Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport PR #2837 to release/v1.7 for bug fix build option for test command #2841

Merged
merged 1 commit into from
Feb 12, 2025
Merged

Backport PR #2837 to release/v1.7 for bug fix build option for test command #2841

merged 1 commit into from
Feb 12, 2025

Conversation

vdaas-ci
Copy link
Collaborator

@vdaas-ci vdaas-ci commented Feb 12, 2025
edited by coderabbitai bot
Loading

Description

SSIA

Related Issue

Versions

  • Vald Version: v1.7.16
  • Go Version: v1.23.5
  • Rust Version: v1.83.0
  • Docker Version: v27.4.0
  • Kubernetes Version: v1.32.0
  • Helm Version: v3.16.3
  • NGT Version: v2.3.5
  • Faiss Version: v1.9.0

Checklist

Special notes for your reviewer

Summary by CodeRabbit

  • Tests

    • Refined automated testing to ensure that updates to test scripts now prompt comprehensive validations.
    • Enhanced test command configurations for more consistent execution.

  • Chores

    • Upgraded the Go runtime version across the project.
    • Updated multiple dependencies to the latest versions, improving overall system compatibility and performance.

@kmrmt @vdaas-ci
bug fix build option for test command (#2837)
f869c2b 
* fix test build option

* fix

* fix

* fix
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Feb 12, 2025
edited
Loading

Deploying vald with  Cloudflare Pages  Cloudflare Pages

Latest commit: f869c2b
Status: ✅  Deploy successful!
Preview URL: https://393dcb1a.vald.pages.dev
Branch Preview URL: https://backport-release-v1-7-bugfix-15pm.vald.pages.dev

View logs

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 12, 2025
edited
Loading

📝 Walkthrough

Walkthrough

This pull request updates the continuous integration and module dependency setup. The CI workflow now triggers unit tests when changes occur in Makefile.d/test.mk. The Makefile test targets in Makefile.d/test.mk have been modified to include an additional linker flag. Multiple Go module files have been revised to update the Go version from 1.23.5 to 1.23.6 and to upgrade various dependency versions.

Changes

File(s) Summary
.github/workflows/unit-test.yaml Added the "Makefile.d/test.mk" path to the push and pull_request triggers for unit tests.
Makefile.d/test.mk Added -ldflags="-linkmode=external" to several test targets (test/cmd/gotestfmt, test/internal/gotestfmt, test/pkg/gotestfmt, test/hack/gotestfmt, test/all/gotestfmt) in the Makefile.
example/client/go.mod, example/client/go.mod.default, go.mod,
hack/go.mod.default, versions/GO_VERSION		 Updated Go version from 1.23.5 to 1.23.6 and upgraded multiple dependency versions (including direct and indirect dependencies) across various module files.

Sequence Diagram(s)

sequenceDiagram
    actor Developer
    Developer->>GitHub Actions: Push commit with changes in Makefile.d/test.mk
    GitHub Actions->>Workflow: Trigger unit test workflow (push/pull_request)
    Workflow->>Makefile: Execute test targets with added -ldflags option
    Makefile-->>Workflow: Return test results
    Workflow-->>GitHub Actions: Report job status
Loading

Possibly related PRs

Suggested labels

priority/low, type/bug, size/XXXL, area/makefile, type/ci

Suggested reviewers

  • vankichi
  • kpango

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot requested changes Feb 12, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8c1eef0 and f869c2b.

⛔ Files ignored due to path filters (2)
  • example/client/go.sum is excluded by !**/*.sum
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (7)
  • .github/workflows/unit-test.yaml (2 hunks)
  • Makefile.d/test.mk (5 hunks)
  • example/client/go.mod (2 hunks)
  • example/client/go.mod.default (1 hunks)
  • go.mod (17 hunks)
  • hack/go.mod.default (1 hunks)
  • versions/GO_VERSION (1 hunks)
✅ Files skipped from review due to trivial changes (2)
  • versions/GO_VERSION
  • example/client/go.mod.default
🔇 Additional comments (11)
Makefile.d/test.mk (1)

166-166: Verify the necessity of external linking mode.

The addition of -ldflags="-linkmode=external" to gotestfmt targets forces the linker to use external linking mode. This change might be necessary if the tests involve CGO or have specific build constraints, but it's only applied to gotestfmt targets and not to tparse targets.

Let's verify if this change is necessary and consistent:

Also applies to: 180-180, 194-194, 210-210, 229-229

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Description: Check for CGO usage and build constraints in test files

# Check for CGO usage in test files
echo "Checking for CGO usage in test files..."
rg -l 'import "C"' --type go --glob '*_test.go'

# Check for build constraints in test files
echo "Checking for build constraints in test files..."
rg -l '^// \+build' --type go --glob '*_test.go'

Length of output: 294

External Linking Flag Likely Unnecessary

Based on the searches:

  • No CGO imports (import "C") were found in any *_test.go files.
  • No build constraints (e.g., // +build …) were detected in test files.

This suggests that the tests do not rely on CGO or alternate build constraints that would necessitate external linking mode. Moreover, the flag is applied only to gotestfmt targets and omitted for tparse targets, introducing an inconsistency without a clear requirement.

It appears that the -ldflags="-linkmode=external" flag can be removed from gotestfmt targets unless there’s an undocumented dependency that specifically requires external linking.

hack/go.mod.default (2)

3-3: Verify Go version compatibility.

The Go version has been updated from 1.23.5 to 1.23.6. This appears to be a future version of Go, as the current latest stable version is 1.22.x.

❌ Incorrect review comment

🌐 Web query:

What is the latest stable version of Go?

💡 Result:

The latest stable version of Go as of February 2025 is Go 1.23, with its most recent patch being Go 1.23.6 (released February 4, 2025)[5][7]. This follows the Go team's release cadence of major versions every six months and minor patches for security/bug fixes[3][5].

Key Details:

  • Latest Major Version: Go 1.23 (released August 13, 2024)[5][6]
  • Latest Patch: Go 1.23.6 (February 4, 2025) includes security fixes for crypto/elliptic and compiler improvements[5]
  • Support Policy: Major versions receive support until two newer releases exist[5]. Since Go 1.24 is still in unstable RC status[4], Go 1.23 remains fully supported.

Recent Changes:

  • Toolchain: Automatic upgrades for dependencies via go get in Go ≥1.21[2]
  • Compatibility: Projects using Go ≥1.21 can seamlessly adopt new versions via go install[2][3]
  • Security: All supported versions (Go ≥1.22) receive backported fixes like those in Go 1.23.x[5]

For new projects, use go install golang.org/dl/go1.23@latest to get the latest stable toolchain[4].

Citations:

The Go version in hack/go.mod.default is correct.
The web query confirms that as of February 2025, the latest stable version of Go is 1.23, with 1.23.6 being the most recent patch release. Therefore, the usage of go 1.23.6 is valid and the review comment's note about it being a future version is incorrect.

Likely an incorrect or invalid review comment.

16-16: Verify specific version constraints.

Some dependencies have specific version constraints:

Let's verify these version constraints:

Also applies to: 134-134, 332-341

✅ Verification successful

🌐 Web query:

What is the latest version of cloud.google.com/go/storage?

💡 Result:

The latest version of cloud.google.com/go/storage as of February 12, 2025, is v1.50.0. This version includes new features like gRPC bi-directional multi-range reads (in private preview), support for appendable writes, and improvements to retry logic for uploads and metadata updates[1][2][5].

Key changes in recent releases include:

  • Go v1.50.0 (2025-01-09):
    • Added preview APIs for bidirectional reads/writes and accelerated stream resumption[1][2]
    • Refactored gRPC writer flow[1]
    • Bug fixes for concurrency and error handling[1]

For Java and Python clients:

  • Java v2.48.0 (2025-01-27): Added Storage#moveBlob method and OpenTelemetry tracing support[1]
  • Python v3.0.0 (2025-01-28): Major update with checksum strategy changes and removal of deprecated APIs[1]

Always verify compatibility with your project's requirements before upgrading, as major versions (like Python's 3.x) may introduce breaking changes[1][5].

Citations:

I'll now verify that the version constraints match the review comments for the remaining dependencies. First, I'll search the codebase for references to "github.com/goccy/go-json" and for Kubernetes packages pinned to "v0.32.0" to ensure that the code indeed enforces:

Let's run a shell script to search for both occurrences in the repository.

🏁 Script executed:

#!/bin/bash
# Search for the github.com/goccy/go-json version constraint in all files:
rg "github.com/goccy/go-json" -n .

# Search for Kubernetes-related packages pinned to v0.32.0
rg "v0\.32\.0" -n .

Length of output: 3313

Dependency Version Constraints Verification

  • cloud.google.com/go/storage:
    The review comment specifies a constraint at v1.47.0 due to issue #11283. The code snippet in hack/go.mod.default confirms this pinning, while the latest version (v1.50.0) is available externally. This indicates an intentional, documented dependency pin.

