Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix dependabot alerts #697

Closed
kuritka opened this issue Oct 26, 2021 · 0 comments
Closed

Fix dependabot alerts #697

kuritka opened this issue Oct 26, 2021 · 0 comments
Assignees
@kuritka

Comments

@kuritka
Copy link
Collaborator

kuritka commented Oct 26, 2021
edited
Loading

The issue is a container for PR's fixing current dependabot alerts.

  • Bump module versions
  • Upgrade GH pipelines if necessary
  • Do necessary code updates
  • Fix particular alerts by bumping module versions, replacing modules, ignoring
@kuritka kuritka self-assigned this Oct 26, 2021
kuritka added a commit that referenced this issue Oct 26, 2021
@kuritka
Set GO1.16.9 as default GO version for goreleaser
cbf52af 
related to #697

Github virtual environment Ubuntu20.04 has [cached several Go tools](https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-README.md#go).

GoReleaser doesn't accept `builds.gobinary` [parameter](https://goreleaser.com/customization/build/) and still uses default GO1.15.

In order to fixing dependabot alerts, I would like to bump up the versions of some modules
that are already [required to be compiled in GO 1.16](https://github.com/k8gb-io/k8gb/runs/4009137543?check_suite_focus=true#step:3:64).

I'm introducing setup-go action which is switching GO to desired version.

Signed-off-by: kuritka <kuritka@gmail.com>
@kuritka kuritka mentioned this issue Oct 26, 2021
Merged
kuritka added a commit that referenced this issue Oct 26, 2021
@kuritka
Set GO1.16.9 as default GO version for goreleaser (#698)
b8e410f 
related to #697

Github virtual environment Ubuntu20.04 has [cached several Go tools](https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-README.md#go).

GoReleaser doesn't accept `builds.gobinary` [parameter](https://goreleaser.com/customization/build/) and still uses default GO1.15.

In order to fixing dependabot alerts, I would like to bump up the versions of some modules
that are already [required to be compiled in GO 1.16](https://github.com/k8gb-io/k8gb/runs/4009137543?check_suite_focus=true#step:3:64).

I'm introducing setup-go action which is switching GO to desired version.

Signed-off-by: kuritka <kuritka@gmail.com>
kuritka added a commit that referenced this issue Oct 26, 2021
@kuritka
Bump dependencies #1
e5c3a9c 
related to #697

 `k8s.io/*` bundle to `v0.22.2` (controller-gen tool makes changes in CRD description after bump)
 - `github.com/golang/mock` to `v1.6.0` (is not compiled into final binary but checked by dependabot)
 - `github.com/miekg/dns` to `v1.1.43`
 - `github.com/infobloxopen/infoblox-go-client` to `v1.1.1` (changes argument CreateTXTRecord from integer to uint)

The latest `sigs.k8s.io/external-dns` is problematic in terms it uses latest `github.com/go-logr/logr` which is incompatible
with previous versions. This causes issues in `controller-runtime` and will require code changes on our side (another PR).
[This PR](kubernetes-sigs/controller-runtime#1593 (comment)) would be unblock
 - github.com/go-logr/logr
 - sigs.k8s.io/external-dns

Signed-off-by: kuritka <kuritka@gmail.com>
kuritka added a commit that referenced this issue Oct 26, 2021
@kuritka
Bump dependencies #1
ba0996b 
related to #697

 `k8s.io/*` bundle to `v0.22.2` (controller-gen tool makes changes in CRD description after bump)
 - `github.com/golang/mock` to `v1.6.0` (is not compiled into final binary but checked by dependabot)
 - `github.com/miekg/dns` to `v1.1.43`
 - `github.com/infobloxopen/infoblox-go-client` to `v1.1.1` (changes argument CreateTXTRecord from integer to uint)

`sigs.k8s.io/controller-runtime` to `v0.10.2`

The latest `sigs.k8s.io/external-dns` is problematic in terms it uses latest `github.com/go-logr/logr` which is incompatible
with previous versions. This causes issues in `controller-runtime` and will require code changes on our side (another PR).
[This PR](kubernetes-sigs/controller-runtime#1593 (comment)) would be unblock
 - github.com/go-logr/logr
 - sigs.k8s.io/external-dns

Signed-off-by: kuritka <kuritka@gmail.com>
kuritka added a commit that referenced this issue Oct 26, 2021
@kuritka
Bump dependencies #1
e5dbe26 
related to #697

 `k8s.io/*` bundle to `v0.22.2` (controller-gen tool makes changes in CRD description after bump)
 - `github.com/golang/mock` to `v1.6.0` (is not compiled into final binary but checked by dependabot)
 - `github.com/miekg/dns` to `v1.1.43`
 - `github.com/infobloxopen/infoblox-go-client` to `v1.1.1` (changes argument CreateTXTRecord from integer to uint)

`sigs.k8s.io/controller-runtime` to `v0.10.2` requires more effort,  will be part of follow-up PR

`sigs.k8s.io/external-dns` is problematic in terms it uses latest `github.com/go-logr/logr` which is incompatible
with previous versions. Will be part of followup PR

