gardener
[WIP] Upgrade to go 1.22.2, g/g 1.92.2, and refresh indirect dependencies in go.mod
How to categorize this PR?
/area quality dev-productivity /kind impediment enhancement
What this PR does / why we need it: Upgrades to go v1.22.2, and updates g/g dependency to v1.92.2 (latest version atm), and fix linter errors.
Additionally, indirect dependency k8s.io/autoscaler was at an old version, and was not compatible with gardener/gardener dependencies, causing improper imports when checking out both etcd-druid and gardener repos on the same machine. This has now been fixed, by refreshing all indirect dependencies, which caused k8s.io/autoscaler to be updated to k8s.io/autoscaler/vertical-pod-autoscaler v1.0.0.
Which issue(s) this PR fixes: Fixes #778 #788
Special notes for your reviewer: /hold To be rebased after #777 is merged. Ignore all commits expect the last 2, since this PR is based on #777 branch, not master (for ease of rebasing in the future).
Release note:
Upgrade go to v1.22.2.
Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all
![gardener-prow[bot] avatar](https://avatars.githubusercontent.com/in/154614?v=4 "Published by a pub.dev verified publisher"){kind=small}
⚠️ GitGuardian has uncovered 3 secrets following the scan of your pull request.
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🔎 Detected hardcoded secrets in your pull request
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| - | RSA Private Key | e2bfea3ca14e1583a0a5785c330c45df68f9e3a5 | charts/druid/resources/server.key | View secret | |
| - | RSA Private Key | e2bfea3ca14e1583a0a5785c330c45df68f9e3a5 | charts/druid/resources/ca.key | View secret | |
| - | RSA Private Key | e2bfea3ca14e1583a0a5785c330c45df68f9e3a5 | charts/druid/templates/secret-server-tls-crt.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
![gitguardian[bot] avatar](https://avatars.githubusercontent.com/in/46505?v=4 "Published by a pub.dev verified publisher"){kind=small}
Note: we could probably just run a regex to find all instances of where a new variable is declared inside the loop to deal with the for loop variable scoping pre go1.22.x.
Regex for word := word.
@shreyas-s-rao go1.22.3 got released on 2024-05-07. If it's not too much effort for you, maybe the patch version could be changed from 2 to 3 in this PR to make use of security and bug fixes in the compiler, runtime and net/http.
@renormalize thanks for the information. I'll make both the changes you've suggested once #777 gets merged, because I anyway need to do some rebasing at that point of time, so I'll touch the code then.
go1.22.4 has now been released. Once the refactor is merged, we could use go1.22.4 directly in this PR.
Closing this PR in favour of PR: https://github.com/gardener/etcd-druid/pull/834 /close
