From 0346ed99f2dc4ef5c6d68bcd7522044eefe0c9f1 Mon Sep 17 00:00:00 2001 From: Ryan Parman Date: Fri, 23 Feb 2024 16:10:03 -0700 Subject: [PATCH] build(deps): Bump Go to 1.22. --- .github/workflows/go-dep-submission.yml | 8 +++++-- .github/workflows/golangci-lint.yml | 8 +++++-- .github/workflows/govulncheck.yml | 10 ++++++--- .github/workflows/osv-scanner.yml | 6 +++++- .github/workflows/pr-dep-review.yml | 6 +++++- .github/workflows/release.yml | 10 ++++++--- .github/workflows/scorecard.yml | 6 +++++- .github/workflows/terratest.yml | 4 ++-- .github/workflows/test.yml | 28 ++++++++++++------------- .github/workflows/trufflehog.yml | 8 ++++++- .github/workflows/update-on-push.yml | 9 ++++++-- Makefile | 2 +- 12 files changed, 72 insertions(+), 33 deletions(-) diff --git a/.github/workflows/go-dep-submission.yml b/.github/workflows/go-dep-submission.yml index c03d8c97..1cdd33a3 100644 --- a/.github/workflows/go-dep-submission.yml +++ b/.github/workflows/go-dep-submission.yml @@ -22,7 +22,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Checkout Source uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -32,7 +36,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: Run snapshot action diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 42be0ba0..8b8e72f6 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -28,7 +28,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Checkout Source uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -38,7 +42,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: golangci-lint diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index f9e3f03b..ecc4e5d3 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -27,16 +27,20 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - id: govulncheck uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2 with: - go-version-input: '>= 1.21' + go-version-input: ">= 1.21" check-latest: true diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index 924a07d5..01af4a81 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -27,7 +27,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Checkout Source uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/pr-dep-review.yml b/.github/workflows/pr-dep-review.yml index 753c626e..9cf5e482 100644 --- a/.github/workflows/pr-dep-review.yml +++ b/.github/workflows/pr-dep-review.yml @@ -19,7 +19,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 517b9ab6..964d04d3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ name: Release on: push: tags: - - '*' + - "*" permissions: read-all @@ -21,7 +21,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Checkout Source uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -31,7 +35,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.22' + go-version: ">= 1.22" cache: true - name: Import GPG Signing Key diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e96383a2..7f068732 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -39,7 +39,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 - name: Checkout code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml index e5f290fd..cf26f057 100644 --- a/.github/workflows/terratest.yml +++ b/.github/workflows/terratest.yml @@ -22,7 +22,7 @@ jobs: uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: disable-sudo: true - egress-policy: block #audit + egress-policy: block allowed-endpoints: > api.github.com:443 checkpoint-api.hashicorp.com:443 @@ -38,7 +38,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: Install Terraform diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ea628530..ce099f7b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -29,7 +29,7 @@ jobs: uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: disable-sudo: true - egress-policy: block #audit + egress-policy: block allowed-endpoints: > github.com:443 proxy.golang.org:443 @@ -42,7 +42,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: Run mutation tests @@ -71,7 +71,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: Run unit tests @@ -86,14 +86,14 @@ jobs: fail-fast: false matrix: terraform_version: - - '1.0' - - '1.1' - - '1.2' - - '1.3' - - '1.4' - - '1.5' - - '1.6' - - '1.7' + - "1.0" + - "1.1" + - "1.2" + - "1.3" + - "1.4" + - "1.5" + - "1.6" + - "1.7" steps: - name: Harden Runner @@ -117,7 +117,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: Install Terraform ${{ matrix.terraform_version }} @@ -140,7 +140,7 @@ jobs: fail-fast: false matrix: opentofu_version: - - '1.6' + - "1.6" steps: - name: Harden Runner @@ -166,7 +166,7 @@ jobs: - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '>= 1.21' + go-version: ">= 1.22" cache: true - name: Install OpenTofu ${{ matrix.opentofu_version }} diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 2473af58..72ed9ca5 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -28,7 +28,13 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.cloudflare.com:443 + ghcr.io:443 + github.com:443 + pkg-containers.githubusercontent.com:443 - name: Checkout Source uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/update-on-push.yml b/.github/workflows/update-on-push.yml index 8ccd3738..10475908 100644 --- a/.github/workflows/update-on-push.yml +++ b/.github/workflows/update-on-push.yml @@ -27,12 +27,17 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + objects.githubusercontent.com:443 + registry.npmjs.org:443 - name: Install Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: '20' + node-version: "20" token: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Source diff --git a/Makefile b/Makefile index 1b2a7c86..b78dde1e 100644 --- a/Makefile +++ b/Makefile @@ -114,7 +114,7 @@ install-hooks: tidy: @ $(ECHO) " " @ $(ECHO) "\033[1;33m=====> Tidy and download the Go dependencies...\033[0m" - $(GO) mod tidy -go=1.21 -v + $(GO) mod tidy -go=1.22 -v .PHONY: godeps ## godeps: [build] Updates go.mod and downloads dependencies.