chore: update to go 1.20

Updates to Go 1.20, pull in updated versions of dependencies. This addresses some of the CVEs mentioned in #13. Updates the Dockerfile and go.yml Actions pipeline also, including updating permissions to a more limited set.
monzo · Apr 4, 2023 · 5c15038 · 5c15038
1 parent eb1500e
commit 5c15038
Show file tree

Hide file tree

Showing 68 changed files with 128 additions and 108,110 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -5,16 +5,14 @@ on:
     types: [created, edited]
 
 jobs:
-
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
-
     - name: Set up Go 1.x
       uses: actions/setup-go@v2
       with:
-        go-version: ^1.13
+        go-version: ^1.20
       id: go
 
     - name: Check out code into GOPATH
@@ -32,20 +30,32 @@ jobs:
         GOPATH: ${{ github.workspace	}}/go
       run: |
         go get -v -t -d ./...
-        if [ -f Gopkg.toml ]; then
-            curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-            ${{ github.workspace }}/go/bin/dep ensure
-        fi
 
     - name: Build
       working-directory: go/src/github.com/monzo/envoy-preflight
       env:
         GOPATH: ${{ github.workspace }}/go
       run: go build -v .
 
-    - name: Move binary
-      run: cp ${{ github.workspace }}/go/src/github.com/monzo/envoy-preflight/envoy-preflight ${{ github.workspace }}
-
+    - name: Archive binary
+      uses: actions/upload-artifact@v3
+      with:
+        name: envoy-preflight
+        path: ${{ github.workspace }}/go/src/github.com/monzo/envoy-preflight/envoy-preflight
+        retention-days: 1
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: build 
+    permissions:
+      contents: write
+    steps:
+    - name: Fetch binary
+      uses: actions/download-artifact@v3
+      with:
+        name: envoy-preflight
+
     - name: Release binary
       uses: skx/[email protected]
       env:

diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,12 @@
-FROM golang:1.13.4-alpine AS builder
+FROM golang:1.20-alpine AS builder
 
 WORKDIR /go/src/envoy-preflight
 
-RUN apk update && apk add curl
-
-RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-
 COPY . .
 
-RUN dep ensure
-
-RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' -i -o /go/bin/envoy-preflight ./main.go
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' -o /go/bin/envoy-preflight ./main.go
 
-FROM gcr.io/distroless/base-debian10
+FROM gcr.io/distroless/static-debian11
 
 COPY --from=builder /go/bin/envoy-preflight /go/bin/envoy-preflight
 

diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
diff --git a/go.mod b/go.mod
@@ -0,0 +1,21 @@
+module github.com/monzo/envoy-preflight
+
+go 1.20
+
+require (
+	github.com/cenk/backoff v2.1.1+incompatible
+	github.com/monzo/typhon v0.0.0-20190413083455-45c89a830a76
+)
+
+require (
+	github.com/cihub/seelog v0.0.0-20151216151435-d2c6e5aa9fbf // indirect
+	github.com/deckarep/golang-set v1.7.1 // indirect
+	github.com/fortytw2/leaktest v1.3.0 // indirect
+	github.com/golang/protobuf v1.3.1 // indirect
+	github.com/monzo/slog v0.0.0-20180411100359-4277a1759ecc // indirect
+	github.com/monzo/terrors v0.0.0-20181205142146-d977e210f156 // indirect
+	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
+	github.com/stretchr/testify v1.8.2 // indirect
+	golang.org/x/net v0.0.0-20190415214537-1da14a5a36f2 // indirect
+	golang.org/x/text v0.3.0 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,40 @@
+github.com/cenk/backoff v2.1.1+incompatible h1:gaShhlJc32b7ht9cwld/ti0z7tJOf69oUEA8jJNYV48=
+github.com/cenk/backoff v2.1.1+incompatible/go.mod h1:7FtoeaSnHoZnmZzz47cM35Y9nSW7tNyaidugnHTaFDE=
+github.com/cihub/seelog v0.0.0-20151216151435-d2c6e5aa9fbf h1:XI2tOTCBqEnMyN2j1yPBI07yQHeywUSCEf8YWqf0oKw=
+github.com/cihub/seelog v0.0.0-20151216151435-d2c6e5aa9fbf/go.mod h1:9d6lWj8KzO/fd/NrVaLscBKmPigpZpn5YawRPw+e3Yo=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
+github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
+github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
+github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
+github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/monzo/slog v0.0.0-20180411100359-4277a1759ecc h1:FviXsrY8aGGtUtxe9pjyb3/1u509b4Kho8sixCPRHPg=
+github.com/monzo/slog v0.0.0-20180411100359-4277a1759ecc/go.mod h1:7KWnmjGmpW4IJgH+ek3Gl+cobY59k+/F+1oW+4LS2Hw=
+github.com/monzo/terrors v0.0.0-20181205142146-d977e210f156 h1:QOnK+8ZUEPBlBzLBQ48suCYWvC+jVryJRiH/RfBW1rg=
+github.com/monzo/terrors v0.0.0-20181205142146-d977e210f156/go.mod h1:gfOuNDWYOyNdgpG0gUVODIjwDBQRXe+mPjnTybHGb5k=
+github.com/monzo/typhon v0.0.0-20190413083455-45c89a830a76 h1:nsEO/Xl50HrEHIIw8k/pIrXVdGCxVgqmdZPUo8Da+S4=
+github.com/monzo/typhon v0.0.0-20190413083455-45c89a830a76/go.mod h1:PwlvLMpr2GwvL6TJsROBExc1KTxZz2BHu4wSX7c+dyQ=
+github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d h1:VhgPp6v9qf9Agr/56bj7Y/xa04UccTW04VP0Qed4vnQ=
+github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190415214537-1da14a5a36f2 h1:iC0Y6EDq+rhnAePxGvJs2kzUAYcwESqdcGRPzEUfzTU=
+golang.org/x/net v0.0.0-20190415214537-1da14a5a36f2/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=