dependabot[bot]
365a3cc7d1
build(deps): bump actions/setup-go from 4.1.0 to 5.0.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-11 17:06:02 +00:00
Benjamin Wang
033c3f3d94
get golangci-lint's version from tools/mod for the Makefile target install-golangci-lint
...
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
2023-11-16 14:12:58 +00:00
Benjamin Wang
c30d5c3f44
get golangci-lint't version from tools/mod for golangci/golangci-lint-action
...
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
2023-11-16 13:45:31 +00:00
Mofi Rahman
ef8a087793
github workflow: update golangci-lint to 1.55.2
...
fixes : #16897
update golangci-lint version to the latest to keep the codebase linting up to date
Signed-off-by: Mofi Rahman <mofi@google.com>
2023-11-09 10:29:49 -06:00
dependabot[bot]
297973f1f9
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-23 17:52:59 +00:00
Wei Fu
81fe610bd5
*: enable markdown_marker checker
...
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2023-10-13 14:00:25 +08:00
Wei Fu
0ece40453a
.github: ensure there is no change after make-fix
...
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2023-09-30 17:38:00 +08:00
dependabot[bot]
a895710756
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 17:48:06 +00:00
dependabot[bot]
0f1de81229
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-04 17:12:38 +00:00
dependabot[bot]
2ec87000c3
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-28 17:25:19 +00:00
dependabot[bot]
3be86903ab
build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](639cd343e1...3a91952989
2023-08-21 17:35:47 +00:00
dependabot[bot]
a464e9aebb
build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11
2023-08-14 17:29:06 +00:00
iuriatan
b424e60289
Update protoc from 3.14.0 to 3.20.3
...
Signed-off-by: iuriatan <iuriatan@gmail.com>
2023-07-14 16:46:26 -03:00
iuriatan
b798aae9c5
Update golangci-lint from 1.49.0 to 1.53.3
...
Signed-off-by: iuriatan <iuriatan@gmail.com>
2023-07-14 16:46:26 -03:00
Benjamin Wang
7444985cab
Merge pull request #16062 from etcd-io/dependabot/github_actions/actions/checkout-3.5.3
...
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
2023-06-13 05:52:27 +08:00
dependabot[bot]
cdff0b3a31
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 17:59:49 +00:00
dependabot[bot]
09921806af
build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](5f1fec7010...639cd343e1
2023-06-12 17:59:42 +00:00
Marek Siarkowicz
eb56d86e40
.github/workflows: Read .go-version as a step and not separate workflow
...
Signed-off-by: Marek Siarkowicz <serathius@users.noreply.github.com>
2023-06-09 20:54:46 +02:00
Jintao Zhang
0f32b588be
ci: move .golangci.yaml to tools dir
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2023-06-06 19:08:31 +08:00
dependabot[bot]
caf9a0dadd
build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](08e2f20817...5f1fec7010
2023-06-05 17:59:34 +00:00
dependabot[bot]
42e2c9d4c9
build(deps): bump arduino/setup-protoc from 1.2.0 to 1.3.0
...
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](4b3578161e...149f6c87b9
2023-05-29 18:00:17 +00:00
Jintao Zhang
b0b922cd71
ci: Introduce yamllint for actions workflow files
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2023-05-26 16:34:23 +08:00
dependabot[bot]
820bcddc6d
build(deps): bump arduino/setup-protoc from 1.1.2 to 1.2.0
...
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](64c0c85d18...4b3578161e
2023-05-22 18:00:38 +00:00
dependabot[bot]
29f9d06527
build(deps): bump actions/setup-go from 4.0.0 to 4.0.1
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667
2023-05-15 18:00:00 +00:00
Juan
0df7c48ddd
Centralizing workflow go-version variable
...
