From 17abbd44eebf573084919f113ebd53ab467a5d1a Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 31 Aug 2022 09:50:39 +0200 Subject: [PATCH 1/5] upgrade to go1.19 Signed-off-by: cpanato --- .github/workflows/build.yaml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/cross.yaml | 2 +- .github/workflows/e2e-with-binary.yml | 2 +- .github/workflows/e2e_tests.yml | 2 +- .github/workflows/github-oidc.yaml | 2 +- .github/workflows/kind-verify-attestation.yaml | 2 +- .github/workflows/tests.yaml | 6 +++--- .github/workflows/verify-docgen.yaml | 2 +- go.mod | 2 +- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ed515662574..03fbea33c48 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -39,7 +39,7 @@ jobs: - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true # will use the latest release available for ko diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 52e6a3d4a67..57b4a57918e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: - name: Set correct version of Golang to use during CodeQL run uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.1.5 with: - go-version: '1.18' + go-version: '1.19' check-latest: true # Initializes the CodeQL tools for scanning. diff --git a/.github/workflows/cross.yaml b/.github/workflows/cross.yaml index 3c17f18df09..3edf467463d 100644 --- a/.github/workflows/cross.yaml +++ b/.github/workflows/cross.yaml @@ -31,7 +31,7 @@ jobs: - name: Install Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true - name: Checkout code uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 diff --git a/.github/workflows/e2e-with-binary.yml b/.github/workflows/e2e-with-binary.yml index 83eb724c859..601229c7987 100644 --- a/.github/workflows/e2e-with-binary.yml +++ b/.github/workflows/e2e-with-binary.yml @@ -41,7 +41,7 @@ jobs: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true - name: build cosign and check shell: bash diff --git a/.github/workflows/e2e_tests.yml b/.github/workflows/e2e_tests.yml index b96c999c0ae..91158bc4c97 100644 --- a/.github/workflows/e2e_tests.yml +++ b/.github/workflows/e2e_tests.yml @@ -38,7 +38,7 @@ jobs: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@877d4953d2c70a0ba7ef3290ae968eb24af233bb # v0.5.1 diff --git a/.github/workflows/github-oidc.yaml b/.github/workflows/github-oidc.yaml index 408c298a10e..ef45287c5aa 100644 --- a/.github/workflows/github-oidc.yaml +++ b/.github/workflows/github-oidc.yaml @@ -38,7 +38,7 @@ jobs: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true cache: true diff --git a/.github/workflows/kind-verify-attestation.yaml b/.github/workflows/kind-verify-attestation.yaml index 208feedfe1a..e0bc9e55e42 100644 --- a/.github/workflows/kind-verify-attestation.yaml +++ b/.github/workflows/kind-verify-attestation.yaml @@ -47,7 +47,7 @@ jobs: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true # will use the latest release available for ko diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 02fb94444d1..a07bb3895e3 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -23,7 +23,7 @@ on: permissions: read-all env: - GO_VERSION: 1.18 + GO_VERSION: 1.19 jobs: unit-tests: @@ -167,11 +167,11 @@ jobs: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: 1.18 + go-version: 1.19 check-latest: true - name: golangci-lint uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc # v3 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. - version: v1.46 + version: v1.49 args: --timeout=5m diff --git a/.github/workflows/verify-docgen.yaml b/.github/workflows/verify-docgen.yaml index a29bcd64ed1..9cfa0b1880d 100644 --- a/.github/workflows/verify-docgen.yaml +++ b/.github/workflows/verify-docgen.yaml @@ -34,6 +34,6 @@ jobs: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0 with: - go-version: '1.18' + go-version: '1.19' check-latest: true - run: ./cmd/help/verify.sh diff --git a/go.mod b/go.mod index 76f68445e1a..94a8aeb1583 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/cosign -go 1.18 +go 1.19 require ( cuelang.org/go v0.4.3 From 9c0a859b3658d065740217a12be6ccac8d287ce1 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 31 Aug 2022 09:50:58 +0200 Subject: [PATCH 2/5] bump cosign image to v1.11.1 Signed-off-by: cpanato --- .github/workflows/validate-release.yml | 2 +- release/cloudbuild.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 816e389bf91..bd27018c0a5 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -40,7 +40,7 @@ jobs: env: CROSS_BUILDER_IMAGE: ghcr.io/gythialy/golang-cross:v1.18.5-1@sha256:7dda2158ee68f0e4f53ca9bdf3971b2db01084dad4bdc775391e5f3bf40056a5 - COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.10.1@sha256:9377edd13ae515dcb97c15052e577a2cbce098f36b0361bdb2348e3bdd8fe536 + COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.11.1@sha256:f9fd5a287a67f4b955d08062a966df10f9a600b6b8583fd367bce3f1f000a429 steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 55d82817d75..38cf4806956 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -32,7 +32,7 @@ steps: echo "Checking out ${_GIT_TAG}" git checkout ${_GIT_TAG} -- name: 'gcr.io/projectsigstore/cosign:v1.10.1@sha256:9377edd13ae515dcb97c15052e577a2cbce098f36b0361bdb2348e3bdd8fe536' +- name: 'gcr.io/projectsigstore/cosign:v1.11.1@sha256:f9fd5a287a67f4b955d08062a966df10f9a600b6b8583fd367bce3f1f000a429' dir: "go/src/sigstore/cosign" env: - COSIGN_EXPERIMENTAL=true From 6ba9aabd37148077d84297052af85086fe5ffbf5 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 31 Aug 2022 10:02:04 +0200 Subject: [PATCH 3/5] update golang cross builder Signed-off-by: cpanato --- .github/workflows/validate-release.yml | 2 +- release/cloudbuild.