Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CI go version #1330

Merged
merged 1 commit into from
Mar 31, 2022
Merged

Update CI go version #1330

merged 1 commit into from
Mar 31, 2022

Conversation

zalegrala
Copy link
Contributor

@zalegrala zalegrala commented Mar 8, 2022
edited
Loading

Here we update Go in our CI to address a potential security issue in one
of our dependencies.

https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk/m/I7ouYouLAAAJ

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

joe-elliott
joe-elliott reviewed Mar 8, 2022
View reviewed changes
Copy link
Member

@joe-elliott joe-elliott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just changes our CI pipeline right? Should we update the docker image that we build off as well?

CHANGELOG.md Outdated Show resolved Hide resolved
@zalegrala
Copy link
Contributor Author

I updated the lambda Dockerfile Go version, and also the alpine version. Did I miss any others? Let's see if CI passes with the new alpine.

@mdisibio
Copy link
Contributor

Fwiw it looks like the floating 1.17 was choosing the latest patch already. Do we want to pin the patch? I am personally ok with either approach. Go patches have historically been positive.

$ docker run grafana/tempo:r35-e1c6066 -version
tempo, version  (branch: r35, revision: e1c60662)
  build user:       
  build date:       
  go version:       go1.17.8
  platform:         linux/amd64

$ docker run grafana/tempo:main-e1c6066 -version
tempo, version  (branch: main, revision: e1c60662)
  build user:       
  build date:       
  go version:       go1.17.8
  platform:         linux/amd64

$ docker run grafana/tempo:1.3.2 -version
tempo, version  (branch: HEAD, revision: fbca6a01a)
  build user:       
  build date:       
  go version:       go1.17.7
  platform:         linux/amd64

And to be sure, my local go is only .6:

$ go version
go version go1.17.6 darwin/amd64

@zalegrala
Copy link
Contributor Author

I suppose as long as the release builds are happening with the new version, I'm fine leaving out the patch pinning here. What do we think about the alpine updates?

@joe-elliott
Copy link
Member

my .02:

  • leave the floating patch on the go builds alone
  • update the alpine versions as suggested in the PR

@zalegrala remove the go changes and we'll merge?

@zalegrala zalegrala merged commit a06ee32 into grafana:main Mar 31, 2022
@zalegrala zalegrala deleted the Go1.17.8 branch March 31, 2022 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joe-elliott joe-elliott joe-elliott approved these changes

@annanay25 annanay25 Awaiting requested review from annanay25

@mdisibio mdisibio Awaiting requested review from mdisibio mdisibio is a code owner

@dgzlopes dgzlopes Awaiting requested review from dgzlopes

@mapno mapno Awaiting requested review from mapno mapno is a code owner

@yvrhdn yvrhdn Awaiting requested review from yvrhdn yvrhdn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zalegrala @mdisibio @joe-elliott