Skip to content

refactor: apply best practices across controller, tests, CI, and Helm chart#321

Merged
dntosas merged 3 commits intomainfrom
feat/refactor
Feb 7, 2026
Merged

refactor: apply best practices across controller, tests, CI, and Helm chart#321
dntosas merged 3 commits intomainfrom
feat/refactor

Conversation

@dntosas
Copy link
Copy Markdown
Owner

@dntosas dntosas commented Feb 7, 2026

Replace global mutable state with an injected Config struct, eliminating
data races in parallel tests and improving testability. Introduce sentinel
errors (ErrWrongSecretType, ErrWrongSecretKey, ErrInvalidKubeConfig) for
programmatic error handling with errors.Is().

Reconciler improvements:

  • Fix potential panic on empty secretList by extracting deleteArgoSecretByLabels helper
  • Add watch predicates to filter only *-kubeconfig secrets, reducing reconciliation load
  • Handle missing CAPI CRDs gracefully with apimeta.IsNoMatchError
  • Use passed ctx consistently instead of context.Background()
  • Replace switch/case bool with idiomatic if/else
  • Fix sync-duration flag description typo
  • Add custom Prometheus metrics (created/updated/deleted counters)

Testing:

  • Remove deprecated Ginkgo v1 / Gomega, replace with TestMain + envtest
  • Fix data races by passing Config as parameter instead of mutating globals
  • Use errors.Is() assertions instead of string comparison
  • Add tests for sentinel errors and ValidateCapiNaming
  • Rename constructs_test.go to testhelpers_test.go

CI/CD:

  • Enable golangci-lint in CI workflow
  • Add pull_request trigger to CI and CodeQL workflows
  • Add weekly schedule to CodeQL for continuous security scanning
  • Update Go image to 1.24 and golangci-lint to v2.1.6

Helm chart:

  • Add PodDisruptionBudget template
  • Add NetworkPolicy template with DNS/API server egress rules
  • Add readOnlyRootFilesystem to container security context defaults

@dntosas
refactor: apply best practices across controller, tests, CI, and Helm…
ad56139 
… chart

Replace global mutable state with an injected Config struct, eliminating
data races in parallel tests and improving testability. Introduce sentinel
errors (ErrWrongSecretType, ErrWrongSecretKey, ErrInvalidKubeConfig) for
programmatic error handling with errors.Is().

Reconciler improvements:
- Fix potential panic on empty secretList by extracting deleteArgoSecretByLabels helper
- Add watch predicates to filter only *-kubeconfig secrets, reducing reconciliation load
- Handle missing CAPI CRDs gracefully with apimeta.IsNoMatchError
- Use passed ctx consistently instead of context.Background()
- Replace switch/case bool with idiomatic if/else
- Fix sync-duration flag description typo
- Add custom Prometheus metrics (created/updated/deleted counters)

Testing:
- Remove deprecated Ginkgo v1 / Gomega, replace with TestMain + envtest
- Fix data races by passing Config as parameter instead of mutating globals
- Use errors.Is() assertions instead of string comparison
- Add tests for sentinel errors and ValidateCapiNaming
- Rename constructs_test.go to testhelpers_test.go

CI/CD:
- Enable golangci-lint in CI workflow
- Add pull_request trigger to CI and CodeQL workflows
- Add weekly schedule to CodeQL for continuous security scanning
- Update Go image to 1.24 and golangci-lint to v2.1.6

Helm chart:
- Add PodDisruptionBudget template
- Add NetworkPolicy template with DNS/API server egress rules
- Add readOnlyRootFilesystem to container security context defaults
@dntosas
fix(ci): upgrade golangci-lint-action to v7 for golangci-lint v2 support
40f1892 
golangci-lint-action v6 does not support golangci-lint v2.x. Bump the
action to v7 which is required for v2.1.6.

Signed-off-by: dntosas <[email protected]>
@dntosas
fix(lint): resolve all golangci-lint errors and tune linter config
50a695a 
Code fixes:
- Add blank line after embedded field in Capi2Argo struct (embeddedstructfieldcheck)
- Move unexported deleteArgoSecretByLabels after exported SetupWithManager (funcorder)
- Add period at end of multi-line comment block (godot)
- Add blank lines before return statements in test closures (nlreturn)
- Fix cuddled assignments and if-statements (wsl)

Linter config (.golangci.yml):
- Disable gochecknoinits: init() is the standard pattern for scheme/metrics registration
- Disable testpackage: tests access unexported functions intentionally
- Disable funlen: table-driven tests and main() exceed the 60-line default
- Disable maintidx: k8s controller Reconcile functions are inherently complex
- Raise cyclop/gocyclo/gocognit thresholds for Reconcile function complexity
- Raise nestif threshold for table-driven test blocks

Signed-off-by: dntosas <[email protected]>
@dntosas dntosas merged commit 1e61e74 into main Feb 7, 2026
4 checks passed
@dntosas dntosas deleted the feat/refactor branch February 7, 2026 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dntosas