[Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0

.github/workflows/build-prs-trigger.yaml

@@ -1,4 +1,4 @@
-name: Trigger build images for PRs
+name: Trigger PR CI
 on:
   pull_request:
     paths-ignore:

.github/workflows/build-prs.yml

@@ -1,7 +1,7 @@
 name: Build images for PRs
 on:
   workflow_run:
-    workflows: ["Trigger build images for PRs"]
+    workflows: ["Trigger PR CI"]
     types:
       - completed
 env:

.github/workflows/commit-check-pr.yml

@@ -0,0 +1,96 @@
+name: Commit Checker for PRs
+on:
+  workflow_run:
+    workflows: ["Trigger PR CI"]
+    types:
+      - completed
+env:
+  QUAY_ORG: opendatahub
+  GH_USER_EMAIL: 140449482+dsp-developers@users.noreply.github.com
+  GH_USER_NAME: dsp-developers
+jobs:
+  fetch-data:
+    name: Fetch workflow payload
+    runs-on: ubuntu-latest
+    if: >
+      github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success'
+    outputs:
+      pr_state: ${{ steps.vars.outputs.pr_state }}
+      pr_number: ${{ steps.vars.outputs.pr_number }}
+      head_sha: ${{ steps.vars.outputs.head_sha }}
+      event_action: ${{ steps.vars.outputs.event_action }}
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@v3.1.0
+        with:
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "pr"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
+      - run: unzip pr.zip
+      - shell: bash
+        id: vars
+        run: |
+          pr_number=$(cat ./pr_number)
+          pr_state=$(cat ./pr_state)
+          head_sha=$(cat ./head_sha)
+          event_action=$(cat ./event_action)
+          echo "pr_number=${pr_number}" >> $GITHUB_OUTPUT
+          echo "pr_state=${pr_state}" >> $GITHUB_OUTPUT
+          echo "head_sha=${head_sha}" >> $GITHUB_OUTPUT
+          echo "event_action=${event_action}" >> $GITHUB_OUTPUT
+
+  commit_checker:
+    name: Run Commit Checker report
+    runs-on: ubuntu-latest
+    needs: fetch-data
+    env:
+      PR_NUMBER: ${{ needs.fetch-data.outputs.pr_number }}
+      PR_HASH: ${{ needs.fetch-data.outputs.head_sha }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Get Commits
+        id: get-commits
+        run: |
+          master_commit=$(cat .git/refs/remotes/origin/master)
+          echo "master_commit_hash=$master_commit" >> $GITHUB_OUTPUT
+          echo "last_commit_hash=${{ env.PR_HASH }}" >> $GITHUB_OUTPUT
+      - name: Run Commit Checker
+        shell: bash
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_EDIT }}
+        continue-on-error: true
+        run: |
+          git config user.email "${{ env.GH_USER_EMAIL }}"
+          git config user.name "${{ env.GH_USER_NAME }}"
+          gh pr checkout ${{ env.PR_NUMBER }}
+
+          cat <<"EOF" >> /tmp/body-file.txt
+          ### Commit Checker results:
+
+          ```
+          **NOTE**: These are the results of the commit checker scans. 
+          If these are not commits from upstream kfp, then please ensure
+          you adhere to the commit checker formatting
+          ```
+          EOF
+
+          echo "\`\`\`" >> /tmp/body-file.txt
+          podman run -q -v ${{ github.workspace }}:/src/app-root quay.io/rmartine/commitchecker:latest --start ${{ steps.get-commits.outputs.master_commit_hash }} --end ${{ steps.get-commits.outputs.last_commit_hash }} >> /tmp/body-file.txt 2>&1 || true
+          echo "\`\`\`" >> /tmp/body-file.txt
+
+          gh pr comment ${{ env.PR_NUMBER }} --body-file /tmp/body-file.txt

.github/workflows/unit-tests.yaml

@@ -21,7 +21,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20.x'
+          go-version: '1.21.x'
       - name: Run Unit Test
         working-directory: ${{ github.workspace }}/backend/src
         env:

api/go.mod

@@ -10,5 +10,6 @@ require (
 replace (
 	github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.18
 	golang.org/x/net => golang.org/x/net v0.17.0
+	golang.org/x/net v0.17.0 => golang.org/x/net v0.23.0
 	google.golang.org/grpc => google.golang.org/grpc v1.56.3
 )

backend/Dockerfile

@@ -15,8 +15,7 @@
 # Build arguments
 ARG SOURCE_CODE=.
 
