From f4db4547700926cdac7b7e79fe4441c8a15f89b8 Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Wed, 10 Apr 2024 13:15:52 -0300 Subject: [PATCH] Upgrade golang to 1.22.2 and update changelog (#181) * Upgrade golang to 1.22.2 * Upgrade golangci lint to 1.57.2 * Update CHANGELOG for 0.2.6 * Upgrade version Signed-off-by: Marcos Yacob --- .github/workflows/pr_build.yaml | 2 +- .github/workflows/release_build.yaml | 2 +- .golangci.yml | 3 ++- CHANGELOG.md | 6 ++++++ Dockerfile | 2 +- Makefile | 2 +- example/config/spiffe-csi-driver.yaml | 2 +- example/workload/Dockerfile | 2 +- example/workload/go.mod | 2 +- go.mod | 2 +- internal/version/VERSION | 2 +- pkg/driver/driver.go | 16 ++++++++-------- pkg/driver/driver_test.go | 4 ++-- pkg/mount/mount_other.go | 10 +++------- test/workload/Dockerfile | 2 +- test/workload/go.mod | 2 +- 16 files changed, 32 insertions(+), 29 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 1eee90e..59c6a31 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -16,7 +16,7 @@ jobs: - name: Setup go uses: actions/setup-go@v5 with: - go-version: 1.20.1 + go-version: 1.22.2 - name: Lint run: make lint - name: Test diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index a1f6784..bb5574e 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -17,7 +17,7 @@ jobs: - name: Setup go uses: actions/setup-go@v5 with: - go-version: 1.20.1 + go-version: 1.22.2 - name: Lint run: make lint - name: Test diff --git a/.golangci.yml b/.golangci.yml index 9305742..3dc6788 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -5,12 +5,12 @@ run: linters: enable: - bodyclose - - depguard - durationcheck - errorlint - goimports - revive - gosec + - nakedret - misspell - nolintlint - nakedret @@ -18,6 +18,7 @@ linters: - unparam - whitespace - gocritic + - nolintlint linters-settings: revive: diff --git a/CHANGELOG.md b/CHANGELOG.md index 765628b..d27e522 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [0.2.6] - 2024-04-10 + +### Security + +- Updated Golang to 1.22.2 and google.golang.org/grpc to v1.63.2 in order to address CVE-2023-45288 (#181) + ## [0.2.5] - 2024-01-23 ### Fixed diff --git a/Dockerfile b/Dockerfile index 3410943..fadb3d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the SPIFFE CSI Driver binary -FROM --platform=${BUILDPLATFORM} golang:1.21.6-alpine AS base +FROM --platform=${BUILDPLATFORM} golang:1.22.2-alpine AS base ARG GIT_TAG ARG GIT_COMMIT ARG GIT_DIRTY diff --git a/Makefile b/Makefile index 0941cfd..e469239 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,7 @@ PLATFORMS ?= linux/amd64,linux/arm64 build_dir := $(DIR)/.build/$(os1)-$(arch1) -golangci_lint_version = v1.51.2 +golangci_lint_version = v1.57.2 golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version) golangci_lint_bin = $(golangci_lint_dir)/golangci-lint golangci_lint_cache = $(golangci_lint_dir)/cache diff --git a/example/config/spiffe-csi-driver.yaml b/example/config/spiffe-csi-driver.yaml index 2d30e7e..01dd7b4 100644 --- a/example/config/spiffe-csi-driver.yaml +++ b/example/config/spiffe-csi-driver.yaml @@ -29,7 +29,7 @@ spec: containers: # This is the container which runs the SPIFFE CSI driver. - name: spiffe-csi-driver - image: ghcr.io/spiffe/spiffe-csi-driver:0.2.5 + image: ghcr.io/spiffe/spiffe-csi-driver:0.2.6 imagePullPolicy: IfNotPresent args: [ "-workload-api-socket-dir", "/spire-agent-socket", diff --git a/example/workload/Dockerfile b/example/workload/Dockerfile index d425016..c7c9b7f 100644 --- a/example/workload/Dockerfile +++ b/example/workload/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-alpine +FROM golang:1.22-alpine WORKDIR /app diff --git a/example/workload/go.mod b/example/workload/go.mod index c87b5f6..d475157 100644 --- a/example/workload/go.mod +++ b/example/workload/go.mod @@ -1,6 +1,6 @@ module workload -go 1.21 +go 1.22 require github.com/spiffe/go-spiffe/v2 v2.1.7 diff --git a/go.mod b/go.mod index ba8e5be..e7cefe3 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/spiffe/spiffe-csi -go 1.21 +go 1.22 require ( github.com/container-storage-interface/spec v1.9.0 diff --git a/internal/version/VERSION b/internal/version/VERSION index 3a4036f..53a75d6 100644 --- a/internal/version/VERSION +++ b/internal/version/VERSION @@ -1 +1 @@ -0.2.5 +0.2.6 diff --git a/pkg/driver/driver.go b/pkg/driver/driver.go index ba73e12..1f9ae44 100644 --- a/pkg/driver/driver.go +++ b/pkg/driver/driver.go @@ -61,19 +61,19 @@ func New(config Config) (*Driver, error) { // Identity Server ///////////////////////////////////////////////////////////////////////////// -func (d *Driver) GetPluginInfo(ctx context.Context, req *csi.GetPluginInfoRequest) (*csi.GetPluginInfoResponse, error) { +func (d *Driver) GetPluginInfo(context.Context, *csi.GetPluginInfoRequest) (*csi.GetPluginInfoResponse, error) { return &csi.GetPluginInfoResponse{ Name: d.pluginName, VendorVersion: version.Version(), }, nil } -func (d *Driver) GetPluginCapabilities(ctx context.Context, req *csi.GetPluginCapabilitiesRequest) (*csi.GetPluginCapabilitiesResponse, error) { +func (d *Driver) GetPluginCapabilities(context.Context, *csi.GetPluginCapabilitiesRequest) (*csi.GetPluginCapabilitiesResponse, error) { // Only the Node server is implemented. No other capabilities are available. return &csi.GetPluginCapabilitiesResponse{}, nil } -func (d *Driver) Probe(ctx context.Context, req *csi.ProbeRequest) (*csi.ProbeResponse, error) { +func (d *Driver) Probe(context.Context, *csi.ProbeRequest) (*csi.ProbeResponse, error) { return &csi.ProbeResponse{}, nil } @@ -81,7 +81,7 @@ func (d *Driver) Probe(ctx context.Context, req *csi.ProbeRequest) (*csi.ProbeRe // Node Server implementation ///////////////////////////////////////////////////////////////////////////// -func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolumeRequest) (_ *csi.NodePublishVolumeResponse, err error) { +func (d *Driver) NodePublishVolume(_ context.Context, req *csi.NodePublishVolumeRequest) (_ *csi.NodePublishVolumeResponse, err error) { ephemeralMode := req.GetVolumeContext()["csi.storage.k8s.io/ephemeral"] log := d.log.WithValues( @@ -139,7 +139,7 @@ func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu return &csi.NodePublishVolumeResponse{}, nil } -func (d *Driver) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpublishVolumeRequest) (_ *csi.NodeUnpublishVolumeResponse, err error) { +func (d *Driver) NodeUnpublishVolume(_ context.Context, req *csi.NodeUnpublishVolumeRequest) (_ *csi.NodeUnpublishVolumeResponse, err error) { log := d.log.WithValues( logkeys.VolumeID, req.VolumeId, logkeys.TargetPath, req.TargetPath, @@ -178,7 +178,7 @@ func (d *Driver) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpublish return &csi.NodeUnpublishVolumeResponse{}, nil } -func (d *Driver) NodeGetCapabilities(ctx context.Context, req *csi.NodeGetCapabilitiesRequest) (*csi.NodeGetCapabilitiesResponse, error) { +func (d *Driver) NodeGetCapabilities(context.Context, *csi.NodeGetCapabilitiesRequest) (*csi.NodeGetCapabilitiesResponse, error) { return &csi.NodeGetCapabilitiesResponse{ Capabilities: []*csi.NodeServiceCapability{ { @@ -199,14 +199,14 @@ func (d *Driver) NodeGetCapabilities(ctx context.Context, req *csi.NodeGetCapabi }, nil } -func (d *Driver) NodeGetInfo(ctx context.Context, req *csi.NodeGetInfoRequest) (*csi.NodeGetInfoResponse, error) { +func (d *Driver) NodeGetInfo(context.Context, *csi.NodeGetInfoRequest) (*csi.NodeGetInfoResponse, error) { return &csi.NodeGetInfoResponse{ NodeId: d.nodeID, MaxVolumesPerNode: 0, }, nil } -func (d *Driver) NodeGetVolumeStats(ctx context.Context, req *csi.NodeGetVolumeStatsRequest) (*csi.NodeGetVolumeStatsResponse, error) { +func (d *Driver) NodeGetVolumeStats(_ context.Context, req *csi.NodeGetVolumeStatsRequest) (*csi.NodeGetVolumeStatsResponse, error) { log := d.log.WithValues( logkeys.VolumeID, req.VolumeId, logkeys.VolumePath, req.VolumePath, diff --git a/pkg/driver/driver_test.go b/pkg/driver/driver_test.go index 5251d31..516a339 100644 --- a/pkg/driver/driver_test.go +++ b/pkg/driver/driver_test.go @@ -40,7 +40,7 @@ func init() { unmount = func(dst string) error { return os.Remove(metaPath(dst)) } - isMountPoint = func(dst string) (bool, error) { + isMountPoint = func(string) (bool, error) { if testDescription == unmountFailureTest { return true, nil } @@ -512,7 +512,7 @@ func metaPath(targetPath string) string { func dumpIt(t *testing.T, when, dir string) { t.Logf(">>>>>>>>>> DUMPING %s %s", when, dir) assert.NoError(t, filepath.Walk(dir, filepath.WalkFunc( - func(path string, info fs.FileInfo, err error) error { + func(path string, info fs.FileInfo, _ error) error { t.Logf("%s: %o", path, info.Mode()) return nil }))) diff --git a/pkg/mount/mount_other.go b/pkg/mount/mount_other.go index 9fc6fe8..8b49def 100644 --- a/pkg/mount/mount_other.go +++ b/pkg/mount/mount_other.go @@ -7,18 +7,14 @@ import ( "errors" ) -func bindMountRO(src, dst string) error { +func bindMountRW(string, string) error { return errors.New("unsupported on this platform") } -func bindMountRW(src, dst string) error { +func unmount(string) error { return errors.New("unsupported on this platform") } -func unmount(path string) error { - return errors.New("unsupported on this platform") -} - -func isMountPoint(mountPoint string) (bool, error) { +func isMountPoint(string) (bool, error) { return false, errors.New("unsupported on this platform") } diff --git a/test/workload/Dockerfile b/test/workload/Dockerfile index d425016..c7c9b7f 100644 --- a/test/workload/Dockerfile +++ b/test/workload/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-alpine +FROM golang:1.22-alpine WORKDIR /app diff --git a/test/workload/go.mod b/test/workload/go.mod index c87b5f6..d475157 100644 --- a/test/workload/go.mod +++ b/test/workload/go.mod @@ -1,6 +1,6 @@ module workload -go 1.21 +go 1.22 require github.com/spiffe/go-spiffe/v2 v2.1.7