update go and binaries

portainer · Oct 24, 2023 · 2333876 · 2333876
1 parent 04d579e
commit 2333876
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 29 deletions.
diff --git a/.github/workflows/nightly-security-scan.yml b/.github/workflows/nightly-security-scan.yml
@@ -1,26 +1,29 @@
 name: Nightly Code Security Scan
 
-on: 
+on:
   schedule:
-    - cron: '0 20 * * *'
+    - cron: "0 20 * * *"
   workflow_dispatch:
-
+
+env:
+  GO_VERSION: 1.21.3
+
 jobs:
   server-dependencies:
     name: Server Dependency Check
     runs-on: ubuntu-latest
     if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop' 
+      github.ref == 'refs/heads/develop'
     outputs:
       go: ${{ steps.set-matrix.outputs.go_result }}
     steps:
       - name: checkout repository
         uses: actions/checkout@master
 
-      - name: install Go 
+      - name: install Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.21.0'
+          go-version: ${{ env.GO_VERSION }}
 
       - name: download Go modules
         run: go get -t -v -d ./...
@@ -33,7 +36,7 @@ jobs:
           yarn global add snyk
           snyk test --file=./go.mod --json-file-output=snyk.json 2>/dev/null || :
 
-      - name: upload scan result as develop artifact 
+      - name: upload scan result as develop artifact
         uses: actions/upload-artifact@v3
         with:
           name: go-security-scan-develop-result
@@ -63,9 +66,9 @@ jobs:
     outputs:
       image: ${{ steps.set-matrix.outputs.image_result }}
     steps:
-      - name: scan vulnerabilities by Trivy 
+      - name: scan vulnerabilities by Trivy
         uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true 
+        continue-on-error: true
         with:
           args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress portainerci/agent:develop
 
@@ -98,7 +101,7 @@ jobs:
     if: >-
       github.ref == 'refs/heads/develop'
     strategy:
-      matrix: 
+      matrix:
         go: ${{fromJson(needs.server-dependencies.outputs.go)}}
         image: ${{fromJson(needs.image-vulnerability.outputs.image)}}
     steps:
@@ -110,7 +113,7 @@ jobs:
           echo "${{ matrix.image.summary }}"
 
       - name: send message to Slack
-        if: >- 
+        if: >-
           matrix.go.status == 'failure' || 
           matrix.image.status == 'failure'
         uses: slackapi/[email protected]

diff --git a/.github/workflows/pr-security.yml b/.github/workflows/pr-security.yml
@@ -6,12 +6,15 @@ on:
       - submitted
       - edited
     paths:
-      - 'go.mod'
-      - 'build/linux/Dockerfile'
-      - 'build/linux/alpine.Dockerfile'
-      - 'build/windows/Dockerfile'
-      - '.github/workflows/pr-security.yml'
-
+      - "go.mod"
+      - "build/linux/Dockerfile"
+      - "build/linux/alpine.Dockerfile"
+      - "build/windows/Dockerfile"
+      - ".github/workflows/pr-security.yml"
+
+env:
+  GO_VERSION: 1.21.3
+
 jobs:
   server-dependencies:
     name: Server Dependency Check
@@ -28,7 +31,7 @@ jobs:
       - name: install Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.21.0'
+          go-version: ${{ env.GO_VERSION }}
 
       - name: download Go modules
         run: go get -t -v -d ./...
@@ -87,10 +90,10 @@ jobs:
       - name: checkout code
         uses: actions/checkout@master
 
-      - name: install Go 1.21.0
+      - name: install Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.21.0'
+          go-version: ${{ env.GO_VERSION }}
 
       - name: download 3rd-party binaries
         run: ./setup.sh
@@ -115,9 +118,9 @@ jobs:
 
       - name: scan vulnerabilities by Trivy
         uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true 
+        continue-on-error: true
         with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress portainer-agent:${{ github.sha }}  
+          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress portainer-agent:${{ github.sha }}
 
       - name: upload image security scan result as artifact
         uses: actions/upload-artifact@v3
@@ -161,14 +164,14 @@ jobs:
       github.event.pull_request &&
       github.event.review.body == '/scan'
     strategy:
-      matrix: 
+      matrix:
         godiff: ${{fromJson(needs.server-dependencies.outputs.godiff)}}
         imagediff: ${{fromJson(needs.image-vulnerability.outputs.imagediff)}}
     steps:
       - name: check job status of diff result
         if: >-
           matrix.godiff.status == 'failure' ||
-          matrix.imagediff.status == 'failure' 
+          matrix.imagediff.status == 'failure'
         run: |
           echo "${{ matrix.godiff.status }}"
           echo "${{ matrix.imagediff.status }}"

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -1,12 +1,17 @@
 name: Test
+
 on: push
+
+env:
+  GO_VERSION: 1.21.3
+
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.21.0
+          go-version: ${{ env.GO_VERSION }}
       - name: Run tests
         run: make test
diff --git a/binary-version.json b/binary-version.json
@@ -1,5 +1,5 @@
 {
-  "docker": "v24.0.5",
-  "dockerCompose": "v2.20.3",
-  "kubectl": "v1.28.1"
-}
+  "docker": "v24.0.6",
+  "dockerCompose": "v2.23.0",
+  "kubectl": "v1.28.3"
+}