chore: version bump up to go 1.21

[pranav-new-relic]

This is an experiment. DO NOT MERGE.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (832bbf0) 33.21% compared to head (f44600c) 31.19%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2557      +/-   ##
==========================================
- Coverage   33.21%   31.19%   -2.02%     
==========================================
  Files          93       93              
  Lines       25874    25874              
==========================================
- Hits         8594     8072     -522     
- Misses      17124    17699     +575     
+ Partials      156      103      -53     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pranav-new-relic]

Comment 1

Context

As described earlier, in order to upgrade nfpm and goreleaser to fix a current dependabot alert (#26), go needed to be upgraded to 1.21 as trying to upgrade these modules on 1.19 threw the error

imported by a module that requires go1.21

and hence, the effort to upgrade go to 1.21.

Upon trying to upgrade to go1.21 with the existing structure of the provider, the following error appeared to be thrown

package github.com/newrelic/terraform-provider-newrelic/v2/tools: build constraints exclude all Go files in /home/runner/work/terraform-provider-newrelic/terraform-provider-newrelic/tools

which indicated a probable issue with build constraints in tools.go in the tools directory. Upon removing these build constraints for testing locally, a new error was locally encountered

import XXX a program, not an importable package

Workaround

This is how we've been able to overcome the build constraints exclude all Go files in /home/runner/work/terraform-provider-newrelic/terraform-provider-newrelic/tools error - placing the list of dependencies in a different source and running a go list on the text file (changing the command used in tools.mk). With this, the compilation failure seems to have disappeared.

[pranav-new-relic]

Comment 2

It may be observed that goreleaser has been bumped up without any compilation issues, which means this can now work with go1.21.

[pranav-new-relic]

Comment 3

nfpm, the cause of the Dependabot Alert linked above (#26) has been bumped up too, without an error, as this is now using go1.21.

[pranav-new-relic]

Comment 4

Line being referred to, if not found in this PR's preview: https://github.com/newrelic/terraform-provider-newrelic/pull/2557/files/bf09d56b548578de5d13e13cf24becc9d20f9861#diff-11f03b0f97705b85807a720c4608013062002af3604f046a09a2571b0ae02554R401

Two new dependabot alerts, #41 and #40 have been created because of the usage of go-git.v4.

The alerts suggest replacing this with go-git/v5, which is already present in the current go.mod, but this does not cease to exist as it is an indirect dependency introduced by github.com/llorllale/go-gitlint v0.0.0-20210608233938-d6303cc52cc5, a requirement at the top of tools/go.mod.

Unfortunately, this looks like we might need to make it an accepted risk because the latest release (three years ago) as shown in the repo also uses go-git.v4, hence, this indirect dependency will always continue to exist in these modules.

https://github.com/llorllale/go-gitlint/blob/master/go.mod#L12

If this is the case, we might need to shift to a linting module that does not have a direct dependency on go-git.v4 anymore.

Edit: I currently seem to find no alternative, but continue to explore. For now, I've raised a WIP PR in go-gitlint to have go-git.v4 discarded and replaced by go-git/v5.