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index bd27018c0a5..6be638615c3 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -39,7 +39,7 @@ jobs: statuses: none env: - CROSS_BUILDER_IMAGE: ghcr.io/gythialy/golang-cross:v1.18.5-1@sha256:7dda2158ee68f0e4f53ca9bdf3971b2db01084dad4bdc775391e5f3bf40056a5 + CROSS_BUILDER_IMAGE: ghcr.io/gythialy/golang-cross:v1.19.0-0@sha256:904f22549b631c34c92fa696aa39144f8b5da3ee1dff095d4e3164fd50090767 COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.11.1@sha256:f9fd5a287a67f4b955d08062a966df10f9a600b6b8583fd367bce3f1f000a429 steps: diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 38cf4806956..5941c05b7e3 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -39,10 +39,10 @@ steps: - TUF_ROOT=/tmp args: - 'verify' - - 'ghcr.io/gythialy/golang-cross:v1.18.5-1@sha256:7dda2158ee68f0e4f53ca9bdf3971b2db01084dad4bdc775391e5f3bf40056a5' + - 'ghcr.io/gythialy/golang-cross:v1.19.0-0@sha256:904f22549b631c34c92fa696aa39144f8b5da3ee1dff095d4e3164fd50090767' # maybe we can build our own image and use that to be more in a safe side -- name: ghcr.io/gythialy/golang-cross:v1.18.5-1@sha256:7dda2158ee68f0e4f53ca9bdf3971b2db01084dad4bdc775391e5f3bf40056a5 +- name: ghcr.io/gythialy/golang-cross:v1.19.0-0@sha256:904f22549b631c34c92fa696aa39144f8b5da3ee1dff095d4e3164fd50090767 entrypoint: /bin/sh dir: "go/src/sigstore/cosign" env: @@ -65,7 +65,7 @@ steps: gcloud auth configure-docker \ && make release -- name: ghcr.io/gythialy/golang-cross:v1.18.5-1@sha256:7dda2158ee68f0e4f53ca9bdf3971b2db01084dad4bdc775391e5f3bf40056a5 +- name: ghcr.io/gythialy/golang-cross:v1.19.0-0@sha256:904f22549b631c34c92fa696aa39144f8b5da3ee1dff095d4e3164fd50090767 entrypoint: 'bash' dir: "go/src/sigstore/cosign" env: From 0fd1c74362203e03b3850583109f98c67ddcf4a5 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 31 Aug 2022 10:23:27 +0200 Subject: [PATCH 4/5] fix lints Signed-off-by: cpanato --- .golangci.yml | 2 +- pkg/policy/eval.go | 4 ++-- test/cmd/getoidctoken/main.go | 10 +++++++++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 96e674052dd..d0643633741 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -16,7 +16,7 @@ linters: enable: - asciicheck - - deadcode + - unused - depguard - errcheck - errorlint diff --git a/pkg/policy/eval.go b/pkg/policy/eval.go index bc91acd1b35..72a80241f72 100644 --- a/pkg/policy/eval.go +++ b/pkg/policy/eval.go @@ -51,7 +51,7 @@ func EvaluatePolicyAgainstJSON(ctx context.Context, name, policyType string, pol } // evaluateCue evaluates a cue policy `evaluator` against `attestation` -func evaluateCue(ctx context.Context, attestation []byte, evaluator string) error { +func evaluateCue(_ context.Context, attestation []byte, evaluator string) error { log.Printf("Evaluating attestation: %s", string(attestation)) log.Printf("Evaluator: %s", evaluator) @@ -72,7 +72,7 @@ func evaluateCue(ctx context.Context, attestation []byte, evaluator string) erro } // evaluateRego evaluates a rego policy `evaluator` against `attestation` -func evaluateRego(ctx context.Context, attestation []byte, evaluator string) error { +func evaluateRego(_ context.Context, attestation []byte, evaluator string) error { log.Printf("Evaluating attestation: %s", string(attestation)) log.Printf("Evaluating evaluator: %s", evaluator) diff --git a/test/cmd/getoidctoken/main.go b/test/cmd/getoidctoken/main.go index 6a94984eac5..f9abec35ead 100644 --- a/test/cmd/getoidctoken/main.go +++ b/test/cmd/getoidctoken/main.go @@ -19,6 +19,7 @@ import ( "log" "net/http" "os" + "time" "github.com/kelseyhightower/envconfig" ) @@ -52,7 +53,14 @@ func main() { log.Fatalf("failed to process env var: %s", err) } http.HandleFunc("/", tokenWriter(env.FileName)) - if err := http.ListenAndServe(":8080", nil); err != nil { + + srv := &http.Server{ + Addr: ":8080", + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, + } + + if err := srv.ListenAndServe(); err != nil { panic(err) } } From 2523c18f87d75d9b20e6670580f1b004af5a35d6 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 31 Aug 2022 12:32:22 +0200 Subject: [PATCH 5/5] revert to go1.18 in go mod Signed-off-by: cpanato --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 94a8aeb1583..76f68445e1a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/cosign -go 1.19 +go 1.18 require ( cuelang.org/go v0.4.3