Fix Integration tests (#2425)

* fix(ci): Bump golangci-lint to 1.51.1 * chore(lint): fix gofmt and goimport issues * chore(lint): fix linter issues - Adapted error comparison according to linter recommendation - Disabled noctx linting for http request where canceling makes no sense - Disabled nilerror linting where nil error is returned on purpose - Disabled makezero linter where slice is explicitly deepcopied * chore(ci): Update go version in tests workflows * fix(ci): Allow boilerplate years from 2000-2099 Previously the regex only allowed the copyright notice to contain the years 2018,2019,2020,2021, or 2022. This commit widens to regex to 20\d\d allowing any year in the range [2000-2099] * feat(ci): Replace minikube with k3s for intregration tests The existing setup for minikube is very complicated, replicating most of the setup steps for a full kubernetes cluster in an only partially supported minikube configuration (driver=none). Furthermore the existing setup has been broken for sometime, likely, at least in part due to the changes to CNI and CRI in recent kubernetes versions. Since what we actually need is only a running Kubernetes cluster on the node and access to a registry on localhost:5000, we can switch the extremely complicated minikube setup for a lightweight cluster using k3s. Minikube came with a default addon for running a registry on every node, but the same is not the case for k3s, instead we make use of the package helm controller and its HelmChart CR to deploy twuni/docker-registry.helm and expose it on localhost using the integrated LoadBalancer controller. * fix(test-684): pin base container version The dockerfile for the regression test connected to issue 684 used a rolling tag as base image, making it flaky and fail since it was introduced. This commit pins the base image to the digest of bionic-20200219, which, based on the date of the commit that introduced to the dockerfile would be the most newest ubuntu build and likely what the "rolling" tag resolved to back then. Since this also an image from the pre-oci days of ubuntu, this circumvents a bug in container-diff as well (https://github.com/GoogleContainerTools/container-diff/issues/389)
2023-03-21 17:30:54 +01:00 · 2023-03-21 17:30:54 +01:00 · 14ea7c4071
parent fe2413e6e3
commit 14ea7c4071
39 changed files with 134 additions and 145 deletions
--- a/.github/workflows/integration-tests.yaml
+++ b/.github/workflows/integration-tests.yaml
@ -27,9 +27,9 @@ jobs:
    steps:
    - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3
      with:
-        go-version: 1.17
+        go-version: '1.20'
    - uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415 # v3
    - uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v1
-    - run: make install-container-diff minikube-setup
+    - run: make install-container-diff k3s-setup
    - run: make ${{ matrix.make-target }}
--- a/.github/workflows/unit-tests.yaml
+++ b/.github/workflows/unit-tests.yaml
@ -15,7 +15,7 @@ jobs:
    steps:
    - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3
      with:
-        go-version: 1.17
+        go-version: '1.20'
    - uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415 # v3
    - run: make test
--- a/6
+++ b/6
@ -58,9 +58,9 @@ install-container-diff:
 	@ curl -LO https://github.com/GoogleContainerTools/container-diff/releases/download/v0.17.0/container-diff-linux-amd64 && \
 		chmod +x container-diff-linux-amd64 && sudo mv container-diff-linux-amd64 /usr/local/bin/container-diff
-.PHONY: minikube-setup
+.PHONY: k3s-setup
-minikube-setup:
+k3s-setup:
-	@ ./scripts/minikube-setup.sh
+	@ ./scripts/k3s-setup.sh
 .PHONY: test
 test: out/executor
--- a/cmd/executor/cmd/root.go
+++ b/cmd/executor/cmd/root.go
@ -446,7 +446,7 @@ func exit(err error) {
 	exitWithCode(err, 1)
 }
-//exits with the given error and exit code
+// exits with the given error and exit code
 func exitWithCode(err error, exitCode int) {
 	fmt.Println(err)
 	os.Exit(exitCode)
--- a/hack/boilerplate/boilerplate.py
+++ b/hack/boilerplate/boilerplate.py
