chore(deps): Update dependencies to latest as of 2026-02-13

.github/workflows/codeql.yml

@@ -47,7 +47,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.24"
+          go-version: "1.25"
         if: ${{ matrix.language == 'go' }}
 
       # Initializes the CodeQL tools for scanning.

.github/workflows/tests-main.yaml

@@ -40,7 +40,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: Set up build.env with phony secrets.
         run: cp build.sample.env build.env
       - name: make test
@@ -90,7 +90,7 @@ jobs:
       - name: "Setup Go"
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - name: Set up Docker Buildx

.github/workflows/tests.yaml

@@ -28,7 +28,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -69,7 +69,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - name: Set up Docker Buildx

Dockerfile

@@ -14,7 +14,7 @@
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot@sha256:cba10d7abd3e203428e86f5b2d7fd5eb7d8987c387864ae4996cf97191b33764
+FROM gcr.io/distroless/static:nonroot@sha256:f43f134f5d60bf7afb3db92f865db42514913f01a53b08cd59a1ac6534671077
 
 # For multi-arch builds, use automatic platform build arguments
 # see https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope

Dockerfile-operator

@@ -28,7 +28,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot@sha256:cba10d7abd3e203428e86f5b2d7fd5eb7d8987c387864ae4996cf97191b33764
+FROM gcr.io/distroless/static:nonroot@sha256:f43f134f5d60bf7afb3db92f865db42514913f01a53b08cd59a1ac6534671077
 
 # For multi-arch builds, use automatic platform build arguments
 # see https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope

build.sh

@@ -31,7 +31,11 @@ function clean() {
 
 ## build - Builds the project without running tests or pushing the container image
 function build() {
-   make build_docker_local
+  if which docker ; then
+    make build_docker_local
+  else
+    make generate
+  fi
 }
 
 ## test - Runs local unit tests.

config/manager/kustomization.yaml

@@ -12,16 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 resources:
-- manager.yaml
+  - manager.yaml
 generatorOptions:
   disableNameSuffixHash: true
 configMapGenerator:
-- files:
-  - controller_manager_config.yaml
-  name: manager-config
+  - files:
+      - controller_manager_config.yaml
+    name: manager-config
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
-- name: controller
-  newName: us-central1-docker.pkg.dev/hessjc-csql-operator-04/testhessjc/cloud-sql-auth-proxy-operator
-  newTag: f2eb19b2d91f77a5c4c800a64902bbff720c8bd6-dirty-20260122T2138
+  - name: controller
+    newName: cloud-sql-proxy-operator
+    newTag: latest

docs/api.md

@@ -58,7 +58,7 @@ _Appears in:_
 | `maxSigtermDelay` _integer_ | MaxSigtermDelay is the maximum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--max-sigterm-delay` and<br />configures `terminationGracePeriodSeconds` on the workload's PodSpec. |  | Minimum: 0 <br />Optional: \{\} <br /> |
 | `minSigtermDelay` _integer_ | MinSigtermDelay is the minimum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--min-sigterm-delay` |  | Minimum: 0 <br />Optional: \{\} <br /> |
 | `sqlAdminAPIEndpoint` _string_ | SQLAdminAPIEndpoint is a debugging parameter that when specified will<br />change the Google Cloud api endpoint used by the proxy. |  | Optional: \{\} <br /> |
-| `image` _string_ | Image is the URL to the proxy image. Optional, by default the operator<br />will use the latest Cloud SQL Auth Proxy version as of the release of the<br />operator.<br />The operator ensures that all workloads configured with the default proxy<br />image are upgraded automatically to use to the latest released proxy image.<br />When the customer upgrades the operator, the operator upgrades all<br />workloads using the default proxy image to the latest proxy image. The<br />change to the proxy container image is applied in accordance with<br />the RolloutStrategy. |  | Optional: \{\} <br /> |
+| `image` _string_ | Image is the URL to the proxy image. Optional, by default the operator<br />will use the latest Cloud SQL Auth Proxy version as of the release of the<br />operator.<br /><br />The operator ensures that all workloads configured with the default proxy<br />image are upgraded automatically to use to the latest released proxy image.<br /><br />When the customer upgrades the operator, the operator upgrades all<br />workloads using the default proxy image to the latest proxy image. The<br />change to the proxy container image is applied in accordance with<br />the RolloutStrategy. |  | Optional: \{\} <br /> |
 | `rolloutStrategy` _string_ | RolloutStrategy indicates the strategy to use when rolling out changes to<br />the workloads affected by the results. When this is set to<br />`Workload`, changes to this resource will be automatically applied<br />to a running Deployment, StatefulSet, DaemonSet, or ReplicaSet in<br />accordance with the Strategy set on that workload. When this is set to<br />`None`, the operator will take no action to roll out changes to affected<br />workloads. `Workload` will be used by default if no value is set.<br />See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | Workload | Enum: [Workload None] <br />Optional: \{\} <br /> |
 | `refreshStrategy` _string_ | RefreshStrategy indicates which refresh strategy the proxy should use.<br />When this is set to `lazy`, the proxy will use a lazy refresh strategy,<br />and will be configured to run with the --lazy-refresh flag. When this<br />omitted or set to `background`, the proxy will use the default background<br />refresh strategy.<br />See: https://github.com/GoogleCloudPlatform/cloud-sql-proxy/?tab=readme-ov-file#configuring-a-lazy-refresh | background | Enum: [lazy background] <br />Optional: \{\} <br /> |
 | `quiet` _boolean_ | Quiet configures the proxy's --quiet flag to limit the amount of<br />logging generated by the proxy container. |  |  |
@@ -130,21 +130,25 @@ _Appears in:_
 InstanceSpec describes the configuration for how the proxy should expose
 a Cloud SQL database instance to a workload.
 
