Merge pull request #116 from mpsonntag/versionUpgrades

Security issues fixes and github actions update
G-Node · Jan 2, 2024 · aa438d9 · aa438d9
2 parents 127e4a0 + ad09644
commit aa438d9
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 60 deletions.
diff --git a/.github/workflows/run-build-tests.yml b/.github/workflows/run-build-tests.yml
@@ -7,19 +7,19 @@ on:
   pull_request:
     branches:
       - master
-
 jobs:
+  # go vet and go fmt are mandatory.
+  # Other linters are optional but should dispay issues.
   linters:
-    # go vet and go fmt are mandatory.
-    # Other linters are optional but should dispay issues.
     name: Linters
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Setup go 1.17
-        uses: actions/setup-go@v2
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup go 1.20
+        uses: actions/setup-go@v3
         with:
-          go-version: '1.17'
+          go-version: '1.20'
       - name: Run go vet
         run: |
           go mod download github.com/mattn/go-isatty
@@ -28,46 +28,44 @@ jobs:
         run: |
           gofmt -s -l .
           if [ "$(gofmt -l . | wc -l)" -gt 0 ]; then exit 1; fi
-      - name: Run golint
-        run: |
-          go get golang.org/x/lint/golint
-          golint ./...
+      # staticcheck and errcheck should be optional, issues should
+      # be displayed to raise awareness but not fail the build.
+      # There is an ongoing discussion whether github actions
+      # will support such a feature which it currently does not.
+      # Check https://github.com/actions/toolkit/issues/399
+      # Until further notice errcheck and temporarily staticcheck
+      # will be run but will not fail the build on error.
+      # The "Secondary linter" step icon will show whether errcheck
+      # or staticcheck were successful or not.
       - name: Run staticcheck
         run: |
-          go get honnef.co/go/tools/cmd/staticcheck@latest
+          go install honnef.co/go/tools/cmd/staticcheck@latest
           staticcheck ./...
+        continue-on-error: true
+      - name: staticcheck warning
+        if: steps.composer-run.outcome != 'success'
+        run: echo "- staticcheck encountered issues" >> $GITHUB_STEP_SUMMARY
       - name: Run errcheck
         run: |
-          go get github.com/kisielk/errcheck
+          go install github.com/kisielk/errcheck@latest
           errcheck ./...
         continue-on-error: true
+      - name: errcheck warning
+        if: steps.composer-run.outcome != 'success'
+        run: echo "- errcheck encountered issues" >> $GITHUB_STEP_SUMMARY
+      - name: Secondary linter success
+        if: steps.composer-run.outcome == 'success'
+        run: echo "Run successful"
 
-  build:
-    name: build
-    strategy:
-      matrix:
-        go-version: [1.14.x, 1.15.x, 1.16.x, 1.17.x]
-        platform: [ubuntu-latest]
-    runs-on: ${{ matrix.platform }}
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Run unit tests
-        run: |
-          go mod download github.com/mattn/go-isatty
-          go build ./cmd/ginvalid
   tests:
     runs-on: [ubuntu-latest]
     steps:
-      - uses: actions/checkout@v2
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup Go 1.20
+        uses: actions/setup-go@v3
         with:
-          go-version: '1.17'
+          go-version: '1.20'
       - name: Install git annex dependency
         run: |
           bash <(wget -q -O- http://neuro.debian.net/_files/neurodebian-travis.sh)
@@ -83,14 +81,31 @@ jobs:
         run: go build ./cmd/ginvalid
       - name: Run tests
         run: go test ./...
+
+  build:
+    name: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup go 1.20
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.20'
+      - name: Test build binary
+        run: |
+          go mod download github.com/mattn/go-isatty
+          go build ./cmd/ginvalid
+
   run-coverall:
     runs-on: [ubuntu-latest]
     steps:
-      - uses: actions/checkout@v3
-      - name: Use golang version 1.17
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Use golang version 1.20
         uses: actions/setup-go@v3
         with:
-          go-version: '1.17'
+          go-version: '1.20'
       - name: Install git annex dependency
         run: |
           bash <(wget -q -O- http://neuro.debian.net/_files/neurodebian-travis.sh)
@@ -101,7 +116,8 @@ jobs:
       - name: Fetch dependencies
         run: |
           go get -d ./...
-          go get github.com/mattn/goveralls
+      - name: Install goveralls
+        run: go install github.com/mattn/goveralls@latest
       - name: Create test coverage
         run: go test -covermode atomic -coverprofile=covprofile ./...
       - name: Send coverage

diff --git a/go.mod b/go.mod
@@ -1,21 +1,20 @@
 module github.com/G-Node/gin-valid
 
-go 1.17
+go 1.20
 
 require (
 	github.com/G-Node/gin-cli v0.0.0-20190819162807-7786caf50bbd
 	github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
+	github.com/dustin/go-humanize v1.0.0
 	github.com/gogits/go-gogs-client v0.0.0-20190710002546-4c3c18947c15
 	github.com/gogs/go-gogs-client v0.0.0-20190710002546-4c3c18947c15
-	github.com/google/uuid v1.1.1
 	github.com/gorilla/handlers v1.4.2
 	github.com/gorilla/mux v1.7.3
 	gopkg.in/yaml.v2 v2.2.8
 )
 
 require (
 	github.com/BurntSushi/toml v0.4.1 // indirect
-	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/fatih/color v1.7.0 // indirect
 	github.com/fsnotify/fsnotify v1.4.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -31,9 +30,9 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.4.0 // indirect
 	github.com/stretchr/testify v1.4.0 // indirect
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
-	golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	golang.org/x/text v0.4.0 // indirect
 )
 
 replace (

diff --git a/go.sum b/go.sum
@@ -54,8 +54,6 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/handlers v1.4.2 h1:0QniY0USkHQ1RGCLfKxeNHK9bkDHGRYGNDFBCS+YARg=
 github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
@@ -149,8 +147,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -159,7 +157,6 @@ golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -173,19 +170,14 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 h1:id054HUawV2/6IGm2IV8KZQjqtwAOo2CYlOToYqa0d0=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=