@ -95,7 +95,7 @@ def file_passes(filename, refs, regexs):
        if p.search(d):
            return False
-    # Replace all occurrences of the regex "2017|2016|2015|2014" with "YEAR"
+    # Replace all occurrences of the date regex with "YEAR"
    p = regexs["date"]
    for i, d in enumerate(data):
        (data[i], found) = p.subn('YEAR', d)
@ -146,8 +146,8 @@ def get_regexs():
    regexs = {}
    # Search for "YEAR" which exists in the boilerplate, but shouldn't in the real thing
    regexs["year"] = re.compile( 'YEAR' )
-    # dates can be 2018, 2019, 2020 company holder names can be anything
+    # dates can be any year [2000-2099] company holder names can be anything
-    regexs["date"] = re.compile( '(2018|2019|2020|2021|2022)' )
+    regexs["date"] = re.compile( '(20\d\d)' )
    # strip // go:build \n\n build constraints
    regexs["go_build_constraints_go"] = re.compile(r"^(//go\:build.*)+\n", re.MULTILINE)
    # strip // +build \n\n build constraints
--- a/hack/linter.sh
+++ b/hack/linter.sh
@ -21,7 +21,7 @@ BIN=${DIR}/bin
 if [ ! -x "${BIN}/golangci-lint" ]; then
 	echo "Installing GolangCI-Lint"
-	"${DIR}/install_golint.sh" -b "${BIN}" v1.23.7
+	"${DIR}/install_golint.sh" -b "${BIN}" v1.51.1
 fi
 "${BIN}/golangci-lint" run
--- a/integration/dockerfiles/Dockerfile_test_issue_684
+++ b/integration/dockerfiles/Dockerfile_test_issue_684
@ -1,3 +1,4 @@
-FROM ubuntu:rolling as builder
+# ubuntu:bionic-20200219
 FROM ubuntu@sha256:04d48df82c938587820d7b6006f5071dbbffceb7ca01d2814f81857c631d44df as builder
 RUN apt-get update && apt-get -y upgrade && apt-get -y install lib32stdc++6 wget
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -282,6 +282,7 @@ func testGitBuildcontextHelper(t *testing.T, repo string) {
 // TestGitBuildcontext explicitly names the main branch
 // Example:
 //
 //	git://github.com/myuser/repo#refs/heads/main
 func TestGitBuildcontext(t *testing.T) {
 	repo := getGitRepo(false)
@ -290,6 +291,7 @@ func TestGitBuildcontext(t *testing.T) {
 // TestGitBuildcontextNoRef builds without any commit / branch reference
 // Example:
 //
 //	git://github.com/myuser/repo
 func TestGitBuildcontextNoRef(t *testing.T) {
 	t.Skip("Docker's behavior is to assume a 'master' branch, which the Kaniko repo doesn't have")
@ -299,6 +301,7 @@ func TestGitBuildcontextNoRef(t *testing.T) {
 // TestGitBuildcontextExplicitCommit uses an explicit commit hash instead of named reference
 // Example:
 //
 //	git://github.com/myuser/repo#b873088c4a7b60bb7e216289c58da945d0d771b6
 func TestGitBuildcontextExplicitCommit(t *testing.T) {
 	repo := getGitRepo(true)
@ -711,18 +714,18 @@ func TestExitCodePropagation(t *testing.T) {
 }
 type fileDiff struct {
-	Name string
+	Name string `json:"Name"`
-	Size int
+	Size int    `json:"Size"`
 }
 type fileDiffResult struct {
-	Adds []fileDiff
+	Adds []fileDiff `json:"Adds"`
-	Dels []fileDiff
+	Dels []fileDiff `json:"Dels"`
 }
 type metaDiffResult struct {
-	Adds []string
+	Adds []string `json:"Adds"`
-	Dels []string
+	Dels []string `json:"Dels"`
 }
 type diffOutput struct {
--- a/pkg/buildcontext/https.go
+++ b/pkg/buildcontext/https.go
@ -49,7 +49,7 @@ func (h *HTTPSTar) UnpackTarFromBuildContext() (directory string, err error) {
 	// Download tar file from remote https server
 	// and save it into the target tar file
-	resp, err := http.Get(h.context)
+	resp, err := http.Get(h.context) //nolint:noctx
 	if err != nil {
 		return
 	}
--- a/pkg/cache/errors.go
+++ b/pkg/cache/errors.go
@ -16,15 +16,13 @@ limitations under the License.
 package cache
 import "errors"
 // IsAlreadyCached returns true if the supplied error is of the type AlreadyCachedErr
 // otherwise it returns false.
 func IsAlreadyCached(err error) bool {
-	switch err.(type) {
+	var e AlreadyCachedErr
-	case AlreadyCachedErr:
+	return errors.As(err, &e)
 		return true
 	}
 	return false
 }
 // AlreadyCachedErr is returned when the Docker image requested for caching is already
@ -39,13 +37,9 @@ func (a AlreadyCachedErr) Error() string {
 // IsNotFound returns true if the supplied error is of the type NotFoundErr
 // otherwise it returns false.
-func IsNotFound(e error) bool {
+func IsNotFound(err error) bool {
-	switch e.(type) {
+	var e NotFoundErr
-	case NotFoundErr:
+	return errors.As(err, &e)
 		return true
 	}
 	return false
 }
 // NotFoundErr is returned when the requested Docker image is not present in the cache.
@ -59,13 +53,9 @@ func (e NotFoundErr) Error() string {
 // IsExpired returns true if the supplied error is of the type ExpiredErr
 // otherwise it returns false.
-func IsExpired(e error) bool {
+func IsExpired(err error) bool {
-	switch e.(type) {
+	var e ExpiredErr
-	case ExpiredErr:
+	return errors.As(err, &e)
 		return true
 	}
 	return false
 }
 // ExpiredErr is returned when the requested Docker image is present in the cache, but is
--- a/pkg/commands/cmd_test.go
+++ b/pkg/commands/cmd_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/copy_test.go
+++ b/pkg/commands/copy_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
@ -374,7 +375,7 @@ func Test_resolveIfSymlink(t *testing.T) {
 	for i, c := range cases {
 		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
 			res, e := resolveIfSymlink(c.destPath)
-			if e != c.err {
+			if !errors.Is(e, c.err) {
 				t.Errorf("%s: expected %v but got %v", c.destPath, c.err, e)
 			}
--- a/pkg/commands/entrypoint_test.go
+++ b/pkg/commands/entrypoint_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/env_test.go
+++ b/pkg/commands/env_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/onbuild.go
+++ b/pkg/commands/onbuild.go
@ -28,7 +28,7 @@ type OnBuildCommand struct {
 	cmd *instructions.OnbuildCommand
 }
-//ExecuteCommand adds the specified expression in Onbuild to the config
+// ExecuteCommand adds the specified expression in Onbuild to the config
 func (o *OnBuildCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.BuildArgs) error {
 	logrus.Info("Cmd: ONBUILD")
 	logrus.Infof("Args: %s", o.cmd.Expression)
--- a/pkg/commands/run_test.go
+++ b/pkg/commands/run_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/shell_test.go
+++ b/pkg/commands/shell_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/stopsignal_test.go
+++ b/pkg/commands/stopsignal_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/user_test.go
+++ b/pkg/commands/user_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/volume.go
+++ b/pkg/commands/volume.go
@ -54,7 +54,7 @@ func (v *VolumeCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.
 		if _, err := os.Stat(volume); os.IsNotExist(err) {
 			logrus.Infof("Creating directory %s", volume)
 			if err := os.MkdirAll(volume, 0755); err != nil {
-				return fmt.Errorf("could not create directory for volume %s: %s", volume, err)
+				return fmt.Errorf("could not create directory for volume %s: %w", volume, err)
 			}
 		}
 	}
--- a/pkg/commands/volume_test.go
+++ b/pkg/commands/volume_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/commands/workdir_test.go
+++ b/pkg/commands/workdir_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package commands
 import (
--- a/pkg/dockerfile/buildargs.go
+++ b/pkg/dockerfile/buildargs.go
@ -55,7 +55,8 @@ func (b *BuildArgs) ReplacementEnvs(envs []string) []string {
 	resultEnv := make([]string, len(envs))
 	copy(resultEnv, envs)
 	filtered := b.FilterAllowed(envs)
-	return append(resultEnv, filtered...)