  • github.com/goccy/go-json:
    In hack/go.mod.default, github.com/goccy/go-json is pinned to v0.10.3 with a comment referencing issue #529. Although other parts of the repository (e.g., in example/client/go.mod) reference different versions (v0.10.5), the primary dependency in hack/go.mod.default follows the constraint.

  • Kubernetes Packages:
    All Kubernetes-related dependencies in hack/go.mod.default (lines 332–341) are consistently pinned to v0.32.0.

This verification confirms that the specific version constraints mentioned in the review comment are correctly enforced in hack/go.mod.default.

go.mod (4)

3-3: Verify Go version compatibility with the project.

The Go version has been updated from 1.23.5 to 1.23.6. This version appears to be invalid as the latest Go version is 1.22.x.

❌ Incorrect review comment

🌐 Web query:

What is the latest version of Go?

💡 Result:

The latest version of Go as of February 12, 2025 is Go 1.23.6, released on February 4, 2025[4]. This is a minor revision in the Go 1.23 series that includes security fixes to the crypto/elliptic package and bug fixes to the compiler and go command[4].

Key details about recent Go releases:

Release timeline

  • Go 1.23 (major release): First released August 13, 2024[4]
  • Go 1.22: Released February 6, 2024[4]
  • Go 1.21: Released August 8, 2023[4]

Current support status

  • The Go team maintains support for the 2 most recent major releases (currently 1.22 and 1.23)[1][4]
  • Go follows a release cycle with:
    • Major releases every 6 months
    • Minor revisions containing security/bug fixes approximately monthly

To install the latest version:

go install golang.org/dl/go1.23@latest

Developers using older versions (particularly pre-1.21) should upgrade to maintain compatibility with tooling like gopls, which now requires at least Go 1.21 for building[1].

Citations:

Go version update is correct, and the review comment is mistaken.

  • The web query confirms that Go 1.23.6 is the latest release as of February 2025.
  • The update from 1.23.5 to 1.23.6 is valid and aligns with current Go releases.

Likely an incorrect or invalid review comment.

6-15: Verify compatibility of Google Cloud dependencies.

Multiple Google Cloud dependencies have been updated:

  • cloud.google.com/go to v0.118.2
  • cloud.google.com/go/bigquery to v1.66.2
  • cloud.google.com/go/compute to v1.33.0
  • cloud.google.com/go/monitoring to v1.24.0
  • cloud.google.com/go/pubsub to v1.47.0
  • cloud.google.com/go/secretmanager to v1.14.4

Please ensure these versions are compatible with each other and with the project's requirements.

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Check for any version constraints or compatibility issues in Google Cloud dependencies
rg -A 5 "cloud\.google\.com/go" | grep -v "^replace"

Length of output: 23501

Google Cloud Dependency Versions Verified

After reviewing the go.mod updates and the related output, there’s no indication of any version conflicts or constraints violations between the updated dependencies. All updated Google Cloud modules (including cloud.google.com/go, bigquery, compute, monitoring, pubsub, and secretmanager) are referenced consistently without conflicting replacements. Note that a past runtime panic was addressed by downgrading cloud.google.com/go (as mentioned in the CHANGLOG), and the current version (v0.118.2) reflects that deliberate choice.

It appears the updates meet the project’s requirements without introducing incompatibility issues. As always, integration and runtime tests should be run to ensure full compatibility in practice.

48-68: Verify compatibility of AWS SDK dependencies.

Multiple AWS SDK dependencies have been updated to newer versions. Please ensure these versions are compatible with each other:

  • aws-sdk-go-v2 to v1.36.1
  • Various AWS service clients (s3, kms, sns, sqs, etc.) have been updated
✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Check for any version constraints or compatibility issues in AWS SDK dependencies
rg -A 5 "github\.com/aws/aws-sdk-go-v2" | grep -v "^replace"

Length of output: 10398

AWS SDK dependency versions appear to be consistent and compatible.
The go.mod file shows that all AWS SDK modules (main package and service-specific modules) have been updated deliberately and no conflicting replacements or overrides are present. The shell script output confirms that the dependencies are specified correctly without any apparent issues.

297-311: Review security implications of crypto-related updates.

Several security-sensitive packages have been updated:

  • golang.org/x/crypto to v0.33.0
  • golang.org/x/oauth2 to v0.26.0
  • golang.org/x/sys to v0.30.0

Please verify these versions for any known security vulnerabilities.

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Check for any security advisories for the updated packages
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "golang.org/x/crypto") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1705

I'll now gather additional data for the other two packages, golang.org/x/oauth2 and golang.org/x/sys, using similar queries.

🏁 Script executed:

#!/bin/bash
# Query for golang.org/x/oauth2 vulnerabilities
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "golang.org/x/oauth2") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}' && \
# Query for golang.org/x/sys vulnerabilities
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "golang.org/x/sys") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 987

Security Review: Updated Packages Confirmed Safe

  • golang.org/x/crypto (v0.33.0): The advisory for a critical vulnerability affects versions below 0.31.0. Since the update is to v0.33.0, it includes the necessary fix.
  • golang.org/x/oauth2 (v0.26.0): No security issues were found.
  • golang.org/x/sys (v0.30.0): The reported vulnerability is fixed in versions newer than the vulnerable pseudo-version. v0.30.0 is safe.
example/client/go.mod (3)

6-18: LGTM! Dependencies updated to newer versions.

All dependency version updates appear to be consistent and moving to newer versions, which is good for security and bug fixes.

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Description: Verify dependency versions are valid and check for any security advisories

# Check for security advisories for key dependencies
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "google.golang.org/protobuf") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 874

Dependency versions in go.mod verified as updated and secure.

  • The dependency google.golang.org/protobuf is at v1.36.5, which is above the patched versions (v1.33.0 and v1.29.1) addressing the reported vulnerabilities.

3-3: Verify Go version compatibility.

The Go version has been updated to 1.23.6. Please ensure this version is compatible with all dependencies and the target environment.

✅ Verification successful

🌐 Web query:

What is the latest stable version of Go?

💡 Result:

The latest stable version of Go (Golang) as of February 12, 2025 is Go 1.23.6, part of the Go 1.23 release family[6][7]. This follows the release timeline where major versions arrive every six months (e.g., Go 1.22 in February 2024 and Go 1.23 in August 2024)[6][7].

Key Details:

  • Go 1.23 introduced toolchain improvements and runtime optimizations while maintaining backward compatibility[7].
  • Patch updates like Go 1.23.x address security issues and bugs (e.g., fixes for crypto/elliptic and compiler improvements in Go 1.23.6)[6].
  • The current minor release (Go 1.23) will be supported until two newer major versions exist per Go’s support policy[6].

For developers using older versions:

  • Go 1.22 received updates until January 2025[6].
  • Go 1.21 reached end-of-life after the release of Go 1.23[6].

To verify your installed version:

go version
# Example output: go1.23.6

Always check the official download page for updates[5][6].

Citations:

Go version update verified.

The update to "go 1.23.6" in example/client/go.mod is confirmed as correct since it matches the latest stable version as of February 2025. No changes are required.

39-41: Verify indirect dependency versions are compatible.

The indirect dependencies have been updated to specific versions. Please ensure these versions are compatible with the direct dependencies.

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Description: Check for any version conflicts in dependencies

# Run go mod verify to check module consistency
go mod verify

# Check for any dependency conflicts
go mod graph | awk '{if($1!=last){print ""; last=$1}; print}' | grep -v "^$"

Length of output: 82075

Indirect dependency versions are compatible.

The output from the verification steps indicates:

  • The go mod verify command succeeded ("all modules verified").
  • The dependency graph shows that the updated indirect modules (including the separate versions for google.golang.org/genproto/googleapis/api and …/rpc) are resolved by distinct direct dependencies without conflicts.

Based on this evidence, the indirect dependency versions in example/client/go.mod are compatible with the direct dependencies.

.github/workflows/unit-test.yaml (1)

30-30: LGTM! CI trigger added for test.mk changes.

Adding Makefile.d/test.mk to the workflow triggers ensures that CI runs when test-related build options are modified, which aligns with the PR objectives for fixing the test command build option.

Also applies to: 39-39

@vdaas-ci
Copy link
Collaborator Author

[CHATOPS:HELP] ChatOps commands.

  • 🙆‍♀️ /approve - approve
  • 🍱 /format - format codes and add licenses
  • /gen-test - generate test codes
  • 🏷️ /label - add labels
  • 🔚 2️⃣ 🔚 /label actions/e2e-deploy - run E2E deploy & integration test

@vankichi vankichi merged commit 0e06925 into release/v1.7 Feb 12, 2025
193 of 194 checks passed
@vankichi vankichi deleted the backport/release/v1.7/bugfix/test/add-build-option branch February 12, 2025 03:11
This was referenced Feb 12, 2025
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vankichi vankichi vankichi approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees
No one assigned
Labels
area/makefile priority/low size/XXXL type/ci
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vdaas-ci @vankichi @kmrmt