diff --git a/.github/workflows/build_daily.yaml b/.github/workflows/build_daily.yaml index 2c36d99ba16..e41edd98525 100644 --- a/.github/workflows/build_daily.yaml +++ b/.github/workflows/build_daily.yaml @@ -10,7 +10,7 @@ on: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.21.3 + GO_VERSION: 1.21.9 jobs: e2e-envoy-xds: runs-on: ubuntu-latest diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index 1310cc48c0c..06f7b00a3f2 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -15,7 +15,7 @@ on: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.21.3 + GO_VERSION: 1.21.9 jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index b679bebad46..b94b22476ef 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -11,7 +11,7 @@ on: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.21.3 + GO_VERSION: 1.21.9 jobs: lint: runs-on: ubuntu-latest @@ -24,7 +24,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.51.2 + version: v1.55.2 # TODO: re-enable linting tools package once https://github.com/projectcontour/contour/issues/5077 # is resolved args: --build-tags=e2e,conformance,gcp,oidc,none diff --git a/.golangci.yml b/.golangci.yml index c3c40bc5527..57fd4e00b0d 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -59,12 +59,12 @@ linters-settings: issues: exclude-rules: - - linters: - - unparam + - linters: ["unparam"] text: "always receives" - path: zz_generated - linters: - - goimports + linters: ["goimports"] - path: test/e2e - linters: - - bodyclose \ No newline at end of file + linters: ["bodyclose"] + - path: test/e2e + linters: ["revive"] + text: "should not use dot imports" \ No newline at end of file diff --git a/Makefile b/Makefile index 82553efa433..05da4a3330b 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ IMAGE := $(REGISTRY)/$(PROJECT) SRCDIRS := ./cmd ./internal ./apis LOCAL_BOOTSTRAP_CONFIG = localenvoyconfig.yaml SECURE_LOCAL_BOOTSTRAP_CONFIG = securelocalenvoyconfig.yaml -ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.28.1 +ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.28.2 GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{print $$2}') # Used to supply a local Envoy docker container an IP to connect to that is running @@ -44,7 +44,7 @@ endif IMAGE_PLATFORMS ?= linux/amd64,linux/arm64 # Base build image to use. -BUILD_BASE_IMAGE ?= golang:1.21.3 +BUILD_BASE_IMAGE ?= golang:1.21.9 # Enable build with CGO. BUILD_CGO_ENABLED ?= 0 diff --git a/cmd/contour/gatewayprovisioner.go b/cmd/contour/gatewayprovisioner.go index c52d3a14e5b..d5870f0f67d 100644 --- a/cmd/contour/gatewayprovisioner.go +++ b/cmd/contour/gatewayprovisioner.go @@ -36,7 +36,7 @@ func registerGatewayProvisioner(app *kingpin.Application) (*kingpin.CmdClause, * provisionerConfig := &gatewayProvisionerConfig{ contourImage: "ghcr.io/projectcontour/contour:v1.27.1", - envoyImage: "docker.io/envoyproxy/envoy:v1.28.1", + envoyImage: "docker.io/envoyproxy/envoy:v1.28.2", metricsBindAddress: ":8080", leaderElection: false, leaderElectionID: "0d879e31.projectcontour.io", diff --git a/examples/contour/03-envoy.yaml b/examples/contour/03-envoy.yaml index a2cae179a93..df34b1d3f74 100644 --- a/examples/contour/03-envoy.yaml +++ b/examples/contour/03-envoy.yaml @@ -50,7 +50,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.28.1 + image: docker.io/envoyproxy/envoy:v1.28.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/deployment/03-envoy-deployment.yaml b/examples/deployment/03-envoy-deployment.yaml index 99b676476c5..d15c17181f0 100644 --- a/examples/deployment/03-envoy-deployment.yaml +++ b/examples/deployment/03-envoy-deployment.yaml @@ -63,7 +63,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.28.1 + image: docker.io/envoyproxy/envoy:v1.28.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 8d6afba0509..dfa9c7cefb2 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -8759,7 +8759,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.28.1 + image: docker.io/envoyproxy/envoy:v1.28.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 6644311986d..060311c1c14 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -8749,7 +8749,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.28.1 + image: docker.io/envoyproxy/envoy:v1.28.