fix: resolve CI failures from dependency bump

[Copilot]

Two CI failures introduced by the google.golang.org/api v0.256→v0.272 and testcontainers-go v0.40→v0.41 updates.

pkg/source/gdrive.go — deprecated Google API credential options

option.WithCredentialsFile and option.WithCredentialsJSON were deprecated in google.golang.org/api v0.272 (SA1019). Replaced with the type-explicit variants, which are appropriate here since this path exclusively handles service accounts:

// before
drive.NewService(ctx, option.WithCredentialsFile(cfg.credsPath))
drive.NewService(ctx, option.WithCredentialsJSON(b))

// after
drive.NewService(ctx, option.WithAuthCredentialsFile(option.ServiceAccount, cfg.credsPath))
drive.NewService(ctx, option.WithAuthCredentialsJSON(option.ServiceAccount, b))

e2e/e2e_test.go — spurious Docker containers in matrix probe loop

The matrix loop called srcFn(t) / storeFn(t) in the outer scope just to read Name() and Env(), unintentionally starting full Docker containers (SFTP, MinIO) for each (source, store) pair before any subtest ran. With 3 sources × 3 stores this created ~9 extra containers that lived for the duration of all parallel subtests, causing resource contention and intermittent sftp_to_local failures.

Fixed by introducing local matrixSource/matrixStore structs that carry name and env directly, so factories are only invoked inside the subtests:

sources := []matrixSource{
    {name: "local", env: Hermetic, fn: func(t *testing.T) TestSource { return newLocalSource(t) }},
}
// Docker-backed entries added without calling the factory
sources = append(sources, matrixSource{name: "sftp", env: Hermetic, fn: ...})

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• dl.min.io
  • Triggering command: /usr/bin/minio minio server /data ux-amd64/pkg/too-trimpath 4432�� g_.a olang.org/protobinternal/coverage/uleb128 ux-amd64/pkg/tool/linux_amd64/compile . es/blkiodev m ux-amd64/pkg/tool/linux_amd64/compile -I zWhcQ00Fd .cfg 0.1-go1.26.0.lin-nolocalimports --gdwarf-5 e/s2a-go/fallbac/tmp/go-build3213534583/b605/importcfg mpile 0.1-go1.26.0.lin/home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.26.0.linux-amd64/src/int--log-format (dns block)
  • Triggering command: /usr/bin/minio minio server /data ux-amd64/pkg/too-mode 4432�� g_.a 0a9d635c8e9c656e136328f67e1bc0d6c80 ux-amd64/pkg/tool/linux_amd64/compile 0576eae1247775ad6399b5f03b477ca42c4/log.json 4432744/b339/ (dns block)
  • Triggering command: /usr/bin/minio minio server /data 0.1-go1.26.0.lin-address -o (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.