Upgrade golang crypt library to v0.31.0 #1337
Description
Context
According to https://github.com/stackitcloud/stackit-sdk-go/security/dependabot/77 the library golang.org/x/crypto should be upgraded. However, upgrading the libray will cause the SDK generation to fail.
Technical aspects
While the upgrade is straightforward for the CLI, the terraform provider and the Go SDK, it poses a major problem for the SDK generation:
Just upgrading the dependencies in the scripts module will cause the CI pipeline to fail with the following message:
go: version constraints conflict:
golang.org/x/crypto@v0.31.0 requires golang.org/x/tools@v0.21.1-0.20240508182429-e35e4ccd0d2d, but golang.org/x/tools@v0.13.0 is requested
golang.org/x/text@v0.21.0 requires golang.org/x/tools@v0.21.1-0.20240508182429-e35e4ccd0d2d, but golang.org/x/tools@v0.13.0 is requested
The reason is that the CI uses older go versions to assure compatibility, but the older go versions don't work with the upgraded go library.
Additionally, trying to explicitly build the scripts-module (including the linter) with older go versions to avoid the problem above will cause another build issue:
go: github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.0 (in github.com/golangci/golangci-lint@v1.62.0): go.mod:3: invalid go version '1.22.1': must match format 1.23
make: *** [Makefile:11: project-tools] Error 1
The reason for this is, that golangci cannot be build using older go versions as well.
Therefore it is necessary to find a suitable solution, that allows upgrading the library while maintaining backwards compatibility with the old Go versions.
Possible approaches
Provide binary versions of all required tools built with recent go versions to avoid the explicit compilation of the binary tools (possibly creating maintenance problems)
Use two different go versions to compile first the tooling and the actual SDK later (more complex pipeline, but should be more robust)