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index 06b3a579f0e..37b10ae6c57 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -8746,7 +8746,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.28.1 + image: docker.io/envoyproxy/envoy:v1.28.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/hack/golangci-lint b/hack/golangci-lint index 831383c7e48..41cab2c0ee1 100755 --- a/hack/golangci-lint +++ b/hack/golangci-lint @@ -1,3 +1,3 @@ #! /usr/bin/env bash -go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2 "$@" +go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.2 "$@" diff --git a/internal/dag/policy_test.go b/internal/dag/policy_test.go index c58f49b7087..6daf9e7a969 100644 --- a/internal/dag/policy_test.go +++ b/internal/dag/policy_test.go @@ -644,6 +644,7 @@ func TestHeadersPolicy(t *testing.T) { } for name, tc := range tests { t.Run(name, func(t *testing.T) { + tc := tc got, gotErr := headersPolicyService(&tc.dhp, tc.hp, true, dynamicHeaders) if tc.wantErr { assert.Error(t, gotErr) diff --git a/internal/envoy/v3/bootstrap_test.go b/internal/envoy/v3/bootstrap_test.go index fa01f916342..5d1d89d1d89 100644 --- a/internal/envoy/v3/bootstrap_test.go +++ b/internal/envoy/v3/bootstrap_test.go @@ -2056,6 +2056,7 @@ func TestBootstrap(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { + tc := tc steps, gotError := bootstrap(&tc.config) assert.Equal(t, gotError != nil, tc.wantedError) diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go index 73403867ff9..cb9b20d7470 100644 --- a/internal/envoy/v3/listener.go +++ b/internal/envoy/v3/listener.go @@ -828,6 +828,7 @@ func FilterJWTAuth(jwtProviders []dag.JWTProvider) *http.HttpFilter { } for _, provider := range jwtProviders { + provider := provider var cacheDuration *durationpb.Duration if provider.RemoteJWKS.CacheDuration != nil { cacheDuration = durationpb.New(*provider.RemoteJWKS.CacheDuration) diff --git a/internal/featuretests/kubernetes.go b/internal/featuretests/kubernetes.go index e0ff0c8d142..5f257e80f28 100644 --- a/internal/featuretests/kubernetes.go +++ b/internal/featuretests/kubernetes.go @@ -32,7 +32,7 @@ func IngressBackend(svc *v1.Service) *networking_v1.IngressBackend { } } -// nolint:revive +// nolint:revive,gosec const ( // CERTIFICATE generated by // openssl genrsa -out example-key.pem 2048 diff --git a/internal/fixture/certificate_constants.go b/internal/fixture/certificate_constants.go index ff9bf8ecfd1..7e5f61a1c2a 100644 --- a/internal/fixture/certificate_constants.go +++ b/internal/fixture/certificate_constants.go @@ -13,7 +13,7 @@ package fixture -// nolint:revive +// nolint:revive,gosec const ( // CERTIFICATE generated by // openssl genrsa -out example-key.pem 2048 diff --git a/internal/xdscache/v3/endpointslicetranslator_test.go b/internal/xdscache/v3/endpointslicetranslator_test.go index 8eabc16ccc5..b4f399afe0d 100644 --- a/internal/xdscache/v3/endpointslicetranslator_test.go +++ b/internal/xdscache/v3/endpointslicetranslator_test.go @@ -1008,6 +1008,7 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { } for name, tc := range tests { + tc := tc t.Run(name, func(t *testing.T) { endpointSliceTranslator := NewEndpointSliceTranslator(fixture.NewTestLogger(t)) require.NoError(t, endpointSliceTranslator.cache.SetClusters([]*dag.ServiceCluster{&tc.cluster})) diff --git a/internal/xdscache/v3/endpointstranslator_test.go b/internal/xdscache/v3/endpointstranslator_test.go index c415e1b5b66..6ff9acd513a 100644 --- a/internal/xdscache/v3/endpointstranslator_test.go +++ b/internal/xdscache/v3/endpointstranslator_test.go @@ -799,8 +799,10 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { } for name, tc := range tests { + tc := tc t.Run(name, func(t *testing.T) { et := NewEndpointsTranslator(fixture.NewTestLogger(t)) + // nolint:gosec require.NoError(t, et.cache.SetClusters([]*dag.ServiceCluster{&tc.cluster})) et.OnAdd(tc.ep, false) got := et.Contents() diff --git a/internal/xdscache/v3/secret_test.go b/internal/xdscache/v3/secret_test.go index 8665446263d..1559b879ccf 100644 --- a/internal/xdscache/v3/secret_test.go +++ b/internal/xdscache/v3/secret_test.go @@ -573,7 +573,7 @@ func backend(name string, port int32) *networking_v1.IngressBackend { } } -// nolint:revive +// nolint:revive,gosec const ( // CERTIFICATE generated by // openssl genrsa -out example-key.pem 2048