Fix trivy job (#745)

Author: thegridman

Makefile

@@ -2155,7 +2155,7 @@ create-ssl-secrets: $(BUILD_OUTPUT)/certs
 ##@ KinD
 
 KIND_CLUSTER   ?= operator
-KIND_IMAGE     ?= "kindest/node:v1.32.2@sha256:f226345927d7e348497136874b6d207e0b32cc52154ad8323129352923a3142f"
+KIND_IMAGE     ?= "kindest/node:v1.33.0@sha256:91e9ed777db80279c22d1d1068c091b899b2078506e4a0f797fbf6e397c0b0b2"
 CALICO_TIMEOUT ?= 300s
 KIND_SCRIPTS   := $(SCRIPTS_DIR)/kind
 
@@ -2373,12 +2373,11 @@ $(TOOLS_BIN)/cmctl:
 
 .PHONY: install-cert-manager
 install-cert-manager: $(TOOLS_BIN)/cmctl ## Install Cert manager into the Kubernetes cluster
-	$(KUBECTL_CMD) apply -f https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.yaml
-	$(CMCTL) check api --wait=10m
+	$(SCRIPTS_DIR)/cert-manager/install-cert-manager.sh
 
 .PHONY: uninstall-cert-manager
 uninstall-cert-manager: ## Uninstall Cert manager from the Kubernetes cluster
-	$(KUBECTL_CMD) delete -f https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.yaml
+	$(SCRIPTS_DIR)/cert-manager/uninstall-cert-manager.sh
 
 
 # ======================================================================================================================
@@ -3048,3 +3047,24 @@ endif
 	rm -f licensed.tar.gz
 	mv ./licensed $(TOOLS_BIN)/licensed
 	chmod +x $(TOOLS_BIN)/licensed
+
+
+
+SHELL_SCRIPT ?=
+.PHONY: run-script
+run-script:
+	chmod +x $(SHELL_SCRIPT)
+	$(SHELL_SCRIPT)
+
+# ----------------------------------------------------------------------------------------------------------------------
+# Export various properties
+# ----------------------------------------------------------------------------------------------------------------------
+export VERSION OPERATOR_IMAGE COHERENCE_IMAGE KUBECTL_CMD \
+  BUILD_OUTPUT BUILD_BIN BUILD_DEPLOY BUILD_HELM BUILD_MANIFESTS SCRIPTS_DIR TEST_LOGS_DIR \
+  TOOLS_BIN MVN_VERSION CERT_MANAGER_VERSION \
+  OPERATOR_NAMESPACE CLUSTER_NAMESPACE OPERATOR_NAMESPACE_CLIENT BUILD_OUTPUT TEST_APPLICATION_IMAGE \
+  TEST_APPLICATION_IMAGE_CLIENT TEST_APPLICATION_IMAGE_HELIDON TEST_APPLICATION_IMAGE_HELIDON_3 \
+  TEST_APPLICATION_IMAGE_HELIDON_2 SKIP_SPRING_CNBP TEST_APPLICATION_IMAGE_SPRING TEST_APPLICATION_IMAGE_SPRING_FAT \
+  TEST_APPLICATION_IMAGE_SPRING_CNBP TEST_APPLICATION_IMAGE_SPRING_2 TEST_APPLICATION_IMAGE_SPRING_FAT_2 \
+  TEST_APPLICATION_IMAGE_SPRING_CNBP_2 TEST_COHERENCE_IMAGE IMAGE_PULL_SECRETS COHERENCE_OPERATOR_SKIP_SITE \
+  TEST_IMAGE_PULL_POLICY TEST_STORAGE_CLASS GO_TEST_FLAGS_E2E TEST_ASSET_KUBECTL LOCAL_STORAGE_RESTART

docs/about/04_coherence_spec.adoc

@@ -352,6 +352,7 @@ m| topologySpreadConstraints | TopologySpreadConstraints describes how a group o
 m| rackLabel | RackLabel is an optional Node label to use for the value of the Coherence member's rack name. The default labels to use are determined by the Operator. m| *string | false
 m| siteLabel | SiteLabel is an optional Node label to use for the value of the Coherence member's site name The default labels to use are determined by the Operator. m| *string | false
 m| lifecycle | Lifecycle applies actions that the management system should take in response to container lifecycle events. Cannot be updated. m| *https://{k8s-doc-link}/#lifecycle-v1-core[corev1.Lifecycle] | false
+m| minReadySeconds | Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) m| *int32 | false
 |===
 
 <<Table of Contents,Back to TOC>>
@@ -868,6 +869,7 @@ m| timeoutSeconds | Number of seconds after which the probe times out. More info
 m| periodSeconds | How often (in seconds) to perform the probe. m| &#42;int32 | false
 m| successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. m| &#42;int32 | false
 m| failureThreshold | Minimum consecutive failures for the probe to be considered failed after having succeeded. m| &#42;int32 | false
+m| terminationGracePeriodSeconds | TerminationGracePeriodSeconds is the optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. The minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. m| &#42;int64 | false
 |===
 
 <<Table of Contents,Back to TOC>>

hack/cert-manager/install-cert-manager.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+#
+# Copyright (c) 2020, 2025, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at
+# http://oss.oracle.com/licenses/upl.
+#
+
+set -o errexit
+
+OS=$(go env GOOS)
+ARCH=$(go env GOARCH)
+
+if [ "CERT_MANAGER_VERSION" = "" ];
+then
+  echo "CERT_MANAGER_VERSION is not set"
+  exit 1
+fi
+
+curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH}
+chmod +x cmctl
+mv cmctl ${TOOLS_BIN}
+
+${KUBECTL_CMD} apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
+${TOOLS_BIN}/cmctl check api --wait=10m
+
+helm repo add jetstack https://charts.jetstack.io --force-update
+
+helm upgrade trust-manager jetstack/trust-manager \
+  --install \
+  --namespace cert-manager \
+  --wait

hack/cert-manager/uninstall-cert-manager.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (c) 2020, 2025, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at
+# http://oss.oracle.com/licenses/upl.
+#
+
+set -o errexit
+
+OS=$(go env GOOS)
+ARCH=$(go env GOARCH)
+
+if [ "CERT_MANAGER_VERSION" = "" ];
+then
+  echo "CERT_MANAGER_VERSION is not set"
+  exit 1
+fi
+
+helm uninstall trust-manager -n cert-manager
+kubectl delete crd bundles.trust.cert-manager.io
+
+${KUBECTL_CMD} delete -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml

hack/golang/govulncheck.sh

@@ -4,8 +4,23 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at
 # http://oss.oracle.com/licenses/upl.
 #
+set -o errexit
 
+ROOT_DIR=$(pwd)
+TOOLS_BIN=${ROOT_DIR}/build/tools/bin
+
+test -s ${TOOLS_BIN}/govulncheck || GOBIN=${TOOLS_BIN} go install golang.org/x/vuln/cmd/govulncheck@latest
+chmod +x ${TOOLS_BIN}/govulncheck
+
+make build-operator-images
+
+echo "INFO: govulncheck - Checking x84_64 runner"
+${TOOLS_BIN}/govulncheck -mode binary -show traces,version,verbose  ./bin/linux/amd64/runner
+echo "INFO: govulncheck - Checking x84_64 cohctl"
+${TOOLS_BIN}/govulncheck -mode binary -show traces,version,verbose  ./bin/linux/amd64/cohctl
+
+echo "INFO: govulncheck - Checking Arm64 runner"
+${TOOLS_BIN}/govulncheck -mode binary -show traces,version,verbose  ./bin/linux/arm64/runner
+echo "INFO: govulncheck - Checking Arm64 cohctl"
+${TOOLS_BIN}/govulncheck -mode binary -show traces,version,verbose  ./bin/linux/arm64/cohctl
 
-go install golang.org/x/vuln/cmd/govulncheck@latest
-make runner
-govulncheck -mode binary -show traces,version,verbose  ./bin/runner