From 4fb8439c59f80a4aa9242474f99c66f4248fab92 Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 03:02:29 -0400 Subject: [PATCH 1/9] PR: Add workflow to notify vulnerabilities. This action should fail as we use GoLang v1.19 which does have vulnerabilities, In the following commits the version will be bumped and then this action should show no vulnerabilities. --- .github/workflows/check-vulnerabilities.yml | 39 +++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/check-vulnerabilities.yml diff --git a/.github/workflows/check-vulnerabilities.yml b/.github/workflows/check-vulnerabilities.yml new file mode 100644 index 0000000000..a99241e49b --- /dev/null +++ b/.github/workflows/check-vulnerabilities.yml @@ -0,0 +1,39 @@ +# Copyright 2023 Democratized Data Foundation +# +# Use of this software is governed by the Business Source License +# included in the file licenses/BSL.txt. +# +# As of the Change Date specified in that file, in accordance with +# the Business Source License, use of this software will be governed +# by the Apache License, Version 2.0, included in the file +# licenses/APL.txt. + +name: Check Vulnerabilities Workflow + +on: + pull_request: + branches: + - master + - develop + + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + branches: + - master + - develop + +jobs: + check-vulnerabilities: + name: Check vulnerabilities job + + runs-on: ubuntu-latest + + steps: + - name: Run govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-input: "1.19.5" + go-package: ./... + check-latest: true + cache: true From f33d602cedcfcf61c317d5664ab2f27897d777bb Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 05:42:17 -0400 Subject: [PATCH 2/9] PR: Bump go mod version --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 612f275415..526bbce7b6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sourcenetwork/defradb -go 1.19 +go 1.20 require ( github.com/bits-and-blooms/bitset v1.8.0 From e94cbd42f50f4a7c1577271af1f8e9badde01ec9 Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 05:43:30 -0400 Subject: [PATCH 3/9] PR: Bump go version for containerfiles --- tools/defradb-builder.containerfile | 2 +- tools/defradb.containerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/defradb-builder.containerfile b/tools/defradb-builder.containerfile index 3daadb9b61..81322bcb07 100644 --- a/tools/defradb-builder.containerfile +++ b/tools/defradb-builder.containerfile @@ -2,7 +2,7 @@ # An image with defradb's code and go tooling available, to assemble in a larger container. -FROM docker.io/golang:1.19 AS BUILD +FROM docker.io/golang:1.20 AS BUILD WORKDIR /lib/defradb/ diff --git a/tools/defradb.containerfile b/tools/defradb.containerfile index 77b5bc9bb1..9bb62d6d53 100644 --- a/tools/defradb.containerfile +++ b/tools/defradb.containerfile @@ -4,7 +4,7 @@ # Stage: BUILD # Several steps are involved to enable caching and because of the behavior of COPY regarding directories. -FROM docker.io/golang:1.19 AS BUILD +FROM docker.io/golang:1.20 AS BUILD WORKDIR /repo/ COPY go.mod go.sum Makefile ./ RUN make deps:modules From a06e418d4ee4d1e969b1d62c52b935a9e37b59ed Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 05:43:59 -0400 Subject: [PATCH 4/9] PR: Bump go version used to build the AMI image --- tools/cloud/aws/packer/build_aws_ami.pkr.hcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/cloud/aws/packer/build_aws_ami.pkr.hcl b/tools/cloud/aws/packer/build_aws_ami.pkr.hcl index 36b6d5a753..8afacfb339 100644 --- a/tools/cloud/aws/packer/build_aws_ami.pkr.hcl +++ b/tools/cloud/aws/packer/build_aws_ami.pkr.hcl @@ -66,8 +66,8 @@ build { inline = [ "/usr/bin/cloud-init status --wait", "sudo apt-get update && sudo apt-get install make build-essential -y", - "curl -OL https://golang.org/dl/go1.19.8.linux-amd64.tar.gz", - "rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.19.8.linux-amd64.tar.gz", + "curl -OL https://golang.org/dl/go1.20.6.linux-amd64.tar.gz", + "rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.20.6.linux-amd64.tar.gz", "export PATH=$PATH:/usr/local/go/bin", "git clone \"https://git@$DEFRADB_GIT_REPO\"", "cd ./defradb || { printf \"\\\ncd into defradb failed.