Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update vendor #1278

Merged
merged 6 commits into from
Sep 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/add-remove-new-fulcio.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
- fulcio-key-rotation

go-version:
- 1.22.x
- 1.23.x

env:
GOPATH: ${{ github.workspace }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/fulcio-rekor-kind.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
- fulcio rekor ctlog e2e

go-version:
- 1.22.x
- 1.23.x

env:
GOPATH: ${{ github.workspace }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/prober-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22'
go-version-file: 'go.mod'
check-latest: true

- name: Prober test
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
steps:
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22'
go-version-file: 'go.mod'
check-latest: true

- name: Install ko
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test-action-tuf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
release-version:
- "main" # Test explicitly with latest
go-version:
- 1.22.x
- 1.23.x
leg:
- test github action with TUF
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
leg:
- fulcio rekor ctlog e2e
go-version:
- 1.22.x
- 1.23.x

env:
RELEASE_VERSION: "v0.7.1"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/verify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:

- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22'
go-version-file: 'go.mod'
check-latest: true
cache: true

Expand Down Expand Up @@ -46,11 +46,11 @@ jobs:

- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22'
go-version-file: 'go.mod'
check-latest: true

- name: golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
# Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
version: v1.58
version: v1.61
4 changes: 4 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ issues:
text: SA1019
max-issues-per-linter: 0
max-same-issues: 0
linters-settings:
gosec:
excludes:
- G115 # integer overflow conversion uint64 -> int64
run:
issues-exit-code: 1
timeout: 15m
33 changes: 16 additions & 17 deletions cmd/tuf/server/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,11 +68,11 @@ func getNamespaceAndClientset(noK8s bool) (string, *kubernetes.Clientset, error)

config, err := rest.InClusterConfig()
if err != nil {
return "", nil, fmt.Errorf("Failed to get InClusterConfig: %v", err)
return "", nil, fmt.Errorf("failed to get InClusterConfig: %w", err)
}
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return "", nil, fmt.Errorf("Failed to get clientset: %v", err)
return "", nil, fmt.Errorf("failed to get clientset: %w", err)
}

return ns, clientset, nil
Expand All @@ -84,13 +84,13 @@ func initTUFRepo(ctx context.Context, certsDir, targetDir, repoSecretName, keysS

ns, clientset, err := getNamespaceAndClientset(*noK8s)
if err != nil {
return fmt.Errorf("failed to get namespace and clientset: %v", err)
return fmt.Errorf("failed to get namespace and clientset: %w", err)
}

trimDir := strings.TrimSuffix(certsDir, "/")
tufFiles, err := os.ReadDir(trimDir)
if err != nil {
return fmt.Errorf("failed to read dir %s: %v", trimDir, err)
return fmt.Errorf("failed to read dir %s: %w", trimDir, err)
}
files := map[string][]byte{}
for _, file := range tufFiles {
Expand All @@ -105,7 +105,7 @@ func initTUFRepo(ctx context.Context, certsDir, targetDir, repoSecretName, keysS
fileName := fmt.Sprintf("%s/%s", trimDir, file.Name())
fileBytes, err := os.ReadFile(fileName)
if err != nil {
return fmt.Errorf("failed to read file %s: %v", fileName, err)
return fmt.Errorf("failed to read file %s: %w", fileName, err)
}
// If it's a TSA file, we need to split it into multiple TUF
// targets.
Expand All @@ -114,7 +114,7 @@ func initTUFRepo(ctx context.Context, certsDir, targetDir, repoSecretName, keysS

certFiles, err := certs.SplitCertChain(fileBytes, "tsa")
if err != nil {
return fmt.Errorf("failed to parse %s: %v", fileName, err)
return fmt.Errorf("failed to parse %s: %w", fileName, err)
}
for k, v := range certFiles {
logging.FromContext(ctx).Infof("Got tsa cert file %s", k)
Expand All @@ -130,16 +130,16 @@ func initTUFRepo(ctx context.Context, certsDir, targetDir, repoSecretName, keysS
// Create a new TUF root with the listed artifacts.
local, dir, err := repo.CreateRepoWithOptions(ctx, files, repo.CreateRepoOptions{AddMetadataTargets: *metadataTargets, AddTrustedRoot: *trustedRoot})
if err != nil {
return fmt.Errorf("failed to create repo: %v", err)
return fmt.Errorf("failed to create repo: %w", err)
}

meta, err := local.GetMeta()
if err != nil {
return fmt.Errorf("getting meta: %v", err)
return fmt.Errorf("getting meta: %w", err)
}
rootJSON, ok := meta["root.json"]
if !ok {
return fmt.Errorf("getting root: %v", err)
return fmt.Errorf("getting root: %w", err)
}

// Add the initial 1.root.json to secrets.
Expand All @@ -151,36 +151,36 @@ func initTUFRepo(ctx context.Context, certsDir, targetDir, repoSecretName, keysS
// worries here.
var compressed bytes.Buffer
if err := repo.CompressFS(os.DirFS(dir), &compressed, map[string]bool{"keys": true, "staged": true}); err != nil {
return fmt.Errorf("failed to compress the repo: %v", err)
return fmt.Errorf("failed to compress the repo: %w", err)
}
data["repository"] = compressed.Bytes()

if !*noK8s {
nsSecret := clientset.CoreV1().Secrets(ns)
if err := secret.ReconcileSecret(ctx, repoSecretName, ns, data, nsSecret); err != nil {
return fmt.Errorf("failed to reconcile secret %s/%s: %v", ns, repoSecretName, err)
return fmt.Errorf("failed to reconcile secret %s/%s: %w", ns, repoSecretName, err)
}

// If we should also store created keys in a secret, read all their files and save them in the secret
if keysSecretName != "" {
keyFiles, err := os.ReadDir(filepath.Join(dir, "keys"))
if err != nil {
return fmt.Errorf("failed to list keys directory %v", err)
return fmt.Errorf("failed to list keys directory %w", err)
}
dataKeys := map[string][]byte{}
for _, keyFile := range keyFiles {
if !strings.HasSuffix(keyFile.Name(), ".json") {
continue
}
keyFilePath := filepath.Join(filepath.Join(dir, "keys", keyFile.Name()))
keyFilePath := filepath.Join(dir, "keys", keyFile.Name())
content, err := os.ReadFile(keyFilePath)
if err != nil {
return fmt.Errorf("failed reading file %s: %v", keyFilePath, err)
return fmt.Errorf("failed reading file %s: %w", keyFilePath, err)
}
dataKeys[keyFile.Name()] = content
}
if err := secret.ReconcileSecret(ctx, keysSecretName, ns, dataKeys, nsSecret); err != nil {
return fmt.Errorf("failed to reconcile keys secret %s/%s: %v", ns, keysSecretName, err)
return fmt.Errorf("failed to reconcile keys secret %s/%s: %w", ns, keysSecretName, err)
}
}
}
Expand All @@ -189,8 +189,7 @@ func initTUFRepo(ctx context.Context, certsDir, targetDir, repoSecretName, keysS

// Copy repository to the targetDir - until Go 1.23 which has os.CopyFS, we use
// a quick hack where we uncompress the compressed repository to the targetDir
repo.Uncompress(bytes.NewReader(data["repository"]), targetDir)
return nil
return repo.Uncompress(bytes.NewReader(data["repository"]), targetDir)
}

func main() {
Expand Down
9 changes: 4 additions & 5 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
module github.com/sigstore/scaffolding

go 1.22.6
go 1.23.1

require (
chainguard.dev/exitdir v0.0.1
filippo.io/edwards25519 v1.1.0
github.com/cenkalti/backoff/v3 v3.2.2
github.com/go-jose/go-jose/v3 v3.0.3
github.com/go-jose/go-jose/v4 v4.0.4
github.com/go-openapi/strfmt v0.23.0
github.com/go-openapi/swag v0.23.0
github.com/go-sql-driver/mysql v1.8.1
Expand Down Expand Up @@ -45,7 +46,6 @@ require (
google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c
google.golang.org/grpc v1.66.2
google.golang.org/protobuf v1.34.2
gopkg.in/square/go-jose.v2 v2.6.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.31.1
k8s.io/apimachinery v0.31.1
Expand All @@ -70,7 +70,6 @@ require (
cloud.google.com/go/spanner v1.67.0 // indirect
cloud.google.com/go/trace v1.10.12 // indirect
contrib.go.opencensus.io/exporter/stackdriver v0.13.14 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect
Expand Down Expand Up @@ -156,7 +155,7 @@ require (
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
Expand Down
2 changes: 0 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2392,8 +2392,6 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
Expand Down
2 changes: 1 addition & 1 deletion pkg/repo/repo.go
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,7 @@ func certChainToCertificateAuthority(certChainPem []byte) (*root.CertificateAuth
}

func concatCertChain(leaf []byte, intermediate [][]byte, root []byte) []byte {
var result []byte
result := []byte{}
if len(leaf) > 0 {
// for Fulcio, the leaf will always be empty, don't necessarily append an empty newline
result = append(result, leaf...)
Expand Down
1 change: 1 addition & 0 deletions pkg/repo/repo_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,7 @@ func TestCompressUncompressFS(t *testing.T) {
if err = CompressFS(fsys, &buf, map[string]bool{"keys": true, "staged": true}); err != nil {
t.Fatalf("Failed to compress: %v", err)
}
// #nosec G306 -- test
if err := os.WriteFile(filepath.Join(t.TempDir(), "newcompressed"), buf.Bytes(), os.ModePerm); err != nil {
t.Fatalf("Failed to write compressed output")
}
Expand Down
Loading
Loading