Skip to content

Commit 8bc805f

Browse files
authored
resolve security vulnerabilities and improve workflows (#281)
* upgrade go version, resolve security vulnerabilities and improve workflows * remove windows tests * simplify security pipeline * upgrade to go1.24.9 * update workflows go version * fix lint * remove wrong, unnecessary and failing code * go mod tidy * lowercase workflow names * matching name * dont make pipelines run twice
1 parent 33a26e4 commit 8bc805f

File tree

13 files changed

+159
-111
lines changed

13 files changed

+159
-111
lines changed

.github/workflows/lint.yml

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,24 @@
1-
on: [push, pull_request]
2-
name: Lint
1+
on:
2+
push:
3+
branches: [master]
4+
pull_request:
5+
name: lint
6+
37
jobs:
4-
test:
5-
strategy:
6-
matrix:
7-
go-version: [1.20.x, 1.21.x]
8-
os: [ubuntu-latest]
9-
runs-on: ${{ matrix.os }}
8+
lint:
9+
runs-on: ubuntu-latest
1010
steps:
11+
- name: Checkout code
12+
uses: actions/checkout@v5
13+
1114
- name: Install Go
12-
uses: actions/setup-go@v2
15+
uses: actions/setup-go@v6
1316
with:
14-
go-version: ${{ matrix.go-version }}
15-
- name: Checkout code
16-
uses: actions/checkout@v2
17-
- name: setup env
18-
run: |
19-
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
20-
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
21-
shell: bash
22-
- name: lint
23-
uses: Jerome1337/golint-action@v1.0.2
17+
go-version: ${{ vars.GO_VERSION || '1.24.9' }}
18+
cache: true
19+
20+
- name: Run golangci-lint
21+
uses: golangci/golangci-lint-action@v8
22+
with:
23+
version: latest
24+
args: --timeout=5m

.github/workflows/security.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
on:
2+
push:
3+
branches: [master]
4+
pull_request:
5+
name: security
6+
7+
jobs:
8+
security:
9+
runs-on: ubuntu-latest
10+
steps:
11+
- name: Checkout code
12+
uses: actions/checkout@v5
13+
14+
- name: Run govulncheck
15+
uses: golang/govulncheck-action@v1
16+
with:
17+
go-version-input: ${{ vars.GO_VERSION || '1.24.9' }}
18+
go-package: ./...

.github/workflows/test.yml

Lines changed: 37 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,42 @@
1-
on: [push, pull_request]
2-
name: Test
1+
on:
2+
push:
3+
branches: [master]
4+
pull_request:
5+
name: test
6+
37
jobs:
48
test:
5-
strategy:
6-
matrix:
7-
go-version: [1.20.x, 1.21.x, 1.22.x]
8-
os: [ubuntu-latest, windows-latest]
9-
runs-on: ${{ matrix.os }}
9+
runs-on: ubuntu-latest
1010
steps:
11+
- name: Checkout code
12+
uses: actions/checkout@v5
13+
1114
- name: Install Go
12-
uses: actions/setup-go@v2
15+
uses: actions/setup-go@v6
1316
with:
14-
go-version: ${{ matrix.go-version }}
15-
- name: Checkout code
16-
uses: actions/checkout@v2
17-
- name: Test
18-
run: go test ./...
19-
- name: Ensure correctly formatted
20-
if: runner.os == 'Linux'
21-
run: test -z "$(gofmt -l $(find . -type f -name '*.go'))"
17+
go-version: ${{ vars.GO_VERSION || '1.24.9' }}
18+
cache: true
19+
20+
- name: Verify dependencies
21+
run: |
22+
go mod download
23+
go mod verify
24+
25+
- name: Check go.mod and go.sum are tidy
26+
run: |
27+
go mod tidy
28+
git diff --exit-code go.mod go.sum
29+
30+
- name: Build
31+
run: go build -v ./...
32+
33+
- name: Run tests
34+
run: go test -v -race ./...
35+
36+
- name: Check formatting
37+
run: |
38+
if [ -n "$(gofmt -l .)" ]; then
39+
echo "The following files are not formatted:"
40+
gofmt -l .
41+
exit 1
42+
fi

.golangci.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
# golangci-lint v2 configuration
2+
# See https://golangci-lint.run/docs/configuration/ for full options
3+
4+
version: "2"
5+
6+
linters:
7+
enable:
8+
- errcheck
9+
- govet
10+
- misspell
11+
- revive
12+
13+
settings:
14+
errcheck:
15+
# Don't check error returns for these functions
16+
exclude-functions:
17+
- (*net/http.Response.Body).Close
18+
- (net/http.ResponseWriter).Write
19+
20+
revive:
21+
rules:
22+
# Disable overly strict rules
23+
- name: exported
24+
disabled: true
25+
- name: package-comments
26+
disabled: true
27+
- name: unexported-return
28+
disabled: true
29+
30+
exclusions:
31+
# Enable predefined exclusion presets
32+
presets:
33+
- std-error-handling
34+
- common-false-positives
35+
36+
# Custom exclusion rules
37+
rules:
38+
# Exclude errcheck for deferred Close() calls
39+
- linters:
40+
- errcheck
41+
text: Error return value of.*\.Close.* is not checked
42+
43+
formatters:
44+
enable:
45+
- gofmt
46+
- goimports

disk_image.go

Lines changed: 0 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,6 @@ import (
77
"fmt"
88
"strings"
99
"time"
10-
11-
"golang.org/x/mod/semver"
1210
)
1311

1412
// DiskImage represents a serialized structure
@@ -162,33 +160,6 @@ func (c *Client) GetDiskImageByName(name string) (*DiskImage, error) {
162160
return nil, errors.New("diskimage not found")
163161
}
164162

165-
// GetMostRecentDistro finds the highest version of a specified distro
166-
func (c *Client) GetMostRecentDistro(name string) (*DiskImage, error) {
167-
resp, err := c.ListDiskImages()
168-
if err != nil {
169-
return nil, decodeError(err)
170-
}
171-
172-
var highestVersionDistro *DiskImage
173-
174-
for _, diskimage := range resp {
175-
if strings.Contains(diskimage.Name, name) {
176-
if highestVersionDistro == nil {
177-
highestVersionDistro = &diskimage
178-
} else {
179-
if semver.Compare(highestVersionDistro.Version, diskimage.Version) < 0 {
180-
highestVersionDistro = &diskimage
181-
}
182-
}
183-
}
184-
}
185-
if highestVersionDistro == nil {
186-
return nil, fmt.Errorf("%s image not found", name)
187-
}
188-
189-
return highestVersionDistro, nil
190-
}
191-
192163
// CreateDiskImage creates a new disk image entry and returns a pre-signed URL for uploading
193164
func (c *Client) CreateDiskImage(params *CreateDiskImageParams) (*CreateDiskImageResponse, error) {
194165
url := "/v2/disk_images"

disk_image_test.go

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,6 @@ import (
66
"time"
77
)
88

9-
func TestClienterDiskImage(t *testing.T) {
10-
var c Clienter
11-
12-
c, _ = NewClient("foo", "NYC1")
13-
c, _ = NewFakeClient()
14-
_, _ = c.ListDiskImages()
15-
}
16-
179
func TestGetDiskImage(t *testing.T) {
1810
client, server, _ := NewClientForTesting(map[string]string{
1911
"/v2/disk_images/b82168fe-66f6-4b38-a3b8-5283542d5475": `{
@@ -201,20 +193,3 @@ func TestGetDiskImageByName(t *testing.T) {
201193
t.Errorf("Expected %s, got %s", "329d473e-f110-4852-b2fa-fe65aa6bff4a", got.ID)
202194
}
203195
}
204-
205-
func TestGetMostRecentDistro(t *testing.T) {
206-
client, server, _ := NewClientForTesting(map[string]string{
207-
"/v2/disk_images": `[{ "ID": "329d473e-f110-4852-b2fa-fe65aa6bff4a", "Name": "ubuntu-bionic", "Version": "18.04", "State": "available", "Distribution": "ubuntu", "Description": "", "Label": "bionic" }, { "ID": "77bea4dd-bfd4-492c-823d-f92eb6dd962d", "Name": "ubuntu-focal", "Version": "20.04", "State": "available", "Distribution": "ubuntu", "Description": "", "Label": "focal" }]`,
208-
})
209-
defer server.Close()
210-
211-
got, err := client.GetMostRecentDistro("ubuntu")
212-
if err != nil {
213-
t.Errorf("Request returned an error: %s", err)
214-
return
215-
}
216-
217-
if got.Name != "ubuntu-focal" {
218-
t.Errorf("Expected %s, got %s", "ubuntu-focal", got.Name)
219-
}
220-
}

errors.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1060,7 +1060,7 @@ func decodeError(err error) error {
10601060
err := errors.New(msg.String())
10611061
return KubernetesClusterInvalidNameError.wrap(err)
10621062
default:
1063-
err := fmt.Errorf(fmt.Sprintf("Unknown error response - status: %s, code: %d, reason: %s", errorData.Status, errorData.Code, errorData.Reason))
1063+
err := fmt.Errorf("unknown error response - status: %s, code: %d, reason: %s", errorData.Status, errorData.Code, errorData.Reason)
10641064
return CommonError.wrap(err)
10651065
}
10661066
}

fake_client_test.go

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,12 @@ import (
1010
func TestClienter(t *testing.T) {
1111
var c Clienter
1212

13-
c, _ = NewClient("foo", "NYC1")
14-
c, _ = NewFakeClient()
15-
_, _ = c.ListAllInstances()
16-
c.ListIPs()
13+
c, err := NewClient("foo", "NYC1")
14+
if err != nil {
15+
t.Fail()
16+
}
17+
18+
_ = c
1719
}
1820

1921
// TestIPs is a test for the IPs method.
@@ -60,7 +62,11 @@ func TestInstances(t *testing.T) {
6062
Count: 1,
6163
Hostname: "foo.example.com",
6264
}
63-
client.CreateInstance(config)
65+
_, err := client.CreateInstance(config)
66+
if err != nil {
67+
t.Errorf("Request returned an error: %s", err)
68+
return
69+
}
6470

6571
results, err := client.ListInstances(1, 10)
6672
if err != nil {

go.mod

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/civo/civogo
22

3-
go 1.20
3+
go 1.24.9
44

55
require (
66
github.com/google/go-querystring v1.1.0
@@ -16,9 +16,8 @@ require (
1616
github.com/json-iterator/go v1.1.12 // indirect
1717
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
1818
github.com/modern-go/reflect2 v1.0.2 // indirect
19-
golang.org/x/mod v0.17.0
20-
golang.org/x/net v0.33.0 // indirect
21-
golang.org/x/text v0.21.0 // indirect
19+
golang.org/x/net v0.38.0 // indirect
20+
golang.org/x/text v0.23.0 // indirect
2221
gopkg.in/inf.v0 v0.9.1 // indirect
2322
gopkg.in/yaml.v2 v2.4.0 // indirect
2423
k8s.io/klog/v2 v2.90.1 // indirect

0 commit comments

Comments
 (0)