Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed go-mod cve #400

Merged
merged 4 commits into from
Dec 31, 2024
Merged

fixed go-mod cve #400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e6c9bc3
fixed go-mod cve
alexey-gavrilov-flant Dec 28, 2024
dabae46
item 12045
alexey-gavrilov-flant Dec 31, 2024
fc48f24
item 18843
alexey-gavrilov-flant Dec 31, 2024
0282d60
Update Dockerfile
techknowlogick Dec 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,20 @@ jobs:
language: [ 'go' ]
steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v3

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v3
16 changes: 8 additions & 8 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ jobs:

steps:
- name: Install Go
uses: actions/setup-go@v2
uses: actions/setup-go@v5
with:
go-version: "1.19.x"
go-version: "1.23.x"

- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Get Build Data
id: info
Expand All @@ -33,7 +33,7 @@ jobs:

- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
uses: crazy-max/ghaction-docker-meta@v5
with:
images: cesanta/docker_auth
tag-edge: true
Expand All @@ -43,28 +43,28 @@ jobs:
{{major}}.{{minor}}

- name: Set up QEMU
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v3
with:
platforms: all

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v3
with:
install: true
version: latest
# TODO: Remove driver-opts once fix is released docker/buildx#386
driver-opts: image=moby/buildkit:master

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name == 'push'

- name: Build and Push
uses: docker/build-push-action@v2
uses: docker/build-push-action@v6
with:
context: auth_server
file: auth_server/Dockerfile
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/go_test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@ jobs:
test:
strategy:
matrix:
go-version: [1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x]
go-version: [1.23.x]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Install Go
uses: actions/setup-go@v2
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Test
run: |
cd auth_server
Expand Down
8 changes: 4 additions & 4 deletions auth_server/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM golang:1.21-alpine3.19 as build
FROM golang:1.23-alpine3.21 AS build

ARG VERSION
ENV VERSION "${VERSION}"
ENV VERSION="${VERSION}"
ARG BUILD_ID
ENV BUILD_ID "${BUILD_ID}"
ENV BUILD_ID="${BUILD_ID}"
ARG CGO_EXTRA_CFLAGS

RUN apk add -U --no-cache ca-certificates make git gcc musl-dev binutils-gold
Expand All @@ -12,7 +12,7 @@ COPY . /build
WORKDIR /build
RUN make build

FROM alpine:3.19
FROM alpine:3.21
COPY --from=build /build/auth_server /docker_auth/
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
ENTRYPOINT ["/docker_auth/auth_server"]
Expand Down
26 changes: 12 additions & 14 deletions auth_server/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/cesanta/docker_auth/auth_server

go 1.17
go 1.23

require (
cloud.google.com/go/storage v1.29.0
Expand All @@ -9,18 +9,17 @@ require (
github.com/coreos/go-oidc/v3 v3.9.0
github.com/dchest/uniuri v0.0.0-20220929095258-3027df40b6ce
github.com/deckarep/golang-set v1.8.0
github.com/docker/distribution v2.8.1+incompatible
github.com/docker/distribution v2.8.2-beta.1+incompatible
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-redis/redis v6.15.9+incompatible
github.com/go-sql-driver/mysql v1.6.0
github.com/lib/pq v1.10.7
github.com/mattn/go-sqlite3 v2.0.3+incompatible
github.com/schwarmco/go-cartesian-product v0.0.0-20180515110546-d5ee747a6dc9
github.com/syndtr/goleveldb v1.0.0
go.mongodb.org/mongo-driver v1.10.2
golang.org/x/crypto v0.17.0
golang.org/x/net v0.17.0
golang.org/x/crypto v0.31.0
golang.org/x/net v0.33.0
golang.org/x/oauth2 v0.13.0
google.golang.org/api v0.126.0
gopkg.in/fsnotify.v1 v1.4.7
Expand All @@ -35,13 +34,13 @@ require (
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v0.13.0 // indirect
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/goccy/go-json v0.9.11 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
Expand All @@ -61,17 +60,16 @@ require (
github.com/xdg-go/stringprep v1.0.3 // indirect
github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/tools v0.7.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.28.0 // indirect
golang.org/x/text v0.21.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/grpc v1.55.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
google.golang.org/grpc v1.56.3 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
lukechampine.com/uint128 v1.2.0 // indirect
Expand Down
Loading
Loading