From ce659b90c6b04c478a064952354ae147816c4331 Mon Sep 17 00:00:00 2001 From: Rodrigo Garcia Date: Fri, 7 Jun 2024 09:26:23 -0700 Subject: [PATCH 1/7] fix alpine image tag in Dockerfile (should be same as upstream) to address security vulnerabilities --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1a6ce9355..7d02b6653 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ WORKDIR /go-ethereum RUN go run build/ci.go install -static ./cmd/geth # Pull Geth into a second stage deploy alpine container -FROM alpine:3.15.7 +FROM alpine:latest RUN apk add --no-cache ca-certificates From 9cf018662bebb89d20826b2c03e1eed88be5b028 Mon Sep 17 00:00:00 2001 From: Rodrigo Garcia Date: Fri, 7 Jun 2024 10:14:01 -0700 Subject: [PATCH 2/7] using current stable tag to satisfy linter --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7d02b6653..f9771f0ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ WORKDIR /go-ethereum RUN go run build/ci.go install -static ./cmd/geth # Pull Geth into a second stage deploy alpine container -FROM alpine:latest +FROM alpine:3.20 RUN apk add --no-cache ca-certificates From 19c37b99aa74e90ac81de06ab8ce813fd2d8d3bc Mon Sep 17 00:00:00 2001 From: Rodrigo Garcia Date: Fri, 7 Jun 2024 10:48:35 -0700 Subject: [PATCH 3/7] using alpine:3.19 instead because there is an new CVE for openssl on 3.20 without a fix --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f9771f0ab..1e9be1bf0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ WORKDIR /go-ethereum RUN go run build/ci.go install -static ./cmd/geth # Pull Geth into a second stage deploy alpine container -FROM alpine:3.20 +FROM alpine:3.19 RUN apk add --no-cache ca-certificates From e4bb25962292abf99048024bbe5da2cae71df998 Mon Sep 17 00:00:00 2001 From: Pranay Valson Date: Tue, 11 Jun 2024 12:51:04 -0700 Subject: [PATCH 4/7] update all go.mod, workflows, dockerfiles to golang 1.22.2 Signed-off-by: Pranay Valson --- .github/workflows/build-test.yml | 2 +- .github/workflows/go.yml | 2 +- .github/workflows/golangci-lint.yml | 4 ++-- Dockerfile | 2 +- go.mod | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 6f6ceb238..7bc193717 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -18,7 +18,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.21.4 + go-version: 1.22.2 - name: Checkout code uses: actions/checkout@v2 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index ae2604f0e..e27003094 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.21.4 + go-version: 1.22.2 - name: Run tests run: go test -short ./... env: diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 4c76a721a..ee7725e61 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -19,10 +19,10 @@ jobs: steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 - - name: Set up Go 1.19 + - name: Set up Go 1.22.2 uses: actions/setup-go@v3 with: - go-version: 1.19 + go-version: 1.22.2 id: go - run: go version diff --git a/Dockerfile b/Dockerfile index 1a6ce9355..9dfb893ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ ARG USER=$USER # Build Geth in a stock Go builder container -FROM golang:1.21-alpine as builder +FROM golang:1.22-alpine as builder RUN apk add --no-cache gcc musl-dev linux-headers git diff --git a/go.mod b/go.mod index 60a026c4e..dec5a7d9a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ethereum/go-ethereum -go 1.20 +go 1.22.2 require ( github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0 From 2b86f548c8055861a24f701f998513059d6419e0 Mon Sep 17 00:00:00 2001 From: Pranay Valson Date: Tue, 11 Jun 2024 12:59:14 -0700 Subject: [PATCH 5/7] cancel previous running longer workflows Signed-off-by: Pranay Valson --- .github/workflows/build-test.yml | 4 ++++ .github/workflows/gcr-image.