Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot ecs-init fix #3388

Merged
merged 2 commits into from
Sep 12, 2022
Merged

Dependabot ecs-init fix #3388

merged 2 commits into from
Sep 12, 2022

Conversation

yinyic
Copy link
Contributor

@yinyic yinyic commented Sep 9, 2022
edited
Loading

Summary

In #3277 we introduced a few dependency bumps. However some of the upgrades have introduced build failures of debian packages likely due to Go version compatibility(see #3277 code build workflow to get more details - note that the error is shown in the build log although the final workflow status shows as succeeded).

In this PR, we first revert the change in #3277, and re-do the dependency bumps but keep them to minimal.

Implementation details

  1. revert commit Update dependencies to include security patches reported by dependabot for ecs-init #3277

git revert f4ca59d

  1. upgrade runc to 1.1.2
GOPROXY=direct go get github.com/opencontainers/runc@v1.1.2
GOPROXY=direct go mod tidy
GOPROXY=direct go mod vendor
  1. test with make test-init
make test-init
...
ecs-init/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go:45:15: undefined: unix.Exec

To fix the error, removed replace golang.org/x/sys => golang.org/x/sys v0.0.0-20170529185110-b90f89a1e7a9 in ecs-init go.mod

make test-init
...
ecs-init/vendor/github.com/docker/docker/pkg/archive/archive_unix.go:95:13: undefined: system.RunningInUserNS

To fix the error, upgraded docker/docker to the version that had the fix

GOPROXY=direct go get github.com/docker/docker@472f21b923ef512e8bebaece83a7d9c206b1e0a7
GOPROXY=direct go mod tidy -compat=1.17
go mod vendor

make test-init now passes

  1. test with generic-rpm-integrated
...
+ exit 0
find RPMS/ -type f -exec cp {} . \;
touch .generic-rpm-integrated-done

Note that:

  • dependabot requires github.com/opencontainers/image-spec to use 1.0.2 - we are using 1.0.3 already
  • dependabot requires github.com/docker/docker to use 1.6.1, released in year 2015 - we are using a newer version released in 2021

Testing

make test-init
make generic-rpm-integrated

All code build projects are passing (checked individual build logs to make sure there's no error)

New tests cover the changes: no

Description for the changelog

Dependabot ecs-init fixes

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@yinyic yinyic requested a review from a team as a code owner September 9, 2022 20:34
@yinyic yinyic changed the title Dependabot init fix Dependabot ecs-init fix Sep 12, 2022
@yinyic yinyic merged commit 6d031da into aws:dev Sep 12, 2022
@yinyic yinyic deleted the dependabot-init-fix branch September 12, 2022 20:29
@chienhanlin chienhanlin mentioned this pull request Sep 12, 2022
Merged
chienhanlin pushed a commit that referenced this pull request Sep 12, 2022
@yinyic @chienhanlin
Dependabot ecs-init fix (#3388)
7347b50 
* Revert "Update dependencies to include security patches reported by dependabot (#3277)"

This reverts commit f4ca59d.

* Revert some unnecessary dependabot upgrades

Co-authored-by: Yinyi Chen <yinyic@dev-dsk-yinyic-2c-6089ee44.us-west-2.amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YashdalfTheGray YashdalfTheGray YashdalfTheGray approved these changes

@prateekchaudhry prateekchaudhry prateekchaudhry approved these changes

@chienhanlin chienhanlin chienhanlin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@yinyic @YashdalfTheGray @prateekchaudhry @chienhanlin @amazon-ecs-bot