chore: upgrade to go 1.17.8 #8866

crenshaw-dev · 2022-03-23T14:37:08Z

Signed-off-by: Michael Crenshaw <[email protected]>

terrytangyuan

Good to know. Let me know when you find out about why these CVEs aren't showing up. I am also upgrading this in Workflows.

crenshaw-dev · 2022-03-23T15:19:06Z

Thinking we should cherry-pick this onto any 2.3 patch releases, maybe 2.2 and 2.1 as well. I'd consider this a relatively low-risk, high-reward change.

crenshaw-dev · 2022-03-23T15:49:56Z

Weird, it's still showing merging blocked even though you're a reviewer now. @alexmt is that expected?

terrytangyuan · 2022-03-23T15:58:18Z

I think reviewer is only able to review and the actual "approve" still needs to be done by an approver.

terrytangyuan · 2022-03-23T17:20:07Z

@crenshaw-dev Discussing this upgrade for Workflows in argoproj/argo-workflows#8222 (comment) too. Perhaps we should just use 1.17 if we want the latest version.

Signed-off-by: Michael Crenshaw <[email protected]>

codecov · 2022-03-23T17:27:55Z

Codecov Report

Merging #8866 (94eedf0) into master (a6c664b) will decrease coverage by 0.02%.
The diff coverage is 18.75%.

@@            Coverage Diff             @@
##           master    #8866      +/-   ##
==========================================
- Coverage   42.87%   42.85%   -0.03%     
==========================================
  Files         186      186              
  Lines       23335    23359      +24     
==========================================
+ Hits        10006    10011       +5     
- Misses      11898    11914      +16     
- Partials     1431     1434       +3

Impacted Files	Coverage Δ
controller/cache/cache.go	`20.76% <0.00%> (ø)`
pkg/apis/application/v1alpha1/app_project_types.go	`51.83% <0.00%> (-0.28%)`	⬇️
server/application/application.go	`31.37% <7.14%> (-0.19%)`	⬇️
controller/appcontroller.go	`51.61% <38.46%> (-0.21%)`	⬇️
util/settings/settings.go	`48.10% <0.00%> (ø)`

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af03b29...94eedf0. Read the comment docs.

crenshaw-dev · 2022-03-23T17:29:11Z

I'm split between wanting a deterministic build and wanting to avoid maintenance overhead of bumping the golang version. Open to ideas either way.

Looks like differences between golang patches are very minimal, so I'm leaning towards preferring just 1.17.

alexmt

I think 1.17 is a good compromise. Goland version is available via argocd version so we can always find the exact go version used for release

rimasgo · 2022-04-04T12:13:06Z

Hello, thanks for doing the changes!

Just a quick question. On which version argocd release this will be adopted? I just check the source code for 2.3.3 which was released 5 days ago and it's still pointing to hardcoded 1.17.6 value for builder image.

crenshaw-dev · 2022-04-04T14:35:45Z

@rimasgo good question. I think I'll be doing the next 2.3 release, so I'll plan to cherry pick it then.

* chore: upgrade to go 1.17.8 Signed-off-by: Michael Crenshaw <[email protected]> * chore: use 1.17 so it's always latest in the series Signed-off-by: Michael Crenshaw <[email protected]>

* chore: upgrade to go 1.17.8 Signed-off-by: Michael Crenshaw <[email protected]> * chore: use 1.17 so it's always latest in the series Signed-off-by: Michael Crenshaw <[email protected]> Signed-off-by: wojtekidd <[email protected]>

* fix(ui): Applications page incorrectly resets to tiles view. Fixes argoproj#8702 (argoproj#8718) Signed-off-by: Yuan Tang <[email protected]> * fix: correct jsonnet paths resolution (argoproj#8721) Signed-off-by: Alexander Matyushentsev <[email protected]> * chore: Bump stable version of application set addon (argoproj#8744) Signed-off-by: Alexander Matyushentsev <[email protected]> * fix: Retry checkbox unchecked unexpectedly; Sync up with YAML (argoproj#8682) (argoproj#8720) Signed-off-by: Keith Chong <[email protected]> * Bump version to 2.3.1 * Bump version to 2.3.1 * Merge pull request from GHSA-2f5v-8r3f-8pww * fix: application resource APIs must enforce project restrictions Signed-off-by: Alexander Matyushentsev <[email protected]> * Fix unit tests Signed-off-by: jannfis <[email protected]> Co-authored-by: jannfis <[email protected]> * chore: remove lint-docs CI task (argoproj#8722) (argoproj#8858) * chore: remove lint-docs CI task Signed-off-by: Alexander Matyushentsev <[email protected]> * chore: remove not longer necessary url-allow-list Signed-off-by: Alexander Matyushentsev <[email protected]> Co-authored-by: Alexander Matyushentsev <[email protected]> * chore: fix imports (argoproj#8859) Signed-off-by: Michael Crenshaw <[email protected]> * Bump version to 2.3.2 * Bump version to 2.3.2 * fix: Set QPS and burst rate for resource ops client (argoproj#8915) * fix: Set QPS and burst rate for resource ops client Signed-off-by: jannfis <[email protected]> * fix: prevent excessive repo-server disk usage for large repos (argoproj#8845) (argoproj#8897) fix: prevent excessive repo-server disk usage for large repos (argoproj#8845) (argoproj#8897) Signed-off-by: Michael Crenshaw <[email protected]> * fix: bump gitops engine version to v0.6.2 Signed-off-by: Alexander Matyushentsev <[email protected]> * docs: update v2.4+ roadmap items (argoproj#8593) Signed-off-by: ishitasequeira <[email protected]> * docs: reflect v2.3 release changes in roadmap.md (argoproj#8747) docs: reflect v2.3 release changes in roadmap.md (argoproj#8747) Signed-off-by: Alexander Matyushentsev <[email protected]> * Bump version to 2.3.3 * Bump version to 2.3.3 * fix: Fix docs build error (argoproj#8895) * work with specific jinja version Signed-off-by: pashavictorovich <[email protected]> * fix: fix broken monaco editor collapse icons (argoproj#8709) Signed-off-by: Alexander Matyushentsev <[email protected]> * chore: upgrade to go 1.17.8 (argoproj#8866) (argoproj#9004) * chore: upgrade to go 1.17.8 Signed-off-by: Michael Crenshaw <[email protected]> * chore: use 1.17 so it's always latest in the series Signed-off-by: Michael Crenshaw <[email protected]> * fix: allow cli/ui to follow logs (argoproj#8987) (argoproj#9065) Signed-off-by: Daniel Helfand <[email protected]> * Merge pull request from GHSA-xmg8-99r8-jc2j Signed-off-by: Michael Crenshaw <[email protected]> Co-authored-by: Michael Crenshaw <[email protected]> * Merge pull request from GHSA-6gcg-hp2x-q54h * fix: do not allow symlinks from directory-type applications Signed-off-by: Michael Crenshaw <[email protected]> * chore: add new util file Signed-off-by: Michael Crenshaw <[email protected]> * chore: lint Signed-off-by: Michael Crenshaw <[email protected]> * chore: use t.TempDir for simpler tests Signed-off-by: Michael Crenshaw <[email protected]> * address comments Signed-off-by: Michael Crenshaw <[email protected]> * Merge pull request from GHSA-r642-gv9p-2wjj Signed-off-by: jannfis <[email protected]> Co-authored-by: Michael Crenshaw <[email protected]> Co-authored-by: Michael Crenshaw <[email protected]> * Bump version to 2.3.4 * Bump version to 2.3.4 * test: fix ErrorContains (argoproj#9445) Signed-off-by: Michael Crenshaw <[email protected]> * fix: missing Helm params (argoproj#9565) (argoproj#9566) * fix: missing Helm params Signed-off-by: Michael Crenshaw <[email protected]> * use absolute paths, fix tests Signed-off-by: Michael Crenshaw <[email protected]> * fix race in test Signed-off-by: Michael Crenshaw <[email protected]> * chore: upgrade golangci-lint to v1.46.2 (argoproj#9448) * chore: upgrade golangci-lint to v1.46.2 Because: * Installation of golangci-lint v1.45.2 is currently broken and fails silently due to a redacted dependency (blizzy78/varnamelen#13) This commit: * Upgrades golangci-lint to v1.46.2 Signed-off-by: Tommaso Sardelli <[email protected]> * fix: lint Signed-off-by: Michael Crenshaw <[email protected]> * fix: lint Signed-off-by: Tommaso Sardelli <[email protected]> Co-authored-by: Michael Crenshaw <[email protected]> Signed-off-by: Michael Crenshaw <[email protected]> * fix: test race (argoproj#9469) Signed-off-by: Michael Crenshaw <[email protected]> * chore: lint issues Signed-off-by: Michael Crenshaw <[email protected]> * chore: update golangci-lint (argoproj#8988) * chore: update golangci-lint Signed-off-by: Michael Crenshaw <[email protected]> * chore: remove obsolete repo-server unit test (argoproj#9559) Signed-off-by: Alexander Matyushentsev <[email protected]> * chore: Make unit tests run on platforms other than amd64 (argoproj#8995) Signed-off-by: jannfis <[email protected]> Co-authored-by: Michael Crenshaw <[email protected]> Signed-off-by: Michael Crenshaw <[email protected]> * chore: eliminate go-mpatch dependency (argoproj#9045) * chore: eliminate go-mpatch dependency Signed-off-by: Michael Crenshaw <[email protected]> * chore: abstract out resource list function Signed-off-by: Michael Crenshaw <[email protected]> * chore: don't exit the program in anything but the main function Signed-off-by: Michael Crenshaw <[email protected]> * chore: better error messages Signed-off-by: Michael Crenshaw <[email protected]> * chore: better error messages Signed-off-by: Michael Crenshaw <[email protected]> * test: directory app manifest generation (argoproj#9503) * test: directory app manifest generation Signed-off-by: Michael Crenshaw <[email protected]> * git doesn't support empty dirs Signed-off-by: Michael Crenshaw <[email protected]> * Merge pull request from GHSA-h4w9-6x78-8vrj Signed-off-by: Michael Crenshaw <[email protected]> * Merge pull request from GHSA-2m7h-86qq-fp4v Signed-off-by: Michael Crenshaw <[email protected]> fix references Signed-off-by: Michael Crenshaw <[email protected]> use long enough state param for oauth2 Signed-off-by: Michael Crenshaw <[email protected]> typo Signed-off-by: Michael Crenshaw <[email protected]> more entropy Signed-off-by: Michael Crenshaw <[email protected]> fix test Signed-off-by: Michael Crenshaw <[email protected]> * Merge pull request from GHSA-q4w5-4gq2-98vm Signed-off-by: Michael Crenshaw <[email protected]> * Merge pull request from GHSA-jhqp-vf4w-rpwq Signed-off-by: Michael Crenshaw <[email protected]> defer instead of multiple close calls Signed-off-by: Michael Crenshaw <[email protected]> oops Signed-off-by: Michael Crenshaw <[email protected]> don't count jsonnet against max Signed-off-by: Michael Crenshaw <[email protected]> fix codegen Signed-off-by: Michael Crenshaw <[email protected]> add caveat about 300x ratio Signed-off-by: Michael Crenshaw <[email protected]> fix versions Signed-off-by: Michael Crenshaw <[email protected]> fix tests/lint Signed-off-by: Michael Crenshaw <[email protected]> * chore: fix docs gen Signed-off-by: Michael Crenshaw <[email protected]> * Bump version to 2.3.5 * Bump version to 2.3.5 * docs: Changes for v2.3.5 Documented key decision factors to use Argo CD v2.3.5. Contributes to: automation-saas/automation-saas/native-AWS#1972 Signed-off-by: Sujeily Fonseca <[email protected]> Co-authored-by: Yuan Tang <[email protected]> Co-authored-by: Alexander Matyushentsev <[email protected]> Co-authored-by: Keith Chong <[email protected]> Co-authored-by: argo-bot <[email protected]> Co-authored-by: jannfis <[email protected]> Co-authored-by: Michael Crenshaw <[email protected]> Co-authored-by: Ishita Sequeira <[email protected]> Co-authored-by: pasha-codefresh <[email protected]> Co-authored-by: Daniel Helfand <[email protected]> Co-authored-by: Tommaso Sardelli <[email protected]>

