From 01ca961e04849e521e9489a9de63fb4b6dcf23f1 Mon Sep 17 00:00:00 2001 From: Michael Zalimeni Date: Fri, 22 Dec 2023 15:40:49 -0500 Subject: [PATCH 1/2] Upgrade Go to 1.21 --- .changelog/20062.txt | 3 +++ .github/workflows/reusable-lint.yml | 4 +++- .go-version | 2 +- .golangci.yml | 20 ++++++++----------- Makefile | 2 +- api/api_test.go | 7 +++++-- .../sidecarproxy/builder/local_app.go | 1 + 7 files changed, 22 insertions(+), 17 deletions(-) create mode 100644 .changelog/20062.txt diff --git a/.changelog/20062.txt b/.changelog/20062.txt new file mode 100644 index 000000000000..81568f397f5d --- /dev/null +++ b/.changelog/20062.txt @@ -0,0 +1,3 @@ +```release-note:improvement +Upgrade to use Go 1.21.6. +``` diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml index 2c63d841971e..b834d564918d 100644 --- a/.github/workflows/reusable-lint.yml +++ b/.github/workflows/reusable-lint.yml @@ -51,10 +51,12 @@ jobs: with: go-version: ${{ inputs.go-version }} - run: go env + - name: Set golangci-lint version + run: echo "GOLANGCI_LINT_VERSION=$(make --no-print-directory print-GOLANGCI_LINT_VERSION)" >> $GITHUB_ENV - name: lint-${{ matrix.directory }} uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: working-directory: ${{ matrix.directory }} - version: v1.51.1 + version: ${{ env.GOLANGCI_LINT_VERSION }} args: --build-tags="${{ env.GOTAGS }}" -v skip-cache: true diff --git a/.go-version b/.go-version index adcfeed91395..c262b1f0dfd4 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.20.12 \ No newline at end of file +1.21.6 diff --git a/.golangci.yml b/.golangci.yml index 0d426b34cd02..b87fa40a2e61 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -98,18 +98,14 @@ linters-settings: - google.golang.org/protobuf depguard: - list-type: denylist - include-go-root: true - # A list of packages for the list type specified. - # Default: [] - packages: - - net/rpc - # A list of packages for the list type specified. - # Specify an error message to output when a denied package is used. - # Default: [] - packages-with-error-message: - - net/rpc: "only use forked copy in github.com/hashicorp/consul-net-rpc/net/rpc" - - github.com/golang/protobuf: "only use google.golang.org/protobuf" + rules: + main: + listMode: lax + deny: + - pkg: net/rpc + desc: "only use forked copy in github.com/hashicorp/consul-net-rpc/net/rpc" + - pkg: github.com/golang/protobuf + desc: "only use google.golang.org/protobuf" run: timeout: 10m diff --git a/Makefile b/Makefile index 3f609ef962aa..75833c7d6a96 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ GO_MODULES := $(shell find . -name go.mod -exec dirname {} \; | grep -v "proto-g # These version variables can either be a valid string for "go install @" # or the string @DEV to imply use what is currently installed locally. ### -GOLANGCI_LINT_VERSION='v1.51.1' +GOLANGCI_LINT_VERSION='v1.55.2' MOCKERY_VERSION='v2.37.1' BUF_VERSION='v1.26.0' diff --git a/api/api_test.go b/api/api_test.go index d1af29fbddf7..e8a03f7218cc 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -717,8 +717,11 @@ func TestAPI_ClientTLSOptions(t *testing.T) { // Should fail _, err = client.Agent().Self() - if err == nil || !strings.Contains(err.Error(), "bad certificate") { - t.Fatal(err) + // Check for one of the possible cert error messages + // See https://cs.opensource.google/go/go/+/62a994837a57a7d0c58bb364b580a389488446c9 + if err == nil || !