+	// Disable makezero linter, since the previous make is paired with a same sized copy
 	return append(resultEnv, filtered...) //nolint:makezero
 }
 // AddMetaArgs adds the supplied args map to b's allowedMetaArgs
--- a/pkg/dockerfile/dockerfile.go
+++ b/pkg/dockerfile/dockerfile.go
@ -40,7 +40,7 @@ func ParseStages(opts *config.KanikoOptions) ([]instructions.Stage, []instructio
 	var d []uint8
 	match, _ := regexp.MatchString("^https?://", opts.DockerfilePath)
 	if match {
-		response, e := http.Get(opts.DockerfilePath)
+		response, e := http.Get(opts.DockerfilePath) //nolint:noctx
 		if e != nil {
 			return nil, nil, e
 		}
--- a/pkg/executor/copy_multistage_test.go
+++ b/pkg/executor/copy_multistage_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package executor
 import (
--- a/pkg/executor/push_test.go
+++ b/pkg/executor/push_test.go
@ -127,7 +127,7 @@ func TestHeaderAdded(t *testing.T) {
 				os.Setenv("UPSTREAM_CLIENT_TYPE", test.upstream)
 				defer func() { os.Unsetenv("UPSTREAM_CLIENT_TYPE") }()
 			}
-			req, err := http.NewRequest("GET", "dummy", nil)
+			req, err := http.NewRequest("GET", "dummy", nil) //nolint:noctx
 			if err != nil {
 				t.Fatalf("culd not create a req due to %s", err)
 			}
--- a/pkg/snapshot/layered_map_test.go
+++ b/pkg/snapshot/layered_map_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package snapshot
 import (
--- a/pkg/snapshot/snapshot.go
+++ b/pkg/snapshot/snapshot.go
@ -17,6 +17,7 @@ limitations under the License.
 package snapshot
 import (
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
@ -262,7 +263,7 @@ func addParentDirectories(t util.Tar, addedPaths map[string]bool, path string) e
 // filesWithLinks returns the symlink and the target path if its exists.
 func filesWithLinks(path string) ([]string, error) {
 	link, err := util.GetSymLink(path)
-	if err == util.ErrNotSymLink {
+	if errors.Is(err, util.ErrNotSymLink) {
 		return []string{path}, nil
 	} else if err != nil {
 		return nil, err
@ -272,7 +273,7 @@ func filesWithLinks(path string) ([]string, error) {
 		link = filepath.Join(filepath.Dir(path), link)
 	}
 	if _, err := os.Stat(link); err != nil {
-		return []string{path}, nil
+		return []string{path}, nil //nolint:nilerr
 	}
 	return []string{path, link}, nil
 }
--- a/pkg/snapshot/snapshot_test.go
+++ b/pkg/snapshot/snapshot_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package snapshot
 import (
@ -75,7 +76,7 @@ func TestSnapshotFSFileChange(t *testing.T) {
 	actualFiles := []string{}
 	for {
 		hdr, err := tr.Next()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			break
 		}
@ -165,7 +166,7 @@ func TestSnapshotFSChangePermissions(t *testing.T) {
 	foundFiles := []string{}
 	for {
 		hdr, err := tr.Next()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			break
 		}
 		foundFiles = append(foundFiles, hdr.Name)
@ -248,7 +249,7 @@ func TestEmptySnapshotFS(t *testing.T) {
 	}
 	tr := tar.NewReader(f)
-	if _, err := tr.Next(); err != io.EOF {
+	if _, err := tr.Next(); !errors.Is(err, io.EOF) {
 		t.Fatal("no files expected in tar, found files.")
 	}
 }
@ -559,7 +560,7 @@ func TestSnapshotOmitsUnameGname(t *testing.T) {
 	tr := tar.NewReader(f)
 	for {
 		hdr, err := tr.Next()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			break
 		}
 		if err != nil {
@ -636,7 +637,7 @@ func listFilesInTar(path string) ([]string, error) {
 	var files []string
 	for {
 		hdr, err := tr.Next()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			break
 		}
 		if err != nil {
--- a/pkg/timing/timing_test.go
+++ b/pkg/timing/timing_test.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package timing
 import (
--- a/pkg/util/command_util.go
+++ b/pkg/util/command_util.go
@ -173,10 +173,14 @@ func IsDestDir(path string) bool {
 // DestinationFilepath returns the destination filepath from the build context to the image filesystem
 // If source is a file:
 //
 //	If dest is a dir, copy it to /dest/relpath
 //	If dest is a file, copy directly to dest
 //
 // If source is a dir:
 //
 //	Assume dest is also a dir, and copy to dest/
 //
 // If dest is not an absolute filepath, add /cwd to the beginning
 func DestinationFilepath(src, dest, cwd string) (string, error) {
 	_, srcFileName := filepath.Split(src)
@ -287,7 +291,7 @@ func IsSrcRemoteFileURL(rawurl string) bool {
 	if err != nil {
 		return false
 	}
-	_, err = http.Get(rawurl)
+	_, err = http.Get(rawurl) //nolint:noctx
 	return err == nil
 }
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@ -167,7 +167,7 @@ func GetFSFromLayers(root string, layers []v1.Layer, opts ...FSOpt) ([]string, e
 		tr := tar.NewReader(r)
 		for {
 			hdr, err := tr.Next()
-			if err == io.EOF {
+			if errors.Is(err, io.EOF) {
 				break
 			}
@ -221,7 +221,7 @@ func DeleteFilesystem() error {
 	return filepath.Walk(config.RootDir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			// ignore errors when deleting.