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 7bc193717..17503eb78 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -13,6 +13,10 @@ jobs: audit: runs-on: ubuntu-20.04 steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.6.0 + with: + access_token: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v2 - name: Set up Go diff --git a/.github/workflows/gcr-image.yml b/.github/workflows/gcr-image.yml index 058ebc885..917f35175 100644 --- a/.github/workflows/gcr-image.yml +++ b/.github/workflows/gcr-image.yml @@ -13,6 +13,10 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.6.0 + with: + access_token: ${{ secrets.GITHUB_TOKEN }} - name: Login to GCR uses: docker/login-action@v2 with: From 1104d6c07f8e4e14e9cf07d2d51ef73fdc26fd8c Mon Sep 17 00:00:00 2001 From: Pranay Valson Date: Tue, 11 Jun 2024 13:39:09 -0700 Subject: [PATCH 6/7] bump bsp patch version; dependabot docker config Signed-off-by: Pranay Valson --- .github/dependabot.yml | 10 ++++++++-- params/version.go | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 978616cc8..038fe9a28 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,5 +12,11 @@ updates: target-branch: "develop" reviewers: - "noslav" - - "sudeepdino008" - + - "rogarica" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + reviewers: + - "noslav" + - "rogarcia" diff --git a/params/version.go b/params/version.go index f2dded576..e32156ed6 100644 --- a/params/version.go +++ b/params/version.go @@ -30,7 +30,7 @@ const ( const ( BspVersionMajor = 1 // Major version component of the current release BspVersionMinor = 8 // Minor version component of the current release - BspVersionPatch = 0 // Patch version component of the current release + BspVersionPatch = 1 // Patch version component of the current release ) // Version holds the textual version string. From c17871af2be7f152794622c32689b5294431047b Mon Sep 17 00:00:00 2001 From: Pranay Valson Date: Tue, 11 Jun 2024 15:38:01 -0700 Subject: [PATCH 7/7] update dependabot config for docker image Signed-off-by: Pranay Valson --- .github/dependabot.yml | 3 ++- .github/workflows/docker-image.yml | 40 ++++++++++++++++-------------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 038fe9a28..1944d7d66 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,11 +12,12 @@ updates: target-branch: "develop" reviewers: - "noslav" - - "rogarica" + - "rogarcia" - package-ecosystem: "docker" directory: "/" schedule: interval: "weekly" + target-branch: "develop" reviewers: - "noslav" - "rogarcia" diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index dc9405505..c0f5ed78e 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -3,30 +3,34 @@ name: docker-image-ci on: push: branches: - - "main" + - "main" pull_request: - branches: - - "main" - - "develop" + branches: + - "main" + - "develop" jobs: push-image: runs-on: ubuntu-latest steps: - - name: Login to GitHub Container Registry - if: ${{ !env.ACT }} - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.CR_USER }} - password: ${{ secrets.CR_PAT }} + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.6.0 + with: + access_token: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Container Registry + if: ${{ !env.ACT }} + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.CR_USER }} + password: ${{ secrets.CR_PAT }} - - uses: actions/checkout@v2 - - name: Build & Publish the Docker image - if: ${{ !env.ACT }} - run: | - docker build . --file Dockerfile --tag ghcr.io/covalenthq/bsp-geth:latest - docker push ghcr.io/covalenthq/bsp-geth:latest + - uses: actions/checkout@v2 + - name: Build & Publish the Docker image + if: ${{ !env.ACT }} + run: | + docker build . --file Dockerfile --tag ghcr.io/covalenthq/bsp-geth:latest + docker push ghcr.io/covalenthq/bsp-geth:latest # - name: Start containers # run: docker-compose -f "docker-compose.yml" up --build --remove-orphans --force-recreate --exit-code-from agent @@ -39,4 +43,4 @@ jobs: # - name: Stop containers # if: always() - # run: docker-compose -f "docker-compose.yml" down \ No newline at end of file + # run: docker-compose -f "docker-compose.yml" down