Skip to content

fix: Update go mod to fix CVE-2024-45338 (#1222) #2845

fix: Update go mod to fix CVE-2024-45338 (#1222)

fix: Update go mod to fix CVE-2024-45338 (#1222) #2845

Workflow file for this run

# - When a third-party action is added (i.e., `uses`), please also add it to `download-licenses` in Makefile.
# - When a job is added/removed/renamed, please make corresponding changes in ci-docs.yaml.
name: CI
on:
push:
branches:
- main
paths:
- '**.go'
- 'go.mod'
- 'go.sum'
- '.github/workflows/e2e-macos.yaml'
- '.github/workflows/e2e-windows.yaml'
- '.github/workflows/e2e-linux.yaml'
- 'contrib/packaging/**'
- 'deps/**'
- 'finch.yaml.d/**'
- 'winres'
- 'Makefile*'
- '!contrib/hello-finch/**'
pull_request:
branches:
- main
paths:
- '**.go'
- 'go.mod'
- 'go.sum'
- '.github/workflows/e2e-macos.yaml'
- '.github/workflows/e2e-windows.yaml'
- '.github/workflows/e2e-linux.yaml'
- 'contrib/packaging/**'
- 'deps/**'
- 'finch.yaml.d/**'
- 'winres'
- 'Makefile*'
- '!contrib/hello-finch/**'
workflow_dispatch:
permissions:
id-token: write
contents: write
env:
DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
GO_VERSION: '1.22.8'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
git-secrets:
runs-on: ubuntu-latest
steps:
- name: Pull latest awslabs/git-secrets repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: awslabs/git-secrets
ref: 1.3.0
fetch-tags: true
path: git-secrets
- name: Install git secrets from source
run: sudo make install
working-directory: git-secrets
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Scan repository for git secrets
run: |
git secrets --register-aws
git secrets --scan-history
gen-code-no-diff:
strategy:
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- run: make gen-code
- run: git diff --exit-code
unit-tests:
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Configure git CRLF settings
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- run: make test-unit
# It's recommended to run golangci-lint in a job separate from other jobs (go test, etc) because different jobs run in parallel.
go-linter:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: set GOOS env to windows
run: |
echo "GOOS=windows" >> $GITHUB_ENV
- name: golangci-lint - windows
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
# Pin the version in case all the builds start to fail at the same time.
# There may not be an automatic way (e.g., dependabot) to update a specific parameter of a GitHub Action,
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added).
version: v1.56.1
args: --fix=false --timeout=5m
- name: set GOOS env to darwin
run: |
echo "GOOS=darwin" >> $GITHUB_ENV
- name: golangci-lint - darwin
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
# Pin the version in case all the builds start to fail at the same time.
# There may not be an automatic way (e.g., dependabot) to update a specific parameter of a GitHub Action,
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added).
version: v1.56.1
args: --fix=false --timeout=5m --skip-dirs="(^|/)deps($|/)"
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
with:
version: v0.9.0
continue-on-error: true
go-mod-tidy-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
# TODO: Use `go mod tidy --check` after https://github.com/golang/go/issues/27005 is fixed.
- run: go mod tidy
- run: git diff --exit-code
check-licenses:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- run: make check-licenses
macos-e2e-tests:
strategy:
fail-fast: false
matrix:
version: ['13', '14']
test-command: ['test-e2e-vm-serial', 'test-e2e-container']
arch: ['X64', 'arm64']
runner-type: ['test']
uses: ./.github/workflows/e2e-macos.yaml
secrets: inherit
with:
arch: ${{ matrix.arch }}
version: ${{ matrix.version }}
runner-type: ${{ matrix.runner-type }}
test-command: ${{ matrix.test-command }}
windows-e2e-tests:
strategy:
fail-fast: false
matrix:
test-command: ['test-e2e-vm-serial', 'test-e2e-container']
arch: ['amd64']
runner-type: ['test']
uses: ./.github/workflows/e2e-windows.yaml
secrets: inherit
with:
arch: ${{ matrix.arch }}
runner-type: ${{ matrix.runner-type }}
test-command: ${{ matrix.test-command }}
linux-e2e-tests:
strategy:
fail-fast: false
matrix:
os: ['amazonlinux']
arch: ['X64', 'arm64']
version: ['2023', '2']
runner-type: ['test']
uses: ./.github/workflows/e2e-linux.yaml
secrets: inherit
with:
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
version: ${{ matrix.version }}
runner-type: ${{ matrix.runner-type }}
mdlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
with:
args: '**/*.md'
# CHANGELOG.md is only updated by release-please bot.
ignore: 'CHANGELOG.md'