Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try to align golang around a single version #461

Merged
merged 7 commits into from
Aug 26, 2024
Merged

Try to align golang around a single version #461

merged 7 commits into from
Aug 26, 2024

Conversation

Seanstoppable
Copy link
Contributor

@Seanstoppable Seanstoppable commented Aug 19, 2024
edited
Loading

Currently, we have version defined in:
go.mod/go.sum (1.12)
.github actions (1.18)
Dockerfile (1.20)

This PR tries to align them to the latest version, which is the Dockerfile, this should help with some of the library updates by dependabot, as at least one of them (prometheus) fails due to requiring golang 1.20
I try to have github actions read the golang version, to reduce maintenance

I updated go.mod to update 1.12 to 1.20, and then ran go mod tidy which added everything else.

Add a description of your changes here.

How to Test

Add brief instructions on how to test your changes.

Notes & Caveats

If necessary, explain the motivation for this PR, and note any caveats that apply to your changes or future work that will be needed.

Issue Tracking

Add a link to the relevant GitHub issue(s) if the pull request resolves it.

@Seanstoppable
Try to align golang around a single version
c1e456f 
Currently, we have version defined in:
go.mod/go.sum (1.12)
.github actions (1.18)
Dockerfile (1.20)

This PR tries to align them to the latest version, which is the
Dockerfile, this should help with some of the library updates by
dependabot, as at least one of them (prometheus) fails due to requiring
golang 1.20
@Seanstoppable
Update to use env variables
ae2712e
@Seanstoppable
Align dockerfile as well
3ae8d96 
We don't seem to actually use this somewhere, but build in support for
aligning similarly
@Seanstoppable
Checkout source first
5c44d8d
@Seanstoppable
Debug why go version isn't set later as expected
7ee9def
@Seanstoppable
Use outputs again
57a9196
@Seanstoppable
Roll out to all pipelines
4de1177
@Seanstoppable Seanstoppable marked this pull request as ready for review August 19, 2024 16:53
@Seanstoppable
Copy link
Contributor Author

Note that a LOT of extra versions of libraries seem to be dropped. These appear to largely be dropped if we "only" align to the github pipelines version of 1.18, which also happens to resolve a number of CVEs my company's code scanner is picking up like:
GHSA-c3h9-896r-86jm
GHSA-9phm-fm57-rhg8
As these versions/libraries are removed

@Seanstoppable Seanstoppable mentioned this pull request Aug 20, 2024
Closed
phillip-stephens
phillip-stephens approved these changes Aug 26, 2024
View reviewed changes
Copy link
Contributor

@phillip-stephens phillip-stephens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for this!!!

@phillip-stephens phillip-stephens merged commit 82b0038 into zmap:master Aug 26, 2024
4 checks passed
@thecsw thecsw mentioned this pull request Sep 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phillip-stephens phillip-stephens phillip-stephens approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Seanstoppable @phillip-stephens