+
 In the minimum recommended configuration, the operator will choose
 a non-conflicting TCP port and set environment
 variables MY_DB_SERVER_PORT MY_DB_SERVER_HOST with the value of the TCP port
 and hostname. The application can read these values to connect to the database
 through the proxy. For example:
 
+
 	`{
 			   "connectionString":"my-project:us-central1:my-db-server",
 			   "portEnvName":"MY_DB_SERVER_PORT"
 			   "hostEnvName":"MY_DB_SERVER_HOST"
 	}`
 
+
 If you want to assign a specific port number for a database, set the `port`
 field. For example:
 
+
 	`{ "connectionString":"my-project:us-central1:my-db-server", "port":5000 }`
 
 

go.mod

@@ -1,70 +1,75 @@
 module github.com/GoogleCloudPlatform/cloud-sql-proxy-operator
 
-go 1.24.0
+go 1.25.0
 
 require (
-	cloud.google.com/go/cloudsqlconn v1.18.0
+	cloud.google.com/go/cloudsqlconn v1.20.0
 	github.com/go-logr/logr v1.4.3
-	go.uber.org/zap v1.27.0
-	k8s.io/api v0.32.8
-	k8s.io/apimachinery v0.32.8
-	k8s.io/client-go v0.32.8
-	sigs.k8s.io/controller-runtime v0.20.4
-	sigs.k8s.io/yaml v1.5.0
+	go.uber.org/zap v1.27.1
+	k8s.io/api v0.35.1
+	k8s.io/apimachinery v0.35.1
+	k8s.io/client-go v0.35.1
+	sigs.k8s.io/controller-runtime v0.23.1
+	sigs.k8s.io/yaml v1.6.0
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.13.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/go-openapi/jsonpointer v0.22.4 // indirect
+	github.com/go-openapi/jsonreference v0.21.4 // indirect
+	github.com/go-openapi/swag v0.25.4 // indirect
+	github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
+	github.com/go-openapi/swag/conv v0.25.4 // indirect
+	github.com/go-openapi/swag/fileutils v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+	github.com/go-openapi/swag/loading v0.25.4 // indirect
+	github.com/go-openapi/swag/mangling v0.25.4 // indirect
+	github.com/go-openapi/swag/netutils v0.25.4 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gnostic-models v0.7.1 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.19.1 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rogpeppe/go-internal v1.13.1 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/testify v1.10.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.23.2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.67.5 // indirect
+	github.com/prometheus/procfs v0.19.2 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/term v0.34.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
-	golang.org/x/time v0.12.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.7 // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/oauth2 v0.35.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/term v0.40.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.32.1 // indirect
+	k8s.io/apiextensions-apiserver v0.35.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
-	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
-	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+	k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect
+	k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect
+	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect
 )