From b765231175038e14a296c5d0c501b42eec25d297 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Thu, 9 Nov 2023 20:17:14 +0100 Subject: [PATCH] deps: bump Go to 1.21.4 (#2569) Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> --- .bazelversion | 2 +- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-integration.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- 3rdparty/gcp-guest-agent/Dockerfile | 2 +- WORKSPACE.bazel | 4 ++-- bazel/container/Containerfile | 2 +- bazel/container/container.sh | 2 +- bazel/go/go.nix | 4 ++-- dev-docs/workflows/bump-go-version.md | 17 +++++++++++++++++ flake.lock | 8 ++++---- flake.nix | 3 +-- go.work | 2 +- 16 files changed, 37 insertions(+), 21 deletions(-) create mode 100644 dev-docs/workflows/bump-go-version.md diff --git a/.bazelversion b/.bazelversion index 91e4a9f26..19b860c18 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -6.3.2 +6.4.0 diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 7fd376416..e33288a77 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: "1.21.3" + go-version: "1.21.4" cache: false - name: Install Crane diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index fb682fdb3..ae9e34e7c 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -69,7 +69,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: "1.21.3" + go-version: "1.21.4" cache: false - name: Determine version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fe24bfbf4..15d05cd9d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,7 @@ jobs: if: matrix.language == 'go' uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: "1.21.3" + go-version: "1.21.4" cache: false - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03c1e3921..f5a4897a3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -233,7 +233,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: "1.21.3" + go-version: "1.21.4" cache: true - name: Build generateMeasurements tool diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index b47d4a1db..5d780ff69 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -32,7 +32,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: "1.21.3" + go-version: "1.21.4" cache: true - name: Install Dependencies diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 46d392bcd..cf34906c4 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -28,7 +28,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: "1.21.3" + go-version: "1.21.4" cache: true - name: Run code generation diff --git a/3rdparty/gcp-guest-agent/Dockerfile b/3rdparty/gcp-guest-agent/Dockerfile index 114d463d3..812685712 100644 --- a/3rdparty/gcp-guest-agent/Dockerfile +++ b/3rdparty/gcp-guest-agent/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && apt-get install -y \ git # Install Go -ARG GO_VER=1.21.3 +ARG GO_VER=1.21.4 RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \ tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \ rm go${GO_VER}.linux-amd64.tar.gz diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index eb7e40c73..6fecd7f40 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -17,8 +17,8 @@ load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure", "ni nixpkgs_git_repository( name = "nixpkgs", - revision = "0c7ffbc66e6d78c50c38e717ec91a2a14e0622fb", - sha256 = "2c8c39259595441e2fe529b75b2e69eba486e0f3457e810bf9bb2b531822743e", + revision = "ec750fd01963ab6b20ee1f0cb488754e8036d89d", + sha256 = "9e809097a0c66334139cda3d1bec3bf73bdfad593e954259ff329c7b4a118041", ) nixpkgs_flake_package( diff --git a/bazel/container/Containerfile b/bazel/container/Containerfile index 435a68e23..040555e17 100644 --- a/bazel/container/Containerfile +++ b/bazel/container/Containerfile @@ -3,7 +3,7 @@ FROM fedora:38 ARG TARGETOS ARG TARGETARCH -ARG BAZEL_VERSION=6.3.2 +ARG BAZEL_VERSION=6.4.0 ARG BAZELISK_VERSION=v1.16.0 ARG BAZELISK_SHA256=168851e70cf5f95c0e215e7f3aaca5132ffc3c8dd8f585a4157b0be2b53cfe32 diff --git a/bazel/container/container.sh b/bazel/container/container.sh index 8f68c10ea..9065e8792 100644 --- a/bazel/container/container.sh +++ b/bazel/container/container.sh @@ -17,7 +17,7 @@ function setup { } function startBazelServer { - local containerImage="ghcr.io/edgelesssys/bazel-container:v6.3.2" + local containerImage="ghcr.io/edgelesssys/bazel-container:v6.4.0" local containerName="bazeld" setup diff --git a/bazel/go/go.nix b/bazel/go/go.nix index 89da77aea..b6ecc529f 100644 --- a/bazel/go/go.nix +++ b/bazel/go/go.nix @@ -1,10 +1,10 @@ let pkgs = import { }; goAttr = pkgs.go_1_21.overrideAttrs (_: rec { - version = "1.21.3"; + version = "1.21.4"; src = pkgs.fetchurl { url = "https://go.dev/dl/go${version}.src.tar.gz"; - hash = "sha256-GG8rb4yLcE5paCGwmrIEGlwe4T3LwxVqE63PdZMe5Ig="; + hash = "sha256-R7Jqg9K2WjwcG8rOJztpvuSaentRaKdgTe09JqN714c="; }; }); in diff --git a/dev-docs/workflows/bump-go-version.md b/dev-docs/workflows/bump-go-version.md new file mode 100644 index 000000000..a8e897308 --- /dev/null +++ b/dev-docs/workflows/bump-go-version.md @@ -0,0 +1,17 @@ +# Bump Go version +`govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes. + +## Steps + +1. Replace "1.xx.x" with the new version (see [example](https://github.com/edgelesssys/constellation/commit/9e1a0c06bfda0171958f0776633a9a53f521144d)) +2. Update the nix hash + + Once updated run `bazel run //:tidy` and you will see a failure such as: + + ``` + > error: hash mismatch in fixed-output derivation '/nix/store/r85bdj6vrim7m5vlybdmzgca7d0kcb4n-go1.21.4.src.tar.gz.drv': + > specified: sha256-GG8rb4yLcE5paCGwmrIEGlwe4T3LwxVqE63PdZMe5Ig= + > got: sha256-R7Jqg9K2WjwcG8rOJztpvuSaentRaKdgTe09JqN714c= + ``` + Simple replace the hash with the got value. +3. Ask @katexochen to build the thing and push it into his cache. diff --git a/flake.lock b/flake.lock index ff1c0f24e..618cc8592 100644 --- a/flake.lock +++ b/flake.lock @@ -20,17 +20,17 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1697808392, - "narHash": "sha256-hHIWoHctiLmH9al5mU58lw5tMuaGerei/rUyJjVc+3o=", + "lastModified": 1699343069, + "narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ef2c8ddff172378496b118f709bfe81280a7e58", + "rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", - "rev": "9ef2c8ddff172378496b118f709bfe81280a7e58", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 94e1c0ff1..b9bdd7273 100644 --- a/flake.nix +++ b/flake.nix @@ -3,8 +3,7 @@ inputs = { nixpkgsUnstable = { - # TODO(malt3): use github:NixOS/nixpkgs/nixpkgs-unstable after repart fix is upstreamed - url = "github:NixOS/nixpkgs/9ef2c8ddff172378496b118f709bfe81280a7e58"; + url = "github:NixOS/nixpkgs/nixpkgs-unstable"; }; flake-utils = { url = "github:numtide/flake-utils"; diff --git a/go.work b/go.work index a306dfe83..16b05fad7 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ go 1.21 -toolchain go1.21.3 +toolchain go1.21.4 use ( .