From fbbc3be803d5e99f39780a8983311d1aa34328cc Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Wed, 23 Nov 2022 07:55:26 -0800 Subject: [PATCH] Reduce number of places where go version is set (#17762) (#18099) Reduce go version references to two: .go_version and @executors.yml. --- .circleci/config.yml | 41 ++++++++++++++------- .circleci/config/commands/go_test.yml | 5 +-- .circleci/config/commands/setup-go.yml | 3 +- .circleci/config/executors/@executors.yml | 33 ++++++++--------- .circleci/config/jobs/build-go-dev.yml | 2 +- .circleci/config/jobs/fmt.yml | 2 +- .circleci/config/jobs/pre-flight-checks.yml | 2 +- .circleci/config/jobs/test-go-nightly.yml | 2 +- .github/workflows/goversion-checker.yml | 23 ++++++++++++ Makefile | 2 +- README.md | 3 +- scripts/docker/Dockerfile | 2 +- scripts/docker/Dockerfile.ui | 2 +- 13 files changed, 77 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/goversion-checker.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 9d0c4f63c96de..e1cf94eaea14d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -77,10 +77,13 @@ jobs: shell: /usr/bin/env bash -euo pipefail -c working_directory: /home/circleci/go/src/github.com/hashicorp/vault steps: + - checkout - run: command: | + GO_VERSION=$(cat .go-version) [ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; } # Install Go + cd ~ curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" sudo rm -rf /usr/local/go sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" @@ -96,8 +99,6 @@ jobs: echo "$ go version" go version name: Setup Go - working_directory: ~/ - - checkout - restore_cache: keys: - v1.5-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}} @@ -119,8 +120,8 @@ jobs: root: . environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' - - GO_VERSION: 1.19.2 - GOFUMPT_VERSION: 0.3.1 - GOTESTSUM_VERSION: 0.5.2 test-go-remote-docker: @@ -261,7 +262,7 @@ jobs: -e NO_PROXY \ -e VAULT_TEST_LOG_DIR=/tmp/testlogs \ --network ${TEST_DOCKER_NETWORK_NAME} \ - docker.mirror.hashicorp.services/cimg/go:1.19.2 \ + $GO_IMAGE \ tail -f /dev/null)" mkdir workspace echo ${CONTAINER_ID} > workspace/container_id @@ -351,17 +352,23 @@ jobs: path: /tmp/testlogs environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' + - GOFUMPT_VERSION: 0.3.1 + - GOTESTSUM_VERSION: 0.5.2 fmt: machine: image: ubuntu-2004:202201-02 shell: /usr/bin/env bash -euo pipefail -c working_directory: /home/circleci/go/src/github.com/hashicorp/vault steps: + - checkout - run: command: | + GO_VERSION=$(cat .go-version) [ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; } # Install Go + cd ~ curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" sudo rm -rf /usr/local/go sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" @@ -377,8 +384,6 @@ jobs: echo "$ go version" go version name: Setup Go - working_directory: ~/ - - checkout - run: command: | echo "Using gofumpt version ${GOFUMPT_VERSION}" @@ -391,8 +396,8 @@ jobs: name: make fmt environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' - - GO_VERSION: 1.19.2 - GOFUMPT_VERSION: 0.3.1 - GOTESTSUM_VERSION: 0.5.2 test-go-race: @@ -529,7 +534,7 @@ jobs: -e NO_PROXY \ -e VAULT_TEST_LOG_DIR=/tmp/testlogs \ --network ${TEST_DOCKER_NETWORK_NAME} \ - docker.mirror.hashicorp.services/cimg/go:1.19.2 \ + $GO_IMAGE \ tail -f /dev/null)" mkdir workspace echo ${CONTAINER_ID} > workspace/container_id @@ -613,7 +618,10 @@ jobs: path: /tmp/testlogs environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' + - GOFUMPT_VERSION: 0.3.1 + - GOTESTSUM_VERSION: 0.5.2 test-go: docker: - image: docker.mirror.hashicorp.services/cimg/go:1.19.2 @@ -748,7 +756,7 @@ jobs: -e NO_PROXY \ -e VAULT_TEST_LOG_DIR=/tmp/testlogs \ --network ${TEST_DOCKER_NETWORK_NAME} \ - docker.mirror.hashicorp.services/cimg/go:1.19.2 \ + $GO_IMAGE \ tail -f /dev/null)" mkdir workspace echo ${CONTAINER_ID} > workspace/container_id @@ -832,7 +840,10 @@ jobs: path: /tmp/testlogs environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' + - GOFUMPT_VERSION: 0.3.1 + - GOTESTSUM_VERSION: 0.5.2 semgrep: docker: - image: docker.mirror.hashicorp.services/returntocorp/semgrep:0.113.0 @@ -851,10 +862,13 @@ jobs: shell: /usr/bin/env bash -euo pipefail -c working_directory: /home/circleci/go/src/github.com/hashicorp/vault steps: + - checkout - run: command: | + GO_VERSION=$(cat .go-version) [ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; } # Install Go + cd ~ curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" sudo rm -rf /usr/local/go sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" @@ -870,8 +884,6 @@ jobs: echo "$ go version" go version name: Setup Go - working_directory: ~/ - - checkout - run: command: | export CCI_PATH=/tmp/circleci-cli/$CIRCLECI_CLI_VERSION @@ -935,8 +947,8 @@ jobs: - /home/circleci/go/pkg/mod environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' - - GO_VERSION: 1.19.2 - GOFUMPT_VERSION: 0.3.1 - GOTESTSUM_VERSION: 0.5.2 test-go-race-remote-docker: @@ -1077,7 +1089,7 @@ jobs: -e NO_PROXY \ -e VAULT_TEST_LOG_DIR=/tmp/testlogs \ --network ${TEST_DOCKER_NETWORK_NAME} \ - docker.mirror.hashicorp.services/cimg/go:1.19.2 \ + $GO_IMAGE \ tail -f /dev/null)" mkdir workspace echo ${CONTAINER_ID} > workspace/container_id @@ -1167,7 +1179,10 @@ jobs: path: /tmp/testlogs environment: - CIRCLECI_CLI_VERSION: 0.1.5546 + - GO_IMAGE: docker.mirror.hashicorp.services/cimg/go:1.19.2 - GO_TAGS: '' + - GOFUMPT_VERSION: 0.3.1 + - GOTESTSUM_VERSION: 0.5.2 workflows: ci: jobs: diff --git a/.circleci/config/commands/go_test.yml b/.circleci/config/commands/go_test.yml index 57a920d063760..9e4b4daa9da47 100644 --- a/.circleci/config/commands/go_test.yml +++ b/.circleci/config/commands/go_test.yml @@ -12,9 +12,6 @@ parameters: save_cache: type: boolean default: false - go_image: - type: string - default: "docker.mirror.hashicorp.services/cimg/go:1.19.2" use_docker: type: boolean default: false @@ -137,7 +134,7 @@ steps: -e NO_PROXY \ -e VAULT_TEST_LOG_DIR=<< parameters.log_dir >> \ --network ${TEST_DOCKER_NETWORK_NAME} \ - << parameters.go_image >> \ + $GO_IMAGE \ tail -f /dev/null)" mkdir workspace echo ${CONTAINER_ID} > workspace/container_id diff --git a/.circleci/config/commands/setup-go.yml b/.circleci/config/commands/setup-go.yml index 715c4d6f4d705..5aec0087e9dad 100644 --- a/.circleci/config/commands/setup-go.yml +++ b/.circleci/config/commands/setup-go.yml @@ -13,11 +13,12 @@ parameters: default: github.com/hashicorp/* steps: - run: - working_directory: ~/ name: Setup Go command: | + GO_VERSION=$(cat .go-version) [ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; } # Install Go + cd ~ curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" sudo rm -rf /usr/local/go sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" diff --git a/.circleci/config/executors/@executors.yml b/.circleci/config/executors/@executors.yml index 467e7ac4551a7..905f00c712a7f 100644 --- a/.circleci/config/executors/@executors.yml +++ b/.circleci/config/executors/@executors.yml @@ -1,13 +1,16 @@ -go-machine: - machine: - image: ubuntu-2004:202201-02 - shell: /usr/bin/env bash -euo pipefail -c - environment: +references: + environment: &ENVIRONMENT CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3) - GO_VERSION: 1.19.2 # Pin Go to patch version (ex: 1.2.3) GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3) GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3) GO_TAGS: "" + GO_IMAGE: &GO_IMAGE "docker.mirror.hashicorp.services/cimg/go:1.19.2" + +go-machine: + machine: + image: ubuntu-2004:202201-02 + environment: *ENVIRONMENT + shell: /usr/bin/env bash -euo pipefail -c working_directory: /home/circleci/go/src/github.com/hashicorp/vault node: docker: @@ -30,24 +33,18 @@ semgrep: docker-env-go-test-remote-docker: resource_class: medium docker: - - image: "docker.mirror.hashicorp.services/cimg/go:1.19.2" - environment: - CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3) - GO_TAGS: "" + - image: *GO_IMAGE + environment: *ENVIRONMENT working_directory: /home/circleci/go/src/github.com/hashicorp/vault docker-env-go-test: resource_class: large docker: - - image: "docker.mirror.hashicorp.services/cimg/go:1.19.2" - environment: - CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3) - GO_TAGS: "" + - image: *GO_IMAGE + environment: *ENVIRONMENT working_directory: /home/circleci/go/src/github.com/hashicorp/vault docker-env-go-test-race: resource_class: xlarge docker: - - image: "docker.mirror.hashicorp.services/cimg/go:1.19.2" - environment: - CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3) - GO_TAGS: "" + - image: *GO_IMAGE + environment: *ENVIRONMENT working_directory: /home/circleci/go/src/github.com/hashicorp/vault diff --git a/.circleci/config/jobs/build-go-dev.yml b/.circleci/config/jobs/build-go-dev.yml index b193488e1c28c..cce6d3f61edda 100644 --- a/.circleci/config/jobs/build-go-dev.yml +++ b/.circleci/config/jobs/build-go-dev.yml @@ -1,7 +1,7 @@ executor: go-machine steps: - - setup-go - checkout + - setup-go - restore_go_mod_cache - attach_workspace: at: . diff --git a/.circleci/config/jobs/fmt.yml b/.circleci/config/jobs/fmt.yml index c92ce617aa6a0..7d9a08dcebd17 100644 --- a/.circleci/config/jobs/fmt.yml +++ b/.circleci/config/jobs/fmt.yml @@ -1,10 +1,10 @@ description: Ensure go formatting is correct. executor: go-machine steps: + - checkout # Setup Go enabling the proxy for downloading modules. - setup-go: GOPROXY: https://proxy.golang.org,direct - - checkout - run: name: make fmt command: | diff --git a/.circleci/config/jobs/pre-flight-checks.yml b/.circleci/config/jobs/pre-flight-checks.yml index 347a6a7def433..924b451b51d2c 100644 --- a/.circleci/config/jobs/pre-flight-checks.yml +++ b/.circleci/config/jobs/pre-flight-checks.yml @@ -1,10 +1,10 @@ description: Ensure nothing obvious is broken, and pre-cache Go modules. executor: go-machine steps: + - checkout # Setup Go enabling the proxy for downloading modules. - setup-go: GOPROXY: https://proxy.golang.org,direct - - checkout - run: name: Install CircleCI CLI environment: diff --git a/.circleci/config/jobs/test-go-nightly.yml b/.circleci/config/jobs/test-go-nightly.yml index 11cb11913e0b6..502cdfa4e185a 100644 --- a/.circleci/config/jobs/test-go-nightly.yml +++ b/.circleci/config/jobs/test-go-nightly.yml @@ -1,7 +1,7 @@ executor: go-machine steps: - - setup-go - checkout + - setup-go - restore_go_mod_cache - go_test: log_dir: "/tmp/testlogs" diff --git a/.github/workflows/goversion-checker.yml b/.github/workflows/goversion-checker.yml new file mode 100644 index 0000000000000..71ed31b65e5f2 --- /dev/null +++ b/.github/workflows/goversion-checker.yml @@ -0,0 +1,23 @@ +name: Check Go version + +on: + pull_request: + types: [opened, synchronize] + +jobs: + go-version-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + - name: Verify go versions in tree are consistent with one another + run: | + GOVER=$(cat .go-version) + EXPECTED="docker.mirror.hashicorp.services/cimg/go:$GOVER" + GOT=$(yq .references.environment.GO_IMAGE .circleci/config/executors/@executors.yml) + if [ "$EXPECTED" != "$GOT" ]; then + echo "version mismatch, .go-version has '$GOVER' and circleci config uses '$GOT'" + exit 1 + fi \ No newline at end of file diff --git a/Makefile b/Makefile index ff957df189776..516e4ed17f0e2 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ GOFMT_FILES?=$$(find . -name '*.go' | grep -v pb.go | grep -v vendor) SED?=$(shell command -v gsed || command -v sed) -GO_VERSION_MIN=1.19.2 +GO_VERSION_MIN=$$(cat $(CURDIR)/.go_version) PROTOC_VERSION_MIN=3.21.5 GO_CMD?=go CGO_ENABLED?=0 diff --git a/README.md b/README.md index ccf7c6f439b71..7de5fb620cd32 100644 --- a/README.md +++ b/README.md @@ -70,8 +70,7 @@ Developing Vault -------------------- If you wish to work on Vault itself or any of its built-in systems, you'll -first need [Go](https://www.golang.org) installed on your machine. Go version -1.19.2+ is *required*. +first need [Go](https://www.golang.org) installed on your machine. For local dev first make sure Go is properly installed, including setting up a [GOPATH](https://golang.org/doc/code.html#GOPATH). Ensure that `$GOPATH/bin` is in diff --git a/scripts/docker/Dockerfile b/scripts/docker/Dockerfile index 0fff3d49f840e..6208badf4bc89 100644 --- a/scripts/docker/Dockerfile +++ b/scripts/docker/Dockerfile @@ -1,6 +1,6 @@ # Multi-stage builder to avoid polluting users environment with wrong # architecture binaries. -ARG VERSION=1.19.2 +ARG VERSION FROM golang:${VERSION} AS builder diff --git a/scripts/docker/Dockerfile.ui b/scripts/docker/Dockerfile.ui index e0b9603e54e4c..b13f0fe1fbd4e 100644 --- a/scripts/docker/Dockerfile.ui +++ b/scripts/docker/Dockerfile.ui @@ -2,7 +2,7 @@ # architecture binaries. This file only currently works for linux/amd64. FROM debian:buster AS builder -ARG VERSION=1.19.2 +ARG VERSION ARG CGO_ENABLED=0 ARG BUILD_TAGS ENV JOBS=2