chore: update to go 1.20

Updates to Go 1.20, pull in updated versions of dependencies. This addresses some of the CVEs mentioned in monzo#13.

Updates the Dockerfile and go.yml Actions pipeline also, including updating permissions to a more limited set.

.github/workflows/go.yml

@@ -5,16 +5,14 @@ on:
     types: [created, edited]
 
 jobs:
-
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
-
     - name: Set up Go 1.x
       uses: actions/setup-go@v2
       with:
-        go-version: ^1.13
+        go-version: ^1.20
       id: go
 
     - name: Check out code into GOPATH
@@ -32,20 +30,32 @@ jobs:
         GOPATH: ${{ github.workspace	}}/go
       run: |
         go get -v -t -d ./...
-        if [ -f Gopkg.toml ]; then
-            curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-            ${{ github.workspace }}/go/bin/dep ensure
-        fi
 
     - name: Build
       working-directory: go/src/github.com/monzo/envoy-preflight
       env:
         GOPATH: ${{ github.workspace }}/go
       run: go build -v .
 
-    - name: Move binary
-      run: cp ${{ github.workspace }}/go/src/github.com/monzo/envoy-preflight/envoy-preflight ${{ github.workspace }}
-
+    - name: Archive binary
+      uses: actions/upload-artifact@v3
+      with:
+        name: envoy-preflight
+        path: ${{ github.workspace }}/go/src/github.com/monzo/envoy-preflight/envoy-preflight
+        retention-days: 1
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: build 
+    permissions:
+      contents: write
+    steps:
+    - name: Fetch binary
+      uses: actions/download-artifact@v3
+      with:
+        name: envoy-preflight
+
     - name: Release binary
       uses: skx/github-action-publish-binaries@release-0.14
       env:

Dockerfile

@@ -1,18 +1,12 @@
-FROM golang:1.13.4-alpine AS builder
+FROM golang:1.20-alpine AS builder
 
 WORKDIR /go/src/envoy-preflight
 
-RUN apk update && apk add curl
-
-RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-
 COPY . .
 
-RUN dep ensure
-
-RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' -i -o /go/bin/envoy-preflight ./main.go
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' -o /go/bin/envoy-preflight ./main.go
 
-FROM gcr.io/distroless/base-debian10
+FROM gcr.io/distroless/static-debian11
 
 COPY --from=builder /go/bin/envoy-preflight /go/bin/envoy-preflight
 

go.mod

@@ -0,0 +1,24 @@
+module github.com/monzo/envoy-preflight
+
+go 1.20
+
+require (
+	github.com/cenk/backoff v2.1.1+incompatible
+	github.com/monzo/typhon v1.1.7
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/deckarep/golang-set v1.8.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/monzo/slog v0.0.0-20211123154010-52a5ddb2ba55 // indirect
+	github.com/monzo/terrors v0.0.0-20230309194234-a3df3e6f2be0 // indirect
+	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/testify v1.8.2 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -0,0 +1,48 @@
+github.com/cenk/backoff v2.1.1+incompatible h1:gaShhlJc32b7ht9cwld/ti0z7tJOf69oUEA8jJNYV48=
+github.com/cenk/backoff v2.1.1+incompatible/go.mod h1:7FtoeaSnHoZnmZzz47cM35Y9nSW7tNyaidugnHTaFDE=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set v1.8.0 h1:sk9/l/KqpunDwP7pSjUg0keiOOLEnOBHzykLrsPppp4=
+github.com/deckarep/golang-set v1.8.0/go.mod h1:5nI87KwE7wgsBU1F4GKAw2Qod7p5kyS383rP6+o6qqo=
+github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/monzo/slog v0.0.0-20211123154010-52a5ddb2ba55 h1:znGCaEAI25n8GJ7G1IIHzdJGzSG9jiQF0uBYaW3bXlk=
+github.com/monzo/slog v0.0.0-20211123154010-52a5ddb2ba55/go.mod h1:WLNpEHhXIwQynoqjGY9HxPbseatrTIBTbG1Rij/oCXY=
+github.com/monzo/terrors v0.0.0-20230309194234-a3df3e6f2be0 h1:/AagJl2u8+xEck++xVBERRW9cDrYzgNpWhq7i21BZGs=
+github.com/monzo/terrors v0.0.0-20230309194234-a3df3e6f2be0/go.mod h1:nyaPwtZHdNA0F89nwV24ePEsxKlmV3i1dwBxajbqaM8=
+github.com/monzo/typhon v1.1.7 h1:i2A0vZ5sMyb7EfrqP5PSlSYWIRKXJ90b68MMcHguxf0=
+github.com/monzo/typhon v1.1.7/go.mod h1:djt8UI0f5Ul5Ue+6PmnXPcLbAo04X85xn7mPHQ5++tc=
+github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d h1:VhgPp6v9qf9Agr/56bj7Y/xa04UccTW04VP0Qed4vnQ=
+github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=