From abdce9070127a4fc775b26714464d258a9189e51 Mon Sep 17 00:00:00 2001 From: Javier Rodriguez Date: Mon, 23 Jun 2025 12:44:46 +0200 Subject: [PATCH] chore(golang): Bump version of Golang to 1.24.4 and fix CVEs Signed-off-by: Javier Rodriguez --- .github/workflows/codeql.yml | 2 +- .github/workflows/lint.yml | 4 ++-- .github/workflows/release.yaml | 2 +- .github/workflows/test.yml | 4 ++-- app/artifact-cas/Dockerfile | 2 +- app/artifact-cas/Dockerfile.goreleaser | 2 +- app/cli/Dockerfile.goreleaser | 2 +- app/controlplane/Dockerfile | 2 +- app/controlplane/Dockerfile.goreleaser | 2 +- app/controlplane/Dockerfile.migrations | 6 +++--- common.mk | 2 +- docs/examples/ci-workflows/github.yaml | 2 +- go.mod | 2 +- 13 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index af1ea03c6..f27fa6ca2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -48,7 +48,7 @@ jobs: - name: Set up Go uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1 with: - go-version: "1.24.2" + go-version: "1.24.4" # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index bd071ebdf..7ce84c793 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,7 +26,7 @@ jobs: steps: - uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1 with: - go-version: "1.24.2" + go-version: "1.24.4" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -67,7 +67,7 @@ jobs: - uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1 with: - go-version: "1.24.2" + go-version: "1.24.4" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 10ac761c8..4faccd312 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -78,7 +78,7 @@ jobs: - name: Set up Go uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1 with: - go-version: "1.24.2" + go-version: "1.24.4" # install qemu binaries for multiarch builds (needed by goreleaser/buildx) - name: Setup qemu diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d58548b8d..5255fc12b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,7 +27,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1 with: - go-version: "1.24.2" + go-version: "1.24.4" cache: true cache-dependency-path: go.sum @@ -42,7 +42,7 @@ jobs: - name: Generate migrations if: ${{ matrix.app == 'controlplane' }} env: - ATLAS_VERSION: v0.32.0 + ATLAS_VERSION: v0.35.0 run: | wget -q https://release.ariga.io/atlas/atlas-linux-amd64-$ATLAS_VERSION -O /tmp/atlas sudo install /tmp/atlas /usr/local/bin/atlas diff --git a/app/artifact-cas/Dockerfile b/app/artifact-cas/Dockerfile index 2e988cfd9..dd490fb71 100644 --- a/app/artifact-cas/Dockerfile +++ b/app/artifact-cas/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder +FROM golang:1.24.4@sha256:be70d93633d07a2acae4ff3401672b04f23e5850b0248d65c23e30dc75dded09 AS builder # Not linked libraries since it will be injected into a scratch container ENV CGO_ENABLED=0 diff --git a/app/artifact-cas/Dockerfile.goreleaser b/app/artifact-cas/Dockerfile.goreleaser index 3c8a0d313..ba9e84804 100644 --- a/app/artifact-cas/Dockerfile.goreleaser +++ b/app/artifact-cas/Dockerfile.goreleaser @@ -1,4 +1,4 @@ -FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder +FROM golang:1.24.4@sha256:be70d93633d07a2acae4ff3401672b04f23e5850b0248d65c23e30dc75dded09 AS builder FROM scratch diff --git a/app/cli/Dockerfile.goreleaser b/app/cli/Dockerfile.goreleaser index 1e48f31dd..358281241 100644 --- a/app/cli/Dockerfile.goreleaser +++ b/app/cli/Dockerfile.goreleaser @@ -1,4 +1,4 @@ -FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder +FROM golang:1.24.4@sha256:be70d93633d07a2acae4ff3401672b04f23e5850b0248d65c23e30dc75dded09 AS builder RUN mkdir -p /.config/chainloop FROM scratch diff --git a/app/controlplane/Dockerfile b/app/controlplane/Dockerfile index 4ab38b434..4af251cae 100644 --- a/app/controlplane/Dockerfile +++ b/app/controlplane/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder +FROM golang:1.24.4@sha256:be70d93633d07a2acae4ff3401672b04f23e5850b0248d65c23e30dc75dded09 AS builder # Not linked libraries since it will be injected into a scratch container ENV CGO_ENABLED=0 diff --git a/app/controlplane/Dockerfile.goreleaser b/app/controlplane/Dockerfile.goreleaser index f70408c2c..11b1865f4 100644 --- a/app/controlplane/Dockerfile.goreleaser +++ b/app/controlplane/Dockerfile.goreleaser @@ -1,4 +1,4 @@ -FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder +FROM golang:1.24.4@sha256:be70d93633d07a2acae4ff3401672b04f23e5850b0248d65c23e30dc75dded09 AS builder FROM scratch diff --git a/app/controlplane/Dockerfile.migrations b/app/controlplane/Dockerfile.migrations index a69b1a137..6b026d00d 100644 --- a/app/controlplane/Dockerfile.migrations +++ b/app/controlplane/Dockerfile.migrations @@ -1,9 +1,9 @@ # Container image built by go-releaser that's used to run migrations against the database during deployment # See https://atlasgo.io/guides/deploying/image # from: arigaio/atlas:latest -# docker run arigaio/atlas@sha256:5b52e74c938e2e32df081be435501d0de8f7a019840d7cc844997e6af0061bc1 version -# atlas version v0.32.1-819f32c-canary -FROM arigaio/atlas@sha256:5b52e74c938e2e32df081be435501d0de8f7a019840d7cc844997e6af0061bc1 as base +# docker run arigaio/atlas@sha256:16739cffc8d44d04e76f58842dc12835e183fe7164d0ae55544fc8bc9fbb1e33 version +# atlas version v0.35.0 +FROM arigaio/atlas@sha256:16739cffc8d44d04e76f58842dc12835e183fe7164d0ae55544fc8bc9fbb1e33 as base FROM scratch # Update permissions to make it readable by the user diff --git a/common.mk b/common.mk index 779814809..809ff6cd9 100644 --- a/common.mk +++ b/common.mk @@ -7,7 +7,7 @@ init: init-api-tools go install github.com/vektra/mockery/v2@v2.53.4 # using binary release for atlas, since ent schema handler is not included # in the community version anymore https://github.com/ariga/atlas/issues/2388#issuecomment-1864287189 - curl -sSf https://atlasgo.sh | ATLAS_VERSION=v0.32.0 sh -s -- -y + curl -sSf https://atlasgo.sh | ATLAS_VERSION=v0.35.0 sh -s -- -y # initialize API tooling .PHONY: init-api-tools diff --git a/docs/examples/ci-workflows/github.yaml b/docs/examples/ci-workflows/github.yaml index 2dbf0a647..a6837a6c1 100644 --- a/docs/examples/ci-workflows/github.yaml +++ b/docs/examples/ci-workflows/github.yaml @@ -41,7 +41,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.24.2" + go-version: "1.24.4" # Generate SBOM using syft in cycloneDX format - uses: anchore/sbom-action@v0 diff --git a/go.mod b/go.mod index 76d77c3ca..eab5b8302 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/chainloop-dev/chainloop -go 1.24.2 +go 1.24.4 require ( cloud.google.com/go/secretmanager v1.14.2