-#@follow_tag(registry.access.redhat.com/ubi8/go-toolset:1.20)
-FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder
+FROM registry.access.redhat.com/ubi8/go-toolset:1.21 as builder
 
 ## Build args to be used at this step
 ARG SOURCE_CODE
@@ -34,8 +33,7 @@ COPY ${SOURCE_CODE}/ ./
 RUN GO111MODULE=on go build -o /bin/apiserver ./backend/src/apiserver/ && \
     dnf clean all
 
-#@follow_tag(registry.access.redhat.com/ubi8/ubi-minimal:8.9)
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 
 WORKDIR /bin
 

backend/Dockerfile.cacheserver

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # Dockerfile for building the source code of cache_server
-FROM golang:1.20.4-alpine3.17 as builder
+FROM golang:1.21.4-alpine3.17 as builder
 
 RUN apk update && apk upgrade && \
     apk add --no-cache bash git openssh gcc musl-dev

backend/Dockerfile.conformance

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # Dockerfile for building the source code of conformance tests
-FROM golang:1.20.4-alpine3.17 as builder
+FROM golang:1.21.4-alpine3.17 as builder
 
 RUN apk update && apk upgrade && \
     apk add --no-cache bash git openssh gcc musl-dev

backend/Dockerfile.driver

@@ -16,8 +16,7 @@
 ARG SOURCE_CODE=.
 
 # Use ubi8/nodejs-14 as base image
-#@follow_tag(registry.access.redhat.com/ubi8/go-toolset:1.20)
-FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder
+FROM registry.access.redhat.com/ubi8/go-toolset:1.21 as builder
 
 
 ## Build args to be used at this step
@@ -34,8 +33,7 @@ COPY ${SOURCE_CODE}/ ./
 
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags netgo -ldflags '-extldflags "-static"' -o /bin/driver ./backend/src/v2/cmd/driver/*.go
 
-#@follow_tag(registry.access.redhat.com/ubi8/ubi-minimal:8.9)
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 
 WORKDIR /bin
 

backend/Dockerfile.launcher

@@ -18,8 +18,7 @@ ARG CI_CONTAINER_VERSION="unknown"
 
 
 # Use ubi8/nodejs-14 as base image
-#@follow_tag(registry.access.redhat.com/ubi8/go-toolset:1.20)
-FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder
+FROM registry.access.redhat.com/ubi8/go-toolset:1.21 as builder
 
 
 ## Build args to be used at this step
@@ -36,8 +35,7 @@ COPY ${SOURCE_CODE}/ ./
 
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags netgo -ldflags '-extldflags "-static"' -o /bin/launcher-v2 ./backend/src/v2/cmd/launcher-v2/*.go
 
-#@follow_tag(registry.access.redhat.com/ubi8/ubi-minimal:8.9)
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 
 WORKDIR /bin
 

backend/Dockerfile.persistenceagent

@@ -18,8 +18,7 @@ ARG CI_CONTAINER_VERSION="unknown"
 
 
 # Use ubi8/go-toolset as base image
-#@follow_tag(registry.access.redhat.com/ubi8/go-toolset:1.20)
-FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder
+FROM registry.access.redhat.com/ubi8/go-toolset:1.21 as builder
 
 ## Build args to be used at this step
 ARG SOURCE_CODE
@@ -36,8 +35,7 @@ COPY ${SOURCE_CODE}/ ./
 
 RUN GO111MODULE=on go build -o /bin/persistence_agent backend/src/agent/persistence/*.go
 
-#@follow_tag(registry.access.redhat.com/ubi8/ubi-minimal:8.9)
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 WORKDIR /bin
 
 COPY --from=builder /bin/persistence_agent /bin/persistence_agent

backend/Dockerfile.scheduledworkflow

@@ -16,8 +16,7 @@
 ARG SOURCE_CODE=.
 
 # Use ubi8/nodejs-14 as base image
-#@follow_tag(registry.access.redhat.com/ubi8/go-toolset:1.19)
-FROM registry.access.redhat.com/ubi8/go-toolset:1.19 as builder
+FROM registry.access.redhat.com/ubi8/go-toolset:1.21 as builder
 
 ## Build args to be used at this step
 ARG SOURCE_CODE
@@ -41,8 +40,7 @@ COPY ${SOURCE_CODE}/ ./
 
 RUN GO111MODULE=on go build -o /bin/controller backend/src/crd/controller/scheduledworkflow/*.go
 
-#@follow_tag(registry.access.redhat.com/ubi8/ubi-minimal:8.8)
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 WORKDIR /bin
 
 COPY --from=builder /bin/controller /bin/controller

backend/Dockerfile.viewercontroller

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.20.4-alpine3.17 as builder
+FROM golang:1.21.4-alpine3.17 as builder
 
 RUN apk update && apk upgrade
 RUN apk add --no-cache git gcc musl-dev

backend/api/v2beta1/experiment.proto

@@ -99,6 +99,9 @@ message Experiment {
 
   // Output. Specifies whether this experiment is in archived or available state.
   StorageState storage_state = 6;
+
+  // Output. The creation time of the last run in this experiment.
+  google.protobuf.Timestamp last_run_created_at = 7;
 }
 
 message CreateExperimentRequest {