Add github.tools.sap to the trusted oidc issuers (#11713)

* Add github.tools.sap to the trusted oidc issuers

* Fkx linter issues for rotateserviceaccount.go

* Fkx linter issues for serviceaccountcleaner.go

* Fkx linter issues for cleaner.go, http.go, main.go

* Fkx linter issues for cleaner.go, main.go

* Fkx linter issues for main.go

cmd/cloud-run/rotate-service-account/rotateserviceaccount.go

@@ -58,17 +58,20 @@ func main() {
 
 	projectID, err = metadata.ProjectIDWithContext(ctx)
 	if err != nil {
-		mainLogger.LogCritical("failed to retrieve GCP Project ID, error: " + err.Error())
+		const errMsg = "failed to retrieve GCP Project ID, error: %s"
+		mainLogger.LogCritical(errMsg, err.Error())
 	}
 
 	secretManagerService, err = secretmanager.NewService(ctx)
 	if err != nil {
-		mainLogger.LogCritical("failed creating Secret Manager client, error: " + err.Error())
+		const errMsg = "failed creating Secret Manager client, error: %s"
+		mainLogger.LogCritical(errMsg, err.Error())
 	}
 
 	serviceAccountService, err = iam.NewService(ctx)
 	if err != nil {
-		mainLogger.LogCritical("failed creating IAM client, error: " + err.Error())
+		const errMsg = "failed creating IAM client, error: %s"
+		mainLogger.LogCritical(errMsg, err.Error())
 	}
 
 	http.HandleFunc("/", rotateServiceAccount)

cmd/cloud-run/service-account-keys-cleaner/serviceaccountcleaner.go

@@ -44,17 +44,20 @@ func main() {
 
 	projectID, err = metadata.ProjectIDWithContext(ctx)
 	if err != nil {
-		mainLogger.LogCritical("failed to retrieve GCP Project ID, error: " + err.Error())
+		const errMsg = "failed to retrieve GCP Project ID, error: %s"
+		mainLogger.LogCritical(errMsg, err.Error())
 	}
 
 	secretManagerService, err = secretmanager.NewService(ctx)
 	if err != nil {
-		mainLogger.LogCritical("failed creating Secret Manager client, error: " + err.Error())
+		const errMsg = "failed creating Secret Manager client, error: %s"
+		mainLogger.LogCritical(errMsg, err.Error())
 	}
 
 	serviceAccountService, err = gcpiam.NewService(ctx)
 	if err != nil {
-		mainLogger.LogCritical("failed creating IAM client, error: " + err.Error())
+		const errMsg = "failed creating IAM client, error: %s"
+		mainLogger.LogCritical(errMsg, err.Error())
 	}
 
 	http.HandleFunc("/", serviceAccountKeysCleaner)

cmd/tools/usersmapchecker/main.go

@@ -2,11 +2,11 @@ package main
 
 import (
 	"context"
-	"fmt"
+	"os"
+
 	"github.com/kyma-project/test-infra/pkg/github/client"
 	"github.com/kyma-project/test-infra/pkg/prow"
 	"github.com/kyma-project/test-infra/pkg/types"
-	"os"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -78,42 +78,49 @@ func main() {
 	githubComAccessToken := os.Getenv("BOT_GITHUB_TOKEN")
 	saptoolsClient, err := client.NewSapToolsClient(ctx, accessToken)
 	if err != nil {
-		log.Fatalf(fmt.Sprintf("failed creating sap tools github client, got error: %v", err))
+		const errMsg = "failed creating sap tools github client, got error: %v"
+		log.Fatalf(errMsg, err)
 	}
 
 	githubComClient, err := client.NewClient(ctx, githubComAccessToken)
 	if err != nil {
-		log.Fatalf(fmt.Sprintf("failed creating github.com client, got error: %v", err))
+		const errMsg = "failed creating github.com client, got error: %v"
+		log.Fatalf(errMsg, err)
 	}
 	usersMap, err := saptoolsClient.GetUsersMap(ctx)
 	if err != nil {
-		log.Fatalf(fmt.Sprintf("error when getting users map: got error %v", err))
+		const errMsg = "error when getting users map: got error %v"
+		log.Fatalf(errMsg, err)
 	}
 	authors, err := prow.GetPrAuthorForPresubmit()
 	if err != nil {
 		if notPresubmit := prow.IsNotPresubmitError(err); *notPresubmit {
-			log.Infof(err.Error())
+			log.Info(err.Error())
 		} else {
-			log.Fatalf(fmt.Sprintf("error when getting pr author for presubmit: got error %v", err))
+			const errMsg = "error when getting pr author for presubmit: got error %v"
+			log.Fatalf(errMsg, err)
 		}
 	}
 
