don't pin chainguard-dev/actions

.github/workflows/boilerplate.yaml

@@ -27,7 +27,7 @@ jobs:
  - name: Check out code
  uses: actions/checkout@v4
 
- - uses: chainguard-dev/actions/boilerplate@5e21cb47971231c078a677dfe89a348371cb880c # main
+ - uses: chainguard-dev/actions/boilerplate@main
  with:
  extension: ${{ matrix.extension }}
  language: ${{ matrix.language }}

.github/workflows/build.yaml

@@ -10,16 +10,11 @@ jobs:
  name: Build
  runs-on: ubuntu-latest
 
- strategy:
- matrix:
- go-version: [1.19, 1.20]
-
  steps:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: ${{ matrix.go-version }}
- check-latest: true
+ go-version-file: go.mod
 
  - run: |
  go build ./...

.github/workflows/bump-deps.yaml

@@ -21,8 +21,7 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
 
  - run: ./hack/bump-deps.sh
  - name: Create Pull Request

.github/workflows/donotsubmit.yaml

@@ -12,4 +12,4 @@ jobs:
 
  steps:
  - uses: actions/checkout@v4
- - uses: chainguard-dev/actions/donotsubmit@5e21cb47971231c078a677dfe89a348371cb880c # main
+ - uses: chainguard-dev/actions/donotsubmit@main

.github/workflows/e2e.yaml

@@ -19,8 +19,7 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
 
  - name: crane append to an image, set the entrypoint, run it locally, roundtrip it
  shell: bash
@@ -29,6 +28,7 @@ jobs:
 
  # Setup local registry
  go run ./cmd/registry &
+ sleep 3
 
  base=alpine
  platform=linux/amd64
@@ -82,13 +82,13 @@ jobs:
  ./app/crane pull --platform=linux/arm64 --format=oci $remote $distroless
  ./app/crane push $distroless $local
  diff <(./app/crane manifest --platform linux/arm64 $remote) <(./app/crane manifest $local)
- 
+
  - name: crane pull image, and export it from stdin to filesystem tar to stdout
  shell: bash
  run: |
  set -euxo pipefail
- 
+
  ./app/crane pull ubuntu ubuntu.tar
  ./app/crane export - - < ubuntu.tar > filesystem.tar
  ls -la *.tar
- 
+

.github/workflows/ecr-auth.yaml

@@ -21,8 +21,7 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
 
  - name: Install krane
  working-directory: ./cmd/krane
@@ -61,8 +60,7 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
 
  - name: Install crane
  working-directory: ./cmd/crane

.github/workflows/ghcr-auth.yaml

@@ -17,8 +17,7 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
 
  - name: Install krane
  working-directory: ./cmd/krane
@@ -44,4 +43,4 @@ jobs:
  if [[ "$CRED1" == "$CRED2" ]] ; then
  echo "credentials are cached by infrastructure"
  fi
- 
+

.github/workflows/presubmit.yaml

@@ -29,6 +29,5 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
  - run: ./hack/presubmit.sh

.github/workflows/style.yaml

@@ -10,12 +10,11 @@ jobs:
  name: check goimports
  runs-on: ubuntu-latest
  steps:
+ - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
- - uses: actions/checkout@v4
- - uses: chainguard-dev/actions/goimports@5e21cb47971231c078a677dfe89a348371cb880c # main
+ go-version-file: go.mod
+ - uses: chainguard-dev/actions/goimports@main
 
  lint:
  name: Lint
@@ -25,12 +24,11 @@ jobs:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: 1.19
- check-latest: true
+ go-version-file: go.mod
 
  - uses: golangci/golangci-lint-action@v3.4.0
  with:
- version: v1.51.2
+ version: v1.61.0
 
  - uses: reviewdog/action-misspell@v1
  if: ${{ always() }}
@@ -40,10 +38,10 @@ jobs:
  locale: "US"
  exclude: ./vendor/*
 
- - uses: chainguard-dev/actions/trailing-space@5e21cb47971231c078a677dfe89a348371cb880c # main
+ - uses: chainguard-dev/actions/trailing-space@main
  if: ${{ always() }}
 
- - uses: chainguard-dev/actions/eof-newline@5e21cb47971231c078a677dfe89a348371cb880c # main
+ - uses: chainguard-dev/actions/eof-newline@main
  if: ${{ always() }}
 
  - uses: get-woke/woke-action-reviewdog@v0

.github/workflows/test.yaml

@@ -7,21 +7,14 @@ on:
  branches: ['main']
 
 jobs:
-
  test:
- strategy:
- matrix:
- go-version: [1.19, '1.20']
-
  name: Unit Tests
  runs-on: ubuntu-latest
-
  steps:
  - uses: actions/checkout@v4
  - uses: actions/setup-go@v5
  with:
- go-version: ${{ matrix.go-version }}
- check-latest: true
+ go-version-file: go.mod
 
  - run: go test -coverprofile=coverage.txt -covermode=atomic -race ./...
 

.golangci.yaml

@@ -1,11 +1,10 @@
 run:
  timeout: 5m
 
- skip-dirs:
+issues:
+ exclude-dirs:
  - internal
  - pkg/registry
-
-issues:
  exclude-rules:
  - path: test # Excludes /test, *_test.go etc.
  linters:
@@ -35,6 +34,8 @@ linters:
 
 linters-settings:
  depguard:
- include-go-root: true
- packages-with-error-message:
- - crypto/sha256: "use crypto.SHA256 instead"
+ rules:
+ main:
+ deny:
+ - pkg: "crypto/sha256"
+ desc: use crypto.SHA256 instead

cmd/crane/cmd/append.go

@@ -45,7 +45,7 @@ If the base image is a Windows base image (i.e., its config.OS is "windows"),
 the contents of the tarballs will be modified to be suitable for a Windows
 container image.`,
  Args: cobra.NoArgs,
- RunE: func(cmd *cobra.Command, args []string) error {
+ RunE: func(cmd *cobra.Command, _ []string) error {
  var base v1.Image
  var err error
 

cmd/crane/cmd/auth.go

@@ -211,7 +211,7 @@ func NewCmdAuthLogin(argv ...string) *cobra.Command {
  Short: "Log in to a registry",
  Example: eg,
  Args: cobra.ExactArgs(1),
- RunE: func(cmd *cobra.Command, args []string) error {
+ RunE: func(_ *cobra.Command, args []string) error {
  reg, err := name.NewRegistry(args[0])
  if err != nil {
  return err
@@ -285,7 +285,7 @@ func NewCmdAuthLogout(argv ...string) *cobra.Command {
  Short: "Log out of a registry",
  Example: eg,
  Args: cobra.ExactArgs(1),
- RunE: func(cmd *cobra.Command, args []string) error {
+ RunE: func(_ *cobra.Command, args []string) error {
  reg, err := name.NewRegistry(args[0])
  if err != nil {
  return err

cmd/crane/cmd/root.go

@@ -56,7 +56,7 @@ func New(use, short string, options []crane.Option) *cobra.Command {
  RunE: func(cmd *cobra.Command, _ []string) error { return cmd.Usage() },
  DisableAutoGenTag: true,
  SilenceUsage: true,
- PersistentPreRun: func(cmd *cobra.Command, args []string) {
+ PersistentPreRun: func(cmd *cobra.Command, _ []string) {
  options = append(options, crane.WithContext(cmd.Context()))
  // TODO(jonjohnsonjr): crane.Verbose option?
  if verbose {

cmd/crane/cmd/validate.go

@@ -33,8 +33,8 @@ func NewCmdValidate(options *[]crane.Option) *cobra.Command {
  validateCmd := &cobra.Command{
  Use: "validate",
  Short: "Validate that an image is well-formed",
- Args: cobra.ExactArgs(0),
- RunE: func(cmd *cobra.Command, args []string) error {
+ Args: cobra.NoArgs,
+ RunE: func(cmd *cobra.Command, _ []string) error {
  if tarballPath != "" {
  img, err := tarball.ImageFromPath(tarballPath, nil)
  if err != nil {

cmd/krane/go.mod

@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry/cmd/krane
 
-go 1.18
+go 1.23.0
 
 replace github.com/google/go-containerregistry => ../../
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry
 
-go 1.18
+go 1.23.0
 
 require (
  github.com/containerd/stargz-snapshotter/estargz v0.14.3

hack/presubmit.sh

@@ -26,7 +26,7 @@ export PATH="${PATH}:${TMP_DIR}/bin"
 export GOPATH="${TMP_DIR}"
 pushd ${TMP_DIR}
 trap popd EXIT
-go install honnef.co/go/tools/cmd/staticcheck@v0.3.3
+go install honnef.co/go/tools/cmd/staticcheck@latest
 popd
 
 pushd ${PROJECT_ROOT}

pkg/authn/k8schain/go.mod

@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry/pkg/authn/k8schain
 
-go 1.18
+go 1.23.0
 
 replace (
  github.com/google/go-containerregistry => ../../../