Skip to content
PRs checks

[Snyk] Security upgrade golang from 1.19.5 to 1.23.3 #16

Sign in to view logs

[Snyk] Security upgrade golang from 1.19.5 to 1.23.3

[Snyk] Security upgrade golang from 1.19.5 to 1.23.3 #16

Workflow file for this run

.github/workflows/pull_requests.yml at 35886f5
name: PRs checks
on:
pull_request:
branches:
- '**'
defaults:
run:
shell: bash
jobs:
markdownlint:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Check if related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/*.md
- uses: actions/setup-ruby@v1
if: steps.changed-files.outputs.any_changed == 'true'
with:
ruby-version: '2.7'
- name: Install markdownlint
if: steps.changed-files.outputs.any_changed == 'true'
run: gem install mdl
- name: Markdownlint check
if: steps.changed-files.outputs.any_changed == 'true'
run: make markdownlint
yamllint:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Install yamllint
run: pip install yamllint
- name: yamllint
run: make yamllint
markdown-link-check:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Check if related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/*.md
- uses: gaurav-nelson/github-action-markdown-link-check@v1
if: steps.changed-files.outputs.any_changed == 'true'
with:
config-file: '.markdown_link_check.json'
md-links-lint:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Check if related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/*.md
- name: Lint markdown links
if: steps.changed-files.outputs.any_changed == 'true'
run: |
make markdown-links-lint
plugins-check:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Install yq
run: |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.12.1/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
- name: Check plugins in README and builder config
run: ./ci/plugins_check.sh
pre-commit-check:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
- uses: pre-commit/[email protected]
check-uniform-dependencies:
name: Check uniform dependencies
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Check uniform dependencies
run: make check-uniform-dependencies
shellcheck:
runs-on: ubuntu-20.04
env:
SHELLCHECK_VERSION: 0.8.0
steps:
- uses: actions/checkout@v3
- name: install shellcheck
run: |
curl --retry 10 --retry-max-time 120 --retry-delay 5 -Lo- https://github.com/koalaman/shellcheck/releases/download/v${{ env.SHELLCHECK_VERSION }}/shellcheck-v${{ env.SHELLCHECK_VERSION }}.linux.x86_64.tar.xz | tar -xJf -
sudo cp shellcheck-v${{ env.SHELLCHECK_VERSION }}/shellcheck /usr/local/bin && rm -rf shellcheck-v${{ env.SHELLCHECK_VERSION }}
- name: shellcheck
run: make shellcheck
test:
name: Test
runs-on: ${{ matrix.runs_on }}
strategy:
matrix:
include:
- arch_os: linux_amd64
runs_on: ubuntu-20.04
- arch_os: darwin_amd64
runs_on: macos-latest
- arch_os: windows_amd64
runs_on: windows-2022
builder_bin_path: '${RUNNER_TEMP}\bin'
builder_bin_ext: .exe
steps:
- uses: actions/checkout@v3
- name: Check if test related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/go.mod
**/go.sum
**/*.go
**/*.yaml
**/*.yml
**/Makefile
**/Makefile.common
scripts/install.sh
- name: Setup go
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/setup-go@v3
with:
go-version: '1.19'
# As described in
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
path: |
/home/runner/go/pkg/mod
/home/runner/.cache/go-build
/Users/runner/go/pkg/mod
/Users/runner/Library/Caches/go-build
/c/Users/runneradmin/go/pkg/mod
/c/Users/runneradmin/AppData/Local/go-build
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{matrix.arch_os}}-go-
