Upgrade Golang to 1.19; Upgrade container base images

.github/workflows/ci.yml

@@ -16,6 +16,9 @@ jobs:
       - uses: actions/checkout@v2
         with:
           submodules: recursive
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '~1.19.0'
       - name: Generate Version
         run: grep -m 1 -P "## \[\d+\.\d+\.\d+\] -" CHANGELOG.md | grep -o -P "\d+\.\d+\.\d+" > VERSION
       - name: go mod tidy
@@ -30,6 +33,9 @@ jobs:
       - uses: actions/checkout@v2
         with:
           submodules: recursive
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '~1.19.0'
       - name: Generate Version
         run: grep -m 1 -P "## \[\d+\.\d+\.\d+\] -" CHANGELOG.md | grep -o -P "\d+\.\d+\.\d+" > VERSION
       - name: go mod tidy
@@ -53,10 +59,10 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      # Install go1.17
+      # Install go1.19
       - uses: actions/setup-go@v3
         with:
-          go-version: '~1.17.0'
+          go-version: '~1.19.0'
       # Get go version
       - run: go version
       # Download go modules

CHANGELOG.md

@@ -9,7 +9,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-## [1.7.17] - 2023-02-09
+## [1.7.17] - 2023-03-27
+
+### Changed
+- Updated Go version to 1.19
+  [cyberark/secretless-broker#1491](https://github.com/cyberark/secretless-broker/pull/1491)
 
 ### Security
 - Updated golang.org/x/net to v0.7.0 to remove CVE-2022-41723

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.17-buster as secretless-builder
+FROM golang:1.19-buster as secretless-builder
 MAINTAINER CyberArk Software Ltd.
 LABEL builder="secretless-builder"
 
@@ -42,7 +42,7 @@ RUN go build -ldflags="-X github.com/cyberark/secretless-broker/pkg/secretless.T
 
 
 # =================== MAIN CONTAINER ===================
-FROM alpine:3.15 as secretless-broker
+FROM alpine:3.17 as secretless-broker
 MAINTAINER CyberArk Software Ltd.
 
 RUN apk add -u shadow libc6-compat openssl && \

Dockerfile.coverage

@@ -1,4 +1,4 @@
-FROM golang:1.17-buster as secretless-builder
+FROM golang:1.19-buster as secretless-builder
 MAINTAINER CyberArk Software Ltd.
 LABEL builder="secretless-builder"
 
@@ -40,7 +40,7 @@ RUN go test -c -coverpkg="./..." ./cmd/secretless-broker && \
 
 
 # =================== MAIN CONTAINER ===================
-FROM alpine:3.14 as secretless-broker
+FROM alpine:3.17 as secretless-broker
 MAINTAINER CyberArk Software Ltd.
 
 RUN apk add -u shadow libc6-compat openssl && \

Dockerfile.debug

@@ -1,4 +1,4 @@
-FROM golang:1.17-buster as secretless-builder
+FROM golang:1.19-buster as secretless-builder
 MAINTAINER CyberArk Software Ltd.
 LABEL builder="secretless-builder"
 
@@ -26,7 +26,7 @@ COPY third_party/ /secretless/third_party
 RUN go mod download
 
 # Compile Delve (for debugging)
-RUN go get github.com/go-delve/delve/cmd/dlv
+RUN go install github.com/go-delve/delve/cmd/dlv@latest
 
 # secretless source files
 COPY ./cmd /secretless/cmd
@@ -46,7 +46,7 @@ RUN go build -ldflags="-X github.com/cyberark/secretless-broker/pkg/secretless.T
 
 
 # =================== MAIN CONTAINER ===================
-FROM alpine:3.14 as secretless-broker
+FROM alpine:3.17 as secretless-broker
 MAINTAINER CyberArk Software Ltd.
 
 RUN apk add -u shadow libc6-compat && \

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM golang:1.17-buster
+FROM golang:1.19-buster
 MAINTAINER CyberArk Software Ltd.
 
 # On CyberArk dev laptops, golang module dependencies are downloaded with a
@@ -43,11 +43,11 @@ RUN groupadd -r secretless \
 # gocov => converts native coverage output to gocov's JSON interchange format
 # gocov-xml => converts gocov format to XML for use with Jenkins/Cobertura
 # gocovmerge => Merges multiple 'go test -coverprofile' results into one profile
-RUN go get -u github.com/jstemmer/go-junit-report && \
-    go get github.com/cespare/reflex && \
-    go get github.com/axw/gocov/gocov && \
-    go get github.com/AlekSi/gocov-xml && \
-    go get github.com/wadey/gocovmerge
+RUN go install github.com/jstemmer/go-junit-report@latest && \
+    go install github.com/cespare/reflex@latest && \
+    go install github.com/axw/gocov/gocov@latest && \
+    go install github.com/AlekSi/gocov-xml@latest && \
+    go install github.com/wadey/gocovmerge@latest
 
 # go mod dependency management for the secretless project
 COPY go.mod go.sum /secretless/

Dockerfile.test

@@ -1,4 +1,4 @@
-FROM golang:1.17-alpine
+FROM golang:1.19-alpine
 MAINTAINER CyberArk Software Ltd.
 LABEL id="secretless-test-runner"
 
@@ -29,6 +29,6 @@ RUN go mod download
 # go-junit-report => Convert go test output to junit xml
 # gocov => converts native coverage output to gocov's JSON interchange format
 # gocov-xml => converts gocov format to XML for use with Jenkins/Cobertura
-RUN go get -u github.com/jstemmer/go-junit-report && \
-    go get github.com/axw/gocov/gocov && \
-    go get github.com/AlekSi/gocov-xml
+RUN go install github.com/jstemmer/go-junit-report@latest && \
+    go install github.com/axw/gocov/gocov@latest && \
+    go install github.com/AlekSi/gocov-xml@latest

STYLE.md

@@ -8,7 +8,7 @@ should make.
 
