Skip to content

fix: update grpc to v1.59.0 to solve CVE-2023-44487 #391

fix: update grpc to v1.59.0 to solve CVE-2023-44487

fix: update grpc to v1.59.0 to solve CVE-2023-44487 #391

Workflow file for this run

---
name: ci
on:
pull_request:
push:
branches:
- 'release/**'
jobs:
yamllint:
name: yamllint
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: yaml-lint
uses: ibiqlik/action-yamllint@v1
with:
config_file: .ci/yamllint.yml
strict: true
build-and-test:
name: build and test
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.20.5
- name: Build
run: go build -race ./...
- name: Test
run: go test -race ./...
golangci-lint:
name: golangci-lint
runs-on: ubuntu-latest
if: github.repository != 'networkservicemesh/cmd-template'
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.20.5
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.53.3
excludeFmtErrorf:
name: exclude fmt.Errorf
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Exclude fmt.Errorf
run: |
if grep -r --include=*.go fmt.Errorf . ; then
echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf"
exit 1
fi
restrictNSMDeps:
name: Restrict dependencies on github.com/networkservicemesh/*
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Restrict dependencies on github.com/networkservicemesh/*
run: |
for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do
echo Dependency on "${i}" is forbidden
exit 1
done
checkgomod:
name: check go.mod and go.sum
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.20.5
- run: go mod tidy
- name: Check for changes in go.mod or go.sum
run: |
git diff --name-only --exit-code go.mod || ( echo "Run go tidy" && false )
git diff --name-only --exit-code go.sum || ( echo "Run go tidy" && false )
gogenerate:
name: Check generated files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: arduino/setup-protoc@v1
with:
version: '3.14.0'
- uses: actions/setup-go@v1
with:
go-version: 1.20.5
- name: Generate files
run: go generate ./...
- name: Check for changes in generated code
run: |
git diff -- '*.pb.go' || (echo "Rerun go generate ./... locally and resubmit" && exit -1)
excludereplace:
name: Exclude replace in go.mod
runs-on: ubuntu-latest
steps:
- name: Check out the code
uses: actions/checkout@v2
- name: Exclude replace in go.mod
run: |
grep ^replace go.mod || exit 0
exit 1