Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to go1.22 and other updates #722

Merged
merged 9 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,37 @@ updates:
directory: "/"
schedule:
interval: "daily"
groups:
gomod:
update-types:
- "patch"

- package-ecosystem: "gomod"
directory: "./hack/tools"
schedule:
interval: "daily"
groups:
gomod-hack:
update-types:
- "minor"
- "patch"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
groups:
actions:
update-types:
- "minor"
- "patch"

- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
groups:
docker:
update-types:
- "minor"
- "patch"
27 changes: 0 additions & 27 deletions .github/workflows/auto_merge.yaml

This file was deleted.

44 changes: 44 additions & 0 deletions .github/workflows/build-snapshot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: build-snapshot

on:
pull_request:

permissions: {}

jobs:
snapshot:
permissions:
contents: read

runs-on: ubuntu-latest
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
tag_name: ${{ steps.tag.outputs.tag_name }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: './go.mod'
check-latest: true

- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
- uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6

- name: Set LDFLAGS
id: ldflags
run: |
source ./release/ldflags.sh
goflags=$(ldflags)
echo "GO_FLAGS="${goflags}"" >> "$GITHUB_ENV"

- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: release --clean --skip=sign --snapshot
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LDFLAGS: ${{ env.GO_FLAGS }}
5 changes: 5 additions & 0 deletions .github/workflows/codeql_analysis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ jobs:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: './go.mod'
check-latest: true

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,14 @@ jobs:
set -euo pipefail
checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"

- name: Set tag output
id: tag
run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT"

- name: build and sign images
run: make sign-container-release

provenance:
needs: [release]
permissions:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,5 +95,5 @@ jobs:
- name: golangci-lint
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: v1.54
args: --timeout=5m --verbose
version: v1.58
args: --timeout=10m --verbose
10 changes: 3 additions & 7 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,9 @@ before:
hooks:
- go mod tidy
- /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi'
# if running a release we will generate the images in this step
# if running in the CI the CI env va is set by github action runner and we dont run the ko steps
# this is needed because we are generating files that goreleaser was not aware to push to GH project release
- /bin/bash -c 'if [ -n "$CI" ]; then make sign-container-release; fi'

gomod:
proxy: true
# gomod:
# proxy: true

sboms:
- artifacts: binary
Expand Down Expand Up @@ -94,5 +90,5 @@ release:
prerelease: auto
draft: true # allow for manual edits
github:
owner: sigstore
owner: cpanato
name: timestamp-authority
6 changes: 3 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM golang:1.21.6@sha256:7b575fe0d9c2e01553b04d9de8ffea6d35ca3ab3380d2a8db2acc8f0f1519a53 AS builder
FROM golang:1.22.2@sha256:d5302d40dc5fbbf38ec472d1848a9d2391a13f93293a6a5b0b87c99dc0eaa6ae AS builder
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT

Expand All @@ -29,7 +29,7 @@ RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/timestamp-server
RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o timestamp-server_debug ./cmd/timestamp-server

# Multi-Stage production build
FROM golang:1.21.6@sha256:7b575fe0d9c2e01553b04d9de8ffea6d35ca3ab3380d2a8db2acc8f0f1519a53 as deploy
FROM golang:1.22.2@sha256:d5302d40dc5fbbf38ec472d1848a9d2391a13f93293a6a5b0b87c99dc0eaa6ae as deploy

# Retrieve the binary from the previous stage
COPY --from=builder /opt/app-root/src/timestamp-server /usr/local/bin/timestamp-server
Expand All @@ -39,7 +39,7 @@ CMD ["timestamp-server", "serve"]

# debug compile options & debugger
FROM deploy as debug
RUN go install github.com/go-delve/delve/cmd/dlv@v1.9.0
RUN go install github.com/go-delve/delve/cmd/dlv@v1.22.1

# overwrite server and include debugger
COPY --from=builder /opt/app-root/src/timestamp-server_debug /usr/local/bin/timestamp-server
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ ifeq ($(DIFF), 1)
GIT_TREESTATE = "dirty"
endif

KO_PREFIX ?= ghcr.io/sigstore
KO_PREFIX ?= ghcr.io/cpanato
export KO_DOCKER_REPO=$(KO_PREFIX)

