Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: upgrade dependency #463

Merged
merged 8 commits into from
Mar 1, 2023
Merged

ci: upgrade dependency #463

merged 8 commits into from
Mar 1, 2023

Conversation

NeJan2020
Copy link
Collaborator

@NeJan2020 NeJan2020 commented Feb 28, 2023
edited
Loading

Description

upgrade required Go version to 1.19
upgrade github.com/mdlayher/netlink to v1.7.1
upgrade golang.org/x/net to v0.7.0
upgrade golang.org/x/sys to v0.5.0

upgrade indirect dependency by go mod tidy
upgrade to the latest Golang version(v1.20) in image of builder

Motivation and Context

To fix security alerts(CVE-2022-41721, CVE-2022-27664) by upgrading package golang.org/x/net, which indirectly depends on the Golang v1.18. So we decided to upgrade to the latest Golang version(v1.20) in the image of builder and update the Golang version to v1.19 in the requirement.

New builder dockerfile

FROM centos:7

RUN yum install -y  epel-release \
                    patch \
                    glibc-static \
                    make \
                    gcc-c++ \
                    libstdc++-static \
                    elfutils-libelf-devel \
                    qt5-qtbase-devel \
                    git \
                    docker \
    && yum clean all

RUN curl -SL https://cmake.org/files/v3.12/cmake-3.12.2-Linux-x86_64.tar.gz \
    | tar -zxC /opt \
    && ln -sf /opt/cmake-3.12.2-Linux-x86_64/bin/* /usr/bin/

RUN curl -SL https://dl.google.com/go/go1.20.1.linux-amd64.tar.gz \
    | tar -zxC /usr/local

ENV PATH $PATH:/usr/local/go/bin
#ENV GOPROXY https://goproxy.cn 

WORKDIR /source
CMD ["/build.sh"]

How Has This Been Tested?

Build success!

@NeJan2020
ci: upgrade dependency
0194291 
upgrade requred golang version to 1.19
upgrade golang.org/x/net to v0.1.1-0.20221104162952-702349b0e862

Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@NeJan2020 NeJan2020 force-pushed the ci-update-dependency branch from cb9f35d to 0194291 Compare February 28, 2023 08:14
@NeJan2020
ci: update dependency
9af15a4 
upgrade `github.com/mdlayher/netlink` to v1.7.1
upgrade `golang.org/x/net` to v0.7.0
upgrade `golang.org/x/sys` to v0.5.0

upgrade indirect dependency by `go mod tidy`

Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@NeJan2020
ci: use the dev as temporarily tag of builder to distinguish the ol…
7f180b4 
…d version of golang(v1.16)

Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@NeJan2020 NeJan2020 changed the title WIP: ci: upgrade dependency ci: upgrade dependency Mar 1, 2023
NeJan2020 added 5 commits March 1, 2023 17:10
@NeJan2020
Merge commit '607d5a42eef2ec8e256c59c778d8d1aee1339be0' into ci-updat…
53cebd7 
…e-dependency
@NeJan2020
ci: use default builder tag
61d31f3 
Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@NeJan2020
doc: update changelog
974a4bd 
Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@NeJan2020
doc: update changelog
deb9193 
Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@NeJan2020
ci: update changelog
1b6587c 
Signed-off-by: niejiangang <niejiangang@harmonycloud.cn>
@dxsup dxsup merged commit a88115b into KindlingProject:main Mar 1, 2023
@dxsup dxsup mentioned this pull request Mar 1, 2023
Closed
2 tasks
@dxsup
Copy link
Member

dxsup commented Apr 7, 2023
edited
Loading

And here is the Dockerfile for aarch64.

FROM centos:centos7

RUN yum install -y \
    epel-release \
    patch \
    glibc-static \
    make \
    gcc-c++ \
    libstdc++-static \
    elfutils-libelf-devel \
    qt5-qtbase-devel \
    git \
    && yum clean all

# CMake in yum repository is too old(2.8.12), but 3.5.1 or higher is required.
RUN curl -SL https://cmake.org/files/v3.26/cmake-3.26.0-linux-aarch64.tar.gz \
    | tar -zxC /opt \
    && ln -sf /opt/cmake-3.26.0-linux-aarch64/bin/* /usr/bin/

RUN curl -SL https://dl.google.com/go/go1.20.3.linux-arm64.tar.gz \
    | tar -zxC /usr/local

ENV PATH=$PATH:/usr/local/go/bin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dxsup dxsup dxsup approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NeJan2020 @dxsup