Merge branch 'main' into release-0.8

alex1989hu · Apr 5, 2024 · a590717 · a590717
2 parents a9091ab + 145bab9
commit a590717
Show file tree

Hide file tree

Showing 15 changed files with 62 additions and 36 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -18,16 +18,18 @@ jobs:
       uses: actions/setup-go@v5
       with:
         cache: true
-        go-version: 1.21.7
+        go-version: 1.22.2
     - name: Check project dependencies
       run: |
         rm go.sum
         go mod tidy
         git -c color.ui=always diff --exit-code go.mod go.sum
     - name: Test
       run: go test -race ./... -v -coverprofile=coverage.out
+      env:
+        GOEXPERIMENT: nocoverageredesign
     - name: Set up kubectl
-      uses: azure/setup-kubectl@v3.2
+      uses: azure/setup-kubectl@v4
       with:
         version: v1.29.0
     - name: Generate Install Manifests

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -22,7 +22,7 @@ jobs:
       uses: actions/setup-go@v5
       with:
         cache: true
-        go-version: 1.21.7
+        go-version: 1.22.2
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -31,15 +31,15 @@ jobs:
       with:
         fetch-depth: 0
     - name: Set up kubectl
-      uses: azure/setup-kubectl@v3.2
+      uses: azure/setup-kubectl@v4
       with:
         version: ${{ matrix.node }}
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3.0.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3.1.0
+      uses: docker/setup-buildx-action@v3.2.0
     - name: Build Container Image
-      uses: docker/build-push-action@v5.1.0
+      uses: docker/build-push-action@v5.3.0
       with:
         context: .
         file: ./Dockerfile
@@ -88,7 +88,7 @@ jobs:
       uses: actions/setup-go@v5
       with:
         cache: true
-        go-version: 1.21.7
+        go-version: 1.22.2
     - name: Test Approved Certificate Signing Requests
       run: go test -tags=e2e -v ./e2e
     - name: Get Application logs

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -19,7 +19,7 @@ jobs:
       uses: actions/setup-go@v5
       with:
         cache: true
-        go-version: 1.21.7
+        go-version: 1.22.2
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v4
       with:

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           cache: true
-          go-version: 1.21.7
+          go-version: 1.22.2
       - name: Install govulncheck Vulnerability Scanner
         run: go install golang.org/x/vuln/cmd/govulncheck@latest
       - name: Run govulncheck Vulnerability Scanner

diff --git a/.github/workflows/grype.yml b/.github/workflows/grype.yml
@@ -22,9 +22,9 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3.0.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3.1.0
+      uses: docker/setup-buildx-action@v3.2.0
     - name: Build Container Image
-      uses: docker/build-push-action@v5.1.0
+      uses: docker/build-push-action@v5.3.0
       with:
         context: .
         file: ./Dockerfile

diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml
@@ -35,16 +35,16 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3.0.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3.1.0
+      uses: docker/setup-buildx-action@v3.2.0
     - name: Login to Registry
-      uses: docker/login-action@v3.0.0
+      uses: docker/login-action@v3.1.0
       with:
         registry: ghcr.io
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GHCR_TOKEN }}
     - name: Build and push
       id: docker_build
-      uses: docker/build-push-action@v5.1.0
+      uses: docker/build-push-action@v5.3.0
       with:
         context: .
         file: ./Dockerfile

diff --git a/.github/workflows/nancy.yml b/.github/workflows/nancy.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21.7
+          go-version: 1.22.2
       - name: Create dependency list for Nancy
         run: go list -json -m all > go.list
       - name: Run Nancy Vulnerability Scanner

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -22,9 +22,9 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3.0.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3.1.0
+      uses: docker/setup-buildx-action@v3.2.0
     - name: Build Container Image
-      uses: docker/build-push-action@v5.1.0
+      uses: docker/build-push-action@v5.3.0
       with:
         context: .
         file: ./Dockerfile
@@ -34,7 +34,7 @@ jobs:
         push: false
         tags: ghcr.io/${{ github.repository }}:trivy
     - name: Run Trivy Vulnerability Scanner
-      uses: aquasecurity/trivy-action@0.18.0
+      uses: aquasecurity/trivy-action@0.19.0
       with:
         image-ref: ghcr.io/${{ github.repository }}:trivy
         format: sarif

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,6 +1,6 @@
 run:
   concurrency: 4
-  go: '1.21'
+  go: '1.22'
   timeout: 10m
   issues-exit-code: 1
   tests: true

diff --git a/.nancy-ignore b/.nancy-ignore
@@ -1,11 +1,11 @@
 # Skip for indirect dependency github.com/hashicorp/consul/api@v1.25.1
 CVE-2022-29153
 
-# Skip for indirect dependency golang.org/x/crypto@v0.16.0
-CVE-2023-48795
-
 # Skip for indirect dependency go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.35.0
 CVE-2023-47108
 
+# Skip for indirect dependency google.golang.org/protobuf@v1.31.0
+CVE-2024-24786
+
 # Skip for indirect dependency k8s.io/apiserver@v0.28.3
 CVE-2020-8561
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,26 @@
 
+<a name="v0.8.2"></a>
+## [v0.8.2](https://github.com/alex1989hu/kubelet-serving-cert-approver/compare/v0.8.1...v0.8.2) (2024-04-05)
+
+### Chore
+
+* upgrade go 1.22.2
+* upgrade golang.org/x/net v0.24.0
+* bump aquasecurity/trivy-action from 0.18.0 to 0.19.0
+* bump docker/build-push-action from 5.2.0 to 5.3.0
+* bump docker/setup-buildx-action from 3.1.0 to 3.2.0
+* upgrade google.golang.org/protobuf v1.33.0
+* bump docker/build-push-action from 5.1.0 to 5.2.0
+* bump docker/login-action from 3.0.0 to 3.1.0
+* upgrade golang.org/x/net v0.17.0
+* upgrade go 1.21.8
+
+### Ci
+
+* upgrade azure/setup-kubectl to 4
+* update nancy ignore
+
+
 <a name="v0.8.1"></a>
 ## [v0.8.1](https://github.com/alex1989hu/kubelet-serving-cert-approver/compare/v0.8.0...v0.8.1) (2024-03-04)
 

diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 
-FROM golang:1.21.7 as builder
+FROM golang:1.22.2 as builder
 
 # To let GitHub CI driven buildx pass build arguments
 ARG TARGETOS

diff --git a/go.mod b/go.mod
@@ -1,6 +1,8 @@
 module github.com/alex1989hu/kubelet-serving-cert-approver
 
-go 1.21
+go 1.22
+
+toolchain go1.22.2
 
 require (
 	github.com/cucumber/godog v0.14.0
@@ -74,15 +76,15 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/oauth2 v0.15.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -189,8 +189,8 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
 golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -199,10 +199,10 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -226,8 +226,8 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=