\\\n\" && exit 2; }", From fc0f6de166bbbbba89d1b42ba9c174a145dc11ec Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 05:44:59 -0400 Subject: [PATCH 5/9] PR: Bump go versions for the linter --- tools/configs/golangci.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/configs/golangci.yaml b/tools/configs/golangci.yaml index 02c5c1d694..448d334596 100644 --- a/tools/configs/golangci.yaml +++ b/tools/configs/golangci.yaml @@ -57,7 +57,7 @@ run: # Define the Go version limit. # Default: use Go version from the go.mod file, fallback on the env var `GOVERSION`. - go: "1.19" + go: "1.20" #=====================================================================================[ Output Configuration Options ] output: @@ -263,7 +263,7 @@ linters-settings: gosimple: # Select the Go version to target. - go: "1.19" + go: "1.20" # https://staticcheck.io/docs/options#checks checks: ["all", "-S1038"] # Turn on all except (these are disabled): @@ -355,13 +355,13 @@ linters-settings: staticcheck: # Select the Go version to target. - go: "1.19" + go: "1.20" # https://staticcheck.io/docs/options#checks checks: ["all"] unused: # Select the Go version to target. - go: "1.19" + go: "1.20" whitespace: # Enforces newlines (or comments) after every multi-line if statement. From 50a01df59aa2e52c4c748dfb519c1d74144be74d Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 05:46:35 -0400 Subject: [PATCH 6/9] PR: Bump go mod tidy version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8d6541d061..27f99c1e48 100644 --- a/Makefile +++ b/Makefile @@ -158,7 +158,7 @@ verify: .PHONY: tidy tidy: - go mod tidy -go=1.19 + go mod tidy -go=1.20 .PHONY: clean clean: From 28d0704ebc2ac1c98c544e5c0b32efc45e2fe892 Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 05:46:56 -0400 Subject: [PATCH 7/9] PR: Bump go versions of every workflow. --- .github/workflows/build-dependencies.yml | 2 +- .github/workflows/check-vulnerabilities.yml | 2 +- .github/workflows/code-test-coverage.yml | 2 +- .github/workflows/detect-change.yml | 2 +- .github/workflows/lint-then-benchmark.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/run-tests.yml | 2 +- .github/workflows/start-binary.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-dependencies.yml b/.github/workflows/build-dependencies.yml index e442f8dc89..112f847192 100644 --- a/.github/workflows/build-dependencies.yml +++ b/.github/workflows/build-dependencies.yml @@ -37,7 +37,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Build all dependencies diff --git a/.github/workflows/check-vulnerabilities.yml b/.github/workflows/check-vulnerabilities.yml index a99241e49b..18e5f60de8 100644 --- a/.github/workflows/check-vulnerabilities.yml +++ b/.github/workflows/check-vulnerabilities.yml @@ -33,7 +33,7 @@ jobs: - name: Run govulncheck uses: golang/govulncheck-action@v1 with: - go-version-input: "1.19.5" + go-version-input: "1.20" go-package: ./... check-latest: true cache: true diff --git a/.github/workflows/code-test-coverage.yml b/.github/workflows/code-test-coverage.yml index 0455d8f681..65c0a92f1f 100644 --- a/.github/workflows/code-test-coverage.yml +++ b/.github/workflows/code-test-coverage.yml @@ -36,7 +36,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Generate full test coverage report using go-acc diff --git a/.github/workflows/detect-change.yml b/.github/workflows/detect-change.yml index f17a4d80ba..b6272c21cd 100644 --- a/.github/workflows/detect-change.yml +++ b/.github/workflows/detect-change.yml @@ -36,7 +36,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Build dependencies diff --git a/.github/workflows/lint-then-benchmark.yml b/.github/workflows/lint-then-benchmark.yml index 172df4d6b8..015c8725c2 100644 --- a/.github/workflows/lint-then-benchmark.yml +++ b/.github/workflows/lint-then-benchmark.yml @@ -57,7 +57,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Run the golangci-lint diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e36f2ed49b..155f6b4e4b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -36,7 +36,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Check linting through golangci-lint diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index e078dfcfec..bfa696a283 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Build dependencies diff --git a/.github/workflows/start-binary.yml b/.github/workflows/start-binary.yml index 6061b1c59e..267466b8a3 100644 --- a/.github/workflows/start-binary.yml +++ b/.github/workflows/start-binary.yml @@ -37,7 +37,7 @@ jobs: - name: Setup Go environment explicitly uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.20" check-latest: true - name: Build modules From 6cbb5acb49934cb3404c71a30012897b6e993a70 Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 06:50:15 -0400 Subject: [PATCH 8/9] PR: Resolve linter errors with deprecated rand --- tests/bench/bench_util.go | 16 ---------------- tests/bench/storage/utils.go | 5 +++-- tests/integration/change_detector.go | 4 ++-- 3 files changed, 5 insertions(+), 20 deletions(-) diff --git a/tests/bench/bench_util.go b/tests/bench/bench_util.go index d534a3c261..712423158c 100644 --- a/tests/bench/bench_util.go +++ b/tests/bench/bench_util.go @@ -13,9 +13,7 @@ package bench import ( "context" "fmt" - "hash/fnv" "math" - "math/rand" "os" "sync" "testing" @@ -43,26 +41,12 @@ var ( func init() { logging.SetConfig(logging.Config{Level: logging.NewLogLevelOption(logging.Error)}) - // create a consistent seed value for the random package - // so we don't have random fluctuations between runs - // (specifically thinking about the fixture generation stuff) - seed := hashToInt64("https://xkcd.com/221/") - rand.Seed(seed) - // assign if not empty if s := os.Getenv(storageEnvName); s != "" { storage = s } } -// hashToInt64 uses the FNV-1 hash to int -// algorithm -func hashToInt64(s string) int64 { - h := fnv.New64a() - h.Write([]byte(s)) - return int64(h.Sum64()) -} - func SetupCollections( b *testing.B, ctx context.Context, diff --git a/tests/bench/storage/utils.go b/tests/bench/storage/utils.go index e7b4e0d6d6..5c550f25db 100644 --- a/tests/bench/storage/utils.go +++ b/tests/bench/storage/utils.go @@ -12,7 +12,8 @@ package storage import ( "context" - "math/rand" + "crypto/rand" + mathRand "math/rand" "sort" "testing" @@ -327,5 +328,5 @@ func getSampledIndex(populationSize int, sampleSize int, i int) int { } pointsPerInterval := populationSize / sampleSize - return (i * pointsPerInterval) + rand.Intn(pointsPerInterval) + return (i * pointsPerInterval) + mathRand.Intn(pointsPerInterval) } diff --git a/tests/integration/change_detector.go b/tests/integration/change_detector.go index f7d6863cdc..15f17fb16b 100644 --- a/tests/integration/change_detector.go +++ b/tests/integration/change_detector.go @@ -89,8 +89,8 @@ func detectDbChangesInit(repository string, targetBranch string) { latestTargetCommitHash := getLatestCommit(repository, targetBranch) detectDbChangesCodeDir = path.Join(changeDetectorTempDir, "code", latestTargetCommitHash) - rand.Seed(time.Now().Unix()) - randNumber := rand.Int() + r := rand.New(rand.NewSource(time.Now().Unix())) + randNumber := r.Int() dbsDir := path.Join(changeDetectorTempDir, "dbs", fmt.Sprint(randNumber)) testPackagePath, isIntegrationTest := getTestPackagePath() From 8b9c28de4993ee5ff273a0b3bf3f73ed18de8920 Mon Sep 17 00:00:00 2001 From: Shahzad Lone Date: Sat, 22 Jul 2023 06:51:07 -0400 Subject: [PATCH 9/9] PR: Bump linter (golangci-lint) version to v1.53 --- .github/workflows/lint.yml | 2 +- Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 155f6b4e4b..df2af79dd0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -46,7 +46,7 @@ jobs: # Required: the version of golangci-lint is required. # Note: The version should not pick the patch version as the latest patch # version is what will always be used. - version: v1.51 + version: v1.53 # Optional: working directory, useful for monorepos or if we wanted to run this # on a non-root directory. diff --git a/Makefile b/Makefile index 27f99c1e48..5324bdf8d8 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,7 @@ client\:add-schema: .PHONY: deps\:lint deps\:lint: - go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51 + go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.53 .PHONY: deps\:test deps\:test: