From 931990396e1aa1c31847971ba99d2cbb6ff6b6c0 Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Fri, 20 Sep 2024 17:36:39 +0100
Subject: [PATCH 1/3] Update build/configs

---
 .github/workflows/codeql.yml                               | 2 +-
 .github/workflows/go_test.yml                              | 2 +-
 .github/workflows/golangci-lint.yml                        | 4 ++--
 cmd/verify_build/Dockerfile                                | 2 +-
 deployment/build_and_release/live/ci/terragrunt.hcl        | 2 +-
 deployment/build_and_release/live/presubmit/terragrunt.hcl | 2 +-
 deployment/build_and_release/live/prod/terragrunt.hcl      | 2 +-
 go.mod                                                     | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ea57d52a..44be9a1e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,7 +35,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go: ['1.22.4']
+        go: ['1.23.1']
         include:
         - language: go
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
diff --git a/.github/workflows/go_test.yml b/.github/workflows/go_test.yml
index 0487c1e4..9cf90b19 100644
--- a/.github/workflows/go_test.yml
+++ b/.github/workflows/go_test.yml
@@ -6,7 +6,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index ee97692c..d08ab3e4 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -11,10 +11,10 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: 1.22
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+          go-version-file: go.mod
       - name: golangci-lint
         uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
         with:
diff --git a/cmd/verify_build/Dockerfile b/cmd/verify_build/Dockerfile
index d48bc155..12212b88 100644
--- a/cmd/verify_build/Dockerfile
+++ b/cmd/verify_build/Dockerfile
@@ -3,7 +3,7 @@
 # witness.
 # The default entrypoint runs a continuous monitor that attempts
 # to build all firmware artifacts committed to by a log.
-FROM golang:1.22-alpine AS builder
+FROM golang:1.23-alpine AS builder
 
 ARG GOFLAGS=""
 ENV GOFLAGS=$GOFLAGS
diff --git a/deployment/build_and_release/live/ci/terragrunt.hcl b/deployment/build_and_release/live/ci/terragrunt.hcl
index 72b411e1..4be5bd66 100644
--- a/deployment/build_and_release/live/ci/terragrunt.hcl
+++ b/deployment/build_and_release/live/ci/terragrunt.hcl
@@ -19,7 +19,7 @@ inputs = merge(
     firmware_bucket_prefix = "armored-witness-firmware-ci"
     origin_prefix = "transparency.dev/armored-witness/firmware_transparency/ci"
 
-    tamago_version = "1.22.4"
+    tamago_version = "1.23.1"
     log_public_key = "transparency.dev-aw-ftlog-ci-4+30fe79e3+AUDoas+smwQDTlYbTzbEcAW+N6WyvB/4CysMWjpnRgat"
     applet_public_key = "transparency.dev-aw-applet-ci+3ff32e2c+AV1fgxtByjXuPjPfi0/7qTbEBlPGGCyxqr6ZlppoLOz3"
     os_public_key1 = "transparency.dev-aw-os1-ci+7a0eaef3+AcsqvmrcKIbs21H2Bm2fWb6oFWn/9MmLGNc6NLJty2eQ"
diff --git a/deployment/build_and_release/live/presubmit/terragrunt.hcl b/deployment/build_and_release/live/presubmit/terragrunt.hcl
index 9c323bea..57167f66 100644
--- a/deployment/build_and_release/live/presubmit/terragrunt.hcl
+++ b/deployment/build_and_release/live/presubmit/terragrunt.hcl
@@ -13,7 +13,7 @@ inputs = merge(
     log_shard = 2
     origin_prefix = "transparency.dev/armored-witness/firmware_transparency/ci"
 
