triat
commented
3 years ago Hello @zotrix,
Just for my understanding, the update could fail in the case of regressing version? Or if you have cache? If you have an explanation, I'd be grateful 👍
Closed zotrix closed 3 years ago
triat
commented
3 years ago Hello @zotrix,
Just for my understanding, the update could fail in the case of regressing version? Or if you have cache? If you have an explanation, I'd be grateful 👍
zotrix
commented
3 years ago two days ago tfsec build was failed due update go dependencies, via -u flag. So i think it is go depends regression. Maintainer create and test releases on deps version "A", go get -u update depends to version "B", usual all ok, but sometimes version "B" has bugs in code.
For sample from CI logs.
go: extracting github.com/bmatcuk/doublestar v1.3.4
go: extracting github.com/hashicorp/go-uuid v1.0.2
# github.com/tfsec/tfsec/internal/app/tfsec/formatters
/go/pkg/mod/github.com/tfsec/tfsec@v0.39.24/internal/app/tfsec/formatters/sarif.go:43:26: cannot use *message (type sarif.Message) as type *sarif.Message in argument to ruleResult.WithMessage
note: module requires Go 1.16
/entrypoint.sh: line 18: /go/bin/tfsec: No such file or directoryi think more pretty solution is installing tfsec from prebuilded releases;)
Versioned installation should be without updating deps (-u) flag. Update deps could cause build fail.