Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps(go): Upgrade to Go 1.21.3 #338

Merged
merged 4 commits into from
Oct 18, 2023
Merged

deps(go): Upgrade to Go 1.21.3 #338

merged 4 commits into from
Oct 18, 2023

Conversation

CarlosNihelton
Copy link
Contributor

Go vulnerability checker is warning about a CVE in the http module found in Go 1.21.1 and fixed in Go 1.21.3.

@CarlosNihelton CarlosNihelton changed the title Upgrade to go 1.21.3 deps(go): Upgrade to Go 1.21.3 Oct 16, 2023
@CarlosNihelton CarlosNihelton mentioned this pull request Oct 16, 2023
Merged
@CarlosNihelton CarlosNihelton marked this pull request as ready for review October 16, 2023 13:22
@CarlosNihelton
Copy link
Contributor Author

Is the summary below correct?

The last build-deb-action call, the one that actually builds the binary package, will never succeed meanwhile go1.21.3 gets published in the ubuntu archive, right?!

My understanding for this log line is that Go is trying to upgrade itself, but the docker container that builds the binary package is supposed to not have access to the internet in the first place, so this will always fail.

go: download go1.21.3: golang.org/[email protected]: Get "https://proxy.golang.org/golang.org/toolchain/@v/v0.0.1-go1.21.3.linux-amd64.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority

@CarlosNihelton CarlosNihelton self-assigned this Oct 16, 2023
@CarlosNihelton CarlosNihelton mentioned this pull request Oct 16, 2023
Merged
EduardGomezEscandell
EduardGomezEscandell suggested changes Oct 17, 2023
View reviewed changes
Copy link
Contributor

@EduardGomezEscandell EduardGomezEscandell left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're missing the Go version in .golangci.yaml.

Not sure about the toolchain issue, I'm looking into it.

@EduardGomezEscandell
Copy link
Contributor

This morning I set up an LXD container without ca-certificates and it built without issue. I'm not sure what the reason is.

@CarlosNihelton
Copy link
Contributor Author

This morning I set up an LXD container without ca-certificates and it built without issue. I'm not sure what the reason is.

How did the container obtain the correct version of Go?

@EduardGomezEscandell
Copy link
Contributor

EduardGomezEscandell commented Oct 17, 2023
edited
Loading

How did the container obtain the correct version of Go?

I pre-installed the dependencies

@CarlosNihelton
Setup go before running go mod edit
3da1665 
This runs on top of ubuntu-latest, which comes with go1.18

That version of go fails to execute "go mod edit -go 1.x.y"
It expects the edit to be "-go 1.x"

We need go 1.20 or later to do the edit -.-
@CarlosNihelton
Copy link
Contributor Author

Don't wait for me to merge this, if approved. There are quite a lot of things hanging on waiting on this PR.

@EduardGomezEscandell EduardGomezEscandell merged commit 19ce4be into main Oct 18, 2023
33 checks passed
@EduardGomezEscandell EduardGomezEscandell deleted the upgrade-go-1.21.3 branch October 18, 2023 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EduardGomezEscandell EduardGomezEscandell EduardGomezEscandell approved these changes

Assignees

@CarlosNihelton CarlosNihelton

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CarlosNihelton @EduardGomezEscandell