Merge pull request #17 from Conjur-Enterprise/upgrade-go-1.21

CNJR-3417: Upgrade go 1.21
cyberark · Dec 19, 2023 · bad323a · bad323a
2 parents 3704a3a + c7b574f
commit bad323a
Show file tree

Hide file tree

Showing 18 changed files with 55 additions and 45 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ jobs:
           submodules: recursive
       - uses: actions/setup-go@v3
         with:
-          go-version: '~1.19.0'
+          go-version: '~1.21.0'
       - name: Generate Version
         run: grep -m 1 -P "## \[\d+\.\d+\.\d+\] -" CHANGELOG.md | grep -o -P "\d+\.\d+\.\d+" > VERSION
       - name: go mod tidy
@@ -35,7 +35,7 @@ jobs:
           submodules: recursive
       - uses: actions/setup-go@v3
         with:
-          go-version: '~1.19.0'
+          go-version: '~1.21.0'
       - name: Generate Version
         run: grep -m 1 -P "## \[\d+\.\d+\.\d+\] -" CHANGELOG.md | grep -o -P "\d+\.\d+\.\d+" > VERSION
       - name: go mod tidy
@@ -59,10 +59,10 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      # Install go1.19
+      # Install go1.21
       - uses: actions/setup-go@v3
         with:
-          go-version: '~1.19.0'
+          go-version: '~1.21.0'
       # Get go version
       - run: go version
       # Download go modules

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,18 +6,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
-### Security
-- Updated golang.org/x/net to v0.19.0, github.com/go-sql-driver/mysql to v1.7.1, 
-  golang:1.19-buster to golang:1.21.3-bullseye, golang:1.19 to golang:1.20.10,
-  and ruby:3.0.5-slim-bullseye to ruby:3.0.6-bullseye
-
 ### Changed
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
 ## [1.7.20] - 2023-11-03
 
 ### Security
+- Upgrade to go 1.21 (CNJR-3417)
+- Updated golang.org/x/net to v0.19.0, github.com/go-sql-driver/mysql to v1.7.1, 
+  golang:1.19-buster to golang:1.21.3-bullseye, golang:1.19 to golang:1.20.10,
+  and ruby:3.0.5-slim-bullseye to ruby:3.0.6-bullseye
 - Updated golang.org/x/net to v0.17.0 to remove CVE-2023-39325 and CVE-2023-44487 (CNJR-3020)
 
 ## [1.7.19] - 2023-11-02

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -22,7 +22,7 @@ agreements.
 
 ### Go version
 
-To work in this codebase, you will want to have at least Go 1.19 installed.
+To work in this codebase, you will want to have at least Go 1.21 installed.
 
 ### Mercurial (`hg`)
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.19-buster as secretless-builder
+FROM golang:1.21-bookworm as secretless-builder
 MAINTAINER CyberArk Software Ltd.
 LABEL builder="secretless-builder"
 

diff --git a/Dockerfile.coverage b/Dockerfile.coverage
@@ -1,4 +1,4 @@
-FROM golang:1.19-buster as secretless-builder
+FROM golang:1.21-bookworm as secretless-builder
 MAINTAINER CyberArk Software Ltd.
 LABEL builder="secretless-builder"
 

diff --git a/Dockerfile.debug b/Dockerfile.debug
@@ -1,4 +1,4 @@
-FROM golang:1.19-buster as secretless-builder
+FROM golang:1.21-bookworm as secretless-builder
 MAINTAINER CyberArk Software Ltd.
 LABEL builder="secretless-builder"
 

diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -1,4 +1,4 @@
-FROM golang:1.21.3-bullseye
+FROM golang:1.21-bullseye
 MAINTAINER CyberArk Software Ltd.
 
 # On CyberArk dev laptops, golang module dependencies are downloaded with a

diff --git a/Dockerfile.test b/Dockerfile.test
@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine
+FROM golang:1.21-alpine
 MAINTAINER CyberArk Software Ltd.
 LABEL id="secretless-test-runner"
 

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -264,8 +264,12 @@ pipeline {
               if (name == "keychain") return
 
               integrationStages["Integration: ${name}"] = {
-                infrapool.agentSh "./bin/run_integration ${name}"
-                infrapool.agentStash name: 'integration-junit-report', includes: '**/test/**/junit.xml'
+                stage("${name}") {
+                    script {
+                      infrapool.agentSh "./bin/run_integration ${name}"
+                      infrapool.agentStash name: 'integration-junit-report', includes: '**/test/**/junit.xml'
+                    }
+                }
               }
             }
 

diff --git a/bin/Dockerfile.codegen b/bin/Dockerfile.codegen
@@ -1,4 +1,4 @@
-FROM golang:1.20.10
+FROM golang:1.21
 
 WORKDIR /
 

diff --git a/bin/build_release b/bin/build_release
@@ -23,24 +23,19 @@ VERSION="${VERSION/-*/}"
 # https://goreleaser.com/cookbooks/cgo-and-crosscompiling/
 GORELEASER_IMAGE="goreleaser/goreleaser-cross"
 
