cp .env.example .env
 
 Modify the fields as needed.
 
+## Configuring EJBCA Security Role
+The EJBCA issuer needs to be able to interact with the EJBCA instance to sign the CertificateRequest. The OAuth subject defined in the `OAUTH_CLIENT_ID` environment variable needs to be configured with a security role with the permissions defined in the [Configure EJBCA Roles and Access Rules](../../README.md#configuring-ejbca) section of the root README.
+
 ## Running the script
 
 ```bash
diff --git a/test/e2e/run_tests.sh b/test/e2e/run_tests.sh
@@ -72,8 +72,8 @@ SIGNER_CA_SECRET_NAME="ca-secret"
 CERTIFICATE_CRD_FQTN="certificates.cert-manager.io"
 CERTIFICATEREQUEST_CRD_FQTN="certificaterequests.cert-manager.io"
 
-CR_C_NAME="cert"
-CR_CR_NAME="cert-1"
+CR_C_NAME="ejbca-cert"
+CR_CR_NAME="ejbca-cert-1"
 CR_C_SECRET_NAME="$CR_C_NAME-tls"
 
 set -e # Exit on any error
@@ -529,12 +529,13 @@ wait_for_certificate_request() {
     local end_time=$(($(date +%s) + timeout))
 
     while [ $(date +%s) -lt $end_time ]; do
-        local cr_count=$(kubectl -n issuer-playground get certificaterequests -o json | \
+        local cr_count=$(kubectl -n $ISSUER_NAMESPACE get certificaterequests -o json | \
             jq -r '.items[] | .metadata.name' | wc -l)
 
         cr_count=$(echo "$cr_count" | tr -d ' ')
 
         if [ "$cr_count" -gt 0 ]; then
+            sleep 2 # add a buffer to avoid "resource not found" error
             echo "✅ CertificateRequest created"
             return 0
         fi
@@ -720,14 +721,14 @@ check_for_certificate_secret
 echo "🧪✅ Test 1 completed successfully."
 echo ""
 
-echo "🧪💬 Test 2: A generated certificate request should be successfully issued by ClusterIssuer."
+echo "🧪💬 Test 1a: A generated certificate request should be successfully issued by ClusterIssuer."
 regenerate_cluster_issuer
 regenerate_certificate ClusterIssuer
 wait_for_certificate_request
 approve_certificate_request
 check_certificate_request_status
 check_for_certificate_secret
-echo "🧪✅ Test 2 completed successfully."
+echo "🧪✅ Test 1a completed successfully."
 echo ""
 
 