(strings.Contains(err.Error(), "tls: bad certificate") || + strings.Contains(err.Error(), "tls: certificate required")) { + t.Fatalf("expected tls certificate error, but got '%v'", err) } }) diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go index 871cb444bd5d..8405b639c7fa 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go @@ -138,6 +138,7 @@ func destinationRulesByPort(allPorts []string, destinationRules []*pbauth.Destin return out } +//nolint:unparam func convertDestinationRule(allPorts []string, dr *pbauth.DestinationRule) ([]string, DestinationRule) { ports := make(map[string]struct{}) if len(dr.PortNames) > 0 { From e71ae3aed88be120439ab3cdfa005e2b48ec1abf Mon Sep 17 00:00:00 2001 From: Michael Zalimeni Date: Thu, 11 Jan 2024 21:02:23 -0500 Subject: [PATCH 2/2] ci: detect Go backwards compatibility test version automatically For our submodules and other places we choose to test against previous Go versions, detect this version automatically from the current one rather than hard-coding it. --- .github/workflows/go-tests.yml | 30 +++++++++++-------- .github/workflows/reusable-get-go-version.yml | 8 +++++ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 20c4544df294..c298623144eb 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -408,9 +408,11 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-api-1-19: + go-test-api-backwards-compatibility: + name: go-test-api-${{ needs.get-go-version.outputs.go-version-previous }} needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -418,7 +420,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.19" + go-version: ${{ needs.get-go-version.outputs.go-version-previous }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -427,9 +429,10 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-api-1-20: + go-test-api: needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -437,7 +440,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.20" + go-version: ${{ needs.get-go-version.outputs.go-version }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -446,9 +449,11 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-sdk-1-19: + go-test-sdk-backwards-compatibility: + name: go-test-sdk-${{ needs.get-go-version.outputs.go-version-previous }} needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -456,7 +461,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.19" + go-version: ${{ needs.get-go-version.outputs.go-version-previous }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -465,9 +470,10 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-sdk-1-20: + go-test-sdk: needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -475,7 +481,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.20" + go-version: ${{ needs.get-go-version.outputs.go-version }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -521,10 +527,10 @@ jobs: - go-test-race - go-test-envoyextensions - go-test-troubleshoot - - go-test-api-1-19 - - go-test-api-1-20 - - go-test-sdk-1-19 - - go-test-sdk-1-20 + - go-test-api-backwards-compatibility + - go-test-api + - go-test-sdk-backwards-compatibility + - go-test-sdk - go-test-32bit # - go-test-s390x runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} diff --git a/.github/workflows/reusable-get-go-version.yml b/.github/workflows/reusable-get-go-version.yml index efd936c06c7f..ea2d6f5c8fd8 100644 --- a/.github/workflows/reusable-get-go-version.yml +++ b/.github/workflows/reusable-get-go-version.yml @@ -6,6 +6,9 @@ on: go-version: description: "The Go version detected by this workflow" value: ${{ jobs.get-go-version.outputs.go-version }} + go-version-previous: + description: "The Go version (MAJOR.MINOR) prior to the current one, used for backwards compatibility testing" + value: ${{ jobs.get-go-version.outputs.go-version-previous }} jobs: get-go-version: @@ -13,6 +16,7 @@ jobs: runs-on: ubuntu-latest outputs: go-version: ${{ steps.get-go-version.outputs.go-version }} + go-version-previous: ${{ steps.get-go-version.outputs.go-version-previous }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Determine Go version @@ -32,3 +36,7 @@ jobs: GO_VERSION=$(head -n 1 .go-version) echo "Building with Go ${GO_VERSION}" echo "go-version=${GO_VERSION}" >> $GITHUB_OUTPUT + GO_MINOR_VERSION=${GO_VERSION%.*} + GO_VERSION_PREVIOUS="${GO_MINOR_VERSION%.*}.$((${GO_MINOR_VERSION#*.}-1))" + echo "Previous version ${GO_VERSION_PREVIOUS}" + echo "go-version-previous=${GO_VERSION_PREVIOUS}" >> $GITHUB_OUTPUT