chore: upgrade to go 1.17.8

1db4bd0

Signed-off-by: Michael Crenshaw <[email protected]>

terrytangyuan reviewed Mar 23, 2022

View reviewed changes

crenshaw-dev added the cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch label Mar 23, 2022

crenshaw-dev marked this pull request as ready for review March 23, 2022 15:40

crenshaw-dev requested a review from terrytangyuan March 23, 2022 15:40

terrytangyuan approved these changes Mar 23, 2022

View reviewed changes

chore: use 1.17 so it's always latest in the series

94eedf0

Signed-off-by: Michael Crenshaw <[email protected]>

alexmt approved these changes Mar 23, 2022

View reviewed changes

alexmt merged commit f313db9 into argoproj:master Mar 23, 2022

rimasgo mentioned this pull request Apr 4, 2022

Vulnerable golang version used to package applicationset-controller argoproj/applicationset#571

Open

crenshaw-dev deleted the go-1.17.8 branch April 4, 2022 14:35

github-actions bot mentioned this pull request May 18, 2022

Updating argoproj/argo-cd kryptn/infra#24

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: upgrade to go 1.17.8 #8866

chore: upgrade to go 1.17.8 #8866

crenshaw-dev commented Mar 23, 2022

terrytangyuan left a comment

crenshaw-dev commented Mar 23, 2022

crenshaw-dev commented Mar 23, 2022

terrytangyuan commented Mar 23, 2022

terrytangyuan commented Mar 23, 2022 •

edited

Loading

codecov bot commented Mar 23, 2022 •

edited

Loading

crenshaw-dev commented Mar 23, 2022 •

edited

Loading

alexmt left a comment

rimasgo commented Apr 4, 2022

crenshaw-dev commented Apr 4, 2022

chore: upgrade to go 1.17.8 #8866

chore: upgrade to go 1.17.8 #8866

Conversation

crenshaw-dev commented Mar 23, 2022

terrytangyuan left a comment

Choose a reason for hiding this comment

crenshaw-dev commented Mar 23, 2022

crenshaw-dev commented Mar 23, 2022

terrytangyuan commented Mar 23, 2022

terrytangyuan commented Mar 23, 2022 • edited Loading

codecov bot commented Mar 23, 2022 • edited Loading

Codecov Report

crenshaw-dev commented Mar 23, 2022 • edited Loading

alexmt left a comment

Choose a reason for hiding this comment

rimasgo commented Apr 4, 2022

crenshaw-dev commented Apr 4, 2022

terrytangyuan commented Mar 23, 2022 •

edited

Loading

codecov bot commented Mar 23, 2022 •

edited

Loading

crenshaw-dev commented Mar 23, 2022 •

edited

Loading