-			return nil
+			return nil //nolint:nilerr
 		}
 		if CheckIgnoreList(path) {
@ -270,7 +270,7 @@ func UnTar(r io.Reader, dest string) ([]string, error) {
 	tr := tar.NewReader(r)
 	for {
 		hdr, err := tr.Next()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			break
 		}
 		if err != nil {
@ -450,7 +450,7 @@ func DetectFilesystemIgnoreList(path string) error {
 	for {
 		line, err := reader.ReadString('\n')
 		logrus.Tracef("Read the following line from %s: %s", path, line)
-		if err != nil && err != io.EOF {
+		if err != nil && !errors.Is(err, io.EOF) {
 			return err
 		}
 		lineArr := strings.Split(line, " ")
@ -604,7 +604,7 @@ func AddVolumePathToIgnoreList(path string) {
 //     - destination will have permissions of 0600
 //     - If remote file has HTTP Last-Modified header, we set the mtime of the file to that timestamp
 func DownloadFileToDest(rawurl, dest string, uid, gid int64) error {
-	resp, err := http.Get(rawurl)
+	resp, err := http.Get(rawurl) //nolint:noctx
 	if err != nil {
 		return err
 	}
--- a/pkg/util/tar_util.go
+++ b/pkg/util/tar_util.go
@ -80,7 +80,7 @@ func (t *Tar) Close() {
 func (t *Tar) AddFileToTar(p string) error {
 	i, err := os.Lstat(p)
 	if err != nil {
-		return fmt.Errorf("Failed to get file info for %s: %s", p, err)
+		return fmt.Errorf("Failed to get file info for %s: %w", p, err)
 	}
 	linkDst := ""
 	if i.Mode()&os.ModeSymlink != 0 {
@ -156,7 +156,7 @@ func writeSecurityXattrToToFile(path string, hdr *tar.Header) error {
 	}
 	if capability, ok := hdr.Xattrs[securityCapabilityXattr]; ok {
 		err := system.Lsetxattr(path, securityCapabilityXattr, []byte(capability), 0)
-		if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+		if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && !errors.Is(err, system.ErrNotSupportedPlatform) {
 			return errors.Wrapf(err, "failed to write %q attribute to %q", securityCapabilityXattr, path)
 		}
 	}
@ -170,7 +170,7 @@ func readSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
 		hdr.Xattrs = make(map[string]string)
 	}
 	capability, err := system.Lgetxattr(path, securityCapabilityXattr)
-	if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+	if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && !errors.Is(err, system.ErrNotSupportedPlatform) {
 		return errors.Wrapf(err, "failed to read %q attribute from %q", securityCapabilityXattr, path)
 	}
 	if capability != nil {
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@ -30,6 +30,7 @@ import (
 	"time"
 	"github.com/minio/highwayhash"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
@ -195,7 +196,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
 	dest := make([]byte, 128)
 	sz, errno := unix.Lgetxattr(path, attr, dest)
-	for errno == unix.ERANGE {
+	for errors.Is(errno, unix.ERANGE) {
 		// Buffer too small, use zero-sized buffer to get the actual size
 		sz, errno = unix.Lgetxattr(path, attr, []byte{})
 		if errno != nil {
@ -206,7 +207,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
 	}
 	switch {
-	case errno == unix.ENODATA:
+	case errors.Is(errno, unix.ENODATA):
 		return nil, nil
 	case errno != nil:
 		return nil, errno
--- a/scripts/k3s-setup.sh
+++ b/scripts/k3s-setup.sh
@ -0,0 +1,32 @@
 # Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 export INSTALL_K3S_EXEC="--write-kubeconfig-mode=0644"
 # Sometimes there is a residual kubeconfig, export and set this explicitly
 mkdir -p $HOME/.kube
 export K3S_KUBECONFIG_OUTPUT="$HOME/.kube/config"
 export KUBECONFIG="$HOME/.kube/config"
 curl -sfL https://get.k3s.io | sh -
 export SCRIPT_PATH="$(realpath $(dirname $0))"
 timeout 5m bash -c 'until kubectl cluster-info 2>/dev/null | grep "CoreDNS" >/dev/null; do sleep 1; done'
