Backports a657f06, 22f20a8, 497f1a4 and 3e86af6 from #18186.
Also backports required test util elements of 4c77726 from #17661.
Signed-off-by: James Blair <mail@jamesblair.net>
The bucket is already fully public so new releases don't need to run this command.
This will prevent significant terminal spam during the release process as there are thousands of objects in the bucket.
Signed-off-by: James Blair <mail@jamesblair.net>
to v0.0.0-20230822172742-b8732ec3820d
bump tools/mod google.golang.org/genproto/googleapis/api
to v0.0.0-20230822172742-b8732ec3820d
Use the same version across all the modules from the project.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
bump honnef.co/go/tools to v0.0.1-2019.2.3
bump gopkg.in/yaml.v2 to v2.4.0
Use the same version across all the modules from the project.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
to v0.1.11
github.com/mattn/go-isatty v0.0.12 to v0.0.14
Use the same version across all the modules from the project.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
Backport of ba4b2bffeb
Related issue: https://github.com/etcd-io/etcd/issues/18180
As tools/mod is not part of the test library's modules, the check to verify
consistent dependency versions ignored it. Explicitly get the dependencies from
this module when running verify-dep.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
Right now the basic auth tokens that are deleted after `--auth-token-ttl`
cause info-level logs to be emitted. Change this to debug. This helps with
the issue at #18244 where calling `/readyz` frequently pollutes the etcd server
logs with this log message.
Fixes#18244.
Signed-off-by: Ahmet Alp Balkan <ahmet@linkedin.com>
By running `find -exec`, an error exit code doesn't properly return the
error if there's a failure in a command executed. Use `xargs` to force
an exit with error when a command fails to run.
Signed-off-by: Ivan Valdes <ivan@vald.es>
Include conditional logic to install shellcheck with correct architecture.
This is based on commit 4f23883 and pull request #14872.
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
Makefile's target `verify-dep` current behavior is to use `go list` to
check consistent dependency versions from direct dependencies. Ignoring
indirect dependencies in a multi-module project could lead to version
mismatches. If module A imports module B, module B's dependency will be
an indirect dependency in module A. Which can potentially have a version
mismatch. Therefore, use `go mod edit` with indirect dependencies, too.
So it can work with all dependencies defined in go.mod.
Fix displaying dependencies with mismatches, as the old code was
searching with grep just for the prefix, which would show other
dependencies that shared the same prefix.
Reference:
- https://github.com/etcd-io/etcd/pull/18205
Signed-off-by: Ivan Valdes <ivan@vald.es>
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/sys
Vulnerability #1: GO-2022-0493
Incorrect privilege reporting in syscall and golang.org/x/sys/unix
More info: https://pkg.go.dev/vuln/GO-2022-0493
Module: golang.org/x/sys
Found in: golang.org/x/sys@v0.0.0-20210403161142-5e06dd20ab57
Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/net
=== Symbol Results ===
Vulnerability #1: GO-2024-2687
HTTP/2 CONTINUATION flood in net/http
More info: https://pkg.go.dev/vuln/GO-2024-2687
Module: golang.org/x/net
Found in: golang.org/x/net@v0.17.0
Fixed in: golang.org/x/net@v0.23.0
Reference:
- https://github.com/etcd-io/etcd/pull/17708
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
This commit fixed the Go Vulnerability Checker CI job, which isn't
scanning for all go.mod files within the project.
Reference:
- https://github.com/etcd-io/etcd/discussions/18168
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
