Migrate to GHA #379
Migrate to GHA #379
Conversation
dpowley
force-pushed
the
migrate-to-gha
branch
from
d1f2898 to
b279273
Compare
|
Just to be clear, we will disable the CircleCI pipeline after this PR is merged? 🤔 |
|
Yes, that's the intention! We are fully migrating this repo to GHA as part of our efforts to move away from CircleCI. @picatz |
|
I'm going to defer to @dpowley for the first two comments on the s3 tests? |
|
Importantly, there's the v2 branch of this repository that is used and maintained by @hashicorp/packer. We need to ensure they're also migrated to GHA. |
Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
|
@samsalisbury @picatz -- Could I please I get a re-review on this PR? The cache tests have been fixed -- @nywilken Would it be ok if we migrated v2 to GHA? |
|
Thanks for the ping @claire-labry. The test cases in V2 are slightly different as the Getters now expect a Request type with the URL and destination. But I don't expect it to be a heavy lift as most tests are the same with the difference on how the URL is passed in. That said, how do you want to proceed in migrating V2 to GHA? Are you okay with open the initial branch to add the actions that we can work together to address the failing tests. I've blocked some time to work on the Go-Getter PRs today at 3:45pm EST (my time). My only hesitation on adding the actions without your help would be that I don't have access to the appropriate accounts to test/debug. To help with the initial commit of the action we can start with go-version testing for 1.17 and in #381 we can add 1.18 and 1.19 versions to the test matrix. There is a panic that gets fixed for 1.18 in #381. So the test will failed until that is merged. But I would rather get the testing in and green on 381 before merging. LMK. |
|
@picatz would you be able to re-review this PR as I've added several things since your last review: this commit here -- we need to allow the file to be transported globally due to the CVE linked in the comment link to failure that led us to this fix. I also added comments (47ecbb0) to the GCS and S3 tests for external contributors on how they are able to run these tests. Once I have your final review and approval, I will merge this in. |
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
…ecurity] (#61) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/hashicorp/go-getter](https://togithub.com/hashicorp/go-getter) | `v1.6.2` -> `v1.7.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-0475](https://nvd.nist.gov/vuln/detail/CVE-2023-0475) HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. --- ### Release Notes <details> <summary>hashicorp/go-getter (github.com/hashicorp/go-getter)</summary> ### [`v1.7.0`](https://togithub.com/hashicorp/go-getter/releases/tag/v1.7.0) [Compare Source](https://togithub.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0) #### What's Changed - docs: provide logging recommendations by [@​mickael-hc](https://togithub.com/mickael-hc) in [https://github.com/hashicorp/go-getter/pull/371](https://togithub.com/hashicorp/go-getter/pull/371) - Update aws sdk version by [@​Jukie](https://togithub.com/Jukie) in [https://github.com/hashicorp/go-getter/pull/384](https://togithub.com/hashicorp/go-getter/pull/384) - Update S3 URL in README by [@​twelvelabs](https://togithub.com/twelvelabs) in [https://github.com/hashicorp/go-getter/pull/378](https://togithub.com/hashicorp/go-getter/pull/378) - Migrate to GHA by [@​claire-labry](https://togithub.com/claire-labry) in [https://github.com/hashicorp/go-getter/pull/379](https://togithub.com/hashicorp/go-getter/pull/379) - \[COMPLIANCE] Update MPL 2.0 LICENSE by [@​hashicorp-copywrite](https://togithub.com/hashicorp-copywrite) in [https://github.com/hashicorp/go-getter/pull/386](https://togithub.com/hashicorp/go-getter/pull/386) - remove codesign entirely from go-getter by [@​claire-labry](https://togithub.com/claire-labry) in [https://github.com/hashicorp/go-getter/pull/408](https://togithub.com/hashicorp/go-getter/pull/408) - Add decompression bomb mitigation options for v1 by [@​picatz](https://togithub.com/picatz) in [https://github.com/hashicorp/go-getter/pull/412](https://togithub.com/hashicorp/go-getter/pull/412) - v1: decompressors: add LimitedDecompressors helper by [@​shoenig](https://togithub.com/shoenig) in [https://github.com/hashicorp/go-getter/pull/413](https://togithub.com/hashicorp/go-getter/pull/413) #### New Contributors - [@​mickael-hc](https://togithub.com/mickael-hc) made their first contribution in [https://github.com/hashicorp/go-getter/pull/371](https://togithub.com/hashicorp/go-getter/pull/371) - [@​Jukie](https://togithub.com/Jukie) made their first contribution in [https://github.com/hashicorp/go-getter/pull/384](https://togithub.com/hashicorp/go-getter/pull/384) - [@​twelvelabs](https://togithub.com/twelvelabs) made their first contribution in [https://github.com/hashicorp/go-getter/pull/378](https://togithub.com/hashicorp/go-getter/pull/378) - [@​hashicorp-copywrite](https://togithub.com/hashicorp-copywrite) made their first contribution in [https://github.com/hashicorp/go-getter/pull/386](https://togithub.com/hashicorp/go-getter/pull/386) **Full Changelog**: hashicorp/go-getter@v1.6.2...v1.7.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/DelineaXPM/terraform-provider-dsv). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEzNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
This PR officially migrates
go-getterto GHA from CircleCI. It's intention is to work the same as the CircleCI tests but in GHA format.Note: After working on updating the AWS/GCP tests, it was concluded that the older go versions (1.14.15 and 1.15.3) were blocking the GCP tests from passing. The issue was that go1.17 is required for the dependent GCS libraries and we concluded that the removal of the older go versions was the logical path to move forward.