Signed-off-by: Juan <1766933+judavi@users.noreply.github.com>
2023-04-20 11:42:28 +00:00
dependabot[bot]
b1e14c7d0a
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...8e5e7e5ab8
2023-04-17 18:01:42 +00:00
Benjamin Wang
2d0d3c3fdf
security: bump go to 1.19.8 to fix four CVEs
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-06 13:38:58 +08:00
dependabot[bot]
5f6dab4149
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](24cb908017...8f4b7f8486
2023-03-24 10:36:27 +00:00
Benjamin Wang
08471cddfd
Merge pull request #15519 from fuweid/remove-tee-in-ci
...
chore: introduce strict bash mode for scripts,.github
2023-03-23 06:28:02 +08:00
Wei Fu
1fcb782780
chore: introduce strict bash mode for scripts,.github
...
REF: #15514
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2023-03-22 18:00:41 +08:00
dependabot[bot]
64319cf9b7
build(deps): bump actions/setup-go from 3.5.0 to 4.0.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
2023-03-21 00:33:10 +00:00
dependabot[bot]
dd6fa9fd10
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
2023-03-20 18:06:19 +00:00
James Blair
5b3497555f
Updated go to 1.19.7.
...
Mitigates CVE-2023-24532.
Signed-off-by: James Blair <mail@jamesblair.net>
2023-03-08 21:39:31 +13:00
James Blair
ee6781bf6f
Bump to go 1.19.6
...
go 1.19.6 (released 2023-02-14) includes important security and bug fixes.
Signed-off-by: James Blair <mail@jamesblair.net>
2023-02-16 17:12:59 +08:00
dependabot[bot]
54bd81815d
build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](0ad9a0988b...08e2f20817
2023-01-24 08:10:43 +08:00
yanggang
ebf1e3bb1a
Bump go to 1.19.5
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-11 14:42:31 +08:00
dependabot[bot]
9f93448500
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-09 17:12:51 +00:00
Benjamin Wang
a60db1192d
Added 'secrets.GITHUB_TOKEN' for the static-analysis workflow
...
Refer to: https://github.com/arduino/setup-protoc/issues/63
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-28 15:43:44 +08:00
dependabot[bot]
a59276c171
build(deps): bump actions/setup-go from 2.2.0 to 3.5.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...6edd4406fa
2022-12-14 08:59:29 +08:00
Benjamin Wang
e103e2c18c
Merge pull request #14946 from etcd-io/dependabot/github_actions/actions/checkout-3.2.0
...
build(deps): bump actions/checkout from 2.5.0 to 3.2.0
2022-12-13 14:29:41 +08:00
dependabot[bot]
ffd26d6a0a
build(deps): bump actions/checkout from 2.5.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.5.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2.5.0...755da8c3cf115ac066823e79a1e1788f8940201b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-13 03:36:57 +00:00
dependabot[bot]
0fabbebeaa
build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](07db5389c9...0ad9a0988b
2022-12-13 03:36:49 +00:00
Benjamin Wang
bf5c094f3c
secure the github workflow
...
https://app.stepsecurity.io/secureworkflow/etcd-io/etcd/tests.yaml/main?enable=pin
1. Copy the existing yaml file and paste into the textbox,
2. Click "SECURE WORKFLOW"
3. Copy the manifest from the textbox and paste into etcd repo.
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-12 16:23:13 +08:00
Benjamin Wang
dccc21bb69
bump go 1.19.4
...
$ govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback .
Scanning for dependencies with known vulnerabilities...
Found 1 known vulnerability.
Vulnerability #1 : GO-2022-1144
An attacker can cause excessive memory growth in a Go server
accepting HTTP/2 requests. HTTP/2 server connections contain a
cache of HTTP header keys sent by the client. While the total
number of entries in this cache is capped, an attacker sending
very large keys can cause the server to allocate approximately
64 MiB per open connection.
Call stacks in your code:
tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.ConfigureServer$1
Found in: golang.org/x/net/http2@v0.2.0
Fixed in: golang.org/x/net/http2@v1.19.4
More info: https://pkg.go.dev/vuln/GO-2022-1144
Vulnerability #2 : GO-2022-1144
An attacker can cause excessive memory growth in a Go server
accepting HTTP/2 requests. HTTP/2 server connections contain a
cache of HTTP header keys sent by the client. While the total
number of entries in this cache is capped, an attacker sending
very large keys can cause the server to allocate approximately
64 MiB per open connection.
Call stacks in your code:
contrib/lock/storage/storage.go:106:28: go.etcd.io/etcd/v3/contrib/lock/storage.main calls net/http.ListenAndServe
contrib/raftexample/httpapi.go:113:31: go.etcd.io/etcd/v3/contrib/raftexample.serveHTTPKVAPI$1 calls net/http.Server.ListenAndServe
tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Serve
tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Server.Serve
Found in: net/http@go1.19.3
Fixed in: net/http@go1.19.4
More info: https://pkg.go.dev/vuln/GO-2022-1144
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-09 07:39:57 +08:00
Joyce Brum
4bcf401b7f
Squashed commit of the following:
...
commit 9a3bf2c0ed6e63c718789679745fdaa24a2c2ba9
Author: Joyce Brum <joycebrum@google.com>
Date: Tue Dec 6 17:59:42 2022 +0000
fix: write permissions
Signed-off-by: Joyce Brum <joycebrum@google.com>
commit 7716f3c00cd7cfe4debbbf97662b1cee7277ba00
Author: Joyce Brum <joycebrum@google.com>
Date: Tue Dec 6 17:04:19 2022 +0000
fix: typo on coverage workflow
Signed-off-by: Joyce Brum <joycebrum@google.com>
commit cb5165401392f1a2de3683ec33ffe97dc0f1fe9f
Author: Joyce Brum <joycebrum@google.com>
Date: Tue Dec 6 16:57:50 2022 +0000
feat: test coverage workflow with write permissions
Signed-off-by: Joyce Brum <joycebrum@google.com>
commit 235627f257d52139c9c73c2ca15c9ef7250cea2f
Author: Joyce Brum <joycebrum@google.com>
Date: Tue Dec 6 16:44:21 2022 +0000
fix: measure test read all and workflow dispatch
Signed-off-by: Joyce Brum <joycebrum@google.com>
commit 81b1581f19945ba5ddd7fa74661910a457af7515
Author: Joyce Brum <joycebrum@google.com>
Date: Tue Dec 6 14:50:12 2022 +0000
feat: change from content read to read all
Signed-off-by: Joyce Brum <joycebrum@google.com>
commit 95bd39f615924a9c0186e6d3e1ad6c205c7db428
Author: Joyce Brum <joycebrum@google.com>
Date: Tue Dec 6 14:45:45 2022 +0000
fix: add permission to write on e2e.yaml
Signed-off-by: Joyce Brum <joycebrum@google.com>
commit f86661da253af3908cde9f5f71311fbca6b26c81
Author: Joyce Brum <joycebrum@google.com>
Date: Mon Dec 5 17:04:44 2022 +0000
feat: use read-only by default
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
2022-12-06 18:03:50 +00:00
Benjamin Wang
94e0c2410b
bump go version to 1.19.3 to address security fixes
...
FYI. https://groups.google.com/g/golang-announce/c/dRtDK7WS78g
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-11-02 09:07:22 +08:00
spacewander
e73a25a1d0
ci: ensure the generated code is up-to-date
...
See https://github.com/etcd-io/etcd/pull/14612#issue-1419792069
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
2022-10-31 19:58:21 +08:00
vivekpatani
680310a6c9
*: bump to go1.19.2 from 1.19.1
...
- update .github workflows
- update tests
Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
2022-10-27 18:45:02 -07:00
Benjamin Wang
cb5f7276c3
Bump go 1.19: upgrade go version to 1.19.1 in the pipeline
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-09-22 08:47:46 +08:00
Marek Siarkowicz
bea478266e
makefile: Raname targets update* to fix* to distinquish from update_dep
...
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2022-09-20 13:58:17 +02:00
