chore: Update goreleaser and address vulnerabilities in the build cha…

…in through hms-hmsetcd
OpenCHAMI · Nov 8, 2024 · 52bed97 · 52bed97
1 parent 34233a3
commit 52bed97
Show file tree

Hide file tree

Showing 6 changed files with 127 additions and 147 deletions.
diff --git a/.github/workflows/PRBuild.yml b/.github/workflows/PRBuild.yml
@@ -0,0 +1,49 @@
+name: Build PR with goreleaser
+
+on:
+    pull_request:
+        branches:
+            - main
+        types: [opened, synchronize, reopened, edited]
+    workflow_dispatch:
+
+
+jobs:
+  prbuild:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install cross-compilation tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
+
+      - name: Set up latest stable Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-tags: 1
+          fetch-depth: 1
+
+      # Set environment variables required by GoReleaser
+      - name: Set build environment variables
+        run: |
+          echo "GIT_STATE=$(if git diff-index --quiet HEAD --; then echo 'clean'; else echo 'dirty'; fi)" >> $GITHUB_ENV
+          echo "BUILD_HOST=$(hostname)" >> $GITHUB_ENV
+          echo "GO_VERSION=$(go version | awk '{print $3}')" >> $GITHUB_ENV
+          echo "BUILD_USER=$(whoami)" >> $GITHUB_ENV
+          
+
+      - name: Build with goreleaser
+        uses: goreleaser/goreleaser-action@v6
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          version: '~> v2'
+          args: build --clean --snapshot
+        id: goreleaser
diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml
@@ -36,7 +36,7 @@ jobs:
           echo "BUILD_HOST=$(hostname)" >> $GITHUB_ENV
           echo "GO_VERSION=$(go version | awk '{print $3}')" >> $GITHUB_ENV
           echo "BUILD_USER=$(whoami)" >> $GITHUB_ENV
-          echo "CGO_ENABLED=1" >> $GITHUB_ENV
+
       - name: Docker Login
         uses: docker/login-action@v3
         with:
@@ -66,19 +66,19 @@ jobs:
       - name: Attest boot-script-service binary amd64
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: dist/bss_linux_amd64_v3/boot-script-service
+          subject-path: dist/bss_linux_amd64_v4/boot-script-service
       - name: Attest boot-script-service binary arm64
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: dist/bss_linux_arm64/boot-script-service
+          subject-path: dist/bss_linux_arm64_v8.0/boot-script-service
       - name: Attest bss-init binary amd64
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: dist/bss-init_linux_amd64_v3/bss-init
+          subject-path: dist/bss-init_linux_amd64_v4/bss-init
       - name: Attest bss-init binary arm64
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: dist/bss-init_linux_arm64/bss-init
+          subject-path: dist/bss-init_linux_arm64_v8.0/bss-init
 
 
       - name: generate build provenance

diff --git a/.github/workflows/unit_test.yaml b/.github/workflows/unit_test.yaml
@@ -36,7 +36,7 @@
               echo "BUILD_HOST=$(hostname)" >> $GITHUB_ENV
               echo "GO_VERSION=$(go version | awk '{print $3}')" >> $GITHUB_ENV
               echo "BUILD_USER=$(whoami)" >> $GITHUB_ENV
-              echo "CGO_ENABLED=1" >> $GITHUB_ENV
+
 
           - name: Build with goreleaser
             uses: goreleaser/goreleaser-action@v6

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -1,4 +1,4 @@
-version: 2
+version: 2.4
 
