search

metal3-io / ironic-standalone-operator

WIP Operator to maintain an Ironic deployment for Metal3
Apache License 2.0
5 stars 4 forks source link

Mass-update dependencies #42

Closed dtantsur closed 3 months ago

dtantsur commented 3 months ago

We're about to pick up active development here again, let's make sure to work with the latest stuff to avoid accidentally depending on old and incompatible versions (looking at you, controller-runtime).

Forces bumping the Go version to 1.22 (using 1.22.2 to avoid reverting the fix for https://osv.dev/vulnerability/GO-2024-2687).

dtantsur commented 3 months ago

/assign @tuminoid

Could you make sure I'm not undoing any of your security fixes?

tuminoid commented 3 months ago

/assign @tuminoid

Could you make sure I'm not undoing any of your security fixes?

You should be bumping to Go 1.22.3, 1.22.2 has 3 vulnerabilities open. Otherwise the tree is clean. :+1:

dtantsur commented 3 months ago

@tuminoid done as you suggested

dtantsur commented 3 months ago

@tuminoid looks like github actions only have 1.22.2 on their ubuntu runners :(

tuminoid commented 3 months ago

@tuminoid looks like github actions only have 1.22.2 on their ubuntu runners :(

Yeah, let me take a look, if we can fix that. We have other repos working fine, so I think we need to add the go-setup step here as well.

We also need to merge this for the gomod to pass: https://github.com/metal3-io/project-infra/pull/783

tuminoid commented 3 months ago

@tuminoid looks like github actions only have 1.22.2 on their ubuntu runners :(

Yeah, let me take a look, if we can fix that. We have other repos working fine, so I think we need to add the go-setup step here as well.

We also need to merge this for the gomod to pass: metal3-io/project-infra#783

OK, so if we merge #43 and then rebase this, and also merge the project-infra PR for the gomod test, then I think this should pass.

tuminoid commented 3 months ago

Also edit hack/gomod.sh to run Go 1.22 (fixes local runs).

/test gomod

metal3-io-bot commented 3 months ago

@tuminoid: adding LGTM is restricted to approvers and reviewers in OWNERS files.

In response to [this](https://github.com/metal3-io/ironic-standalone-operator/pull/42#pullrequestreview-2107576520): >AFAIK this looks like solid golang bump. > >/lgtm > >Maybe update title to reflect that as its more about golang bump than deps. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
dtantsur commented 3 months ago

It was about dependencies initially, Go is sort of forced on me :)

/approve

metal3-io-bot commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dtantsur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/metal3-io/ironic-standalone-operator/blob/main/OWNERS)~~ [dtantsur] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
dtantsur commented 3 months ago

@tuminoid: adding LGTM is restricted to approvers and reviewers in OWNERS files.

Indeed: https://github.com/metal3-io/ironic-standalone-operator/pull/44