-# Currently there is an issue with the latest tag (v1.19.5) which
-# is breaking release builds of the Darwin ARM64 binary. For now,
-# pin to the previous tag (v1.19.4) until the issue is resolved.
-GORELEASER_LATEST_TAG="v1.19.4"
-
-# # Get the latest tag matching the GO_VERSION
-# GORELEASER_TAGS_JSON="$(curl --silent --show-error https://registry.hub.docker.com/v2/repositories/${GORELEASER_IMAGE}/tags?page_size=100)"
-# GORELEASER_LATEST_TAG="$(echo "${GORELEASER_TAGS_JSON}" | \
-#   jq \
-#     --raw-output \
-#     --arg GO_VERSION "${GO_VERSION}" \
-#     '
-#       .results |
-#       map(select(.name | contains($GO_VERSION) and (contains("-") | not))) |
-#       first |
-#       .name
-#     '
-# )"
+# Get the latest tag matching the GO_VERSION
+GORELEASER_TAGS_JSON="$(curl --silent --show-error https://registry.hub.docker.com/v2/repositories/${GORELEASER_IMAGE}/tags?page_size=100)"
+GORELEASER_LATEST_TAG="$(echo "${GORELEASER_TAGS_JSON}" | \
+  jq \
+    --raw-output \
+    --arg GO_VERSION "${GO_VERSION}" \
+    '
+      .results |
+      map(select(.name | contains($GO_VERSION) and (contains("-") | not))) |
+      first |
+      .name
+    '
+)"
 
 if [[ -z "${GORELEASER_LATEST_TAG}" ]]; then
   echo "Could not find tag for Docker image \"${GORELEASER_IMAGE}\" matching GO_VERSION=${GO_VERSION}"

diff --git a/bin/juxtaposer/Dockerfile b/bin/juxtaposer/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine as perftool-builder
+FROM golang:1.21-alpine as perftool-builder
 
 # On CyberArk dev laptops, golang module dependencies are downloaded with a
 # corporate proxy in the middle. For these connections to succeed we need to
@@ -26,7 +26,7 @@ COPY . /perftool/
 RUN go build -a -ldflags '-extldflags "-static"' -o juxtaposer ./main.go
 
 # =================== MAIN CONTAINER ===================
-FROM alpine:3.17
+FROM alpine:latest
 
 ENTRYPOINT [ "/bin/juxtaposer" ]
 

diff --git a/bin/juxtaposer/go.mod b/bin/juxtaposer/go.mod
@@ -1,6 +1,6 @@
 module github.com/cyberark/secretless-broker/bin/juxtaposer
 
-go 1.19
+go 1.21
 
 require (
 	github.com/denisenkom/go-mssqldb v0.12.3

diff --git a/go.mod b/go.mod
@@ -174,7 +174,7 @@ replace github.com/cyberark/conjur-opentelemetry-tracer => github.com/cyberark/c
 // DO NOT EDIT: CHANGES TO THE BELOW LINE WILL BREAK AUTOMATED RELEASES
 replace github.com/cyberark/summon => github.com/cyberark/summon latest
 
-go 1.19
+go 1.21
 
 // Security fixes to ensure we don't have old vulnerable packages in ou1571 0-36327r
 // dependency tree. We're often not vulnerable, but removing them to ensure

diff --git a/go.sum b/go.sum
@@ -164,10 +164,12 @@ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
+github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
@@ -207,6 +209,7 @@ github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6m
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
+github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -293,6 +296,7 @@ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLe
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -407,6 +411,7 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -975,6 +980,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=

diff --git a/test/connector/tcp/mysql/tests/ssl_test.go b/test/connector/tcp/mysql/tests/ssl_test.go
@@ -68,7 +68,7 @@ func TestSSL(t *testing.T) {
 			Definition: Definition{
 				Description: "server_tls, sslmode=verify-ca, sslrootcert=none",
 				ShouldPass:  false,
-				CmdOutput:   StringPointer("ERROR 2000 (HY000): x509: certificate signed by unknown authority"),
+				CmdOutput:   StringPointer("x509: certificate signed by unknown authority"),
 			},
 			AbstractConfiguration: AbstractConfiguration{
 				SocketType:     TCP,
@@ -203,7 +203,7 @@ func TestSSL(t *testing.T) {
 			Definition: Definition{
 				Description: "server_tls, sslmode=verify-full, sslrootcert=valid, sslkey=valid, sslcert=valid, sslhost=invalid",
 				ShouldPass:  false,
-				CmdOutput:   StringPointer("ERROR 2000 (HY000): x509: certificate is valid for localhost, mysql, pg, not invalid"),
+				CmdOutput:   StringPointer("tls: failed to verify certificate: x509: certificate is valid for localhost, mysql, pg, not invalid"),
 			},
 			AbstractConfiguration: AbstractConfiguration{
 				SocketType:       TCP,

diff --git a/test/connector/tcp/pg/tests/ssl_test.go b/test/connector/tcp/pg/tests/ssl_test.go
@@ -205,7 +205,7 @@ func TestSSL(t *testing.T) {
 			Definition: Definition{
 				Description: "server_tls, sslmode=verify-full, sslrootcert=valid, sslkey=valid, sslcert=valid, sslhost=invalid",
 				ShouldPass:  false,
-				CmdOutput:   StringPointer("psql: error: FATAL:  x509: certificate is valid for localhost, mysql, pg, not invalid"),
+				CmdOutput:   StringPointer("psql: error: FATAL:  tls: failed to verify certificate: x509: certificate is valid for localhost, mysql, pg, not invalid"),
 			},
 			AbstractConfiguration: AbstractConfiguration{
 				SocketType:       TCP,

diff --git a/test/plugin/echo/Dockerfile b/test/plugin/echo/Dockerfile
@@ -1,7 +1,13 @@
-FROM golang:1.19-alpine
+FROM golang:1.21-alpine as builder
 
 WORKDIR /go/src/echo
 
 COPY main.go /go/src/echo/
 
-ENTRYPOINT go run /go/src/echo/main.go
+RUN go build -o /go/bin/echo /go/src/echo/main.go
+
+# =================== MAIN CONTAINER ===================
+FROM scratch
+
+COPY --from=builder /go/bin/echo /go/bin/echo
+ENTRYPOINT ["/go/bin/echo"]