 project_name: bss
 before:
@@ -17,7 +17,7 @@ builds:
       - amd64
       - arm64
     goamd64:
-      - v3
+      - v4
     env:
       - CGO_ENABLED=0
     ldflags:
@@ -41,7 +41,7 @@ builds:
       - amd64
       - arm64
     goamd64:
-      - v3
+      - v4
     env:
       - CGO_ENABLED=0
     ldflags:
@@ -69,7 +69,7 @@ dockers:
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
     goarch: amd64
-    goamd64: v3
+    goamd64: v4
     extra_files:
       - LICENSE
       - CHANGELOG.md
@@ -146,9 +146,9 @@ nfpms:
           section: utils
           priority: optional
           contents:
-            - src: dist/bss_{{ .Os }}_{{ if eq .Arch "amd64" }}{{ .Arch }}_{{ .Amd64 }}{{ else }}{{ .Arch }}{{ end }}/boot-script-service
+            - src: dist/bss_{{ .Os }}_{{ if eq .Arch "amd64" }}{{ .Arch }}_{{ .Amd64 }}{{ else if eq .Arch "arm64" }}{{ .Arch }}_{{ .Arm64 }}{{ else }}{{ .Arch }}{{ end }}/boot-script-service
               dst: /usr/local/bin/bss
-            - src: dist/bss-init_{{ .Os }}_{{ if eq .Arch "amd64" }}{{ .Arch }}_{{ .Amd64 }}{{ else }}{{ .Arch }}{{ end }}/bss-init
+            - src: dist/bss-init_{{ .Os }}_{{ if eq .Arch "amd64" }}{{ .Arch }}_{{ .Amd64 }}{{ else if eq .Arch "arm64" }}{{ .Arch }}_{{ .Arm64 }}{{ else }}{{ .Arch }}{{ end }}/bss-init
               dst: /usr/local/bin/bss-init
 
 

diff --git a/go.mod b/go.mod
@@ -1,14 +1,12 @@
 module github.com/OpenCHAMI/bss
 
-go 1.21
+go 1.23
 
-toolchain go1.21.5
-
-replace google.golang.org/grpc => google.golang.org/grpc v1.29.1
+replace github.com/Cray-HPE/hms-hmetcd => github.com/OpenCHAMI/hms-hmetcd v1.10.4
 
 require (
 	github.com/Cray-HPE/hms-base v1.15.1
-	github.com/Cray-HPE/hms-hmetcd v1.10.3
+	github.com/Cray-HPE/hms-hmetcd v1.10.4
 	github.com/Cray-HPE/hms-s3 v1.10.1
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch v5.9.0+incompatible
@@ -21,10 +19,10 @@ require (
 require (
 	github.com/Cray-HPE/hms-xname v1.3.0
 	github.com/OpenCHAMI/jwtauth/v5 v5.0.0-20240321222802-e6cb468a2a18
-	github.com/OpenCHAMI/smd/v2 v2.15.2
+	github.com/OpenCHAMI/smd/v2 v2.17.7
 	github.com/go-chi/chi v1.5.5
 	github.com/go-chi/chi/v5 v5.1.0
-	github.com/golang-migrate/migrate/v4 v4.17.1
+	github.com/golang-migrate/migrate/v4 v4.18.1
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/lestrrat-go/jwx v1.2.30
 	github.com/openchami/chi-middleware/auth v0.0.0-20240812224658-b16b83c70700
@@ -37,10 +35,8 @@ require (
 	github.com/Cray-HPE/hms-securestorage v1.13.0 // indirect
 	github.com/aws/aws-sdk-go v1.55.5 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
-	github.com/coreos/etcd v3.3.13+incompatible // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
-	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
-	github.com/coreos/pkg v0.0.0-20240122114842-bbd7aa9bf6fb // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
@@ -58,7 +54,6 @@ require (
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/hashicorp/vault/api v1.14.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
@@ -74,18 +69,19 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	go.etcd.io/etcd v3.3.27+incompatible // indirect
+	go.etcd.io/etcd/api/v3 v3.5.16 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.16 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/net v0.28.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
-	google.golang.org/genproto v0.0.0-20240812133136-8ffd90a71988 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240812133136-8ffd90a71988 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240812133136-8ffd90a71988 // indirect
-	google.golang.org/grpc v1.65.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/grpc v1.68.0 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 )