 To use `golint` on any project path, run
 ```
-go get -u golang.org/x/lint/golint
+go install golang.org/x/lint/golint@latest
 golint ./[path]/...
 ```
 

bin/Dockerfile.codegen

@@ -1,4 +1,4 @@
-FROM golang:1.17
+FROM golang:1.19
 
 WORKDIR /
 

bin/Dockerfile.website

@@ -1,4 +1,4 @@
-FROM ruby:3.0-slim-buster
+FROM ruby:3.0.5-slim-bullseye
 
 RUN apt-get -y update && \
     apt-get -y install build-essential && \

bin/check_golang_security

@@ -30,6 +30,7 @@ docker run --rm \
     -v "$toplevel_dir/:/secretless/" \
     secretless-dev \
     bash -exc "
-      go get github.com/securego/gosec/cmd/gosec
+      go install github.com/securego/gosec/cmd/gosec@latest
+      git config --global --add safe.directory /secretless
       ./bin/run_gosec -c ${confidence} -s ${severity} -b ${current_branch} -e ${excluded_directories}
     "

bin/juxtaposer/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.12.5-alpine as perftool-builder
+FROM golang:1.19-alpine as perftool-builder
 
 # On CyberArk dev laptops, golang module dependencies are downloaded with a
 # corporate proxy in the middle. For these connections to succeed we need to
@@ -26,7 +26,7 @@ COPY . /perftool/
 RUN go build -a -ldflags '-extldflags "-static"' -o juxtaposer ./main.go
 
 # =================== MAIN CONTAINER ===================
-FROM alpine:3.9
+FROM alpine:3.17
 
 ENTRYPOINT [ "/bin/juxtaposer" ]
 

bin/juxtaposer/go.mod

@@ -1,6 +1,6 @@
 module github.com/cyberark/secretless-broker/bin/juxtaposer
 
-go 1.17
+go 1.19
 
 require (
 	github.com/denisenkom/go-mssqldb v0.12.3

bin/test_benchmarks

@@ -55,7 +55,7 @@ pushd test
     -v "$project_dir/test/:/secretless/test/output/" \
     secretless-dev \
     bash -exc "
-      go get -u github.com/jstemmer/go-junit-report
+      go install github.com/jstemmer/go-junit-report@latest
       cat ./test/output/bench.output | go-junit-report > ./test/output/bench.xml
     "
 popd || true
@@ -94,7 +94,7 @@ docker run --rm \
   -v "$project_dir/docs/_includes/:/secretless/docs/_includes/" \
   secretless-dev \
   bash -exc "
-    go get -u github.com/hhatto/gocloc/cmd/gocloc
+    go install github.com/hhatto/gocloc/cmd/gocloc@latest
     gocloc . | tee -a ./${auto_bench_file}
   " \
   | tee -a "$project_dir/test/bench.output"

bin/test_integration

@@ -76,7 +76,7 @@ pushd test
     -v "${project_dir}/test/:/secretless/test/output/" \
     secretless-dev \
     bash -exc "
-      go get -u github.com/jstemmer/go-junit-report
+      go install github.com/jstemmer/go-junit-report@latest
       cat ./test/output/junit.output | go-junit-report > ./test/output/junit.xml
     "
 popd || true

docs/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:3.0
+FROM ruby:3.0.5-slim-bullseye
 RUN gem update --system
 RUN gem install bundler jekyll
 RUN mkdir /src

go.mod

@@ -27,15 +27,18 @@ require (
 require (
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/armon/go-metrics v0.3.9 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
+	github.com/danieljoos/wincred v1.1.2 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
 	github.com/fatih/color v1.7.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/uuid v1.2.0 // indirect
 	github.com/hashicorp/go-hclog v0.16.2 // indirect
@@ -59,6 +62,7 @@ require (
 	github.com/oklog/run v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.8.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/zalando/go-keyring v0.2.2 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 )
 
@@ -171,7 +175,7 @@ replace github.com/cyberark/conjur-opentelemetry-tracer => github.com/cyberark/c
 // DO NOT EDIT: CHANGES TO THE BELOW LINE WILL BREAK AUTOMATED RELEASES
 replace github.com/cyberark/summon => github.com/cyberark/summon latest
 
-go 1.17
+go 1.19
 
 // Security fixes to ensure we don't have old vulnerable packages in ou1571 0-36327r
 // dependency tree. We're often not vulnerable, but removing them to ensure