Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issues fixes and github actions update #116

Merged
merged 10 commits into from
Jan 2, 2024
Merged

Security issues fixes and github actions update #116

merged 10 commits into from
Jan 2, 2024

Conversation

mpsonntag
Copy link
Collaborator

This PR handles

  • security issues in dependency libraries
  • an update of the github actions workflow

A docker container has been locally built (git annex 10) and successfully tested against a running local GIN instance (git annex 8).

Dependency library security issues

This PR updates dependencies to fix security issues in the golang.org/x/crypto, golang.org/x/sys, golang.org/x/text libraries.
Some of the library updates require and update from the used (1.15) to a newer (1.19+) version of go. Therefore the project is moved to the currently latest go version 1.20.

Github actions update

The go version change also requires github actions updates. The updates include:

  • golang verion bump to 1.20
  • github action version bump to v3: Node 14 reaches end of live; github actions v3 upgrade to node 16. For details check here.
  • golint has been frozen and deprecated and is removed from the linters job.
  • due to the upgrade in golang version multiple deprecation warnings pop up in staticcheck. Until these have been resolved, the staticcheck step is allowed to fail without failing the build.
  • the "linter" job now produces a summary to display issues identified via staticcheck or errcheck.

@mpsonntag
[gh/actions] Bump golang to version 1.20
ddda00b 
Dependency libraries contain security issues when using
go < 1.18. Therefore upgrade to the current latest go
version.
@mpsonntag
[gh/actions] Bump actions to v3
c131a7c 
Node 14 reaches end of live; github actions v3
upgrade to node 16. For details see:
https://github.com/marketplace/actions/checkout?version=v3.3.0#whats-new
@mpsonntag
[gh/actions] Remove golint
ec490d2 
golint has been frozen and deprecated. Removing it from
the linters.
@mpsonntag
[gh/actions] go install secondary linters
215d487
@mpsonntag
[gh/actions] Add job summary linter warning
b9296ad
@mpsonntag
[gh/actions] go install goveralls
1a34006
@mpsonntag
[gh/actions] Refactor binary build job
6dfa85d 
Refactor the binary build job
- run the job only after the tests have successfully passed
- remove the matrix build to reduce CI load; older go versions
  are not really relevant.
@mpsonntag
[gh/actions] Name repo checkout steps
abe90ab
@mpsonntag
[go.mod] Update go to 1.20
139a710
@mpsonntag
[go.mod] Security issue library updates
ad09644
@coveralls
Copy link

Pull Request Test Coverage Report for Build 4364593422

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 37.882%
Totals Coverage Status
Change from base Build 2761455674: 0.0%
Covered Lines: 719
Relevant Lines: 1898
💛 - Coveralls

@achilleas-k achilleas-k self-requested a review April 17, 2023 14:20
@achilleas-k achilleas-k merged commit aa438d9 into G-Node:master Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achilleas-k achilleas-k achilleas-k approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mpsonntag @coveralls @achilleas-k