 # Install local registry and have it listen on localhost:5000
 sudo cp $SCRIPT_PATH/local-registry-helm.yaml /var/lib/rancher/k3s/server/manifests/
 # Wait until install of the registry completes
 timeout 5m bash -c 'until kubectl get -n kube-system pod 2>/dev/null | grep local-registry | grep Completed >/dev/null; do sleep 1; done'
 # Wait until registry becomes available on localhost:5000
 timeout 5m bash -c 'until nc -z localhost 5000; do sleep 1; done'
 echo "K3s is running and registry is available on localhost:5000"
--- a/scripts/local-registry-helm.yaml
+++ b/scripts/local-registry-helm.yaml
@ -0,0 +1,10 @@
 apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
  name: local-registry
  namespace: kube-system
 spec:
  chart: https://github.com/twuni/docker-registry.helm/archive/refs/tags/v2.2.2.tar.gz
  set:
    # Expose the registry server on localhost
    service.type: "LoadBalancer"
--- a/scripts/minikube-setup.sh
+++ b/scripts/minikube-setup.sh
@ -1,68 +0,0 @@
 #!/bin/bash
 # Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 # conntrack is required for minikube 1.19 and higher for none driver
 if ! conntrack --version &>/dev/null; then
  echo "WARNING: No contrack is not installed"
  sudo apt-get update -qq
  sudo apt-get -qq -y install conntrack
 fi
 # taken from https://github.com/kubernetes/minikube/blob/b45b29c5df6f88c6ac0afd60079a6190dc1e32c9/hack/jenkins/linux_integration_tests_none.sh#L38
 if ! kubeadm &>/dev/null; then
  echo "WARNING: kubeadm is not installed. will try to install."
  curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubeadm"
  sudo install kubeadm /usr/local/bin/kubeadm
 fi
 # "none" driver specific cleanup from previous runs.
 sudo kubeadm reset -f --cri-socket unix:///var/run/cri-dockerd.sock || true
 # kubeadm reset may not stop pods immediately
 docker rm -f $(docker ps -aq) >/dev/null 2>&1 || true
 # always install minikube, because version inconsistency is possible and could lead to weird errors
 curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
 chmod +x minikube
 sudo mv minikube /usr/local/bin/
 # Minikube needs cri-dockerd to run clusters 1.24+
 CRI_DOCKERD_VERSION="${CRI_DOCKERD_VERSION:-0.2.3}"
 CRI_DOCKERD_BINARY_URL="https://github.com/Mirantis/cri-dockerd/releases/download/v${CRI_DOCKERD_VERSION}/cri-dockerd-${CRI_DOCKERD_VERSION}.amd64.tgz"
 curl -Lo cri-dockerd.tgz $CRI_DOCKERD_BINARY_URL
 tar xfz cri-dockerd.tgz
 chmod +x cri-dockerd/cri-dockerd
 sudo mv cri-dockerd/cri-dockerd /usr/bin/cri-dockerd
 git clone https://github.com/Mirantis/cri-dockerd.git /tmp/cri-dockerd
 sudo cp /tmp/cri-dockerd/packaging/systemd/* /etc/systemd/system
 sudo systemctl daemon-reload
 sudo systemctl enable cri-docker.service
 sudo systemctl enable --now cri-docker.socket
 CRICTL_VERSION="v1.17.0"
 curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$CRICTL_VERSION/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz --output crictl-${CRICTL_VERSION}-linux-amd64.tar.gz
 sudo tar zxvf crictl-$CRICTL_VERSION-linux-amd64.tar.gz -C /usr/local/bin
 rm -f crictl-$CRICTL_VERSION-linux-amd64.tar.gz
 sudo apt-get update
 sudo apt-get install -y liblz4-tool
 cat /proc/cpuinfo
 minikube start --vm-driver=none --force --addons="registry,default-storageclass,storage-provisioner" || minikube logs;
 minikube status
 kubectl cluster-info
--- a/testutil/util.go
+++ b/testutil/util.go
@ -107,7 +107,7 @@ func checkErr(shouldErr bool, err error) error {
 		return fmt.Errorf("Expected error, but returned none")
 	}
 	if err != nil && !shouldErr {
-		return fmt.Errorf("Unexpected error: %s", err)
+		return fmt.Errorf("Unexpected error: %w", err)
 	}
 	return nil
 }