From f40a975776fa533b1320c3a839a879578409c26f Mon Sep 17 00:00:00 2001 From: rohitagg2020 <55523204+rohitagg2020@users.noreply.github.com> Date: Tue, 14 May 2024 16:15:45 +0530 Subject: [PATCH] [0.37.x] Fixing CVE by updating go version to 1.22.3 (#485) * Updating go version to 1.22.3 Signed-off-by: Rohit Aggarwal * Freeing up space as gh action is failing Signed-off-by: Rohit Aggarwal --------- Signed-off-by: Rohit Aggarwal Co-authored-by: Rohit Aggarwal --- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-gh.yml | 8 +++++++- .github/workflows/trivy-scan.yml | 2 +- go.mod | 2 ++ 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index ec851a97..2a5f88e3 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: "1.22.2" + go-version: "1.22.3" - uses: actions/checkout@v2 with: fetch-depth: '0' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3e3f54e7..70615510 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.22.2 + go-version: 1.22.3 - name: Retrieve version run: | echo "TAG_NAME=$(echo ${{ github.ref }} | grep -Eo 'v[0-9].*')" >> $GITHUB_OUTPUT diff --git a/.github/workflows/test-gh.yml b/.github/workflows/test-gh.yml index 1dbbd948..136a996f 100644 --- a/.github/workflows/test-gh.yml +++ b/.github/workflows/test-gh.yml @@ -20,10 +20,16 @@ jobs: runs-on: ubuntu-latest environment: DockerHub E2E steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.0 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: true - name: Set up Go 1.x uses: actions/setup-go@v3 with: - go-version: "1.22.2" + go-version: "1.22.3" - name: Check out code into the Go module directory uses: actions/checkout@v3.3.0 with: diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index 14cb8c47..11fa0259 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -10,7 +10,7 @@ jobs: with: repo: carvel-dev/kbld tool: kbld - goVersion: 1.22.2 + goVersion: 1.22.3 secrets: githubToken: ${{ secrets.GITHUB_TOKEN }} slackWebhookURL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/go.mod b/go.mod index 29dba0b1..ad5ef638 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/vmware-tanzu/carvel-kbld go 1.22 +toolchain go1.22.3 + require ( github.com/cppforlife/cobrautil v0.0.0-20221021151949-d60711905d65 github.com/cppforlife/go-cli-ui v0.0.0-20220428182907-73db60c7611a