Merge pull request #54 from hashicorp/mw/update-go-version

update go-version and address CVE

.github/workflows/bin-ci.yml

@@ -3,24 +3,40 @@ on:
   push:
     branches: '**'
 env:
-  GO_VERSION: '1.19'
   CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
 jobs:
+  get-go-version:
+    name: "Determine Go toolchain version"
+    defaults:
+      run:
+        working-directory: ./consul-lambda
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.get-go-version.outputs.go-version }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Determine Go version
+        id: get-go-version
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "::set-output name=go-version::$(cat .go-version)"
   lint:
     defaults:
       run:
         working-directory: ./consul-lambda/consul-lambda-registrator
     runs-on: ubuntu-latest
+    needs:
+      - get-go-version
     steps:
     - name: Checkout
       uses: actions/checkout@v3
     - uses: actions/setup-go@v3
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version: ${{ needs.get-go-version.outputs.go-version }}
     - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v3.4.0
       with:
-        version: v1.50.1
+        version: v1.51
         args: |
           --verbose
         only-new-issues: false
@@ -35,6 +51,8 @@ jobs:
         consul-version:
         - 1.15.0
         - 1.15.0+ent
+    needs:
+      - get-go-version
     defaults:
       run:
         working-directory: ./consul-lambda/consul-lambda-registrator
@@ -47,7 +65,7 @@ jobs:
       uses: actions/checkout@v3
     - uses: actions/setup-go@v3
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version: ${{ needs.get-go-version.outputs.go-version }}
 
     - name: Install Consul
       uses: nickethier/action-setup-hashicorp-tool@main #TODO: update action when migrated to hc org

.github/workflows/build.yml

@@ -19,8 +19,8 @@ jobs:
       - name: Determine Go version
         id: get-go-version
         run: |
-          echo "Building with Go $(cat ./go-version)"
-          echo "::set-output name=go-version::$(cat ./.go-version)"
+          echo "Building with Go $(cat .go-version)"
+          echo "::set-output name=go-version::$(cat .go-version)"
 
   get-product-version:
     defaults:
@@ -84,7 +84,6 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: ${{ needs.get-go-version.outputs.go-version }}
-
       - name: Build
         run: |
           mkdir dist out extensions

.github/workflows/terraform-ci.yml

@@ -9,7 +9,6 @@ on:
       - 'main'
       - 'release/**'
 env:
-  GO_VERSION: '1.18'
   CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
 jobs:
   terraform-lint:
@@ -23,25 +22,43 @@ jobs:
         terraform_version: v1.3.1
     - name: Validate
       run: terraform fmt -check -recursive .
+  get-go-version:
+    name: "Determine Go toolchain version"
+    defaults:
+      run:
+        working-directory: ./consul-lambda
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.get-go-version.outputs.go-version }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Determine Go version
+        id: get-go-version
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "::set-output name=go-version::$(cat .go-version)"
   go-test-lint:
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./test/acceptance
+    needs:
+      - get-go-version
     steps:
     - name: Checkout
       uses: actions/checkout@v3
-    - uses: actions/setup-go@v3
+    - name: Setup go
+      uses: actions/setup-go@v2
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version: ${{ needs.get-go-version.outputs.go-version }}
     - name: lint-consul-retry
       run: |
         go install github.com/hashicorp/lint-consul-retry@latest
         lint-consul-retry
     - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v3.4.0
       with:
-        version: v1.45
+        version: v1.51
         args: |
           --verbose
         only-new-issues: false
@@ -56,13 +73,16 @@ jobs:
     env:
       TEST_RESULTS: /tmp/test-results
       GOTESTSUM_VERSION: 1.8.0
-    needs: [go-test-lint, terraform-lint]
+    needs:
+      - go-test-lint
+      - terraform-lint
+      - get-go-version
     steps:
     - name: Checkout
       uses: actions/checkout@v3
     - uses: actions/setup-go@v3
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version: ${{ steps.get-go-version.outputs.go-version }}
     - name: Setup gotestsum
       shell: bash
       run: |

CHANGELOG.md

@@ -1,3 +1,12 @@
+## UNRELEASED
+
+FEATURES
+* Update minimum go version for project to 1.20 [[GH-1908](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/54)]
+
+BUG FIXES:
+* Security:
+    * Upgrade to use Go 1.20.1 This resolves vulnerabilities [CVE-2022-41724](https://go.dev/issue/58001) in `crypto/tls` and [CVE-2022-41723](https://go.dev/issue/57855) in `net/http`. [[GH-1908](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/54)]
+
 ## 0.1.0-beta2 (October 04, 2022)
 
 FEATURES

consul-lambda/.go-version

@@ -1 +1 @@
-1.18.2
+1.20.1

consul-lambda/go.mod

@@ -1,6 +1,6 @@
 module github.com/hashicorp/terraform-aws-consul-lambda/consul-lambda
 
-go 1.19
+go 1.20
 
 require (
 	github.com/aws/aws-lambda-go v1.31.1

test/acceptance/go.mod

@@ -1,6 +1,6 @@
 module github.com/hashicorp/terraform-aws-consul-lambda/test/acceptance
 
-go 1.19
+go 1.20
 
 require (
 	github.com/aws/aws-lambda-go v1.13.3