 	org, err := prow.GetOrgForPresubmit()
 	if err != nil {
 		if notPresubmit := prow.IsNotPresubmitError(err); *notPresubmit {
-			log.Infof(err.Error())
+			log.Info(err.Error())
 		} else {
-			log.Fatalf(fmt.Sprintf("error when getting org for presubmit: got error %v", err))
+			const errMsg = "error when getting org for presubmit: got error %v"
+			log.Fatalf(errMsg, err)
 		}
 	}
 
-	log.Infof(fmt.Sprintf("found %d authors in job spec env variable", len(authors)))
+	const infoMsg = "found %d authors in job spec env variable"
+	log.Infof(infoMsg, len(authors))
 
 	for _, author := range authors {
 		// Check if author is a member of the organization.
 		member, _, err := githubComClient.Organizations.IsMember(ctx, org, author)
 		if err != nil {
-			log.Fatalf(fmt.Sprintf("failed check if user %s is an github organisation member", author))
+			const errMsg = "failed check if user %s is an github organisation member"
+			log.Fatalf(errMsg, author)
 		}
 		// If the author is a member of the organization but not present in usersMap, add to missingUsers.
 		if member && !checkUserInMap(author, usersMap) {

pkg/gcp/http/http.go

@@ -2,14 +2,15 @@ package http
 
 import (
 	"fmt"
-	"github.com/kyma-project/test-infra/pkg/gcp/cloudfunctions"
 	"net/http"
+
+	"github.com/kyma-project/test-infra/pkg/gcp/cloudfunctions"
 )
 
 // WriteHttpErrorResponse format error message, log it with error severity using passed logger
 // It writes http error response with provided status code and formatted error message to http.ResponseWrite function argument.
 func WriteHTTPErrorResponse(w http.ResponseWriter, statusCode int, logger *cloudfunctions.LogEntry, format string, args ...interface{}) {
 	errorMessage := fmt.Sprintf(format, args...)
-	logger.LogError(errorMessage)
+	logger.LogError(errorMessage) //nolint:govet
 	http.Error(w, errorMessage, statusCode)
 }

pkg/oidc/oidc.go

@@ -25,7 +25,13 @@ var (
 		JWKSURL:                "https://token.actions.githubusercontent.com/.well-known/jwks",
 		ExpectedJobWorkflowRef: "kyma-project/test-infra/.github/workflows/image-builder.yml@refs/heads/main",
 	}
-	TrustedOIDCIssuers = map[string]Issuer{GithubOIDCIssuer.IssuerURL: GithubOIDCIssuer}
+	GithubToolsOIDCIssuer = Issuer{
+		Name:                   "github-tools-sap",
+		IssuerURL:              "https://github.tools.sap/_services/token",
+		JWKSURL:                "https://github.tools.sap/_services/token/.well-known/jwks",
+		ExpectedJobWorkflowRef: "kyma/test-infra/.github/workflows/image-builder.yml@refs/heads/main",
+	}
+	TrustedOIDCIssuers = map[string]Issuer{GithubOIDCIssuer.IssuerURL: GithubOIDCIssuer, GithubToolsOIDCIssuer.IssuerURL: GithubToolsOIDCIssuer}
 )
 
 // TODO(dekiel) interfaces need to be clenup up to remove redundancy.

pkg/tools/gcscleaner/cleaner.go

@@ -3,13 +3,14 @@ package gcscleaner
 import (
 	"context"
 	"fmt"
-	storage2 "github.com/kyma-project/test-infra/pkg/tools/gcscleaner/storage"
 	"regexp"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 
+	storage2 "github.com/kyma-project/test-infra/pkg/tools/gcscleaner/storage"
+
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/api/iterator"
@@ -209,7 +210,7 @@ func (r Cleaner) parseErrors(errorMessages []string) error {
 		return nil
 	}
 	errorMessage := strings.Join(errorMessages, "\n")
-	return fmt.Errorf(errorMessage)
+	return errors.New(errorMessage) //nolint:govet
 }
 
 func (r Cleaner) deleteAllObjects(ctx CancelableContext, bucketName string, errChan chan error) {