Signed-off-by: kuritka <kuritka@gmail.com>
This was referenced Oct 26, 2021
Merged
Merged
kuritka added a commit that referenced this issue Oct 27, 2021
@kuritka
Align exact version in release.yaml (#703)
9df5cb1 
related to #697, #698

align exact GO version with release.yaml, terrascan.yaml

Signed-off-by: kuritka <kuritka@gmail.com>
kuritka added a commit that referenced this issue Oct 27, 2021
@kuritka
Bump dependencies #1
123e6a2 
related to #697

 `k8s.io/*` bundle to `v0.22.2` (controller-gen tool makes changes in CRD description after bump)
 - `github.com/golang/mock` to `v1.6.0` (is not compiled into final binary but checked by dependabot)
 - `github.com/miekg/dns` to `v1.1.43`
 - `github.com/infobloxopen/infoblox-go-client` to `v1.1.1` (changes argument CreateTXTRecord from integer to uint)
 - `sigs.k8s.io/controller-runtime` to `v0.10.2`, had to fix the test, see comment below.
 - `sigs.k8s.io/external-dns` is problematic in terms it uses latest `github.com/go-logr/logr` which is incompatible
with previous versions. Will be part of followup PR

Controller-runtime works on copies of annotations rather than their pointers, so I had to modify the test.

```go
func TestGslbProperlyPropagatesAnnotationDownToIngress(t *testing.T) {
        // arrange
        settings := provideSettings(t, predefinedConfig)
        expectedAnnotations := map[string]string{"annotation": "test"}
        settings.gslb.Annotations = expectedAnnotations
        err := settings.client.Update(context.TODO(), settings.gslb)
        require.NoError(t, err, "Can't update gslb")
        // act
        reconcileAndUpdateGslb(t, settings)
        err2 := settings.client.Get(context.TODO(), settings.request.NamespacedName, settings.ingress)
        // assert
        assert.NoError(t, err2, "Failed to get expected ingress")
        assert.Equal(t, expectedAnnotations, settings.ingress.Annotations)
}
```

If I extend fial assertion the passing test is doing this:
```go
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.ingress.Annotations)
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.gslb.Annotations)
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, expectedAnnotations)
```

The `"k8gb.io/strategy": "roundRobin"` is added to `expectedAnnotations` during `reconcileAndUpdateGslb` and controlle-runtime
is the guy which extends `expectedAnnotations`.

I bumped controller runtime to `v0.10.2`, and only this concrete test has to be updated, because expectedAnnotations are not altered within controller-runtime:
```go
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.ingress.Annotations)
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.gslb.Annotations)
assert.Equal(t, map[string]string{"annotation": "test"}, expectedAnnotations)
```

Signed-off-by: kuritka <kuritka@gmail.com>
kuritka added a commit that referenced this issue Oct 30, 2021
@kuritka
Bump dependencies #1 (#700)
607a9db 
related to #697

 `k8s.io/*` bundle to `v0.22.2` (controller-gen tool makes changes in CRD description after bump)
 - `github.com/golang/mock` to `v1.6.0` (is not compiled into final binary but checked by dependabot)
 - `github.com/miekg/dns` to `v1.1.43`
 - `github.com/infobloxopen/infoblox-go-client` to `v1.1.1` (changes argument CreateTXTRecord from integer to uint)
 - `sigs.k8s.io/controller-runtime` to `v0.10.2`, had to fix the test, see comment below.
 - `sigs.k8s.io/external-dns` is problematic in terms it uses latest `github.com/go-logr/logr` which is incompatible
with previous versions. Will be part of followup PR

Controller-runtime works on copies of annotations rather than their pointers, so I had to modify the test.

```go
func TestGslbProperlyPropagatesAnnotationDownToIngress(t *testing.T) {
        // arrange
        settings := provideSettings(t, predefinedConfig)
        expectedAnnotations := map[string]string{"annotation": "test"}
        settings.gslb.Annotations = expectedAnnotations
        err := settings.client.Update(context.TODO(), settings.gslb)
        require.NoError(t, err, "Can't update gslb")
        // act
        reconcileAndUpdateGslb(t, settings)
        err2 := settings.client.Get(context.TODO(), settings.request.NamespacedName, settings.ingress)
        // assert
        assert.NoError(t, err2, "Failed to get expected ingress")
        assert.Equal(t, expectedAnnotations, settings.ingress.Annotations)
}
```

If I extend fial assertion the passing test is doing this:
```go
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.ingress.Annotations)
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.gslb.Annotations)
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, expectedAnnotations)
```

The `"k8gb.io/strategy": "roundRobin"` is added to `expectedAnnotations` during `reconcileAndUpdateGslb` and controlle-runtime
is the guy which extends `expectedAnnotations`.

I bumped controller runtime to `v0.10.2`, and only this concrete test has to be updated, because expectedAnnotations are not altered within controller-runtime:
```go
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.ingress.Annotations)
assert.Equal(t, map[string]string{"annotation": "test", "k8gb.io/strategy": "roundRobin"}, settings.gslb.Annotations)
assert.Equal(t, map[string]string{"annotation": "test"}, expectedAnnotations)
```

Signed-off-by: kuritka <kuritka@gmail.com>
@kuritka kuritka mentioned this issue Nov 1, 2021
Merged
@kuritka kuritka closed this as completed Jan 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kuritka kuritka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kuritka