- name: Set default BUILDER_BIN_PATH
if: steps.changed-files.outputs.any_changed == 'true'
run: echo "BUILDER_BIN_PATH=${HOME}/bin" >> $GITHUB_ENV
- name: Override BUILDER_BIN_PATH if set in matrix
if: matrix.builder_bin_path != '' && steps.changed-files.outputs.any_changed == 'true'
run: echo "BUILDER_BIN_PATH=${{matrix.builder_bin_path}}" >> $GITHUB_ENV
- name: Add opentelemetry-collector-builder installation dir to PATH
if: steps.changed-files.outputs.any_changed == 'true'
run: echo "$BUILDER_BIN_PATH" >> $GITHUB_PATH
- name: Run tests
if: steps.changed-files.outputs.any_changed == 'true'
run: make gotest
# pipeline to test using Go+BoringCrypto
test-go-boringcrypto:
name: Test
runs-on: ${{ matrix.runs_on }}
strategy:
matrix:
include:
- arch_os: linux_amd64
runs_on: ubuntu-20.04
go: [ '1.18.7b7' ]
steps:
- uses: actions/checkout@v3
- name: Check if test related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/go.mod
**/go.sum
**/*.go
**/*.yaml
**/*.yml
**/Makefile
**/Makefile.common
scripts/install.sh
- name: Install Go+BoringCrypto
if: steps.changed-files.outputs.any_changed == 'true'
run: |
curl -LJ "https://go-boringcrypto.storage.googleapis.com/go${{ matrix.go }}.linux-amd64.tar.gz" -o go.linux-amd64.tar.gz \
&& sudo rm -rf /usr/local/go \
&& sudo tar -C /usr/local -xzf go.linux-amd64.tar.gz \
&& sudo rm go.linux-amd64.tar.gz \
&& sudo ln -s /usr/local/go/bin/go /usr/local/bin
# As described in
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
path: |
/home/runner/go/pkg/mod
/home/runner/.cache/go-build
/Users/runner/go/pkg/mod
/Users/runner/Library/Caches/go-build
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{matrix.arch_os}}-go-
- name: Add opentelemetry-collector-builder installation dir to PATH
if: steps.changed-files.outputs.any_changed == 'true'
run: echo "$HOME/bin" >> $GITHUB_PATH
- name: Run tests
if: steps.changed-files.outputs.any_changed == 'true'
run: make gotest
test-wixext:
name: Test (SumoLogic.wixext)
runs-on: windows-2019
steps:
- uses: actions/checkout@v3
- name: Fetch current branch
run: ./ci/fetch_current_branch.sh
- name: Add msbuild to PATH
uses: microsoft/[email protected]
- name: Restore NuGet packages
working-directory: ./packaging/msi/SumoLogic.wixext/SumoLogicTests
run: nuget.exe restore -PackagesDirectory ../packages
- name: Build unit tests
working-directory: ./packaging/msi/SumoLogic.wixext/SumoLogicTests
run: msbuild.exe -p:Configuration=Release -p:Platform=AnyCPU -Restore
- name: Run unit tests
working-directory: ./packaging/msi/SumoLogic.wixext/SumoLogicTests/bin/Release
run: dotnet test -v:n ./SumoLogicTests.dll
lint:
name: Lint (golangci-lint)
runs-on: ubuntu-20.04
strategy:
matrix:
arch_os: [ 'linux_amd64' ]
steps:
- uses: actions/checkout@v3
- name: Check if files changed that need linting
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/go.mod
**/go.sum
**/*.go
**/*.yaml
**/*.yml
**/Makefile
**/Makefile.common
- name: Setup go
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/setup-go@v3
with:
go-version: '1.19'
# As described in
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
path: |
/home/runner/go/pkg/mod
/home/runner/.cache/go-build
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{matrix.arch_os}}-go-
- uses: actions/cache@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
path: |
/home/runner/.cache/golangci-lint
key: ${{matrix.arch_os}}-golangcilint-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{matrix.arch_os}}-golangcilint-
- name: Install golangci-lint
if: steps.changed-files.outputs.any_changed == 'true'
run: make install-golangci-lint
- name: Add opentelemetry-collector-builder installation dir to PATH
if: steps.changed-files.outputs.any_changed == 'true'
run: echo "$HOME/bin" >> $GITHUB_PATH
- name: Run golangci-lint
if: steps.changed-files.outputs.any_changed == 'true'
run: make golint
build:
name: Build
runs-on: ${{ matrix.runs_on }}
strategy:
matrix:
include:
- arch_os: linux_amd64
runs_on: ubuntu-20.04
- arch_os: linux_arm64
runs_on: ubuntu-20.04
- arch_os: darwin_amd64
runs_on: macos-latest
- arch_os: darwin_arm64
runs_on: macos-latest
- arch_os: windows_amd64
runs_on: windows-2022
builder_bin_path: '${RUNNER_TEMP}\bin'
builder_bin_ext: .exe
steps:
- uses: actions/checkout@v3
- name: Check if build related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
otelcolbuilder/.gon_config.json
**/go.mod
**/go.sum
**/*.go
**/*.yaml
**/*.yml
**/Makefile
**/Makefile.common
**/Dockerfile*
- name: Fetch current branch
run: ./ci/fetch_current_branch.sh
- name: Setup go
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/setup-go@v3
with:
go-version: '1.19'
# As described in
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
path: |
/home/runner/go/pkg/mod
/home/runner/.cache/go-build
/Users/runner/go/pkg/mod
/Users/runner/Library/Caches/go-build
/c/Users/runneradmin/go/pkg/mod
/c/Users/runneradmin/AppData/Local/go-build
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{matrix.arch_os}}-go-
- name: Set default BUILDER_BIN_PATH
run: echo "BUILDER_BIN_PATH=${HOME}/bin" >> $GITHUB_ENV
- name: Override BUILDER_BIN_PATH if set in matrix
run: echo "BUILDER_BIN_PATH=${{matrix.builder_bin_path}}" >> $GITHUB_ENV
if: matrix.builder_bin_path != ''
- name: Add opentelemetry-collector-builder installation dir to PATH
if: steps.changed-files.outputs.any_changed == 'true'
run: echo "$BUILDER_BIN_PATH" >> $GITHUB_PATH
- name: Install opentelemetry-collector-builder
if: steps.changed-files.outputs.any_changed == 'true'
run: make install-builder
working-directory: ./otelcolbuilder
- name: Build
if: steps.changed-files.outputs.any_changed == 'true'
run: make otelcol-sumo-${{matrix.arch_os}}
working-directory: ./otelcolbuilder
# TODO:
# Move that out to a separate job and run on a corresponding's OS runner.
# - name: Run the binary
# run: ./otelcol-sumo-${{matrix.arch_os}} --version
# working-directory: ./otelcolbuilder/cmd/
- name: Show included modules
if: steps.changed-files.outputs.any_changed == 'true'
working-directory: ./otelcolbuilder/cmd
run: |
go version -m otelcol-sumo-${{matrix.arch_os}}${{matrix.builder_bin_ext}} | \
grep -E "/(receiver|exporter|processor|extension)/"
- name: Store binary as action artifact
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/upload-artifact@v3
with:
name: otelcol-sumo-${{matrix.arch_os}}
path: ./otelcolbuilder/cmd/otelcol-sumo-${{matrix.arch_os}}${{matrix.builder_bin_ext}}
if-no-files-found: error
# pipeline to build FIPS compliance binary on Go+BoringCrypto for linux
build-fips:
name: Build
runs-on: ubuntu-20.04
strategy:
matrix:
go: [ '1.18.7b7' ]
arch_os: [ 'linux_amd64']
steps:
- uses: actions/checkout@v3
- name: Check if build related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
otelcolbuilder/.gon_config.json
**/go.mod
**/go.sum
**/*.go
**/*.yaml
**/*.yml
**/Makefile
**/Makefile.common
**/Dockerfile*
- name: Fetch current branch
run: ./ci/fetch_current_branch.sh
- name: Install Go+BoringCrypto
if: steps.changed-files.outputs.any_changed == 'true'
run: |
curl -LJ "https://go-boringcrypto.storage.googleapis.com/go${{ matrix.go }}.linux-amd64.tar.gz" -o go.linux-amd64.tar.gz \
&& sudo rm -rf /usr/local/go \
&& sudo tar -C /usr/local -xzf go.linux-amd64.tar.gz \
&& sudo rm go.linux-amd64.tar.gz \
&& sudo ln -s /usr/local/go/bin/go /usr/local/bin
# As described in
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
path: |
/home/runner/go/pkg/mod
/home/runner/.cache/go-build
/Users/runner/go/pkg/mod
/Users/runner/Library/Caches/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Add opentelemetry-collector-builder installation dir to PATH
if: steps.changed-files.outputs.any_changed == 'true'
run: echo "$HOME/bin" >> $GITHUB_PATH
- name: Install opentelemetry-collector-builder
if: steps.changed-files.outputs.any_changed == 'true'
run: make install-builder
working-directory: ./otelcolbuilder
- name: Build
if: steps.changed-files.outputs.any_changed == 'true'
run: make otelcol-sumo-${{matrix.arch_os}} FIPS_SUFFIX="-fips" CGO_ENABLED=1
working-directory: ./otelcolbuilder
- name: Show included modules
if: steps.changed-files.outputs.any_changed == 'true'
working-directory: ./otelcolbuilder/cmd
run: |
go version -m otelcol-sumo-fips-${{matrix.arch_os}} | \
grep -E "/(receiver|exporter|processor|extension)/"
- name: Show BoringSSL symbols
if: steps.changed-files.outputs.any_changed == 'true'
working-directory: ./otelcolbuilder/cmd
run: |
go tool nm otelcol-sumo-fips-${{matrix.arch_os}} | \
grep "_Cfunc__goboringcrypto_"
- name: Store binary as action artifact
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/upload-artifact@v3
with:
name: otelcol-sumo-fips-${{matrix.arch_os}}
path: ./otelcolbuilder/cmd/otelcol-sumo-fips-${{matrix.arch_os}}
if-no-files-found: error
build-and-test-container-images:
name: Build container
runs-on: ubuntu-20.04
needs:
- build
- build-fips
strategy:
matrix:
arch_os: [ 'linux_amd64', 'linux_arm64']
steps:
- uses: actions/checkout@v3
- name: Check if build related files changed
id: changed-files
uses: tj-actions/changed-files@v13
with:
files: |
**/go.mod
**/go.sum
**/*.go
**/*.yaml
**/*.yml
**/Makefile
**/Makefile.common
**/Dockerfile*
- name: Set up QEMU
if: steps.changed-files.outputs.any_changed == 'true'
uses: docker/[email protected]
- name: Set up Buildx
if: steps.changed-files.outputs.any_changed == 'true'
id: buildx
uses: docker/[email protected]
- name: Show Buildx platforms
if: steps.changed-files.outputs.any_changed == 'true'
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Download binary action artifact from build phase
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/download-artifact@v3
with:
name: otelcol-sumo-${{matrix.arch_os}}
path: artifacts/
- name: Build the container image
if: steps.changed-files.outputs.any_changed == 'true'
run: |
cp artifacts/otelcol-sumo-${{matrix.arch_os}} otelcol-sumo
make build-container-multiplatform \
PLATFORM=${{ matrix.arch_os }}
- name: Test built image
if: steps.changed-files.outputs.any_changed == 'true'
run: make test-built-image
- name: Download FIPS binary action artifact from build phase
if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64'
uses: actions/download-artifact@v3
with:
name: otelcol-sumo-fips-${{matrix.arch_os}}
path: artifacts/
- name: Build the FIPS container image
if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64'
run: |
cp artifacts/otelcol-sumo-fips-${{matrix.arch_os}} otelcol-sumo
make build-container-multiplatform \
PLATFORM=${{ matrix.arch_os }} LATEST_TAG_FIPS_SUFFIX="-fips"
- name: Test built FIPS image
if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64'
run: make test-built-image BUILD_TAG="latest-fips"