-    tamago_version = "1.22.4"
+    tamago_version = "1.23.1"
     log_public_key = "transparency.dev-aw-ftlog-ci-2+f77c6276+AZXqiaARpwF4MoNOxx46kuiIRjrML0PDTm+c7BLaAMt6"
     applet_public_key = "transparency.dev-aw-applet-ci+3ff32e2c+AV1fgxtByjXuPjPfi0/7qTbEBlPGGCyxqr6ZlppoLOz3"
     os_public_key1 = "transparency.dev-aw-os1-ci+7a0eaef3+AcsqvmrcKIbs21H2Bm2fWb6oFWn/9MmLGNc6NLJty2eQ"
diff --git a/deployment/build_and_release/live/prod/terragrunt.hcl b/deployment/build_and_release/live/prod/terragrunt.hcl
index ae6c4d13..3ed10076 100644
--- a/deployment/build_and_release/live/prod/terragrunt.hcl
+++ b/deployment/build_and_release/live/prod/terragrunt.hcl
@@ -21,7 +21,7 @@ inputs = merge(
     firmware_bucket_prefix = "armored-witness-firmware-prod"
     origin_prefix = "transparency.dev/armored-witness/firmware_transparency/prod"
     
-    tamago_version = "1.22.4"
+    tamago_version = "1.23.1"
     log_public_key = "transparency.dev-aw-ftlog-prod-1+3e6d87ee+Aa3qdhefd2cc/98jV3blslJT2L+iFR8WKHeGcgFmyjnt"
     applet_public_key = "transparency.dev-aw-applet-prod+d45f2a0d+AZSnFa8GxH+jHV6ahELk6peqVObbPKrYAdYyMjrzNF35"
     os_public_key1 = "transparency.dev-aw-os1-prod+985bdfd2+AV7mmRamQp6VC9CutzSXzqtNhYNyNmQQRcLX07F6qlC1"
diff --git a/go.mod b/go.mod
index 1b62d518..8116050e 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/transparency-dev/armored-witness
 
-go 1.22.4
+go 1.23.1
 
 require (
 	cloud.google.com/go/kms v1.20.0

From e34c6299262d31d362fb5344ee49e187cddde9dc Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Wed, 16 Oct 2024 12:04:12 +0100
Subject: [PATCH 2/3] Newer golangci-lint

---
 .github/workflows/golangci-lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index d08ab3e4..a3e83f4a 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -19,5 +19,5 @@ jobs:
         uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.55.0
+          version: v1.61.0
           args: --timeout 5m

From 650f962eafc947876d9084d11cf000e242a36552 Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Wed, 16 Oct 2024 12:06:27 +0100
Subject: [PATCH 3/3] Fix lint errors

---
 cmd/provision/main.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/provision/main.go b/cmd/provision/main.go
index 092a6d1a..868befce 100644
--- a/cmd/provision/main.go
+++ b/cmd/provision/main.go
@@ -404,7 +404,7 @@ func waitAndProvision(ctx context.Context, fw *firmwares) error {
 		if *fuse && !*runAnyway {
 			return fmt.Errorf("witness serial number %s has HAB fuse set!", s.Serial)
 		}
-		klog.Infof("⚠️ Witness serial number %s is already HAB fused", s.Serial)
+		klog.Infof("⚠️  Witness serial number %s is already HAB fused", s.Serial)
 	} else {
 		klog.Infof("✅ Witness serial number %s is not HAB fused", s.Serial)
 	}
@@ -415,14 +415,14 @@ func waitAndProvision(ctx context.Context, fw *firmwares) error {
 		if *fuse {
 			return e
 		}
-		klog.Warningf("⚠️ " + e.Error())
+		klog.Warningf("⚠️  %s", e.Error())
 	}
 	if srkEnv != *habTarget {
 		e := fmt.Errorf("witness OS reports SRK Hash (%s) for unexpected release environment %q - we're set to %q, not fusing.", s.SRKHash, srkEnv, *habTarget)
 		if *fuse {
 			return e
 		}
-		klog.Warningf("⚠️ " + e.Error())
+		klog.Warningf("⚠️  %s", e.Error())
 	}
 
 	if *fuse {
@@ -437,7 +437,7 @@ func waitAndProvision(ctx context.Context, fw *firmwares) error {
 			if !*runAnyway {
 				return err
 			}
-			klog.Warningf("⚠️ %s, continuing anyway", err.Error())
+			klog.Warningf("⚠️  %s, continuing anyway", err.Error())
 		}
 		klog.Info("✅ Fusing successful! 👌")
 		// Close dev as we'll need to re-open it below after the device has rebooted...