diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d820ac..a323391 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,7 @@ 'name': 'build' 'env': - 'GO_VERSION': '1.22.4' + 'GO_VERSION': '1.22.5' 'on': 'push': diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d01e38f..8d444c6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,7 +1,7 @@ 'name': 'lint' 'env': - 'GO_VERSION': '1.22.4' + 'GO_VERSION': '1.22.5' 'on': 'push': diff --git a/CHANGELOG.md b/CHANGELOG.md index f9af3c7..795b009 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,10 @@ See also the [v0.0.2 GitHub milestone][ms-v0.0.2]. NOTE: Add new changes BELOW THIS COMMENT. --> +### Security + +- Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in [Go 1.22.5][go-1.22.5]. + ### Added - MSI installer for the ARM64 architecture in addition to the existing x86 and x64 installers. @@ -26,6 +30,8 @@ NOTE: Add new changes BELOW THIS COMMENT. [#2]: https://github.com/AdguardTeam/AdGuardDNSClient/issues/2 +[go-1.22.5]: https://groups.google.com/g/golang-announce/c/gyb7aM1C9H4 + diff --git a/Makefile b/Makefile index 12da93d..567c77f 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ DEPLOY_SCRIPT_PATH = not/a/real/path DIST_DIR = dist GOAMD64 = v1 GOPROXY = https://proxy.golang.org|direct -GOTOOLCHAIN = go1.22.4 +GOTOOLCHAIN = go1.22.5 GPG_KEY = devteam@adguard.com GPG_KEY_PASSPHRASE = not-a-real-password MSI = 1 diff --git a/bamboo-specs/bamboo.yaml b/bamboo-specs/bamboo.yaml index b7c4a14..9f3e5b7 100644 --- a/bamboo-specs/bamboo.yaml +++ b/bamboo-specs/bamboo.yaml @@ -6,12 +6,18 @@ 'name': 'AdGuardDNSClient' 'variables': 'dockerFpm': 'alanfranz/fpm-within-docker:ubuntu-bionic' - 'dockerGo': '${bamboo.adguardRegistryBasePath}/go-builder:1.22.4--1' + 'dockerGo': 'adguard/go-builder:1.22.5--1' 'maintainer': 'Adguard DNS Team' 'name': 'AdGuardDNSClient' 'channel': 'development' 'stages': +- + 'Skip': + 'manual': false + 'final': false + 'jobs': + - 'Skip' - 'Lint': 'manual': false @@ -38,6 +44,32 @@ 'jobs': - 'Publish' +# The Skip stage terminates the plan execution prematurely if the main +# repository has no changes. This is needed to avoid builds triggered by +# changes in the linked repositories, e.g. bamboo-deploy-publisher. +# +# TODO(e.burkov): Remove this crutch, when the Bamboo version will support such +# a configuration for triggers via YAML specs, see +# https://docs.atlassian.com/bamboo-specs-docs/8.2.0/specs.html?yaml#triggering-selected-repositories. +'Skip': + 'key': 'SKIP' + 'tasks': + - + 'script': + - |- + #!/bin/sh + + set -e -f -u -x + + if [ "${bamboo.planRepository.revision}" = "${bamboo.planRepository.previousRevision}" ] + then + echo "aborting plan due to absent changes" + + exit 0 + fi + 'requirements': + - 'adg-docker': 'true' + 'Lint': 'docker': 'image': '${bamboo.dockerGo}' @@ -138,6 +170,11 @@ 'pattern': '${bamboo.name}/dist/AdGuardDNSClient_windows_arm64.zip' 'shared': true 'required': true + - + 'name': 'AdGuardDNSClient_windows_arm64_msi' + 'pattern': '${bamboo.name}/dist/AdGuardDNSClient_windows_arm64.msi' + 'shared': true + 'required': true - 'name': 'Checksums' 'pattern': '${bamboo.name}/dist/checksums.txt' @@ -157,7 +194,7 @@ 'other': 'clean-working-dir': true 'requirements': - - 'adg-docker': 'true' + - 'adg-docker': 'true' 'tasks': - 'checkout': @@ -239,7 +276,7 @@ 'other': 'clean-working-dir': true 'requirements': - - 'adg-docker': 'true' + - 'adg-docker': 'true' 'tasks': - 'checkout': @@ -296,32 +333,33 @@ 'Publish': 'artifact-subscriptions': - - 'artifact': 'AdGuardDNSClient_darwin_amd64' - - 'artifact': 'AdGuardDNSClient_darwin_arm64' - - 'artifact': 'AdGuardDNSClient_linux_386' - - 'artifact': 'AdGuardDNSClient_linux_amd64' - - 'artifact': 'AdGuardDNSClient_linux_arm64' - - 'artifact': 'AdGuardDNSClient_windows_386' - - 'artifact': 'AdGuardDNSClient_windows_386_msi' - - 'artifact': 'AdGuardDNSClient_windows_amd64' - - 'artifact': 'AdGuardDNSClient_windows_amd64_msi' - - 'artifact': 'AdGuardDNSClient_windows_arm64' - - 'artifact': 'Checksums' - - 'artifact': 'Version' + - 'artifact': 'AdGuardDNSClient_darwin_amd64' + - 'artifact': 'AdGuardDNSClient_darwin_arm64' + - 'artifact': 'AdGuardDNSClient_linux_386' + - 'artifact': 'AdGuardDNSClient_linux_amd64' + - 'artifact': 'AdGuardDNSClient_linux_arm64' + - 'artifact': 'AdGuardDNSClient_windows_386' + - 'artifact': 'AdGuardDNSClient_windows_386_msi' + - 'artifact': 'AdGuardDNSClient_windows_amd64' + - 'artifact': 'AdGuardDNSClient_windows_amd64_msi' + - 'artifact': 'AdGuardDNSClient_windows_arm64' + - 'artifact': 'AdGuardDNSClient_windows_arm64_msi' + - 'artifact': 'Checksums' + - 'artifact': 'Version' 'final-tasks': - - 'clean' + - 'clean' 'key': 'PGH' 'other': 'clean-working-dir': true 'requirements': - - 'adg-docker': 'true' + - 'adg-docker': 'true' 'tasks': - - 'clean' - - 'checkout': - 'repository': 'bamboo-deploy-publisher' - 'path': 'bamboo-deploy-publisher' - 'force-clean-build': true - - 'script': + - 'clean' + - 'checkout': + 'repository': 'bamboo-deploy-publisher' + 'path': 'bamboo-deploy-publisher' + 'force-clean-build': true + - 'script': 'interpreter': 'SHELL' 'scripts': - | @@ -350,7 +388,7 @@ # images. The "candidate" pseudo-channel is used to generate version. '^rc-v[0-9]+\.[0-9]+\.[0-9]+': 'variables': - 'dockerGo': '${bamboo.adguardRegistryBasePath}/go-builder:1.22.4--1' + 'dockerGo': 'adguard/go-builder:1.22.5-1' 'channel': 'candidate' 'stages': - 'Lint': @@ -377,7 +415,7 @@ # Set the default release channel on the final branch to release, as # these are the ones that actually get released. 'variables': - 'dockerGo': '${bamboo.adguardRegistryBasePath}/go-builder:1.22.4--1' + 'dockerGo': 'adguard/go-builder:1.22.5--1' 'channel': 'release' 'stages': - 'Lint': @@ -401,9 +439,14 @@ 'jobs': - 'Publish' - - # Don't publish artifacts for other branches. + # All the other branches, including master. '^.*': 'stages': + - 'Skip': + 'manual': false + 'final': false + 'jobs': + - 'Skip' - 'Lint': 'manual': false 'final': false @@ -419,6 +462,7 @@ 'final': false 'jobs': - 'ArtifactQA' + # Don't publish artifacts for other branches. 'notifications': - diff --git a/go.mod b/go.mod index 83eaacc..0596670 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/AdguardTeam/AdGuardDNSClient -go 1.22.4 +go 1.22.5 require ( github.com/AdguardTeam/dnsproxy v0.71.2 diff --git a/internal/tools/go.mod b/internal/tools/go.mod index 97bffed..8a9ea30 100644 --- a/internal/tools/go.mod +++ b/internal/tools/go.mod @@ -1,6 +1,6 @@ module github.com/AdguardTeam/AdGuardDNSClient/internal/tools -go 1.22.4 +go 1.22.5 require ( github.com/fzipp/gocyclo v0.6.0 @@ -27,9 +27,9 @@ require ( github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/exp/typeparams v0.0.0-20240613232115-7f521ea00fb8 // indirect - golang.org/x/mod v0.18.0 // indirect + golang.org/x/mod v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/telemetry v0.0.0-20240614130327-d92499019833 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/telemetry v0.0.0-20240703200001-5377abf9626c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/internal/tools/go.sum b/internal/tools/go.sum index 5d18806..672a70e 100644 --- a/internal/tools/go.sum +++ b/internal/tools/go.sum @@ -68,8 +68,8 @@ golang.org/x/exp/typeparams v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:AbB0pIl golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -93,10 +93,10 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/telemetry v0.0.0-20240614130327-d92499019833 h1:fY9J7jgRT8h0DU8TKsSNFBZAnxKhzoprAILMRpKQa8Q= -golang.org/x/telemetry v0.0.0-20240614130327-d92499019833/go.mod h1:n38mvGdgc4dA684EC4NwQwoPKSw4jyKw8/DgZHDA1Dk= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240703200001-5377abf9626c h1:RA2e/R39vjb71phnEiuAiHQXvBDQ0BhsJUrxiOisErU= +golang.org/x/telemetry v0.0.0-20240703200001-5377abf9626c/go.mod h1:n38mvGdgc4dA684EC4NwQwoPKSw4jyKw8/DgZHDA1Dk= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=