Chores: set go.mod in main to 1.24 and one in azclient to 1.23 #8376
Conversation
k8s-ci-robot
added
release-note-none
k8s-ci-robot
added
approved
There was a problem hiding this comment.
Copilot reviewed 5 out of 8 changed files in this pull request and generated no comments.
Files not reviewed (3)
- .github/workflows/dependency-review.yml: Language not supported
- .github/workflows/lint.yaml: Language not supported
- go.mod: Language not supported
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
/retest |
1 similar comment
|
/retest |
|
@MartinForReal could you check why all tests are failing? |
|
Feb 19 12:19:49.800021 capz-xl2x8u-control-plane-bvk7r kubelet[1664]: E0219 12:19:49.799898 1664 pod_workers.go:1301] "Error syncing pod, skipping" err="failed to "StartContainer" for "kube-apiserver" with CrashLoopBackOff: "back-off 1m20s restarting failed container=kube-apiserver pod=kube-apiserver-capz-xl2x8u-control-plane-bvk7r_kube-system(3331e7094b62eb3737eb8f15c80098c3)"" pod="kube-system/kube-apiserver-capz-xl2x8u-control-plane-bvk7r" podUID="3331e7094b62eb3737eb8f15c80098c3" |
|
apiserver crashed. |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
MartinForReal
changed the title
|
/test all |
|
/retest |
The PR is actually upgrading Go to 1.24. Could you we use 1.23.6 until k8s repos officially support it? |
| @@ -103,14 +197,3 @@ jobs: | |||
| with: | |||
| sarif_file: 'trivy-health-probe-proxy-linux-results.sarif' | |||
| category: health-probe-proxy-linux-image | |||
|
|
|||
| - name: Run Trivy vulnerability scanner in repo mode | |||
There was a problem hiding this comment.
And why making such huge change to github pipelines? I think we should scan the whole repo
There was a problem hiding this comment.
please see line 65
All these actions share two steps: checkout and setup go.
It will save time.
kubernetes/kubernetes#129688 this pr has been approved. |
|
that's not merged yet, and full e2e tests are not run yet. Let's wait a while for community validations in case there are breaking changes or behavior changes broken k8s. /hold |
k8s-ci-robot
added
do-not-merge/hold
k8s-ci-robot
removed
needs-rebase
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
|
k/k has switched to go1.24 |
Signed-off-by: Fan Shang Xiang <[email protected]>
There was a problem hiding this comment.
PR Overview
This PR updates several CI/CD workflows to use the go.mod file for determining the Go version instead of hardcoding it, ensuring that the correct Go version (1.24 in main and 1.23.6 in azclient) is used consistently throughout the project. It also enables options like check-latest and caching of go.sum, and makes a change in the Cloud Build configuration regarding image pinning.
Reviewed Changes
| File | Description |
|---|---|
| .github/workflows/lint-azclient.yaml | Updates Go version configuration for azclient linting |
| .github/workflows/update-vendor-license.yml | Switches from go-version to go-version-file with caching settings |
| .github/workflows/codeql-analysis.yml | Uses go-version-file and caching settings in CodeQL analysis |
| .github/workflows/release.yaml | Updates Go version configuration and cache dependency settings |
| .github/workflows/trivy.yaml | Uses go-version-file and caching settings in Trivy scan |
| .github/workflows/lint.yaml | Updates Go version setup and includes additional path filters |
| cloudbuild.yaml | Removes digest from the gcb-docker-gcloud image reference |
| .github/workflows/codeql-azclient.yml | Removes additional cache dependency paths for client-gen and configloader |
Copilot reviewed 20 out of 20 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (2)
.github/workflows/codeql-azclient.yml:59
- Removing the cache dependency path for 'pkg/azclient/client-gen/go.sum' might affect dependency caching; please confirm if this removal is intentional.
- pkg/azclient/client-gen/go.sum
.github/workflows/codeql-azclient.yml:60
- Removing the cache dependency path for 'pkg/azclient/configloader/go.sum' might affect dependency caching; please confirm if this removal is intentional.
- pkg/azclient/configloader/go.sum
|
@kaovilai can you take a look? thanks. |
| - 'go.*' | ||
| - 'hack/verify-updates.sh' | ||
| - '!vendor/**' | ||
| - '!pkg/azclient/**' |
There was a problem hiding this comment.
a new aclient job is added. lint-azclient.yaml
There was a problem hiding this comment.
these two modules are using different go versions. two actions are better.
| go 1.23.2 | ||
| go 1.23.0 | ||
|
|
||
| toolchain go1.24.0 |
There was a problem hiding this comment.
why GO 1.23 using 1.24 toolchain here?
There was a problem hiding this comment.
Just for context.. 1.24 or 1.24.0 is also fine. What I want to avoid is use of go <go-directive> bump for CVEs.
CVE should use separate toolchain line to prevent dependents compatibility breakages., keeping go directive with patch .0 or not at all.. ie. 1.24 or 1.24.0.
Toolchain only affect the curent repo and leave it up to depedents if they want to match it.
MartinForReal
changed the title
|
/assign @andyzhangx |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andyzhangx, kaovilai, MartinForReal The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
6 participants
What type of PR is this?
/kind testing
What this PR does / why we need it:
Chores: set go to 1.23.6
Which issue(s) this PR fixes:
Fixes #8535
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: