From 76b5de5039e9101416d5722046784e29d741d57f Mon Sep 17 00:00:00 2001 From: Michael Zalimeni Date: Fri, 12 Jan 2024 09:57:38 -0500 Subject: [PATCH] [NET-4968] Upgrade Go to 1.21 (#20062) * Upgrade Go to 1.21 * ci: detect Go backwards compatibility test version automatically For our submodules and other places we choose to test against previous Go versions, detect this version automatically from the current one rather than hard-coding it. --- .changelog/20062.txt | 3 ++ .github/workflows/go-tests.yml | 30 +++++++++++-------- .github/workflows/reusable-get-go-version.yml | 8 +++++ .github/workflows/reusable-lint.yml | 4 ++- .go-version | 2 +- .golangci.yml | 20 +++++-------- Makefile | 2 +- api/api_test.go | 7 +++-- .../sidecarproxy/builder/local_app.go | 1 + 9 files changed, 48 insertions(+), 29 deletions(-) create mode 100644 .changelog/20062.txt diff --git a/.changelog/20062.txt b/.changelog/20062.txt new file mode 100644 index 0000000000..81568f397f --- /dev/null +++ b/.changelog/20062.txt @@ -0,0 +1,3 @@ +```release-note:improvement +Upgrade to use Go 1.21.6. +``` diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 20c4544df2..c298623144 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -408,9 +408,11 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-api-1-19: + go-test-api-backwards-compatibility: + name: go-test-api-${{ needs.get-go-version.outputs.go-version-previous }} needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -418,7 +420,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.19" + go-version: ${{ needs.get-go-version.outputs.go-version-previous }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -427,9 +429,10 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-api-1-20: + go-test-api: needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -437,7 +440,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.20" + go-version: ${{ needs.get-go-version.outputs.go-version }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -446,9 +449,11 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-sdk-1-19: + go-test-sdk-backwards-compatibility: + name: go-test-sdk-${{ needs.get-go-version.outputs.go-version-previous }} needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -456,7 +461,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.19" + go-version: ${{ needs.get-go-version.outputs.go-version-previous }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -465,9 +470,10 @@ jobs: consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" - go-test-sdk-1-20: + go-test-sdk: needs: - setup + - get-go-version - dev-build uses: ./.github/workflows/reusable-unit.yml with: @@ -475,7 +481,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-version: "1.20" + go-version: ${{ needs.get-go-version.outputs.go-version }} permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -521,10 +527,10 @@ jobs: - go-test-race - go-test-envoyextensions - go-test-troubleshoot - - go-test-api-1-19 - - go-test-api-1-20 - - go-test-sdk-1-19 - - go-test-sdk-1-20 + - go-test-api-backwards-compatibility + - go-test-api + - go-test-sdk-backwards-compatibility + - go-test-sdk - go-test-32bit # - go-test-s390x runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} diff --git a/.github/workflows/reusable-get-go-version.yml b/.github/workflows/reusable-get-go-version.yml index efd936c06c..ea2d6f5c8f 100644 --- a/.github/workflows/reusable-get-go-version.yml +++ b/.github/workflows/reusable-get-go-version.yml @@ -6,6 +6,9 @@ on: go-version: description: "The Go version detected by this workflow" value: ${{ jobs.get-go-version.outputs.go-version }} + go-version-previous: + description: "The Go version (MAJOR.MINOR) prior to the current one, used for backwards compatibility testing" + value: ${{ jobs.get-go-version.outputs.go-version-previous }} jobs: get-go-version: @@ -13,6 +16,7 @@ jobs: runs-on: ubuntu-latest outputs: go-version: ${{ steps.get-go-version.outputs.go-version }} + go-version-previous: ${{ steps.get-go-version.outputs.go-version-previous }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Determine Go version @@ -32,3 +36,7 @@ jobs: GO_VERSION=$(head -n 1 .go-version) echo "Building with Go ${GO_VERSION}" echo "go-version=${GO_VERSION}" >> $GITHUB_OUTPUT + GO_MINOR_VERSION=${GO_VERSION%.*} + GO_VERSION_PREVIOUS="${GO_MINOR_VERSION%.*}.$((${GO_MINOR_VERSION#*.}-1))" + echo "Previous version ${GO_VERSION_PREVIOUS}" + echo "go-version-previous=${GO_VERSION_PREVIOUS}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml index 2c63d84197..b834d56491 100644 --- a/.github/workflows/reusable-lint.yml +++ b/.github/workflows/reusable-lint.yml @@ -51,10 +51,12 @@ jobs: with: go-version: ${{ inputs.go-version }} - run: go env + - name: Set golangci-lint version + run: echo "GOLANGCI_LINT_VERSION=$(make --no-print-directory print-GOLANGCI_LINT_VERSION)" >> $GITHUB_ENV - name: lint-${{ matrix.directory }} uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: working-directory: ${{ matrix.directory }} - version: v1.51.1 + version: ${{ env.GOLANGCI_LINT_VERSION }} args: --build-tags="${{ env.GOTAGS }}" -v skip-cache: true diff --git a/.go-version b/.go-version index adcfeed913..c262b1f0df 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.20.12 \ No newline at end of file +1.21.6 diff --git a/.golangci.yml b/.golangci.yml index 0d426b34cd..b87fa40a2e 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -98,18 +98,14 @@ linters-settings: - google.golang.org/protobuf depguard: - list-type: denylist - include-go-root: true - # A list of packages for the list type specified. - # Default: [] - packages: - - net/rpc - # A list of packages for the list type specified. - # Specify an error message to output when a denied package is used. - # Default: [] - packages-with-error-message: - - net/rpc: "only use forked copy in github.com/hashicorp/consul-net-rpc/net/rpc" - - github.com/golang/protobuf: "only use google.golang.org/protobuf" + rules: + main: + listMode: lax + deny: + - pkg: net/rpc + desc: "only use forked copy in github.com/hashicorp/consul-net-rpc/net/rpc" + - pkg: github.com/golang/protobuf + desc: "only use google.golang.org/protobuf" run: timeout: 10m diff --git a/Makefile b/Makefile index 3f609ef962..75833c7d6a 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ GO_MODULES := $(shell find . -name go.mod -exec dirname {} \; | grep -v "proto-g # These version variables can either be a valid string for "go install @" # or the string @DEV to imply use what is currently installed locally. ### -GOLANGCI_LINT_VERSION='v1.51.1' +GOLANGCI_LINT_VERSION='v1.55.2' MOCKERY_VERSION='v2.37.1' BUF_VERSION='v1.26.0' diff --git a/api/api_test.go b/api/api_test.go index d1af29fbdd..e8a03f7218 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -717,8 +717,11 @@ func TestAPI_ClientTLSOptions(t *testing.T) { // Should fail _, err = client.Agent().Self() - if err == nil || !strings.Contains(err.Error(), "bad certificate") { - t.Fatal(err) + // Check for one of the possible cert error messages + // See https://cs.opensource.google/go/go/+/62a994837a57a7d0c58bb364b580a389488446c9 + if err == nil || !(strings.Contains(err.Error(), "tls: bad certificate") || + strings.Contains(err.Error(), "tls: certificate required")) { + t.Fatalf("expected tls certificate error, but got '%v'", err) } }) diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go index 871cb444bd..8405b639c7 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go @@ -138,6 +138,7 @@ func destinationRulesByPort(allPorts []string, destinationRules []*pbauth.Destin return out } +//nolint:unparam func convertDestinationRule(allPorts []string, dr *pbauth.DestinationRule) ([]string, DestinationRule) { ports := make(map[string]struct{}) if len(dr.PortNames) > 0 {