# Binaries
Expand Down
4 changes: 2 additions & 2 deletions cmd/fetch-tsa-certs/fetch_tsa_certs.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func fetchCertificateChain(ctx context.Context, parent, intermediateKMSKey, leaf
if err != nil {
return nil, err
}
intermediateSigner, _, err := intermediateKMSSigner.CryptoSigner(ctx, func(err error) {})
intermediateSigner, _, err := intermediateKMSSigner.CryptoSigner(ctx, func(_ error) {})
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -176,7 +176,7 @@ func fetchCertificateChain(ctx context.Context, parent, intermediateKMSKey, leaf
if err != nil {
return nil, err
}
leafKMSSigner, _, err = kmsSigner.CryptoSigner(ctx, func(err error) {})
leafKMSSigner, _, err = kmsSigner.CryptoSigner(ctx, func(_ error) {})
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/timestamp-cli/app/format/wrap.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ type CobraCmd func(cmd *cobra.Command, args []string)
type formatCmd func(args []string) (interface{}, error)

func WrapCmd(f formatCmd) CobraCmd {
return func(cmd *cobra.Command, args []string) {
return func(_ *cobra.Command, args []string) {
obj, err := f(args)
if err != nil {
log.CliLogger.Fatal(err)
Expand Down
4 changes: 2 additions & 2 deletions cmd/timestamp-cli/app/inspect.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ var inspectCmd = &cobra.Command{
Use: "inspect",
Short: "Inspect timestamp",
Long: "Inspect the signed timestamp response.",
PreRunE: func(cmd *cobra.Command, args []string) error {
PreRunE: func(cmd *cobra.Command, _ []string) error {
if err := viper.BindPFlags(cmd.Flags()); err != nil {
log.CliLogger.Fatal("Error initializing cmd line args: ", err)
}
return nil
},
Run: format.WrapCmd(func(args []string) (interface{}, error) {
Run: format.WrapCmd(func(_ []string) (interface{}, error) {
tsr := viper.GetString("timestamp")
tsrBytes, err := os.ReadFile(filepath.Clean(tsr))
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion cmd/timestamp-cli/app/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ var rootCmd = &cobra.Command{
Use: "timestamp-cli",
Short: "Timestamp CLI",
Long: `Timestamp command line interface tool`,
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
PersistentPreRunE: func(cmd *cobra.Command, _ []string) error {
return initConfig(cmd)
},
}
Expand Down
4 changes: 2 additions & 2 deletions cmd/timestamp-cli/app/timestamp.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,13 @@ var timestampCmd = &cobra.Command{
Use: "timestamp",
Short: "Signed timestamp command",
Long: "Fetches a signed RFC 3161 timestamp. The timestamp response can be verified locally using a timestamp certificate chain.",
PreRunE: func(cmd *cobra.Command, args []string) error {
PreRunE: func(cmd *cobra.Command, _ []string) error {
if err := viper.BindPFlags(cmd.Flags()); err != nil {
log.CliLogger.Fatal("Error initializing cmd line args: ", err)
}
return nil
},
Run: format.WrapCmd(func(args []string) (interface{}, error) {
Run: format.WrapCmd(func(_ []string) (interface{}, error) {
return runTimestamp()
}),
}
Expand Down
4 changes: 2 additions & 2 deletions cmd/timestamp-cli/app/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,13 @@ var verifyCmd = &cobra.Command{
Use: "verify",
Short: "Verify timestamp",
Long: "Verify the timestamp response using a timestamp certificate chain.",
PreRunE: func(cmd *cobra.Command, args []string) error {
PreRunE: func(cmd *cobra.Command, _ []string) error {
if err := viper.BindPFlags(cmd.Flags()); err != nil {
log.CliLogger.Fatal("Error initializing cmd line args: ", err)
}
return nil
},
Run: format.WrapCmd(func(args []string) (interface{}, error) {
Run: format.WrapCmd(func(_ []string) (interface{}, error) {
return runVerify()
}),
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/timestamp-server/app/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ var serveCmd = &cobra.Command{
Use: "serve",
Short: "start http server with configured api",
Long: `Starts a http server and serves the configured api`,
Run: func(cmd *cobra.Command, args []string) {
Run: func(cmd *cobra.Command, _ []string) {
if err := viper.BindPFlags(cmd.Flags()); err != nil {
log.Logger.Fatal(err)
}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/sigstore/timestamp-authority

go 1.21
go 1.22

require (
cloud.google.com/go/security v1.16.1
Expand Down
2 changes: 1 addition & 1 deletion hack/tools/go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/sigstore/timestamp-authority/hack/tools

go 1.21
go 1.22

require github.com/go-swagger/go-swagger v0.30.5

Expand Down
2 changes: 1 addition & 1 deletion pkg/signer/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func NewCryptoSigner(ctx context.Context, hash crypto.Hash, signer, kmsKey, tink
if err != nil {
return nil, err
}
s, _, err := signer.CryptoSigner(ctx, func(err error) {})
s, _, err := signer.CryptoSigner(ctx, func(_ error) {})
return s, err
case TinkScheme:
primaryKey, err := GetPrimaryKey(ctx, tinkKmsKey, hcVaultToken)
Expand Down
Loading