spacelift-io · peterdeme · Feb 23, 2024 · Feb 22, 2024
diff --git a/.github/workflows/goreleaser/action.yml b/.github/workflows/goreleaser/action.yml
@@ -22,8 +22,8 @@ runs:
     using: composite
     steps:      
       - name: Setup Go
-        uses: actions/setup-go@v4
-        with: { go-version: "1.20" }
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -10,20 +10,24 @@ jobs:
   linting:
     name: 🤓 Lint the code
     runs-on: ubuntu-latest
-    container: golang:1.20
 
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
 
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
+
       - name: Check formatting using gofmt
         run: gofmt -s -l -d
 
       - name: Check for suspicious constructs using "go vet"
         run: go vet ./...
 
-      - name: Lint the code using "golint"
-        run: GO111MODULE=off go get -u golang.org/x/lint/golint && go list ./... | grep -v /vendor/ | xargs -L1 golint -set_exit_status
-
-      - name: Run staticcheck
-        run: GO111MODULE=off go get -u honnef.co/go/tools/cmd/staticcheck && staticcheck ./...
+      - name: Run golangci-lint
+        uses: reviewdog/action-golangci-lint@v2
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          reporter: github-check
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -19,21 +19,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v3
         with:
           languages: "go"
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v3
 
   gosec:
     name: 👮‍♀️ GoSec
     runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
 
     steps:
       - name: Checkout code
@@ -45,6 +43,6 @@ jobs:
           args: "-severity=medium -no-fail -fmt sarif -out gosec-results.sarif ./..."
 
       - name: Upload GoSec scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "gosec-results.sarif"
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -44,13 +44,13 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab (amd64)
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results-amd64.sarif"
           category: "Trivy (amd64)"
 
       - name: Upload Trivy scan results to GitHub Security tab (arm64)
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results-arm64.sarif"
           category: "Trivy (arm64)"
diff --git a/.github/workflows/unit-testing.yml b/.github/workflows/unit-testing.yml
@@ -10,7 +10,7 @@ jobs:
   unit-testing:
     name: 🧪 Test the code
     runs-on: ubuntu-latest
-    container: golang:1.20
+    container: golang:1.21
 
     steps:
       - name: Check out repository code

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,5 +1,9 @@
 {
+    "go.lintTool": "golangci-lint",
+    "go.lintFlags": [
+        "--fast",
+    ],
     "cSpell.words": [
         "Blocklist"
     ]
-}
+}
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18
+FROM alpine:3.19
 
 RUN apk add --no-cache ca-certificates && apk upgrade --update-cache --available
 RUN adduser --disabled-password --no-create-home --uid=1983 spacelift

diff --git a/agent/agent.go b/agent/agent.go
@@ -14,6 +14,7 @@ import (
 	"github.com/spacelift-io/spcontext"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
+	insecurePkg "google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/metadata"
 
 	"github.com/spacelift-io/vcs-agent/privatevcs"
@@ -55,7 +56,7 @@ func (a *Agent) Run(ctx *spcontext.Context) (outErr error) {
 
 	var opts []grpc.DialOption
 	if insecure {
-		opts = append(opts, grpc.WithInsecure())
+		opts = append(opts, grpc.WithTransportCredentials(insecurePkg.NewCredentials()))
 	} else {
 		opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12})))
 	}

diff --git a/cmd/spacelift-vcs-agent/main.go b/cmd/spacelift-vcs-agent/main.go
@@ -14,7 +14,7 @@ import (
 	"time"
 
 	"github.com/bugsnag/bugsnag-go"
-	"github.com/go-kit/kit/log"
+	"github.com/go-kit/log"
 	"github.com/spacelift-io/spcontext"
 	"github.com/urfave/cli"
 
@@ -241,7 +241,7 @@ var app = &cli.App{
 					defer wg.Done()
 					defer func() {
 						// Recover error which has already been sent by bugsnag below.
-						recover()
+						_ = recover()
 					}()
 					defer ctx.Notifier.AutoNotify(ctx)
 

diff --git a/go.mod b/go.mod
@@ -1,25 +1,38 @@
 module github.com/spacelift-io/vcs-agent
 
-go 1.15
+go 1.21
 
 require (
-	github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
-	github.com/bugsnag/bugsnag-go v2.1.2+incompatible
-	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
-	github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db
-	github.com/fsnotify/fsnotify v1.5.1 // indirect
-	github.com/go-kit/kit v0.10.0
-	github.com/kr/pretty v0.2.1 // indirect
+	github.com/bugsnag/bugsnag-go v2.2.1+incompatible
+	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
+	github.com/go-kit/kit v0.13.0
+	github.com/go-kit/log v0.2.1
 	github.com/kr/text v0.2.0
-	github.com/onsi/gomega v1.16.0
+	github.com/onsi/gomega v1.31.1
 	github.com/pkg/errors v0.9.1
-	github.com/spacelift-io/spcontext v0.0.0-20211125123836-a42f9fe4ad2c
-	github.com/stretchr/objx v0.3.0 // indirect
-	github.com/stretchr/testify v1.7.0
-	github.com/urfave/cli v1.22.5
-	golang.org/x/net v0.7.0 // indirect
-	google.golang.org/genproto v0.0.0-20211015135405-485ec31e706e // indirect
-	google.golang.org/grpc v1.42.0
-	google.golang.org/protobuf v1.27.1
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+	github.com/spacelift-io/spcontext v0.0.0-20230413145421-2af98700e555
+	github.com/stretchr/testify v1.8.4
+	github.com/urfave/cli v1.22.14
+	google.golang.org/grpc v1.62.0
+	google.golang.org/protobuf v1.32.0
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require (
+	github.com/bitly/go-simplejson v0.5.0 // indirect
+	github.com/bugsnag/panicwrap v1.3.4 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-logfmt/logfmt v0.5.1 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
+	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
 )