The bucket is already fully public so new releases don't need to run this command.
This will prevent significant terminal spam during the release process as there are thousands of objects in the bucket.
Signed-off-by: James Blair <mail@jamesblair.net>
to v0.0.0-20230822172742-b8732ec3820d
bump tools/mod google.golang.org/genproto/googleapis/api
to v0.0.0-20230822172742-b8732ec3820d
Use the same version across all the modules from the project.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
bump honnef.co/go/tools to v0.0.1-2019.2.3
bump gopkg.in/yaml.v2 to v2.4.0
Use the same version across all the modules from the project.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
to v0.1.11
github.com/mattn/go-isatty v0.0.12 to v0.0.14
Use the same version across all the modules from the project.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
Backport of ba4b2bffeb
Related issue: https://github.com/etcd-io/etcd/issues/18180
As tools/mod is not part of the test library's modules, the check to verify
consistent dependency versions ignored it. Explicitly get the dependencies from
this module when running verify-dep.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
Right now the basic auth tokens that are deleted after `--auth-token-ttl`
cause info-level logs to be emitted. Change this to debug. This helps with
the issue at #18244 where calling `/readyz` frequently pollutes the etcd server
logs with this log message.
Fixes#18244.
Signed-off-by: Ahmet Alp Balkan <ahmet@linkedin.com>
By running `find -exec`, an error exit code doesn't properly return the
error if there's a failure in a command executed. Use `xargs` to force
an exit with error when a command fails to run.
Signed-off-by: Ivan Valdes <ivan@vald.es>
Include conditional logic to install shellcheck with correct architecture.
This is based on commit 4f23883 and pull request #14872.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
Makefile's target `verify-dep` current behavior is to use `go list` to
check consistent dependency versions from direct dependencies. Ignoring
indirect dependencies in a multi-module project could lead to version
mismatches. If module A imports module B, module B's dependency will be
an indirect dependency in module A. Which can potentially have a version
mismatch. Therefore, use `go mod edit` with indirect dependencies, too.
So it can work with all dependencies defined in go.mod.
Fix displaying dependencies with mismatches, as the old code was
searching with grep just for the prefix, which would show other
dependencies that shared the same prefix.
Reference:
- https://github.com/etcd-io/etcd/pull/18205
Signed-off-by: Ivan Valdes <ivan@vald.es>
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/sys
Vulnerability #1: GO-2022-0493
Incorrect privilege reporting in syscall and golang.org/x/sys/unix
More info: https://pkg.go.dev/vuln/GO-2022-0493
Module: golang.org/x/sys
Found in: golang.org/x/sys@v0.0.0-20210403161142-5e06dd20ab57
Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/net
=== Symbol Results ===
Vulnerability #1: GO-2024-2687
HTTP/2 CONTINUATION flood in net/http
More info: https://pkg.go.dev/vuln/GO-2024-2687
Module: golang.org/x/net
Found in: golang.org/x/net@v0.17.0
Fixed in: golang.org/x/net@v0.23.0
Reference:
- https://github.com/etcd-io/etcd/pull/17708
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
This commit fixed the Go Vulnerability Checker CI job, which isn't
scanning for all go.mod files within the project.
Reference:
- https://github.com/etcd-io/etcd/discussions/18168
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
The service at https://beta.transparencylog.net/ has already been
shutdown on November 9th 2021 and the workflow has failed ever since.
Signed-off-by: James Blair <mail@jamesblair.net>
Allow setting AllowedCN and AllowedHostname tls fields through config file for peer transport security.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Additionally, provide ability to opt-out of the .go-version and use a
custom one via env vars: FORCE_HOST_GO and GO_VERSION.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
This commit adds a script to sync the version present in .go-version
across all go.mod files as the toolchain directive. As part of that,
this commit also modifies go.mod files that did not have synced toolchain
directives.
Additionally, this also adds a script to verify all toolchain and go
directives against the version present in .go-version as follows:
(1) The go directive <= version in .go-version
(2) The toolchain directive == version in .go-version
This script runs as part of the `make verify` target, making it run
as a presbumit by default.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
